de49f58f5
#3216 fix(contributing): link to proper cli repo (@mrmlnc)1d092144e
#3203 fix(packages): locale-agnostic string sorting (@isaacs)0696fca13
#3209 fix(view): fix non-registry specs (@wraithgar)71ac93597
#3206 chore(github): Convert md issue template to yaml (@lukehefson)6fb386d3b
#3201 fix(tests): increase test fuzziness (@wraithgar)f3a662fcd
#3211 fix(tests): use config defaults (@wraithgar)
285976fd1
@npmcli/arborist@2.4.4
- fix(reify): properly save spec if prerelease
f9f24d17c
libnpmexec@1.1.1
- fix(add): Specify 'en' locale to String.localeCompare
cb9f17499
glob@7.1.7
- force 'en' locale in string sorting
24b4e4a41
ignore-walk@3.0.4
- Avoid locale-specific sorting issues
1eb7e5c7d
@npmcli/arborist@2.4.3
- guard against locale-specific sorting
a6a826067
npm-packlist@2.2.2
:- fix(sort): avoid locale-dependent sorting issues
701627c51
#3098 feat(cache): Allowadd
to accept multiple specs (@mjsir911)59171f030
#3187 feat(config): add workspaces boolean to user-agent (@nlf)
2c9b8713c
#3182 fix(docs): fix broken links (@wangsai)88cbc8c44
#3198 fix(tests): reflect new libnpmexec logic
d01ce5e13
libnpmexec@1.1.0
:- feat: add walk up dir lookup to satisfy local bins
81c1dfaaa
@npmcli/arborist@2.4.2
:- fix(add): save packages in the right place
- fix(reify): do not clean up nodes with no parent
- fix(audit): support alias specs & root package names
87c2303ea
@npmcli/git@2.0.9
:- fix(clone): Do not allow git replacement objects by default
99ff40dff
npm-packlist@2.2.0
:- feat(npmignore): Do not force include history, changelogs, notice
- fix(package.json): add missing bin/index.js to files
c371f183e
#3137 #3140 fix(ls): do not warn on missing optional deps (@isaacs)861f606c7
#3156 fix(build): make prune rule work on case-sensitive file systems (@lpinca)
fb79d89a0
tap@15.0.6
ce3820043
@npmcli/arborist@2.4.1
- fix: prevent and eliminate unnecessary duplicates
- fix: support resolvable partial intersecting peerSets
e479f1dac
#3146 mentiondirectories.bin
inbin
(@felipecrs)
7925cca24
pacote@11.3.3
:- fix(registry): normalize manfest
b61eac693
#3130@npmcli/config@2.2.0
c74e67fc6
#3130npm-registry-fetch@10.1.1
4c1f16d2c
#3095 feat(init): add workspaces support (@ruyadorno)
42ca59eee
#3086 fix(ls): do not exit with error when all problems are extraneous deps (@nlf)2aecec591
#2724 #3119 fix(ls): make --long work when missing deps (@ruyadorno)42e0587a9
#3115 fix(pack): refuse to pack invalid packument (@wraithgar)1c4eff7b5
#3126 fix(logout): use isBasicAuth attribute (@wraithgar)
c93f1c39e
#3101 chore(docs): update view docs (@wraithgar)c4ff4bc11
npm/statusboard#313 #3109 fix(usage): fix refs to ws shorthand (@ruyadorno)
83166ebcc
npm-registry-fetch@10.1.0
- feat(auth): set isBasicAuth
e02bda6da
npm-registry-fetch@10.0.0
- feat(auth) load/send based on URI, not registry
a0382deba
@npmcli/run-script@1.8.5
- fix: windows ComSpec env variable name
7f82ef5a8
pacote@11.3.2
35e49b94f
@npmcli/arborist@2.4.0
95faf8ce6
libnpmaccess@4.0.2
17fffc0e4
libnpmhook@6.0.2
1b5a213aa
libnpmorg@2.0.2
9f83e6484
libnpmpublish@4.0.1
251f788c5
libnpmsearch@3.1.1
35873a989
libnpmteam@2.0.3
23e12b4d8
npm-profile@5.0.3
f9b639eb6
#3052 feat(bugs): fall back to email if provided (@Yash-Singh1)8c9e24778
#3055 feat(version): add workspace support (@wraithgar)
f1e6743a6
libnpmversion@1.2.0
- feat(retrieve-tag): retrieve unannotated git tags
- fix(retrieve-tag): use semver to look for semver
3b476a24c
@npmcl/git@2.0.8
- fix(git): do not use shell when calling git
dfcd0c1e2
#3069tap@15.0.2
90b61eda9
#3053 fix(contributing.md): explicitely outline dep updates (@darcyclarke)
1f3e88eba
#3032 feat(dist-tag): add workspace support (@nlf)6e31df4e7
#3033 feat(pack): add workspace support (@wraithgar)
ba4f7fea8
licensee@8.2.0
8bcc5d73f
#2972 feat(workspaces): add repo and docs (@wraithgar)ec520ce32
#2998 feat(set-script): implement workspaces32717a60e
#3001 feat(view): add workspace support (@wraithgar)7b177e43f
#3014 feat(config): add 'envExport' flag (@isaacs)
4c4252348
#3016 fix(usage): specify the key each time for multiples (@isaacs)9237d375b
#3013 fix(docs): add workspaces configuration (@wraithgar)cb6eb0d20
#3015 fix(ERESOLVE): better errors when current is missing (@isaacs)
61da39beb
@npmcli/config@2.1.0
- feat(config): add support for envExport:false
fb095a708
@npmcli/arborist@2.3.0
:- #2896 Provide currentEdge in ERESOLVE if known, and address self-linking edge case.
