Changelog
Select CLI Version:
See Details
Table of contents
v7.24.2 (2021-10-04)
BUG FIXES
56d6cfdc0
#3804 encode url before opening (@isaacs)075fe5056
#3799 restore exit code on "npm outdated" (@gfyoung)dbb90f799
#3809 use Intl.Collator for string sorting when available (@isaacs)
DEPENDENCIES
69ab10bbf
is-core-module@2.7.0
e94ddeaca
@npmcli/arborist@2.9.0
:- fix: avoid infinite loops in peer dep replacements
- fix: use Intl.Collator for string sorting when available
- feat(vuln): expose isDirect
DOCUMENTATION
f425950a6
#3805 remove npm Enterprise from documentation (@ethomson)bb0b2da6c
#3699 fix(docs): add note about workspace script order (@behnammodi)
v7.24.1 (2021-09-23)
DEPENDENCIES
DOCS
dae5ce305
#3784 docs: document special meaning of registry.npmjs.com (@everett1992)
v7.24.0 (2021-09-16)
FEATURES
c7787b3fb
1fbbe1e04
bundled npm-install-checks (@wraithgar)
BUG FIXES
0320bd77e
#3739 fix(view): Show the correct publish date for versions selected by range (@andersk)e4a521857
#3748 fix(install.sh): don't remove old npm first (@wraithgar)b4aac345b
#3754 fix(config): user-agent properly shows ci (@wraithgar)b807cd62e
#3738 fix(search): return valid json for no results (@AyushRawal)2def17a3b
#3760 fix(install): use configured registry when checking manifest (@yacoman89)ca792acdd
#3761 fix(logs): clean args for failed commands (@wraithgar)
DEPENDENCIES
59743972c
#3747 fix(did-you-mean): succeed if cwd is not a package (@wraithgar)ac8e4ad18
init-package-json@2.0.5
:- fix: bin script path
371655a6b
minipass@3.1.5
:- fix: re-emit 'error' event if missed and new listener added
- fix: do not blow up if process is missing
DOCUMENTATION
4d93b484a
#3759 fix(docs): use correct hyperlink to package-json (@nategreen)
v7.23.0 (2021-09-09)
FEATURES
6c12500ae
#3731 feat(install): very strict global npm engines (@wraithgar)
BUG FIXES
1ad093824
#3732 fix(error-message): clean urls from 404 error (@wraithgar)
DOCUMENTATION
64f7d1a55
#3727 docs(contributing): add note on changes to tooling (@darcyclarke)eda9162f2
#3715 Add --if-present flag documentation to workspaces (@Matsuuu)
v7.22.0 (2021-09-02)
BUG FIXES
DEPENDENCIES
033e948c9
read-package-json@4.1.1
:- feat: add types lookup
- fix(man): don't lose relative man path
1fa549db0
@npmcli/config@2.3.0
:- feat: export npm_config_local_prefix and npm_config_global_prefix to the environment
e91578d10
minpass-fetch@1.4.1
:- Made rejectUnauthorized depend on NODE_TLS_REJECT_UNAUTHORIZED
6125db545
are-we-there-yet@1.1.6
0dcda73b0
string_decoder@1.3.0
4b913417c
npmlog@5.0.1
876c755eb
@npmcli/arborist@2.8.3
:- fix: do not fail adding unresolvable optional dep
v7.21.1 (2021-08-26)
BUG FIXES
DEPENDENCIES
e3878536f
make-fetch-happen@9.1.0
:- fix: use the same strictSSL default as tls.connect
145f70cc1
read-package-json@4.0.1
:- fix: Add gitHead in subdirectories too
- fix(man): don't resolve paths to man files
3f4d37143
tar@6.1.11
:- fix: perf regression on hot string munging path
e63a942c6
cacache@15.3.0
:- feat: introduce @npmcli/fs for tmp dir methods
DOCUMENTATION
v7.21.0 (2021-08-19)
FEATURES
BUG FIXES
32e88c943
#3640 fix(did-you-mean): switch levenshtein libraries (@wraithgar)487731cd5
#3658 fix(logging): sanitize logged argv (@wraithgar)68a19bb02
#3661 fix(error-message): look for er.path not er.file (@wraithgar)
DEPENDENCIES
df57f0d53
@npmcli/run-script@1.8.6
8183976cf
normalize-package-data@3.0.3
:- fix: account for "licence" as spelling variant
f07772401
init-package-json@2.0.4
991a3bd39
read-package-json@4.0.0
e9e5ee560
@npmcli/arborist@2.8.2
:- fix: treat top-level global packages as "top" nodes
- fix: load global symlinks implicitly as file: deps
- fix(reify): debug crash when extracting into symlink
- fix: node_modules must be a directory
- fix: make Node.children() a case-insensitive Map
- fix(reify): verify existing deps in nm are dirs
b6f40b5f8
tar@6.1.10
:- fix: prune dirCache properly for unicode, windows
- fix: reserve paths properly for unicode, windows
- fix: prevent path escape using drive-relative paths
- fix: drop dirCache for symlink on all platforms
218cacadc
is-core-module@2.6.0
7ac621cd1
smart-buffer@4.2.0
94f92de13
make-fetch-happen@9.0.5
71cdfd898
spdx-license-ids@3.0.10
:- update license list to v3.14
DOCUMENTATION
ff6626ab6
#3630 fix(docs): update npm-publish access flag info (@austincho)
v7.20.6 (2021-08-12)
DEPENDENCIES
5bebf280f
tar@6.1.8
- fix: reserve paths case-insensitively
5d89de44d
tar@6.1.7
:- fix: normalize paths on Windows systems
a1bdbea97
#3569- remove byte-size (@wraithgar)
61782fa85
@npmcli/map-workspaces@1.0.4
:- fix: better error message for duplicate workspace names
b88f770fa
@npmcli/arborist@2.8.1
:- [#3632] Fix "cannot read property path of null" error in 'npm dedupe'
- fix(shrinkwrap): always set name on the root node
DOCUMENTATION
001f2c1b7
#3621 fix(docs): do not include certain files (@AkiJoey)d1812f1a6
#3630 fix(docs): update npm-publish access flag info (@austincho)d5a099c7b
#3615 fix(readme): add nvm-windows to installers links (@Yash-Singh1)
v7.20.5 (2021-08-05)
DEPENDENCIES
44377738e
graceful-fs@4.2.8
- fix: start retrying immediately, stop after 60 seconds
v7.20.4 (2021-08-05)
BUG FIXES
6a8086e25
#3463 fix(tests): move more tests to use real npm (@wraithgar)
DEPENDENCIES
15fae4941
tar@6.1.6
:- fix: properly handle top-level files when using strip
- Avoid an unlikely but theoretically possible redos
- WriteEntry backpressure
- fix(unpack): always resume parsing after an entry error
- fix(unpack): fix hang on large file on open() fail
- fix: properly prefix hard links
745326de0
libnpmexec@2.0.1
:- Clear progress bar which overlays confirm prompt
e82bcd4e8
graceful-fs@4.2.7
:- fix: start retrying immediately, stop after 10 attempts
v7.20.3 (2021-07-29)
BUG FIXES
66dc5f94d
#3588 update eresolve explanations for new arborist data provided99575acab
#3591 fix(node_modules): remove duplicated file (@wraithgar)
DEPENDENCIES
97cb5ec31
@npmcli/arborist@2.8.0
:- Refactor ideal tree building to handle more complicated peerDependencies use cases.
- Do not modify ideal tree while checking if a peerSet can be placed.
