feat(install): very strict global npm engines

[wraithgar]

This will do an engines check when installing npm globally and fail if
the new npm is known not to work in the current node version.

It will not work for older npm versions because they don't have an
engines field (it wasn't added till npm@6.14.0). It will at least
prevent npm@7 from being installed in node@8.

References

Closes #2612

[ljharb]

Can it assume that if npm lacks an engines field, it’s not compatible? That would only prevent installing npm < 6, and non-latest npm 6, right?

[wraithgar]

npm-install-check fails open if there is no engines field. Versions of npm without an engines entry will not fail.

https://github.com/npm/npm-install-checks/blob/master/index.js#L8-L12

[ljharb]

In general that’s obviously the right semantic - but this is a special case for npm itself. Why would we want to allow older npms to be installed by npm 7.next+?

[wraithgar]

In general that’s obviously the right semantic - but this is a special case for npm itself. Why would we want to allow older npms to be installed by npm 7.next+?

I'm erring on the side of only taking action if we have the info to take that action.

[ljharb]

Right, but this only applies to npm - and you have the info that any npm without an engines field is obsolete. Why allow it to be installed?

[wraithgar]

It's more effort than it's worth. Right now we are letting the EBADENGINE message bubble up, with the intent that we let the error-messages file potentially make that error prettier in the future. If we also add this new condition we have to invent a new kind of error to throw. This is just a general failsafe before we drop the next npm version and move off of node10. This isn't intended to be comprehensive, just something that helps us going forward.

[nlf]

this looks good!