- Add/remove dependencies to/from workspaces when set, not root project
- Only reify the portions of the dependency graph identified by the
workspace
configuration value. - Do not recursively
chown
the project root path.
9dd2ed518
fix empty newline printed to stderr (@ruyadorno)9d391462a
#2973 fix spelling in workspaces.md file (@sethomas)4b100249a
#2979 change 'maxsockets' default value back to 15 (@wallrat)
a28f89572
libnpmversion@1.1.0
- fix reading
script-shell
config onnpm version
lifecycle scripts
- fix reading
03734c29e
npm-packlist@2.1.5
- fix packaging
bundledDependencies
- fix packaging
80ce2a019
@npmcli/metavuln-calculator@1.1.1
- fix error auditing package documents with missing dependencies
95ba87622
#2949 fix handling manual indexes innpm help
(@dmchurch)59cf37962
#2958 always setnpm.command
to canonical command name (@isaacs)1415b4bde
#2964 fix(config): properly translate user-agent (@wraithgar)59271936d
#2965 fix(config): tie save-exact/save-prefix together (@wraithgar)
97b415287
#2959 add smoke tests (@ruyadorno)
200bee74b
#2951 fix(config): accept explicitproduction=false
(@wraithgar)7b45e9df6
#2950 warn if using workspaces config options innpm config
(@ruyadorno)
c76f04ac2
#2925 fix(set-script): add completion (@Yash-Singh1)0379eab69
#2929 fix(install): ignore auditLevelnpm install
should not be affected by theauditLevel
config, as the results of audit do not change its exit status. (@wraithgar)98efadeb4
#2923 fix(audit-level): addinfo
audit level This is a valid level but wasn't configured to be allowed. Also added this param to the usage output fornpm audit
(@wraithgar)e8d2adcf4
#2945 config should not error when workspaces are configured (@nlf)aba2bc623
#2944 fix(progress): re-add progress bar to reify The logger was no longer in flatOptions, we pass it in explicitly now (@wraithgar)877b4ed29
#2946 fix(flatOptions): re-add_auth
This was not being added to flatOptions, and things likenpm-registry-fetch
are looking for it. (@wraithgar)
543b0e39b
#2930 fix(uninstall): use correct local prefix (@jameschensmith)dce4960ef
#2932 fix(config): flatten savePrefix properly (@wraithgar)
33c4189f9
#2864 addnpm run-script
workspaces support (@ruyadorno)e1b3b318f
#2886 addnpm exec
workspaces support (@ruyadorno)41facf643
#2859 expanded "Did you mean?" suggestions for missing cmds and scripts (@wraithgar)
8cce4282f
#2865npm publish
: handle case where multiple config list is present (@kenrick95)6598bfe86
mark deprecated configs (@isaacs)8a38afe77
#2881 docs(package-json): document default main behavior (@klausbayrhammer)93a061d73
#2917 add action items tonpm run
error output (@wraithgar)
ad65bd910
#2860 fix link in configuring-npm (@varmakarthik12)b419bfb02
#2876 fix test-coverage command in contributing guide (@chowkapow)
7b5606b93
@npmcli/arborist@2.2.9
- #254 Honor explicit prefix when saving dependencies (@jameschensmith)
- #255 Never save to
bundleDependencies
when saving apeer
orpeerOptional
dependency. (@isaacs)
f76e7c21f
pacote@11.3.1
- increases tarball compression level
4928512bc
semver@7.3.5
- fix handling prereleases/ANY ranges in subset
1924eb457
libnpmversion@1.0.12
- fix removing undescored-prefixed package.json properties in
npm version
- fix removing undescored-prefixed package.json properties in
916623056
@npmcli/run-script@1.8.4
- fix expanding windows-style environment variables
a8d0751e4
npm-pick-manifest@6.1.1
- fix running packages with a single executable binary with
npm exec
- fix running packages with a single executable binary with
af7eaac50
hosted-git-info@4.0.1
f52c51db1
@npmcli/config@2.0.0
57ed390d6
@npmcli/arborist@2.2.8
- Respect link deps when calculating peerDep sets
e0a3a5218
#2831 Fix cb() never called in search with --json option (@fraqe)85a8694dd
#2795 fix(npm.output): make output go through npm.output (@wraithgar)9fe0df5b5
#2821 fix(usage): clean up usage declarations (@wraithgar)
7f470b5c2
@npmcli/arborist@2.2.7
- fix(install): Do not revert a file: dep to version on bare name re-install
e9b7fc275
libnpmdiff@2.0.4