7db1a0a26
chore(deps):mime-types@1.49.0
mime-db@1.49.0
v7.20.2 (2021-07-27)
DEPENDENCIES
f5aab1f88
tar@6.1.1
- fix: strip absolute paths more comprehensively
ce8fb0f69
tar@6.1.2
- fix: Remove paths from dirCache when no longer dirs
ced85087a
gauge@3.0.1
- add missing dependency to package.json
v7.20.1 (2021-07-22)
BUG FIXES
009ad1e68
#3561 fix(exit-handler): always warn if not called (@wraithgar)eb67054c8
#3563 fix(config): consolidate use of npm.color (@wraithgar)
DOCUMENTATION
a014f3d28
#3562 fix(docs): typo innpm cmd
docs (@wraithgar)1fe1c9b74
#3523 fix(docs): updated policy urls (@DemiraDimitrova)
DEPENDENCIES
d7f29e8c9
read-package-json-fast@2.0.3
:- feat: load directories.bin as a bin object
b1fefa73d
npmlog@5.0.0
- Drop support for node 6 and 8
b6e09971a
remove ignored files from node_modules ([@Ruy Adorno](https://github.com/Ruy Adorno))cf737c505
debug@4.3.2
v7.20.0 (2021-07-15)
FEATURES
f17aca5cd
#3487 feat: addnpm pkg
command (@ruyadorno)98905ae37
#3471 feat(config): introducelocation
parameter (@nlf)
BUG FIXES
4755b0728
#3498 friendlier errors forERR_SOCKET_TIMEOUT
(@nlf)3ecf19cdc
#3508 fix(config): fix noproxy (@wraithgar)c3bd10e46
#3499 fix(update-notifier): don't force black background (@wraithgar)89483e888
#3497 fix(usage): better audit/boolean flag usage output (@wraithgar)feeb8e42a
#3495 fix(publish): obey --ignore-scripts flag (@wraithgar)103c8c3ef
#3479 chore(exit): log any un-ended timings (@wraithgar)efc4313c2
#3482 chore(refactor): refactor exit handler and tests (@wraithgar)d8eb49b70
#3540 fix(bundle-and-ignore): case sensitivity cleanup (@wraithgar)
DOCUMENTATION
339145f64
#3491 fix(docs): clarify what install type gets.bin
(@wraithgar)74c99755e
#3494 fix(docs): add npm update example (@wraithgar)801a52330
#3542 fix(docs): correct Node.js JavaScript stylings (@relrelb)791416713
#3546 fix(docs): how to see background script output (@cinderblock)
DEPENDENCIES
691816f3d
@npmcli/arborist@2.7.1
- fixes running prepare scripts for workspaces on reify
- ensure pacote always compares correct integrity values
b9597e944
make-fetch-happen@9.0.4
- fix: retry socket timeout failures
- fix: clean up invalid indexes and content after cacache read errors
f573e7c56
minipass-fetch@1.3.4
- fix: correctly handle error events that happen after response events
2d5797ea0
pacote@11.3.5
- fix: show more actionable messages for git pathspec errors
- fix: include all dep types when building for prepare
- fix: do not set mtime when unpacking
v7.19.1 (2021-07-01)
BUG FIXES
-
013f0262d
#3469 fix(exitHandler): write code to logfile (@wraithgar) -
0dd0341ac
#3474 fix(ping): make "npm ping" echo a right time (@aluneed) -
d2e298f3c
#3484 fix(deprecate): add undeprecate support (@wraithgar)DOCUMENTATION
-
9dd32d08e
#3485 fix(docs): remove npm package config override (@wraithgar) -
a4e095618
#3486 fix(docs): remove .hooks scripts (@wraithgar)
TESTING
5f8ccccef
#3483 chore(tests): clean snapshot for lib/view.js tests (@wraithgar)
v7.19.0 (2021-06-24)
FEATURES
BUG FIXES
53f81af31
#3450 fix(docs): Improve phrasing of workspace example (@lumaxis)78da60ffe
#3454 chore(linting): add bin and clean up lib/ls.js54eae3063
#3416 chore(errorHandler): rename to exit handler (@wraithgar)d0f50b156
#3451 chore(refactor): async npm.load (@wraithgar)87f67d9ef
#3458 chore(tests): expose real mock npm object (@wraithgar)f3dce0917
#3459 chore(config): snapshot config descriptions (@wraithgar)6254b6f72
#3234 #3455 @npmcli/package-json refactor (@ruyadorno)
DEPENDENCIES
fe4138381
@npmcli/arborist@2.6.4
:- bin: allow turning off timer display with --timers=false
- fix: do not try to inflate a fresh lockfile
- fix(diff): walk target children if root is a link
- chore: @npmcli/package-json refactor
v7.18.1 (2021-06-17)
BUG FIXES
fce30e423
#3435 fix(docs): rebuild config docs (@wraithgar)
v7.18.0 (2021-06-17)
FEATURES
ae285b391
#3408 feat(ls): support--package-lock-only
flag (@G-Rath)c984fb59c
#3420 feat(pack): add pack-destination config (@wraithgar)
BUG FIXES
40829ec40
#2554 #3399 fix(link): do not prune packages (@ruyadorno)102d4e6fb
#3417 fix(workspaces): explicitly error in global mode (@wraithgar)993df3041
#3423 fix(docs): ls command usage instructions (@gurdiga)dcc13662c
#3418 fix(config): update link definition (@wraithgar)b19e56c2e
#3382 #3429 fix(ls): respect prod config for workspaces (@ruyadorno)c99b8b53c
#3430 fix(config): add flatOptions.npxCache (@wraithgar)e5abf2a21
#3386 chore(libnpmdiff): added as workspace (@ruyadorno)c6a8734d7
#3388 chore(refactor): finish passing npm context (@wraithgar)d16ee452a
#3426 chore(tests): use path.resolve (@wraithgar)
DEPENDENCIES
6b951c042
libnpmversion@1.2.1
:- fix(retrieve-tag): pass match in a way git accepts
de820a021
npm-package-arg@8.1.5
:- fix: Make file: URLs (mostly) RFC 8909 compliant
16a95c647
@npmcli/arborist@2.6.3
:- fix(inventory) handle old and british forms of 'license'
- fix: removes [_complete] check to apply correct metadata
- ensure node.fsParent is not set to node itself
- fix extraneous deps on load-actual
d341bd86c
make-fetch-happen@9.0.3
:- fix: implement cache modes correctly
c90612cf5
libnpmexec@2.0.0
:- use new npxCache option
v7.17.0 (2021-06-10)
FEATURES
ef668ab57
#3368 feat(diff): add workspace support (@wraithgar)
BUG FIXES
26d00c477
#3364 fix(tests): mock writeFile in pack tests so we dont create 0 byte files in the repo (@nlf)f130a81d6
#3367 fix(linting): add scripts, docs, smoke-tests (@wraithgar)992799cd8
#3383 fix(login): properly save scope if defined (@wraithgar)
DOCUMENTATION
844229519
#3392 docs(workspaces): update using npm section Added examples of usingnpm init
to bootstrap a new workspace and a section on how to add/manage dependencies to workspaces. (@ruyadorno)
DEPENDENCIES
3654890fb
remove ignored dep (@nlf)a4a0e68a9
#3362 check less stuff into node_modules (@isaacs)7d5b049b6
#3365 chore(package) Use a "files" list (@isaacs)
v7.16.0 (2021-06-03)
FEATURES
e92b5f2ba
npm-registry-fetch@11.0.0
- feat: improved logging of cache status
BUG FIXES
e864bd3ce
#3345 fix(update-notifier): do not update notify when installing npm@spec (@isaacs)aafe23572
#3348 fix(update-notifier): parallelize check for updates (@isaacs)
DOCUMENTATION
bc9c57dda
#3353 fix(docs): remove documentation for '--scripts-prepend-node-path' as it was removed in npm@7 (@gimli01)ca2822110
#3360 fix(docs): link foreground-scripts w/ loglevel (@wraithgar)fb630b5a9
#3342 chore(docs): manage docs as a workspace (@ruyadorno)
DEPENDENCIES
54de5c6a4
npm-package-arg@8.1.4
:- fix: trim whitespace from fetchSpec
- fix: handle file: when root directory begins with a special character
e92b5f2ba
make-fetch-happen@9.0.1
- breaking: complete refactor of caching. drops warning headers, prevents cache indexes from growing for every request, correctly handles varied requests to the same url, and now caches redirects.
- fix: support url-encoded proxy authorization
- fix: do not lazy-load proxy agents or agentkeepalive. fixes the intermittent failures to update npm on slower connections.
npm-registry-fetch@11.0.0
- breaking: drop handling of deprecated warning headers
- docs: fix header type for npm-command
- docs: update registry param
- feat: improved logging of cache status
23c50a45f
make-fetch-happen@9.0.2
:- fix: work around negotiator's lazy loading
AUTOMATION
c4ef78b08
#3344 fix(automation): update incorrect variable name in create-cli-deps-pr workflow (@gimli01)
v7.15.1 (2021-05-31)
BUG FIXES
598a17a26
#3329 fix(libnpmexec): don't detach output from npm (@wraithgar)
DEPENDENCIES
c4fc03e9e
@npmcli/arborist@2.6.1
- fixes reifying deps with mismatching version ranges between actual and virtual trees
9159fa62a
libnpmexec@1.2.0
v7.15.0 (2021-05-27)
FEATURES
BUG FIXES
46a9bcbcb
#3282 fix(docs): proper postinstall script file name (@KevinFCormier)83590d40f
#3272 fix(ls): show relative paths from root (@isaacs)a574b518a
#3304 fix(completion): restore IFS even ifnpm completion
returns error (@NariyasuHeseri)554e8a5cd
#3311 set audit exit code properly (@isaacs)4a4fbe33c
#3268 #3285 fix(publish): skip private workspaces (@ruyadorno)
DOCUMENTATION
3c53d631f
#3307 fix(docs): typo in package-lock.json docs (@rethab)96367f93f
rebuild npm-pack doc (@isaacs)64b13dd10
#3313 Drop stale Python 3<->node-gyp remark (@spencerwilson)
DEPENDENCIES
7b56bfdf3
cacache@15.2.0
:- feat: allow fully deleting indices
- feat: add a validateEntry option to compact
- chore: lint
- chore: use standard npm style release scripts
dbbc151a3
npm-audit-report@2.1.5
:- fix(exit-code): account for null auditLevel default (#46)
5b2604507
chore(package-lock): update devDependencies (@Gar)
AUTOMATION
v7.14.0 (2021-05-20)
FEATURES
0d1a9d787
#3227 feat(install): add workspaces support to npm install commands (@isaacs)c18626f04
#3250 feat(ls): add workspaces support (@ruyadorno)41099d395
#3265 feat(explain): add workspaces support (@ruyadorno)fde354669
#3251 feat(unpublish): add workspace/dry-run support (@wraithgar)83df3666c
#3260 feat(outdated): add workspaces support (@ruyadorno)63a7635f7
#3217 feat(pack): add support to json config/output (@mrmlnc)
BUG FIXES
faa12ccc2
#3253 fix search description typos (@juanpicado)2f5c28a68
#3243 fix(docs): autogenerate config docs for commands (@isaacs)
DEPENDENCIES
ec256a14a
@npmcli/arborist@2.6.0
5f15aba86
cacache@15.1.0
b3add87e6
#3262npm-registry-client@10.1.2
:- fixed sso login token
v7.13.0 (2021-05-13)
FEATURES
076420c14
#3231 feat(publish): add workspace support (@wraithgar)370b36a36
#3241 feat(fund): add workspaces support (@ruyadorno)
DEPENDENCIES
v7.12.1 (2021-05-10)
BUG FIXES
de49f58f5
#3216 fix(contributing): link to proper cli repo (@mrmlnc)1d092144e
#3203 fix(packages): locale-agnostic string sorting (@isaacs)0696fca13
#3209 fix(view): fix non-registry specs (@wraithgar)71ac93597
#3206 chore(github): Convert md issue template to yaml (@lukehefson)6fb386d3b
#3201 fix(tests): increase test fuzziness (@wraithgar)f3a662fcd
#3211 fix(tests): use config defaults (@wraithgar)
DEPENDENCIES
285976fd1
@npmcli/arborist@2.4.4
- fix(reify): properly save spec if prerelease
f9f24d17c
libnpmexec@1.1.1
- fix(add): Specify 'en' locale to String.localeCompare
cb9f17499
glob@7.1.7
- force 'en' locale in string sorting
24b4e4a41
ignore-walk@3.0.4
- Avoid locale-specific sorting issues
1eb7e5c7d
@npmcli/arborist@2.4.3
- guard against locale-specific sorting
a6a826067
npm-packlist@2.2.2
:- fix(sort): avoid locale-dependent sorting issues
v7.12.0 (2021-05-06)
FEATURES
701627c51
#3098 feat(cache): Allowadd
to accept multiple specs (@mjsir911)59171f030
#3187 feat(config): add workspaces boolean to user-agent (@nlf)
BUG FIXES
2c9b8713c
#3182 fix(docs): fix broken links (@wangsai)88cbc8c44
#3198 fix(tests): reflect new libnpmexec logic
DEPENDENCIES
d01ce5e13
libnpmexec@1.1.0
:- feat: add walk up dir lookup to satisfy local bins
81c1dfaaa
@npmcli/arborist@2.4.2
:- fix(add): save packages in the right place
- fix(reify): do not clean up nodes with no parent
- fix(audit): support alias specs & root package names
87c2303ea
@npmcli/git@2.0.9
:- fix(clone): Do not allow git replacement objects by default
99ff40dff
npm-packlist@2.2.0
:- feat(npmignore): Do not force include history, changelogs, notice
- fix(package.json): add missing bin/index.js to files
v7.11.2 (2021-04-29)
BUG FIXES
c371f183e
#3137 #3140 fix(ls): do not warn on missing optional deps (@isaacs)861f606c7
#3156 fix(build): make prune rule work on case-sensitive file systems (@lpinca)
DEPENDENCIES
fb79d89a0
tap@15.0.6
ce3820043
@npmcli/arborist@2.4.1
- fix: prevent and eliminate unnecessary duplicates
- fix: support resolvable partial intersecting peerSets
DOCUMENTATION
e479f1dac
#3146 mentiondirectories.bin
inbin
(@felipecrs)
v7.11.1 (2021-04-23)
DEPENDENCIES
7925cca24
pacote@11.3.3
:- fix(registry): normalize manfest
b61eac693
#3130@npmcli/config@2.2.0
c74e67fc6
#3130npm-registry-fetch@10.1.1
DOCUMENTATION
v7.11.0 (2021-04-22)
FEATURES
4c1f16d2c
#3095 feat(init): add workspaces support (@ruyadorno)
BUG FIXES
42ca59eee
#3086 fix(ls): do not exit with error when all problems are extraneous deps (@nlf)2aecec591
#2724 #3119 fix(ls): make --long work when missing deps (@ruyadorno)42e0587a9
#3115 fix(pack): refuse to pack invalid packument (@wraithgar)1c4eff7b5
#3126 fix(logout): use isBasicAuth attribute (@wraithgar)
DOCUMENTATION
c93f1c39e
#3101 chore(docs): update view docs (@wraithgar)c4ff4bc11
npm/statusboard#313 #3109 fix(usage): fix refs to ws shorthand (@ruyadorno)
DEPENDENCIES
83166ebcc
npm-registry-fetch@10.1.0
- feat(auth): set isBasicAuth
e02bda6da
npm-registry-fetch@10.0.0
- feat(auth) load/send based on URI, not registry
a0382deba
@npmcli/run-script@1.8.5
- fix: windows ComSpec env variable name
7f82ef5a8
pacote@11.3.2
35e49b94f
@npmcli/arborist@2.4.0
95faf8ce6
libnpmaccess@4.0.2
17fffc0e4
libnpmhook@6.0.2
1b5a213aa
libnpmorg@2.0.2
9f83e6484
libnpmpublish@4.0.1
251f788c5
libnpmsearch@3.1.1
35873a989
libnpmteam@2.0.3
23e12b4d8
npm-profile@5.0.3
v7.10.0 (2021-04-15)
FEATURES
f9b639eb6
#3052 feat(bugs): fall back to email if provided (@Yash-Singh1)8c9e24778
#3055 feat(version): add workspace support (@wraithgar)
DEPENDENCIES
f1e6743a6
libnpmversion@1.2.0
- feat(retrieve-tag): retrieve unannotated git tags
- fix(retrieve-tag): use semver to look for semver
3b476a24c
@npmcl/git@2.0.8
- fix(git): do not use shell when calling git
dfcd0c1e2
#3069tap@15.0.2
DOCUMENTATION
90b61eda9
#3053 fix(contributing.md): explicitely outline dep updates (@darcyclarke)
v7.9.0 (2021-04-08)
FEATURES
1f3e88eba
#3032 feat(dist-tag): add workspace support (@nlf)6e31df4e7
#3033 feat(pack): add workspace support (@wraithgar)
DEPENDENCIES
ba4f7fea8
licensee@8.2.0
v7.8.0 (2021-04-01)
FEATURES
8bcc5d73f
#2972 feat(workspaces): add repo and docs (@wraithgar)ec520ce32
#2998 feat(set-script): implement workspaces32717a60e
#3001 feat(view): add workspace support (@wraithgar)7b177e43f
#3014 feat(config): add 'envExport' flag (@isaacs)
BUG FIXES
4c4252348
#3016 fix(usage): specify the key each time for multiples (@isaacs)9237d375b
#3013 fix(docs): add workspaces configuration (@wraithgar)cb6eb0d20
#3015 fix(ERESOLVE): better errors when current is missing (@isaacs)
DEPENDENCIES
61da39beb
@npmcli/config@2.1.0
- feat(config): add support for envExport:false
fb095a708
@npmcli/arborist@2.3.0
:- #2896 Provide currentEdge in ERESOLVE if known, and address self-linking edge case.
- Add/remove dependencies to/from workspaces when set, not root project
- Only reify the portions of the dependency graph identified by the
workspace
configuration value. - Do not recursively
chown
the project root path.
v7.7.6 (2021-03-29)
BUG FIXES
9dd2ed518
fix empty newline printed to stderr (@ruyadorno)9d391462a
#2973 fix spelling in workspaces.md file (@sethomas)4b100249a
#2979 change 'maxsockets' default value back to 15 (@wallrat)
DEPENDENCIES
a28f89572
libnpmversion@1.1.0
- fix reading
script-shell
config onnpm version
lifecycle scripts
- fix reading
03734c29e
npm-packlist@2.1.5
- fix packaging
bundledDependencies
- fix packaging
80ce2a019
@npmcli/metavuln-calculator@1.1.1
- fix error auditing package documents with missing dependencies
v7.7.5 (2021-03-25)
BUG FIXES
95ba87622
#2949 fix handling manual indexes innpm help
(@dmchurch)59cf37962
#2958 always setnpm.command
to canonical command name (@isaacs)1415b4bde
#2964 fix(config): properly translate user-agent (@wraithgar)59271936d
#2965 fix(config): tie save-exact/save-prefix together (@wraithgar)
TESTS
97b415287
#2959 add smoke tests (@ruyadorno)
v7.7.4 (2021-03-24)
BUG FIXES
200bee74b
#2951 fix(config): accept explicitproduction=false