- fix(diff): Gracefully handle packages with prepare script
c7314aa62
byte-size@7.0.1
864f48d43
pacote@11.3.0
3c9a589b0
#2807npm explain
show when an edge is a bundled edge (@kumavis)b33c760ce
#2766 unused arguments cleanup (@sandersn)4a5dd3a5a
#2772 fix(npm) pass npm context everywhere (@wraithgar)e69be2ac5
#2789 fix npm prefix on all Windows unix shells (@isaacs)2d682e4ca
#2803 fix(search): don't pass unused args (@wraithgar)b3e7dd19b
#2822 fix(diff): set option "where" for pacote (@ruyadorno)96006640b
#2824 fix(repo, auth.sso): don't promisify open-url (@wraithgar)
c8b73db82
#2690 fix(docs): update scripts docs (@wraithgar)5d922394b
#2809 update republish timeout after unpublish (@BAJ-)
2d4ae598f
@npmcli/arborist@2.2.6
b9fa7e32a
chore(package-lock): resetdeps andeslint@7.20.0
(@wraithgar)28d036ae9
arborist@2.2.5
- fix: hidden lockfiles were not respected on Node v10.0-10.12
ba1adef42
#2760 chore(docs): capitalize all Instaces of "package" (@MrBrain295)8bfa05fa1
#2775 chore(docs): add navigation configuration (@ethomson)238e474a4
#2778 chore(docs):update unpublish cooldown (@christoflemke)
3c72ab441
#2749 Capitalize Package in a Heading (@MrBrain295)
f3ae6ed0d
read-package-json@3.0.1
,read-package-json-fast@2.0.2
9b311fe52
#2736@npmcli/arborist@2.2.4
:- Do not rely on underscore fields in
package.json
files - Do not remove global packages when updating by name
- Keep
yarn.lock
andpackage-lock.json
more in sync
- Do not rely on underscore fields in
49c95375a
#2688 fix shrinkwrap in node v10.0 (@ljharb)00afa3161
#2718 restore the prefix on output fromnpm version <inc>
(@nlf)69e0c4e8c
#2716 throw an error when trying to dedupe in global mode (@nlf)b018eb842
#2719 obey silent loglevel in run-script (@wraithgar)
8c36697df
@npmcli/arborist@2.2.3
- #1875
arborist#230
Set default advisory
severity
/vulnerable_range
when missing from audit endpoint data (@isaacs) - npm/arborist#231 skip optional deps with mismatched platform or engine (@nlf)
- #2251 Unpack shrinkwrapped deps not already unpacked (@isaacs, @nlf)
- #2714 Do not write package.json if nothing changed (@isaacs)
- npm/rfcs#324 Prefer peer over prod dep, if both specified (@isaacs)
- npm/arborist#236 Fix additional peerOptional conflict cases (@isaacs)
- #1875
arborist#230
Set default advisory
d865b101f
libnpmpack@2.0.1
- respect silent loglevel
e606953e5
libnpmversion@1.0.11
- respect silent loglevel
9c51005a1
npm-package-arg@8.1.1
- do a better job of detecting git specifiers like
git@github.com:npm/cli
- do a better job of detecting git specifiers like
8b6bf0db4
pacote@11.2.7
- respect silent loglevel
- fix INVALID_URL errors for certain git dependencies
80c2ac995
#2717 refactor publish tests (@wraithgar)9d81e0ceb
#2729 fix typo in shrinkwrap tests (@eltociear)
e3de7befb
#2685 docs(readme): add note back about branding/origin (@darcyclarke)38d87e7c2
#2698 mention nodenv in README.md (@RA80533)af4422cdb
#2711 validate that the docs can be parsed by mdx (@ethomson)
ef687f545
#2655 fix(env): Do not clobber defined 'env' script (@isaacs)868954a72
#2654 [fix] node v10.0 lacksfs.promises
(@ljharb)
14dd93853
fix(package.json): resetdeps (@wraithgar)39e4a6401
graceful-fs@4.2.6
96dffab98
eslint-plugin-promise@4.3.1
9a6e9d38a
@npmcli/run-script@1.8.3
- fix fs.promises reference to run in node v10.0
584b746a2
@npmcli/git@2.0.5
6305ebde4
make-fetch-happen@8.0.14
e99881117
libnpmversion@1.0.10
554d91cdf
chore(package-lock): rebuild package-lock (@wraithgar)37e8cc507
@npmcli/arborist@2.2.2
7788ce47b
@npmcli/map-workspaces@1.0.3
3a159d27e
#2681 fix(tests): rewrite doctor tests (@ljharb)abcc96a20
#2682 [tests] separate tests from linting and license validation (@ljharb)
df596bf4c
fix(publish): follow all configs for registry auth check #2602 (@wraithgar)6d7afb03c
#2613 install script: pass -q to curl calls to disable user .curlrc files (@nlf)
3294fed6f
pacote@11.2.5
- prevent infinite recursion in git dep preparation
0f7a3a87c
read-package-json-fast@2.0.1
- avoid duplicating optionalDependencies as dependencies in package.json
6f46b0f7f