(@wraithgar)7b45e9df6
#2950 warn if using workspaces config options innpm config
(@ruyadorno)
v7.7.3 (2021-03-24)
BUG FIXES
c76f04ac2
#2925 fix(set-script): add completion (@Yash-Singh1)0379eab69
#2929 fix(install): ignore auditLevelnpm install
should not be affected by theauditLevel
config, as the results of audit do not change its exit status. (@wraithgar)98efadeb4
#2923 fix(audit-level): addinfo
audit level This is a valid level but wasn't configured to be allowed. Also added this param to the usage output fornpm audit
(@wraithgar)e8d2adcf4
#2945 config should not error when workspaces are configured (@nlf)aba2bc623
#2944 fix(progress): re-add progress bar to reify The logger was no longer in flatOptions, we pass it in explicitly now (@wraithgar)877b4ed29
#2946 fix(flatOptions): re-add_auth
This was not being added to flatOptions, and things likenpm-registry-fetch
are looking for it. (@wraithgar)
v7.7.2 (2021-03-24)
BUG FIXES
DEPENDENCIES
v7.7.1 (2021-03-24)
BUG FIXES
543b0e39b
#2930 fix(uninstall): use correct local prefix (@jameschensmith)dce4960ef
#2932 fix(config): flatten savePrefix properly (@wraithgar)
v7.7.0 (2021-03-23)
FEATURES
33c4189f9
#2864 addnpm run-script
workspaces support (@ruyadorno)e1b3b318f
#2886 addnpm exec
workspaces support (@ruyadorno)41facf643
#2859 expanded "Did you mean?" suggestions for missing cmds and scripts (@wraithgar)
BUG FIXES
8cce4282f
#2865npm publish
: handle case where multiple config list is present (@kenrick95)6598bfe86
mark deprecated configs (@isaacs)8a38afe77
#2881 docs(package-json): document default main behavior (@klausbayrhammer)93a061d73
#2917 add action items tonpm run
error output (@wraithgar)
DOCUMENTATION
ad65bd910
#2860 fix link in configuring-npm (@varmakarthik12)b419bfb02
#2876 fix test-coverage command in contributing guide (@chowkapow)
DEPENDENCIES
7b5606b93
@npmcli/arborist@2.2.9
- #254 Honor explicit prefix when saving dependencies (@jameschensmith)
- #255 Never save to
bundleDependencies
when saving apeer
orpeerOptional
dependency. (@isaacs)
f76e7c21f
pacote@11.3.1
- increases tarball compression level
4928512bc
semver@7.3.5
- fix handling prereleases/ANY ranges in subset
1924eb457
libnpmversion@1.0.12
- fix removing undescored-prefixed package.json properties in
npm version
- fix removing undescored-prefixed package.json properties in
916623056
@npmcli/run-script@1.8.4
- fix expanding windows-style environment variables
a8d0751e4
npm-pick-manifest@6.1.1
- fix running packages with a single executable binary with
npm exec
- fix running packages with a single executable binary with
af7eaac50
hosted-git-info@4.0.1
f52c51db1
@npmcli/config@2.0.0
v7.6.3 (2021-03-11)
DOCUMENTATION
DEPENDENCIES
57ed390d6
@npmcli/arborist@2.2.8
- Respect link deps when calculating peerDep sets
v7.6.2 (2021-03-09)
BUG FIXES
e0a3a5218
#2831 Fix cb() never called in search with --json option (@fraqe)85a8694dd
#2795 fix(npm.output): make output go through npm.output (@wraithgar)9fe0df5b5
#2821 fix(usage): clean up usage declarations (@wraithgar)
DEPENDENCIES
7f470b5c2
@npmcli/arborist@2.2.7
- fix(install): Do not revert a file: dep to version on bare name re-install
e9b7fc275
libnpmdiff@2.0.4
- fix(diff): Gracefully handle packages with prepare script
c7314aa62
byte-size@7.0.1
864f48d43
pacote@11.3.0
v7.6.1 (2021-03-04)
BUG FIXES
3c9a589b0
#2807npm explain
show when an edge is a bundled edge (@kumavis)b33c760ce
#2766 unused arguments cleanup (@sandersn)4a5dd3a5a
#2772 fix(npm) pass npm context everywhere (@wraithgar)e69be2ac5
#2789 fix npm prefix on all Windows unix shells (@isaacs)2d682e4ca
#2803 fix(search): don't pass unused args (@wraithgar)b3e7dd19b
#2822 fix(diff): set option "where" for pacote (@ruyadorno)96006640b
#2824 fix(repo, auth.sso): don't promisify open-url (@wraithgar)
DOCUMENTATION
c8b73db82
#2690 fix(docs): update scripts docs (@wraithgar)5d922394b
#2809 update republish timeout after unpublish (@BAJ-)
DEPENDENCIES
2d4ae598f
@npmcli/arborist@2.2.6
v7.6.0 (2021-02-25)
FEATURES
DEPENDENCIES
b9fa7e32a
chore(package-lock): resetdeps andeslint@7.20.0
(@wraithgar)28d036ae9
arborist@2.2.5
- fix: hidden lockfiles were not respected on Node v10.0-10.12
DOCUMENTATION
ba1adef42
#2760 chore(docs): capitalize all Instaces of "package" (@MrBrain295)8bfa05fa1
#2775 chore(docs): add navigation configuration (@ethomson)238e474a4
#2778 chore(docs):update unpublish cooldown (@christoflemke)
v7.5.6 (2021-02-22)
BUG FIXES
DOCS
3c72ab441
#2749 Capitalize Package in a Heading (@MrBrain295)
DEPENDENCIES
f3ae6ed0d
read-package-json@3.0.1
,read-package-json-fast@2.0.2
9b311fe52
#2736@npmcli/arborist@2.2.4
:- Do not rely on underscore fields in
package.json
files - Do not remove global packages when updating by name
- Keep
yarn.lock
andpackage-lock.json
more in sync
- Do not rely on underscore fields in
v7.5.5 (2021-02-22)
BUG FIXES
49c95375a
#2688 fix shrinkwrap in node v10.0 (@ljharb)00afa3161
#2718 restore the prefix on output fromnpm version <inc>
(@nlf)69e0c4e8c
#2716 throw an error when trying to dedupe in global mode (@nlf)b018eb842
#2719 obey silent loglevel in run-script (@wraithgar)
DEPENDENCIES
8c36697df
@npmcli/arborist@2.2.3
- #1875 arborist#230 Set default advisory
severity
/vulnerable_range
when missing from audit endpoint data (@isaacs) - npm/arborist#231 skip optional deps with mismatched platform or engine (@nlf)
- #2251 Unpack shrinkwrapped deps not already unpacked (@isaacs, @nlf)
- #2714 Do not write package.json if nothing changed (@isaacs)
- npm/rfcs#324 Prefer peer over prod dep, if both specified (@isaacs)
- npm/arborist#236 Fix additional peerOptional conflict cases (@isaacs)
- #1875 arborist#230 Set default advisory
d865b101f
libnpmpack@2.0.1
- respect silent loglevel
e606953e5
libnpmversion@1.0.11
- respect silent loglevel
9c51005a1
npm-package-arg@8.1.1
- do a better job of detecting git specifiers like
git@github.com:npm/cli
- do a better job of detecting git specifiers like
8b6bf0db4
pacote@11.2.7
- respect silent loglevel
- fix INVALID_URL errors for certain git dependencies
TESTS
80c2ac995
#2717 refactor publish tests (@wraithgar)9d81e0ceb
#2729 fix typo in shrinkwrap tests (@eltociear)
DOCUMENTATION
e3de7befb
#2685 docs(readme): add note back about branding/origin (@darcyclarke)38d87e7c2
#2698 mention nodenv in README.md (@RA80533)af4422cdb
#2711 validate that the docs can be parsed by mdx (@ethomson)
v7.5.4 (2021-02-12)
BUG FIXES
ef687f545
#2655 fix(env): Do not clobber defined 'env' script (@isaacs)868954a72
#2654 [fix] node v10.0 lacksfs.promises
(@ljharb)
DEPENDENCIES
14dd93853
fix(package.json): resetdeps (@wraithgar)39e4a6401
graceful-fs@4.2.6
96dffab98
eslint-plugin-promise@4.3.1
9a6e9d38a
@npmcli/run-script@1.8.3
- fix fs.promises reference to run in node v10.0
584b746a2
@npmcli/git@2.0.5
6305ebde4
make-fetch-happen@8.0.14
e99881117
libnpmversion@1.0.10
554d91cdf
chore(package-lock): rebuild package-lock (@wraithgar)37e8cc507
@npmcli/arborist@2.2.2
7788ce47b
@npmcli/map-workspaces@1.0.3
TESTS
3a159d27e
#2681 fix(tests): rewrite doctor tests (@ljharb)abcc96a20
#2682 [tests] separate tests from linting and license validation (@ljharb)
DOCUMENTATION
v7.5.3 (2021-02-08)
BUG FIXES
df596bf4c
fix(publish): follow all configs for registry auth check #2602 (@wraithgar)6d7afb03c
#2613 install script: pass -q to curl calls to disable user .curlrc files (@nlf)
DEPENDENCIES
3294fed6f
pacote@11.2.5
- prevent infinite recursion in git dep preparation
0f7a3a87c
read-package-json-fast@2.0.1
- avoid duplicating optionalDependencies as dependencies in package.json
6f46b0f7f
init-package-json@2.0.2
df4f65acc
@npmcli/arborist@2.2.0
7038c2ff4
@npmcli/run-script@1.8.2
54cd4c87a
libnpmversion@1.0.8
9ab36aae4
graceful-fs@4.2.5
e1822cf27
@npmcli/installed-package-contents@1.0.7