init-package-json@2.0.2
df4f65acc
@npmcli/arborist@2.2.0
7038c2ff4
@npmcli/run-script@1.8.2
54cd4c87a
libnpmversion@1.0.8
9ab36aae4
graceful-fs@4.2.5
e1822cf27
@npmcli/installed-package-contents@1.0.7
37613e4e6
#2395 #2329 fix(exec): use latest version when possible (@wraithgar)567c9bd03
fix(lib/npm): do not clobber config.execPath (@wraithgar)
0ea134e41
#2587 pass all settings through to pacote.packument, fixes #2060 (@nlf)8c5ca2f51
Add test for npm-usage.js, and fix 'npm --long' output (@isaacs)
7e4e88e93
@npmcli/arborist@2.1.1
,pacote@11.2.4
- Properly raise ERESOLVE errors on root dev dependencies
- Ignore ERESOLVE errors when performing git dep 'prepare' scripts
- Always reinstall packages that are explicitly requested
- fix global update all so it actually updates things
- Install bins properly when global root is a link (@isaacs)
23dac2fef
#2557 npm team revamp (@ruyadorno)dd05ba0c0
#2572 add note about--force
overriding peer dependencies (@isaacs)e27639780
#2584 Fixed the spelling of contributor as it was written as conributor (@pavanbellamkonda)13a5e3178
#2502 elaborate that npm help uses browser (@ariccio)
d011266b7
#1319 add npm diff command (@ruyadorno)
8d3fd63aa
#2559 updates to readme, removal, contributing and several other docs (@darcyclarke)7772d9f9f
#2542 fix grammar on caching docs for search, exec and init (@wraithgar)52e8a1aef
#2558 refreshed npm updated docs (@ruyadorno)abae00ca0
#2565 update npm command docs (@wraithgar)9351cbf9a
#2566 refresh npm run-script docs (@ruyadorno)
56c08863e
hosted-git-info@3.0.8
18a93f06b
ssri@8.0.1
cb768f671
@npmcli/move-file@1.1.1
32cc0a4be
minipass-fetch@1.3.3
- fixes ssl settings passthrough
530997968
@npmcli/arborist@2.1.0
- added signal handler to rollback when possible
- prevent ERESOLVEs caused by loose root dep specs
- detect conflicts among nested peerOptional deps
- properly buildIdealTree when root is a symlink
ec1f06d06
#2498 docs(npm): updatenpm
docs (@darcyclarke)
bc23284cd
#2511 remove coverage files (@ruyadorno)fcbc676b8
pacote@11.2.3
ebd3a24ff
@npmcli/arborist@2.0.6
- Preserve git+https auth when provided
e5ce6bbba
@npmcli/arborist@2.0.5
- fix creating missing dirs when using --prefix and --global
- fix omit types of deps in global installs
- fix prioritizing npm-shrinkwrap.json over package-lock.json
- better cache system for packuments
- improves audit performance
7dd0dfc59
#2459 fix(docs): clean upnpm start
docs (@wraithgar)307b3bd9f
#2460 fix(docs): clean upnpm stop
docs (@wraithgar)23f01b739
#2462 fix(docs): clean upnpm test
docs (@wraithgar)4b43656fc
#2463 fix(docs): clean upnpm prefix
docs (@wraithgar)1135539ba
a07bb8e69
9b55b798e
cd5eeaaa0
6df69ce10
dc6b2a8b0
a3c127446
#2464 fix(docs): clean upnpm uninstall
docs (@wraithgar)cfdcf32fd
#2474 fix(docs): clean upnpm unpublish
docs (@wraithgar)acd5b062a
#2475 fix(docs): updatepackage-lock.json
docs (@isaacs)b0b0edf6d
#2482 fix(docs): clean upnpm token
docs (@wraithgar)35559201a
#2487 fix(docs): clean upnpm search
docs (@wraithgar)
d01746a5a
#2444 #1103 Remove deprecatedprocess.umask()
(@isaacs)b2e2edf8a
#2422 npm publish --dry-run should not check login status (@buyan302)99156df80
#2448 #2425 pass extra arguments directly to run-script as an array (@nlf)907b34b2e
#2455 fix(ci): pay attention to --ignore-scripts (@wraithgar)
a390d7456
#2440 Updated the url for RFC 19 so that it isn't a 404. (@therealjeffg)e02b46ad7
#2436 Grammatical Fix in npm-ls Documentation 'Therefore' is spelled 'Therefor' (@marsonya)0fed44dea
#2417 Fix npm bug reporting url (@AkiaCode)
9eef63849
Pass full set of options to login helper functions. This fixesnpm login --no-strict-ssl
, as well as a host of other options that one might want to set while logging in. Reported by: @toddself (@isaacs)628a554bc
#2358 fix doctor test to work correctly for node pre-release versions (@nlf)be4a0900b
#2360 raise an error early if publishing without login, registry (@isaacs)44d433105
#2366 Include prerelease versions when deprecating (@tiegz)cba3341da
#2373 npm profile refactor (@ruyadorno)7539504e3