v7.5.2 (2021-02-02)
BUG FIXES
37613e4e6
#2395 #2329 fix(exec): use latest version when possible (@wraithgar)567c9bd03
fix(lib/npm): do not clobber config.execPath (@wraithgar)
DEPENDENCIES
v7.5.1 (2021-02-01
BUG FIXES
0ea134e41
#2587 pass all settings through to pacote.packument, fixes #2060 (@nlf)8c5ca2f51
Add test for npm-usage.js, and fix 'npm --long' output (@isaacs)
DEPENDENCIES
7e4e88e93
@npmcli/arborist@2.1.1
,pacote@11.2.4
- Properly raise ERESOLVE errors on root dev dependencies
- Ignore ERESOLVE errors when performing git dep 'prepare' scripts
- Always reinstall packages that are explicitly requested
- fix global update all so it actually updates things
- Install bins properly when global root is a link (@isaacs)
DOCUMENTATION
23dac2fef
#2557 npm team revamp (@ruyadorno)dd05ba0c0
#2572 add note about--force
overriding peer dependencies (@isaacs)e27639780
#2584 Fixed the spelling of contributor as it was written as conributor (@pavanbellamkonda)13a5e3178
#2502 elaborate that npm help uses browser (@ariccio)
v7.5.0 (2021-01-28)
FEATURES
d011266b7
#1319 add npm diff command (@ruyadorno)
BUG FIXES
DOCUMENTATION
8d3fd63aa
#2559 updates to readme, removal, contributing and several other docs (@darcyclarke)7772d9f9f
#2542 fix grammar on caching docs for search, exec and init (@wraithgar)52e8a1aef
#2558 refreshed npm updated docs (@ruyadorno)abae00ca0
#2565 update npm command docs (@wraithgar)9351cbf9a
#2566 refresh npm run-script docs (@ruyadorno)
DEPENDENCIES
56c08863e
hosted-git-info@3.0.8
18a93f06b
ssri@8.0.1
cb768f671
@npmcli/move-file@1.1.1
32cc0a4be
minipass-fetch@1.3.3
- fixes ssl settings passthrough
530997968
@npmcli/arborist@2.1.0
- added signal handler to rollback when possible
- prevent ERESOLVEs caused by loose root dep specs
- detect conflicts among nested peerOptional deps
- properly buildIdealTree when root is a symlink
v7.4.3 (2021-01-21)
DOCUMENTATION
ec1f06d06
#2498 docs(npm): updatenpm
docs (@darcyclarke)
DEPENDENCIES
bc23284cd
#2511 remove coverage files (@ruyadorno)fcbc676b8
pacote@11.2.3
ebd3a24ff
@npmcli/arborist@2.0.6
- Preserve git+https auth when provided
v7.4.2 (2021-01-15)
DEPENDENCIES
e5ce6bbba
@npmcli/arborist@2.0.5
- fix creating missing dirs when using --prefix and --global
- fix omit types of deps in global installs
- fix prioritizing npm-shrinkwrap.json over package-lock.json
- better cache system for packuments
- improves audit performance
v7.4.1 (2021-01-14)
BUG FIXES
DOCUMENTATION
7dd0dfc59
#2459 fix(docs): clean upnpm start
docs (@wraithgar)307b3bd9f
#2460 fix(docs): clean upnpm stop
docs (@wraithgar)23f01b739
#2462 fix(docs): clean upnpm test
docs (@wraithgar)4b43656fc
#2463 fix(docs): clean upnpm prefix
docs (@wraithgar)1135539ba
a07bb8e69
9b55b798e
cd5eeaaa0
6df69ce10
dc6b2a8b0
a3c127446
#2464 fix(docs): clean upnpm uninstall
docs (@wraithgar)cfdcf32fd
#2474 fix(docs): clean upnpm unpublish
docs (@wraithgar)acd5b062a
#2475 fix(docs): updatepackage-lock.json
docs (@isaacs)b0b0edf6d
#2482 fix(docs): clean upnpm token
docs (@wraithgar)35559201a
#2487 fix(docs): clean upnpm search
docs (@wraithgar)
DEPENDENCIES
v7.4.0 (2021-01-07)
FEATURES
BUG FIXES
d01746a5a
#2444 #1103 Remove deprecatedprocess.umask()
(@isaacs)b2e2edf8a
#2422 npm publish --dry-run should not check login status (@buyan302)99156df80
#2448 #2425 pass extra arguments directly to run-script as an array (@nlf)907b34b2e
#2455 fix(ci): pay attention to --ignore-scripts (@wraithgar)
DEPENDENCIES
DOCUMENTATION
a390d7456
#2440 Updated the url for RFC 19 so that it isn't a 404. (@therealjeffg)e02b46ad7
#2436 Grammatical Fix in npm-ls Documentation 'Therefore' is spelled 'Therefor' (@marsonya)0fed44dea
#2417 Fix npm bug reporting url (@AkiaCode)
7.3.0 (2020-12-18)
FEATURES
BUG FIXES
9eef63849
Pass full set of options to login helper functions. This fixesnpm login --no-strict-ssl
, as well as a host of other options that one might want to set while logging in. Reported by: @toddself (@isaacs)628a554bc
#2358 fix doctor test to work correctly for node pre-release versions (@nlf)be4a0900b
#2360 raise an error early if publishing without login, registry (@isaacs)44d433105
#2366 Include prerelease versions when deprecating (@tiegz)cba3341da
#2373 npm profile refactor (@ruyadorno)7539504e3
#2382 remove the metrics sender (@nlf)
DOCS
b98569a8c
add note aboutINIT_CWD
to run-script doc292929279
#2368 Revert bug-reporting links to GH. Re: https://blog.npmjs.org/post/188841555980/updates-to-community-docs-more (@tiegz)f4560626f
updateISSUE_TEMPLATE
with modern links (@isaacs)bc1c567ed
update npm command doc feature request links (@isaacs)0ad958fe1
#2381 (docs,test): assorted typo fixes (@XhmikosR)
TESTING
DEPENDENCIES
7.2.0 (2020-12-15)
FEATURES
DEPENDENCIES
beb371800
#2334 remove unused top level dep tough-cookie (@darcyclarke)d45e181d1
#2335ini@2.0.0
,@npmcli/config@1.2.7
(@isaacs)ef4b18b5a
#2309@npmcli/arborist@2.0.2
- properly remove deps when no lockfile and package.json is present
c6c013e6e
readdir-scoped-modules@1.1.0
a1a2134aa
remove unused sorted-object dep (@nlf)85c2a2d31
#2344 remove editor dependency (@nlf)
TESTING
3a6dd511c
npm edit (@nlf)3ba5de4e7
#2347 npm help-search (@nlf)6caf19f49
#2348 npm help (@nlf)cb5847e32
#2349 npm hook (@nlf)996a2f6b1
#2353 npm org (@nlf)8c67c38a4
#2354 npm set (@nlf)
7.1.2 (2020-12-11)
DEPENDENCIES
c3ba1daf7
#2033@npmcli/config@1.2.6
:- Set
INIT_CWD
to initial current working directory - Set
NODE
to initial process.execPath
- Set
8029608b9
json-parse-even-better-errors@2.3.1
0233818e6
#2332treeverse@1.0.4
e401d6bb3
ini@1.3.8
011bb1220
#2320@npmcli/arborist@2.0.1
:- Do not save with
^
and no version
- Do not save with
BUGFIXES
244c2069f
#2325 npm search include/exclude (@ruyadorno)d825e901e
#1905 #2316 run install scripts for root project315449142
#2331 #2021 SetNODE_ENV=production
if 'dev' is on the omit list (@isaacs)
TESTING
c243e3b9d
#2313 tests: completion (@nlf)7ff6efbb8
#2314 npm team (@ruyadorno)7a4f0c96c
#2323 npm doctor (@nlf)
DOCUMENTATION
7.1.1 (2020-12-08)
DEPENDENCIES
bf09e719c
@npmcli/arborist@2.0.0
- Much stricter tree integrity guarantees
- Fix issues where the root project is a symlink, or linked as a workspace
7ceb5b728
ini@1.3.6
77c6ced2a
make-fetch-happen@8.0.11
0ef25b6cd
libnpmsearch@3.1.0
:- Update to accept query params as options, so we can paginate. (@nlf)
518a66450
@npmcli/config@1.2.4
:- Do not allow path options to be set to a boolean
false
value
- Do not allow path options to be set to a boolean
3d7aff9d8
update all dependencies using latest npm to install them
TESTS
2848f5940
npm/statusboard#173 #2293 npm shrinkwrap (@ruyadorno)f6824459a
#2302 npm deprecate (@nlf)b7d74b627
npm/statusboard#180 #2304 npm unpublish (@ruyadorno)
FEATURES
7.1.0 (2020-12-04)
FEATURES
6b1575110
#2237 addnpm set-script
command (@Yash-Singh1)15d7333f8
add interactivenpm exec
(@isaacs)
BUG FIXES
DOCUMENTATION
DEPENDENCIES
def85c726
@npmcli/arborist@1.0.14
- fixes running
npm exec
from file system root folder
- fixes running
4c94673ab
semver@7.3.4
7.0.15 (2020-11-27)
DEPENDENCIES
00e6028ef
@npmcli/arborist@1.0.13
- do not override user-defined shorthand values when saving
package.json
- do not override user-defined shorthand values when saving
BUG FIXES
9c3413fbc
#2034 #2245npm link <pkg>
should not savepackage.json
(@ruyadorno)
DOCUMENTATION
1875347f9
#2196 remove doc on obsoleteunsafe-perm
flag (@kaizhu256)f51e50603
#2200config.md
cleanup (@alexwoollam)997cbdb40
#2238 Fix broken link topackage.json
documentation (@d-fischer)9da972dc4
#2241npm star
docs cleanup (@ruyadorno)
7.0.14 (2020-11-23)
DEPENDENCIES
09d21ab90
@npmcli/run-script@1.8.1
- fix a regression in how scripts are escaped
7.0.13 (2020-11-20)
BUG FIXES
5fc56b6db
npm/statusboard#174 #2204 fix npm unstar command (@ruyadorno)7842b4d4d