#2382 remove the metrics sender (@nlf)
b98569a8c
add note aboutINIT_CWD
to run-script doc292929279
#2368 Revert bug-reporting links to GH. Re: https://blog.npmjs.org/post/188841555980/updates-to-community-docs-more (@tiegz)f4560626f
updateISSUE_TEMPLATE
with modern links (@isaacs)bc1c567ed
update npm command doc feature request links (@isaacs)0ad958fe1
#2381 (docs,test): assorted typo fixes (@XhmikosR)
beb371800
#2334 remove unused top level dep tough-cookie (@darcyclarke)d45e181d1
#2335ini@2.0.0
,@npmcli/config@1.2.7
(@isaacs)ef4b18b5a
#2309@npmcli/arborist@2.0.2
- properly remove deps when no lockfile and package.json is present
c6c013e6e
readdir-scoped-modules@1.1.0
a1a2134aa
remove unused sorted-object dep (@nlf)85c2a2d31
#2344 remove editor dependency (@nlf)
3a6dd511c
npm edit (@nlf)3ba5de4e7
#2347 npm help-search (@nlf)6caf19f49
#2348 npm help (@nlf)cb5847e32
#2349 npm hook (@nlf)996a2f6b1
#2353 npm org (@nlf)8c67c38a4
#2354 npm set (@nlf)
c3ba1daf7
#2033@npmcli/config@1.2.6
:- Set
INIT_CWD
to initial current working directory - Set
NODE
to initial process.execPath
- Set
8029608b9
json-parse-even-better-errors@2.3.1
0233818e6
#2332treeverse@1.0.4
e401d6bb3
ini@1.3.8
011bb1220
#2320@npmcli/arborist@2.0.1
:- Do not save with
^
and no version
- Do not save with
244c2069f
#2325 npm search include/exclude (@ruyadorno)d825e901e
#1905 #2316 run install scripts for root project315449142
#2331 #2021 SetNODE_ENV=production
if 'dev' is on the omit list (@isaacs)
c243e3b9d
#2313 tests: completion (@nlf)7ff6efbb8
#2314 npm team (@ruyadorno)7a4f0c96c
#2323 npm doctor (@nlf)
bf09e719c
@npmcli/arborist@2.0.0
- Much stricter tree integrity guarantees
- Fix issues where the root project is a symlink, or linked as a workspace
7ceb5b728
ini@1.3.6
77c6ced2a
make-fetch-happen@8.0.11
0ef25b6cd
libnpmsearch@3.1.0
:- Update to accept query params as options, so we can paginate. (@nlf)
518a66450
@npmcli/config@1.2.4
:- Do not allow path options to be set to a boolean
false
value
- Do not allow path options to be set to a boolean
3d7aff9d8
update all dependencies using latest npm to install them
2848f5940
npm/statusboard#173 #2293 npm shrinkwrap (@ruyadorno)f6824459a
#2302 npm deprecate (@nlf)b7d74b627
npm/statusboard#180 #2304 npm unpublish (@ruyadorno)
6b1575110
#2237 addnpm set-script
command (@Yash-Singh1)15d7333f8
add interactivenpm exec
(@isaacs)
def85c726
@npmcli/arborist@1.0.14
- fixes running
npm exec
from file system root folder
- fixes running
4c94673ab
semver@7.3.4
00e6028ef
@npmcli/arborist@1.0.13
- do not override user-defined shorthand values when saving
package.json
- do not override user-defined shorthand values when saving
9c3413fbc
#2034 #2245npm link <pkg>
should not savepackage.json
(@ruyadorno)
1875347f9
#2196 remove doc on obsoleteunsafe-perm
flag (@kaizhu256)f51e50603
#2200config.md
cleanup (@alexwoollam)997cbdb40
#2238 Fix broken link topackage.json
documentation (@d-fischer)9da972dc4
#2241npm star
docs cleanup (@ruyadorno)
09d21ab90
@npmcli/run-script@1.8.1
- fix a regression in how scripts are escaped
5fc56b6db
npm/statusboard#174 #2204 fix npm unstar command (@ruyadorno)7842b4d4d
npm/statusboard#182 #2205 fix npm version usage output (@ruyadorno)a0adbf9f8
#2206 #2213 fix: fix flatOptions usage in npm init (@ruyadorno)
3daaf000a
@npmcli/arborist@1.0.12
- fixes some windows specific bugs in how paths are handled and compared
084a7b6ad
#2210 docs: Fix typo (@HollowMan6)
7b89576bd
#2174 fix running empty scripts withnpm run-script
(@nlf)bc9afb195
#2002 #2184 Preserve builtin conf when installing npm globally (@isaacs)
b74c05d88
@npmcli/run-script@1.8.0
- fix windows command-line argument escaping
629a667a9
eslint@7.13.0
de9891bd2
eslint-plugin-standard@4.1.0
c3e7aa31c
#2123 #1957@npmcli/arborist@1.0.11
a8aa38513
#2134 #2156 Fixcannot read property length of undefined
inERESOLVE
explanation code (@isaacs)1dbf0f9bb
#2150 #2155 send json errors to stderr, not stdout (@isaacs)fd1d7a21b
#1927 #2154 Set process.title a bit more usefully (@isaacs)2a80c67ef