npm/statusboard#182 #2205 fix npm version usage output (@ruyadorno)a0adbf9f8
#2206 #2213 fix: fix flatOptions usage in npm init (@ruyadorno)
DEPENDENCIES
3daaf000a
@npmcli/arborist@1.0.12
- fixes some windows specific bugs in how paths are handled and compared
DOCUMENTATION
084a7b6ad
#2210 docs: Fix typo (@HollowMan6)
7.0.12 (2020-11-17)
BUG FIXES
7b89576bd
#2174 fix running empty scripts withnpm run-script
(@nlf)bc9afb195
#2002 #2184 Preserve builtin conf when installing npm globally (@isaacs)
DEPENDENCIES
b74c05d88
@npmcli/run-script@1.8.0
- fix windows command-line argument escaping
DOCUMENTATION
7.0.11 (2020-11-13)
DEPENDENCIES
629a667a9
eslint@7.13.0
de9891bd2
eslint-plugin-standard@4.1.0
c3e7aa31c
#2123 #1957@npmcli/arborist@1.0.11
BUG FIXES
a8aa38513
#2134 #2156 Fixcannot read property length of undefined
inERESOLVE
explanation code (@isaacs)1dbf0f9bb
#2150 #2155 send json errors to stderr, not stdout (@isaacs)fd1d7a21b
#1927 #2154 Set process.title a bit more usefully (@isaacs)2a80c67ef
#2008 #2153 Support legacy auth tokens for registries that use them (@ruyadorno)786e36404
#2017 #2159 pass all options to Arborist fornpm ci
(@darcyclarke)b47ada7d1
#2161 fixed typo (@scarabedore)
7.0.10 (2020-11-10)
DOCUMENTATION
BUG FIXES
DEPENDENCIES
04a3e8c10
#1962@npmcli/arborist@1.0.10
:- prevent self-assignment of parent/fsParent
- Support update options in global package space
7.0.9 (2020-11-06)
BUG FIXES
96a0d2802
default the 'start' script when server.js present (@isaacs)7716e423e
#2075 #2071 print the registry when using 'npm login' (@Wicked7000)7046fe10c
#2122 tests fornpm cache
command (@nlf)
DEPENDENCIES
74325f53b
#2124@npmcli/run-script@1.7.5
:- Export the
isServerPackage
method - Proxy signals to and from foreground child processes
- Export the
0e58e6f6b
#1984 #2079 #1923 #606 #2031@npmcli/arborist@1.0.9
:- Process deps for all link nodes
- Use junctions instead of symlinks
- Use @npmcli/move-file instead of fs.rename
1dad328a1
#1865 #2106 #2084pacote@11.1.13
:- Properly set the installation command for
prepare
scripts when installing git/dir deps
- Properly set the installation command for
e090d706c
#2097libnpmversion@1.0.7
:- Do not crash when the package.json file lacks a 'version' field
8fa541a10
cmark-gfm@0.8.4
7.0.8 (2020-11-03)
DOCUMENTATION
052e977b9
#1822 #1247 add section on peerDependenciesMeta field in package.json (@foxxyz)52d32d175
#1970 match npm-exec.md -p usage with lib/exec.js (@dr-js)48ee8d01e
#2096 Fix RFC links in changelog (@jtojnar)
BUG FIXES
6cd3cd08a
Support all conf keys in publishConfiga1f9be8a7
#2074 Support publishing any kind of spec, not just directories
DEPENDENCIES
545382df6
libnpmpublish@4.0.0
:- Support publishing things other than folders
7d88f1719
npm-registry-fetch@9.0.0
823b40a4e
pacote@11.1.12
90bf57826
npm-profile@5.0.2
e5a413577
libnpmteam@2.0.2
fc5aa7b4a
libnpmsearch@3.0.1
9fc1dee13
libnpmorg@2.0.1
0ea870ec5
libnpmhook@6.0.1
32fd744ea
libnpmaccess@4.0.1
fc76f3d9f
@npmcli/arborist@1.0.8
- Fix
cannot read property 'description' of undefined
innpm ls
whenpackage-lock.json
is corrupted - Do not allow peerDependencies to be nested under dependents in any circumstances
- Always resolve peerDependencies in
--prefer-dedupe
mode
- Fix
7.0.7 (2020-10-30)
BUG FIXES
3990b422d
#2067 use sh as default unix shell, not bash (@isaacs)81d6ceef6
#1975 fix npm exec on folders missing package.json (@ruyadorno)2a680e91a
#2083 delete the contents ofnode_modules
only innpm ci
(@nlf)2636fe1f4
#2086 disable banner output if loglevel is silent innpm run-script
(@macno)
DEPENDENCIES
4156f053e
@npmcli/run-script@1.7.4
- restore the default
npm start
script
- restore the default
1900ae9ad
@npmcli/promise-spawn@1.3.2
- fix errors when processing scripts as root
8cb0c166c
@npmcli/arborist@1.0.6
- make sure missing bin links get set on reify
7.0.6 (2020-10-27)
BUG FIXES
46c7f792a
#2047 #1935 skip the prompt when in a known ci environment (@nlf)f8f6e1fad
#2049 properly remove pycache in release script (@MylesBorins)5db95b393
#2050 pack: do not show individual files of bundled deps (@isaacs)3ee8f3b34
#2051 view: Better errors when package.json is not JSON (@isaacs)
DEPENDENCIES
99ae633f6
libnpmversion@1.0.6
- respect gitTagVersion = false
d4173f58d
@npmcli/promise-spawn@1.3.1
- do not return empty buffer when stdio is inherited
- attach child process to returned promise
c09380fa5
@npmcli/run-script@1.7.3
- forward SIGINT and SIGTERM to children that inherit stdio
b154861ad
@npmcli/arborist@1.0.5
ffea6596b
agent-base@6.0.2
- support http proxy for https registries
7.0.5 (2020-10-23)
77ad86b5e
Merge docs deps with main project
7.0.4 (2020-10-23)
DOCUMENTATION
cc026daf8
docs:npm-dedupe
throughnpm-install
aec77acf8
#1915 use "dockhand" for faster static documentation generation (@ethomson)aeb10d210
#2024 Fix post-install script name (@irajtaghlidi)
BUG FIXES
TESTS
39ad1ad9e
#2001npm config
tests (@ruyadorno)b9c1caa8e
#2026npm owner
test and refactor (@ruyadorno)
DEPENDENCIES
-
ed6e6a9d3
eslint-plugin-standard@4.0.2
-
b737ee999
#2009 #2007npm-packlist@2.1.4
:- Maintain order in package.json files array globs
- Strip slashes from package files list results
-
783965508
#1997 #2000 #2005@npmcli/arborist@1.0.4
- Ensure that root is added when root.meta is set
- Include all edges in explain() output when a root edge exists
- Do not conflict on meta-peers that will not be replaced
- Install peerOptionals if explicitly requested, or dev
7.0.3 (2020-10-20)
BUG FIXES
ce4724a38
#1986 checkresult
when determining exit code ofls <filter>
(@G-Rath)00d926f8d
#1987 don't suppress run output when--silent
is passed (@G-Rath)043da2347
improve cache clear error message (@isaacs)
DOCUMENTATION
a57f5c466
update docs for: access, adduser, audit, bin, bugs, build, cache, ci, completion, config and dedupe (@isaacs)5b88b72b9
remove the long-gone bundle command (@isaacs)ae09aa5c1
#1993 document --save-peer as a common option to npm install (@JakeChampion)c9993e6b1
#1982 fix url links for init-package-json/node-semver (@takenspc)
DEPENDENCIES
5d9df8395
node-gyp@7.1.2
7.0.2 (2020-10-16)
DOCUMENTATION
9476734b7
#1967 add mention to workspaces prepare lifecycle (@ruyadorno)
BUG FIXES
5cf71c689
#1971 owner rm at local pkg not work (@ShangguanQuail)
DEPENDENCIES
722b7ae63
#1974 patch node-gyp (@targos)4ae825c01
#1976 patch node-gyp (@MylesBorins)181eabf13
@npmcli/arborist@1.0.3
- fix workspaces
prepare
lifecycle scripts - fix peer deps overchecks resulting in ERESOLVE
- fix workspaces
6cc115409
init-package-json@2.0.1
dbf9d6d1f
libnpmpublish@3.0.2
7.0.1 (2020-10-15)
DOCUMENTATION
03fca6a3b
Adds docs on workspaces, explaining its basic concept and how to use it. (@ruyadorno)
BUG FIXES
DEPENDENCIES
120e62736
node-gyp@7.1.1
6560b8d95
@npmcli/arborist@1.0.2
- do not drop scope information when fetching scoped package tarballs
- fix cycles/ordering resolution when peer deps require nesting
282a1e008
npm-user-validate@1.0.1
b259edcb4
hosted-git-info@3.0.7
v7.0.0 (2020-10-12)
BUG FIXES
7bcdb3636
#1949 fix: ensurepublishConfig
is passed through (@nlf)97978462e
fix: patchconfig.js
to remove duplicate vals (@darcyclarke)
DOCUMENTATION
60769d757
#1911 docs: v7 npm-install refresh (@ruyadorno)08de49042
#1938 docs: v7 using npm config updates (@ruyadorno)
DEPENDENCIES
15366a1cf
npm-registry-fetch@8.1.5
f04a74140
init-package-json@2.0.0
1de21dce0
fix: support dot-separated aliases defined in a.npmrc
ini files forinit-*
configs (@ruyadorno)
a67275cd9
eslint@7.11.0
6fb83b78d
hosted-git-info@3.0.6
1ca30cc9b
libnpmfund@1.0.0
28a2d2ba4
@npmcli/arborist@1.0.0
- npm/rfcs#239 Improve handling of conflicting
peerDependencies
in transitive dependencies, so that--force
will always accept a best effort override, and--strict-peer-deps
will fail faster on conflicts.
- npm/rfcs#239 Improve handling of conflicting
9306c6833
libnpmfund@1.0.1
fafb348ef
npm-package-arg@8.1.0
365f2e756
read-package-json@3.0.0
v7.0.0-rc.4 (2020-10-09)
09b456f2d
@npmcli/config@1.2.1
e859fba9e
#1936 fix npx for non-interactive shells (@nlf)9320b8e4f
#1906 restore old npx behavior of running existing bins first (@nlf)7bd47ca2c
@npmcli/arborist@0.0.33
- fixed handling of invalid package.json file
02737453b
make-fetch-happen@8.0.10
- do not calculate integrity values of http errors
v7.0.0-rc.3 (2020-10-06)
d816c2efa
c8f0d5457
d48086d0d
f34595f2e
#1902 tests for several commands (@nlf)6d49207db
#1903 Revert "Remove unused npx binary" (@MylesBorins)138dfc202
set executable permissions on bins that node installer usesb06d68078
@npmcli/arborist@0.0.32
- Do not remove
node_modules
folders from Workspaces whenloadActual
races withbuildIdealTree
(@ruyadorno)
- Do not remove
2509e3a1b
uuid@8.3.1
v7.0.0-rc.2 (2020-10-02)
6de81a013
@npmcli/run-script@1.7.2
- Fix regression running 'install' scripts when package.json does not contain a scripts object
v7.0.0-rc.1 (2020-10-02)
281a7f39a
@npmcli/arborist@0.0.31
- Allow
npm update
to update bundled root dependencies - Only do implicit node-gyp build for gyp files named
binding.gyp
- Allow
384f5ec47
update minipass-fetch to fix many 'cb() never called' errors7b1e75906
@npmcli/run-script@1.7.1
- Only do implicit node-gyp build for gyp files named
binding.gyp
- Only do implicit node-gyp build for gyp files named
c20e2f0c7
#1892 Support--omit
options in npm outdated
v7.0.0-rc.0 (2020-10-01)
3b417055c
#1859 fixproxy
andhttps-proxy
config support (@badeggg)dd7d7a284
@npmcli/arborist@0.0.30
- #1849 Do not drop peer/dev dep while saving if both set
- Do not install or build if there is a global top bin conflict
- Default to building node-gyp dependencies
40c17e12c
cli-table3@0.6.0
47a8ca1d7
byte-size@7.0.0
81073f99a
eslint@7.10.0
67793abd4
eslint-plugin-import@2.22.1
a27e8d006
is-cidr@4.0.2
893fed45e
marked-man@0.7.0
bc20e0c8a
rimraf@3.0.2
a2b8fd3c1
uuid@8.3.0
ee4c85b87
write-file-atomic@3.0.3
4bdad5fdf
bin-links@2.2.1
c394937ec
@npmcli/run-script@1.7.0
- Default to building node-gyp dependencies and projects
- remove many unused dependencies (@ruyadorno)
558e9781a
deep-equal2aa9a1f8a
requestd77594e52
npm-registry-couchapp8ec84d9f6
tacksa07b421f7
lincesee41126e165
npm-cache-filename130da51b5
npm-registry-mockb355af486
sprintf-js721c0a873
uid-number9c920e5f5
umaskaae1c38bb
config-chain450845eac
find-npm-prefix963d542d3
has-unicodecad9cbc70
infer-owner3ae02914d
lockfile7bc474d7c
once5c5e0099a
retrycfaddd334
sha3a978ffc7
slide
v7.0.0-beta.13 (2020-09-29)
405e051f7
Fix EBADPLATFORM error message (@#1876)e4d911d21
@npmcli/arborist@0.0.28
- fix: workspaces install entering an infinite loop
- Save provided range if not a subset of savePrefix
- package-lock.json custom indentation
- Check engine and platform when building ideal tree
90550b2e0
#1853 test coverage and refactor for token command (@nlf)2715220c9
#1858 #1813 do not include omitted optional dependencies in install output (@ruyadorno)e225ddcf8
#1862 #1861 respect depth when runningnpm ls <pkg>
(@ruyadorno)2469ae515
#1870 #1780 Add 'fetch-timeout' config (@isaacs)52114b75e
#1871 fixnpm ls
for linked dependencies (@ruyadorno)9981211c0
#1857 #1703 fixnpm outdated
parsing invalid specs (@ruyadorno)
v7.0.0-beta.12 (2020-09-22)
24f3a5448
#1811 npm ci should never save package.json or lockfile (@isaacs)5e780a5f0
remove unused spec parameter, assign error code (@nlf)f019a248a
Remove unused npx binary (@isaacs)db157b3ce
@npmcli/arborist@0.0.27
- Resolve race condition with conflicting bin links in local installs
- #1812 Log engine mismatches more usefully
- #1814 Do not loop trying to resolve dependencies that fail to load
- npm/rfcs#224 Do not automatically install optional peer dependencies
- Add the
strictPeerDeps
option, defaulting tofalse
- fix forwarding configs to resolve pkg spec when adding new deps
b3a50d275
#1846@npmcli/run-script@1.6.0
- This updates node-gyp to v7, allowing us to deduplicate a lot of significant dependencies.
a1d375f6b
#1819 Add--strict-peer-deps
option (@isaacs)5837a4843
#1699 Use allow/deny list in docs (@luciomartinez)
v7.0.0-beta.11 (2020-09-16)
63005f4a9
#1639 npm view should not output extra newline (@MylesBorins)3743a42c8
#1750 add outdated tests (@claudiahdz)2019abdf1
#1786 add lib/link.js tests (@ruyadorno)2f8d11968
@npmcli/arborist@0.0.25
- add meta vulnerability calculator for faster audits
- changed parsing specs to be relative to cwd
- fix logging script execution
- fix properly following resolved symlinks
- fix package.json dependencies order
49b2bf5a7
@npmcli/config@1.1.8
- fix unknown envs to be passed through
- fix setting correct globalPrefix on load
f9aac351d
libnpmversion@1.0.5
- fix git ignored lockfiles
v7.0.0-beta.10 (2020-09-08)
v7.0.0-beta.9 (2020-09-04)
-
ef8f5676b
#1757 view: always fetch fullMetadata, and preferOnline -
a36e2537f
outdated: don't throw on non-version/tag/range dep -
371f0f062
@npmcli/arborist@0.0.20
- Provide explanation objects for
ERESOLVE
errors - Support overriding certain classes of
ERESOLVE
errors with--force
- Detect changes to package.json requiring package-lock dependency flag re-evaluation
- Provide explanation objects for
-
8e3e83bd4
@npmcli/arborist@0.0.21
- Remove bin links on prune
- Remove unnecessary tree walk for workspace projects
- Install workspaces on update:true
-
d6b134fd9
#1738 #1734 fix package spec parsing during cache add process (@mjeanroy) -
f105eb833
npm-audit-report@2.1.4
:- Do not crash on cyclical meta-vulnerability references
-
03a9f569b
opener@1.5.2
-
5616a23b4
@npmcli/git@2.0.4
- Support
.git
files, so that git worktrees are respected
- Support
v7.0.0-beta.8 (2020-09-01)
834e62a0e
- fix: npm ls extraneous workspaces
@npmcli/arborist@0.0.19
758b02358
#1739 add full install options to npm exec (@ruyadorno)2ee7c8a98
@npmcli/config@1.1.7
(@ruyadorno)
v7.0.0-beta.7 (2020-08-25)
b38f68acd
ensurenpm-command
HTTP header is sent properly9f200abb9
Properly exit with error status codeaa0152b58
#1719 Detect CI properly50f9740ca
#1717 fund with multiple funding sources (@ruyadorno)3a63ecb6f
#1718 RFC-0029 add ability to skip pre/post hooks tonpm run-script
by using--ignore-scripts
(@ruyadorno)
v7.0.0-beta.6 (2020-08-21)
-
707207bdd
add@npmcli/config
dependency -
5cb9a1d4d
#1688 use@npmcli/config
for configuration (@isaacs) -
a4295f5db
npm-registry-fetch@8.1.4
:- Redact passwords from HTTP logs
-
a5a6a516d
json-parse-even-better-errors@2.3.0
:- Adds support for indentation/newline formatting preservation
-
a14054558
read-package-json-fast@1.2.1
:- Adds support for indentation/newline formatting preservation
-
f8603c8af
libnpmversion@1.0.4
:- Adds support for indentation/newline formatting preservation
-
9891fa71c
read-package-json@2.1.2
:- Adds support for indentation/newline formatting preservation
-
b44768aac
#1662 #1693 #1690@npmcli/arborist@0.0.17
:- Load root project
package.json
when running loadVirtual. - Fetch metadata from registry when loading tree from outdated package-lock.json file. This avoids a situation where a lockfile or shrinkwrap from npm v5 would result in deleting dependencies on install.
- Preserve
package.json
andpackage-lock.json
formatting in all places where these files are written.
- Load root project
-
281da6fdc
tar@6.0.5
-
1faa5b33d
#1655 show usage whenhelp-search
finds no results -
88e4241c5
#1698 add lib/logout.js unit tests (@ruyadorno)
v7.0.0-beta.5 (2020-08-18)
b718b0e28
#1657 display multiple versions when using--json
withnpm view
(@claudiahdz)9e7cc42f6
#1071 migrate frommeant
toleven
(@jamesgeorge007)85027f40c
#1664 refactor and add tests fornpm adduser
(@ruyadorno)6e03e5583
#1672 refactor and add tests fornpm audit
(@claudiahdz)
v7.0.0-beta.4 (2020-08-11)
Replace some environment variables that were excluded. This implements the amendment to RFC0021.
v7.0.0-beta.3 (2020-08-10)
Bring back support for npm audit --production
, fix a minor npm version
annoyance, and track down a very serious issue where a project could be blown away when it matches a meta-dep in the tree.
5fb217701
#1641@npmcli/arborist@0.0.15
3598fe1f2
@npmcli/arborist@0.0.16
Add support fornpm audit --production
8ba2aeaee
libnpmversion@1.0.3
v7.0.0-beta.2 (2020-08-07)
New notification style for updates, and a working doctor.
cf2819210
#1622 Improve abbrevs for install and helpd062b2c02
new npm-specific update-notifier implementationf6d468a3b
update doctor commandb8b4d77af
#1638 Direct users to our GitHub issues instead of npm.community
v7.0.0-beta.1 (2020-08-05)
Fix some issues found in the beta pubish process, and initial attempts to use npm v7 with citgm.
2c305e8b7
output generated tarball filename0808328c9
pack: set correct filename for scoped packages (@isaacs)cf27df035
@npmcli/arborist@0.0.14
(@isaacs)
v7.0.0-beta.0 (2020-08-04)
Major refactoring and overhaul of, well, pretty much everything. Almost all dependencies have been updated, many have been removed, and the entire Installer
class is moved into @npmcli/arborist
.