#2008 #2153 Support legacy auth tokens for registries that use them (@ruyadorno)786e36404
#2017 #2159 pass all options to Arborist fornpm ci
(@darcyclarke)b47ada7d1
#2161 fixed typo (@scarabedore)
04a3e8c10
#1962@npmcli/arborist@1.0.10
:- prevent self-assignment of parent/fsParent
- Support update options in global package space
96a0d2802
default the 'start' script when server.js present (@isaacs)7716e423e
#2075 #2071 print the registry when using 'npm login' (@Wicked7000)7046fe10c
#2122 tests fornpm cache
command (@nlf)
74325f53b
#2124@npmcli/run-script@1.7.5
:- Export the
isServerPackage
method - Proxy signals to and from foreground child processes
- Export the
0e58e6f6b
#1984 #2079 #1923 #606 #2031@npmcli/arborist@1.0.9
:- Process deps for all link nodes
- Use junctions instead of symlinks
- Use @npmcli/move-file instead of fs.rename
1dad328a1
#1865 #2106 #2084pacote@11.1.13
:- Properly set the installation command for
prepare
scripts when installing git/dir deps
- Properly set the installation command for
e090d706c
#2097libnpmversion@1.0.7
:- Do not crash when the package.json file lacks a 'version' field
8fa541a10
cmark-gfm@0.8.4
052e977b9
#1822 #1247 add section on peerDependenciesMeta field in package.json (@foxxyz)52d32d175
#1970 match npm-exec.md -p usage with lib/exec.js (@dr-js)48ee8d01e
#2096 Fix RFC links in changelog (@jtojnar)
6cd3cd08a
Support all conf keys in publishConfiga1f9be8a7
#2074 Support publishing any kind of spec, not just directories
545382df6
libnpmpublish@4.0.0
:- Support publishing things other than folders
7d88f1719
npm-registry-fetch@9.0.0
823b40a4e
pacote@11.1.12
90bf57826
npm-profile@5.0.2
e5a413577
libnpmteam@2.0.2
fc5aa7b4a
libnpmsearch@3.0.1
9fc1dee13
libnpmorg@2.0.1
0ea870ec5
libnpmhook@6.0.1
32fd744ea
libnpmaccess@4.0.1
fc76f3d9f
@npmcli/arborist@1.0.8
- Fix
cannot read property 'description' of undefined
innpm ls
whenpackage-lock.json
is corrupted - Do not allow peerDependencies to be nested under dependents in any circumstances
- Always resolve peerDependencies in
--prefer-dedupe
mode
- Fix
3990b422d
#2067 use sh as default unix shell, not bash (@isaacs)81d6ceef6
#1975 fix npm exec on folders missing package.json (@ruyadorno)2a680e91a
#2083 delete the contents ofnode_modules
only innpm ci
(@nlf)2636fe1f4
#2086 disable banner output if loglevel is silent innpm run-script
(@macno)
4156f053e
@npmcli/run-script@1.7.4
- restore the default
npm start
script
- restore the default
1900ae9ad
@npmcli/promise-spawn@1.3.2
- fix errors when processing scripts as root
8cb0c166c
@npmcli/arborist@1.0.6
- make sure missing bin links get set on reify
46c7f792a
#2047 #1935 skip the prompt when in a known ci environment (@nlf)f8f6e1fad
#2049 properly remove pycache in release script (@MylesBorins)5db95b393
#2050 pack: do not show individual files of bundled deps (@isaacs)3ee8f3b34
#2051 view: Better errors when package.json is not JSON (@isaacs)
99ae633f6
libnpmversion@1.0.6
- respect gitTagVersion = false
d4173f58d
@npmcli/promise-spawn@1.3.1
- do not return empty buffer when stdio is inherited
- attach child process to returned promise
c09380fa5
@npmcli/run-script@1.7.3
- forward SIGINT and SIGTERM to children that inherit stdio
b154861ad
@npmcli/arborist@1.0.5
ffea6596b
agent-base@6.0.2
- support http proxy for https registries
77ad86b5e
Merge docs deps with main project
cc026daf8
docs:npm-dedupe
throughnpm-install
aec77acf8
#1915 use "dockhand" for faster static documentation generation (@ethomson)aeb10d210
#2024 Fix post-install script name (@irajtaghlidi)
39ad1ad9e
#2001npm config
tests (@ruyadorno)b9c1caa8e
#2026npm owner
test and refactor (@ruyadorno)
-
ed6e6a9d3
eslint-plugin-standard@4.0.2
-
b737ee999
#2009 #2007npm-packlist@2.1.4
:- Maintain order in package.json files array globs
- Strip slashes from package files list results
-
783965508
#1997 #2000 #2005@npmcli/arborist@1.0.4
- Ensure that root is added when root.meta is set
- Include all edges in explain() output when a root edge exists
- Do not conflict on meta-peers that will not be replaced