Some High-level Changes and Improvements
- You can install GitHub pull requests by adding
#pull/<number>
to the git url. So it'd be something likenpm install github:user/project#pull/123
to install PR number 123 of theuser/project
git repo. You can of course also use this in dependencies, or anywhere else dependency specifiers are found. - Initial Workspaces support is added. If you
npm install
in a project with aworkspaces
declaration, npm will install all your sub-projects' dependencies as well, and link everything up proper. npm exec
is added, to run any arbitrary command as if it was an npm script. This is sort of likenpx
, which is also ported to usenpm exec
under the hood.npm audit
output is tightened up, and prettified. Audit can also now fix a few more classes of problems, sends far less data over the wire, and doesn't place blame on the wrong maintainers. (Technically this is a breaking change if you depend on the specific audit output, but it's also a big improvement!)npm install
got faster. Like a lot faster. "So fast you'll think it's broken" faster.npm ls
got even fasterer. A lot of stuff sped up, is what we're saying.- Support has been dropped for Node.js versions less than v10.
On the "Breaking" in "Breaking Changes"
The Semantic Versioning specification precisely defines what constitutes a "breaking" change. In a nutshell, it's any change that causes a you to change your code in order to start using our code. We hasten to point this out, because a "breaking change" does not mean that something about the update is "broken", necessarily.
We're sure that some things likely are broken in this beta, because beta software, and a healthy pessimism about things. But nothing is "broken" on purpose here, and if you find a bug, we'd love for you to let us know.
Known Issues, and What's Missing From This Beta (Why Not GA?)
It's beta software!
Tests
We have not yet gotten to 100% test coverage of the npm CLI codebase. As such, there are almost certainly bugs lying in wait. We do have 100% test coverage of most of the commands, and all recently-updated dependencies in the npm stack, so it's certainly more well-tested than any version of npm before.
Docs
The documentation is incorrect and out of date in most places. Prior to a GA release, we'll be going through all of our documentation with a fine-toothed comb to minimize the lies that it tells.
Error Messaging
There are a few cases where this release will just say something failed, and not give you as much help as we'd like. We know, and we'll fix that prior to the GA 7.0.0 release.
In particular, if you install a project that has conflicting peerDependencies
in the tree, it'll just say "Unable to resolve package tree". Prior to GA release, it'll tell you how to fix it. (For the time being, just run it again with --legacy-peer-deps
, and that'll make it operate like npm v6.)
Audit Issue
There is a known performance issue in some cases that we've identified where npm audit
can spin wildly out of control like a dancer gripped by a fever, heating up your laptop with fires of passion and CPU work. This happens when a vulnerability is in a tree with a lot of cross-linked dependencies that all depend on one another.
We have a fix for it, but if you run into this issue, you can run with --no-audit
to tell npm to chill out a little bit.
That's about it! It's ready to use, and you should try it out.
Now on to the list of BREAKING CHANGES!
Programmatic Usage
- RFC 20 The CLI and its dependencies no longer use the
figgy-pudding
library for configs. Configuration is done using a flat plain old JavaScript object. - The
lib/fetch-package-metadata.js
module is removed. Usepacote
to fetch package metadata. @npmcli/arborist
should be used to do most things programmatically involving dependency trees.- The
onload-script
option is no longer supported. - The
log-stream
option is no longer supported. npm.load()
MUST be called with two arguments (the parsed cli options and a callback).npm.root
alias fornpm.dir
removed.- The
package.json
in npm now defines anexports
field, making it no longer possible torequire()
npm's internal modules. (This was always a bad idea, but now it won't work.)
All Registry Interactions
The following affect all commands that contact the npm registry.
referer
header no longer sentnpm-command
header added
All Lifecycle Scripts
The environment for lifecycle scripts (eg, build scripts, npm test
, etc.) has changed.
-
RFC 21 Environment no longer includes
npm_package_*
fields, ornpm_config_*
fields for default configs.npm_package_json
,npm_package_integrity
,npm_package_resolved
, andnpm_command
environment variables added. -
RFC 22 Scripts run during the normal course of installation are silenced unless they exit in error (ie, with a signal or non-zero exit status code), and are for a non-optional dependency.
-
RFC 24
PATH
environment variable includes allnode_modules/.bin
folders, even if found outside of an existingnode_modules
folder hierarchy. -
The
user
,group
,uid
,gid
, andunsafe-perms
configurations are no longer relevant. When npm is run as root, scripts are always run with the effectiveuid
andgid
of the working directory owner. -
Commands that just run a single script (
npm test
,npm start
,npm stop
, andnpm restart
) will now run their script even if--ignore-scripts
is set. Prior to the GA v7.0.0 release, they will not run the pre/post scripts, however. (So, it'll be possible to runnpm test --ignore-scripts
to run your test but not your linter, for example.)
npx
The npx
binary was rewritten in npm v7, and the standalone npx
package deprecated when v7.0.0 hits GA. npx
uses the new npm exec
command instead of a separate argument parser and install process, with some affordances to maintain backwards compatibility with the arguments it accepted in previous versions.
This resulted in some shifts in its functionality:
- Any
npm
config value may be provided. - To prevent security and user-experience problems from mistyping package names,
npx
prompts before installing anything. Suppress this prompt with the-y
or--yes
option. - The
--no-install
option is deprecated, and will be converted to--no
. - Shell fallback functionality is removed, as it is not advisable.
- The
-p
argument is a shorthand for--parseable
in npm, but shorthand for--package
in npx. This is maintained, but only for thenpx
executable. (Ie, runningnpm exec -p foo
will be different from runningnpx -p foo
.) - The
--ignore-existing
option is removed. Locally installed bins are always present in the executed processPATH
. - The
--npm
option is removed.npx
will always use thenpm
it ships with. - The
--node-arg
and-n
options are removed. - The
--always-spawn
option is redundant, and thus removed. - The
--shell
option is replaced with--script-shell
, but maintained in thenpx
executable for backwards compatibility.
We do intend to continue supporting the npx
that npm ships; just not the npm install -g npx
library that is out in the wild today.
Files On Disk
- RFC 13 Installed
package.json
files no longer are mutated to include extra metadata. (This extra metadata is stored in the lockfile.) package-lock.json
is updated to a newer format, using"lockfileVersion": 2
. This format is backwards-compatible with npm CLI versions using"lockfileVersion": 1
, but older npm clients will print a warning about the version mismatch.yarn.lock
files used as source of package metadata and resolution guidance, if available. (Prior to v7, they were ignored.)
Dependency Resolution
These changes affect install
, ci
, install-test
, install-ci-test
, update
, prune
, dedupe
, uninstall
, link
, and audit fix
.
-
RFC 25
peerDependencies
are installed by default. This behavior can be disabled by setting thelegacy-peer-deps
configuration flag.BREAKING CHANGE: this can cause some packages to not be installable, if they have unresolveable peer dependency conflicts. While the correct solution is to fix the conflict, this was not forced upon users for several years, and some have come to rely on this lack of correctness. Use the
--legacy-peer-deps
config flag if impacted. -
RFC 23 Support for
acceptDependencies
is added. This can result in dependency resolutions that previous versions of npm will incorrectly flag as invalid. -
Git dependencies on known git hosts (GitHub, BitBucket, etc.) will always attempt to fetch package contents from the relevant tarball CDNs if possible, falling back to
git+ssh
for private packages.resolved
value inpackage-lock.json
will always reflect thegit+ssh
url value. Saved value inpackage.json
dependencies will always reflect the canonical shorthand value. -
Support for the
--link
flag (to install a link to a globall-installed copy of a module if present, otherwise install locally) has been removed. Local installs are always local, andnpm link <pkg>
must be used explicitly if desired. -
Installing a dependency with the same name as the root project no longer requires
--force
. (That is, theENOSELF
error is removed.)
Workspaces
- RFC 26 First phase of
workspaces
support is added. This changes npm's behavior when a root project'spackage.json
file contains aworkspaces
field.
npm update
- RFC 19 Update all dependencies when
npm update
is run without any arguments. As it is no longer relevant,--depth
config flag removed fromnpm update
.
npm outdated
- RFC 27 Remove
--depth
config fromnpm outdated
. Only top-level dependencies are shown, unless--all
config option is set.
npm adduser
, npm login
- The
--sso
options are deprecated, and will print a warning.
npm audit
-
Output and data structure is significantly refactored to call attention to issues, identify classes of fixes not previously available, and remove extraneous data not used for any purpose.
BREAKING CHANGE: Any tools consuming the output of
npm audit
will almost certainly need to be updated, as this has changed significantly, both in the readable and--json
output styles.
npm dedupe
-
Performs a full dependency tree reification to disk. As a result,
npm dedupe
can cause missing or invalid packages to be installed or updated, though it will only do this if required by the stated dependency semantics. -
Note that the
--prefer-dedupe
flag has been added, so that you may install in a maximally deduplicated state from the outset.
npm fund
- Human readable output updated, reinstating depth level to the printed output.
npm ls
- Extraneous dependencies are listed based on their location in the
node_modules
tree. npm ls
only prints the first level of dependencies by default. You can make it print more of the tree by using--depth=<n>
to set a specific depth, or--all
to print all of them.
npm pack
, npm publish
- Generated gzipped tarballs no longer contain the zlib OS indicator. As a result, they are truly dependent only on the contents of the package, and fully reproducible. However, anyone relying on this byte to identify the operating system of a package's creation may no longer rely on it.
npm rebuild
- Runs package installation scripts as well as re-creating links to bins. Properly respects the
--ignore-scripts
and--bin-links=false
configuration options.
npm build
, npm unbuild
- These two internal commands were removed, as they are no longer needed.
npm test
- When no test is specified, will fail with
missing script: test
rather than injecting a syntheticecho 'Error: no test specified'
test script into thepackage.json
data.
Credits
Huge thanks to the people who wrote code for this update, as well as our group of dedicated Open RFC call participants. Your participation has contributed immeasurably to the quality and design of npm.