- Install peerOptionals if explicitly requested, or dev
ce4724a38
#1986 checkresult
when determining exit code ofls <filter>
(@G-Rath)00d926f8d
#1987 don't suppress run output when--silent
is passed (@G-Rath)043da2347
improve cache clear error message (@isaacs)
a57f5c466
update docs for: access, adduser, audit, bin, bugs, build, cache, ci, completion, config and dedupe (@isaacs)5b88b72b9
remove the long-gone bundle command (@isaacs)ae09aa5c1
#1993 document --save-peer as a common option to npm install (@JakeChampion)c9993e6b1
#1982 fix url links for init-package-json/node-semver (@takenspc)
5d9df8395
node-gyp@7.1.2
9476734b7
#1967 add mention to workspaces prepare lifecycle (@ruyadorno)
5cf71c689
#1971 owner rm at local pkg not work (@ShangguanQuail)
722b7ae63
#1974 patch node-gyp (@targos)4ae825c01
#1976 patch node-gyp (@MylesBorins)181eabf13
@npmcli/arborist@1.0.3
- fix workspaces
prepare
lifecycle scripts - fix peer deps overchecks resulting in ERESOLVE
- fix workspaces
6cc115409
init-package-json@2.0.1
dbf9d6d1f
libnpmpublish@3.0.2
03fca6a3b
Adds docs on workspaces, explaining its basic concept and how to use it. (@ruyadorno)
120e62736
node-gyp@7.1.1
6560b8d95
@npmcli/arborist@1.0.2
- do not drop scope information when fetching scoped package tarballs
- fix cycles/ordering resolution when peer deps require nesting
282a1e008
npm-user-validate@1.0.1
b259edcb4
hosted-git-info@3.0.7
7bcdb3636
#1949 fix: ensurepublishConfig
is passed through (@nlf)97978462e
fix: patchconfig.js
to remove duplicate vals (@darcyclarke)
60769d757
#1911 docs: v7 npm-install refresh (@ruyadorno)08de49042
#1938 docs: v7 using npm config updates (@ruyadorno)
15366a1cf
npm-registry-fetch@8.1.5
f04a74140
init-package-json@2.0.0
1de21dce0
fix: support dot-separated aliases defined in a.npmrc
ini files forinit-*
configs (@ruyadorno)
a67275cd9
eslint@7.11.0
6fb83b78d
hosted-git-info@3.0.6
1ca30cc9b
libnpmfund@1.0.0
28a2d2ba4
@npmcli/arborist@1.0.0
- npm/rfcs#239 Improve handling
of conflicting
peerDependencies
in transitive dependencies, so that--force
will always accept a best effort override, and--strict-peer-deps
will fail faster on conflicts.
- npm/rfcs#239 Improve handling
of conflicting
9306c6833
libnpmfund@1.0.1
fafb348ef
npm-package-arg@8.1.0
365f2e756
read-package-json@3.0.0
09b456f2d
@npmcli/config@1.2.1
e859fba9e
#1936 fix npx for non-interactive shells (@nlf)9320b8e4f
#1906 restore old npx behavior of running existing bins first (@nlf)7bd47ca2c
@npmcli/arborist@0.0.33
- fixed handling of invalid package.json file
02737453b
make-fetch-happen@8.0.10
- do not calculate integrity values of http errors
d816c2efa
c8f0d5457
d48086d0d
f34595f2e
#1902 tests for several commands (@nlf)6d49207db
#1903 Revert "Remove unused npx binary" (@MylesBorins)138dfc202
set executable permissions on bins that node installer usesb06d68078
@npmcli/arborist@0.0.32
- Do not remove
node_modules
folders from Workspaces whenloadActual
races withbuildIdealTree
(@ruyadorno)
- Do not remove
2509e3a1b
uuid@8.3.1
6de81a013
@npmcli/run-script@1.7.2
- Fix regression running 'install' scripts when package.json does not contain a scripts object
281a7f39a
@npmcli/arborist@0.0.31
- Allow
npm update
to update bundled root dependencies - Only do implicit node-gyp build for gyp files named
binding.gyp
- Allow
384f5ec47
update minipass-fetch to fix many 'cb() never called' errors7b1e75906
@npmcli/run-script@1.7.1
- Only do implicit node-gyp build for gyp files named
binding.gyp
- Only do implicit node-gyp build for gyp files named
c20e2f0c7
#1892 Support--omit
options in npm outdated
3b417055c
#1859 fixproxy
andhttps-proxy
config support (@badeggg)dd7d7a284
@npmcli/arborist@0.0.30
- #1849 Do not drop peer/dev dep while saving if both set
- Do not install or build if there is a global top bin conflict
- Default to building node-gyp dependencies
40c17e12c
cli-table3@0.6.0
47a8ca1d7
byte-size@7.0.0
81073f99a
eslint@7.10.0
67793abd4
eslint-plugin-import@2.22.1
a27e8d006
is-cidr@4.0.2
893fed45e
marked-man@0.7.0
bc20e0c8a
rimraf@3.0.2
a2b8fd3c1
uuid@8.3.0
ee4c85b87
write-file-atomic@3.0.3
4bdad5fdf
bin-links@2.2.1
c394937ec
@npmcli/run-script@1.7.0
- Default to building node-gyp dependencies and projects
- remove many unused dependencies
(@ruyadorno)
558e9781a
deep-equal2aa9a1f8a
requestd77594e52
npm-registry-couchapp8ec84d9f6
tacksa07b421f7
lincesee41126e165
npm-cache-filename130da51b5
npm-registry-mockb355af486
sprintf-js721c0a873
uid-number9c920e5f5
umaskaae1c38bb
config-chain450845eac
find-npm-prefix963d542d3
has-unicodecad9cbc70
infer-owner3ae02914d
lockfile7bc474d7c
once5c5e0099a
retrycfaddd334
sha3a978ffc7
slide
405e051f7
Fix EBADPLATFORM error message (@#1876)e4d911d21
@npmcli/arborist@0.0.28
- fix: workspaces install entering an infinite loop
- Save provided range if not a subset of savePrefix
- package-lock.json custom indentation
- Check engine and platform when building ideal tree
90550b2e0
#1853 test coverage and refactor for token command (@nlf)2715220c9
#1858 #1813 do not include omitted optional dependencies in install output (@ruyadorno)e225ddcf8
#1862 #1861 respect depth when runningnpm ls <pkg>
(@ruyadorno)2469ae515
#1870 #1780 Add 'fetch-timeout' config (@isaacs)52114b75e
#1871 fixnpm ls
for linked dependencies (@ruyadorno)9981211c0
#1857 #1703 fixnpm outdated
parsing invalid specs (@ruyadorno)
24f3a5448
#1811 npm ci should never save package.json or lockfile (@isaacs)5e780a5f0
remove unused spec parameter, assign error code (@nlf)f019a248a
Remove unused npx binary (@isaacs)db157b3ce
@npmcli/arborist@0.0.27
- Resolve race condition with conflicting bin links in local installs
- #1812 Log engine mismatches more usefully
- #1814 Do not loop trying to resolve dependencies that fail to load
- npm/rfcs#224 Do not automatically install optional peer dependencies
- Add the
strictPeerDeps
option, defaulting tofalse
- fix forwarding configs to resolve pkg spec when adding new deps
b3a50d275
#1846@npmcli/run-script@1.6.0
- This updates node-gyp to v7, allowing us to deduplicate a lot of significant dependencies.
a1d375f6b
#1819 Add--strict-peer-deps
option (@isaacs)5837a4843
#1699 Use allow/deny list in docs (@luciomartinez)
63005f4a9
#1639 npm view should not output extra newline (@MylesBorins)3743a42c8
#1750 add outdated tests (@claudiahdz)2019abdf1
#1786 add lib/link.js tests (@ruyadorno)2f8d11968
@npmcli/arborist@0.0.25
- add meta vulnerability calculator for faster audits
- changed parsing specs to be relative to cwd
- fix logging script execution
- fix properly following resolved symlinks
- fix package.json dependencies order
49b2bf5a7
@npmcli/config@1.1.8
- fix unknown envs to be passed through
- fix setting correct globalPrefix on load
f9aac351d
libnpmversion@1.0.5
- fix git ignored lockfiles
-
ef8f5676b
#1757 view: always fetch fullMetadata, and preferOnline -
a36e2537f
outdated: don't throw on non-version/tag/range dep -
371f0f062
@npmcli/arborist@0.0.20
- Provide explanation objects for
ERESOLVE
errors - Support overriding certain classes of
ERESOLVE
errors with--force
- Detect changes to package.json requiring package-lock dependency flag re-evaluation
- Provide explanation objects for
-
8e3e83bd4
@npmcli/arborist@0.0.21
- Remove bin links on prune
- Remove unnecessary tree walk for workspace projects
- Install workspaces on update:true
-
d6b134fd9
#1738 #1734 fix package spec parsing during cache add process (@mjeanroy) -
f105eb833
npm-audit-report@2.1.4
:- Do not crash on cyclical meta-vulnerability references
-
03a9f569b
opener@1.5.2
-
5616a23b4
@npmcli/git@2.0.4
- Support
.git
files, so that git worktrees are respected
- Support
834e62a0e
- fix: npm ls extraneous workspaces
@npmcli/arborist@0.0.19
758b02358
#1739 add full install options to npm exec (@ruyadorno)2ee7c8a98
@npmcli/config@1.1.7
(@ruyadorno)
b38f68acd
ensurenpm-command
HTTP header is sent properly9f200abb9
Properly exit with error status codeaa0152b58
#1719 Detect CI properly50f9740ca
#1717 fund with multiple funding sources (@ruyadorno)3a63ecb6f
#1718 RFC-0029 add ability to skip pre/post hooks tonpm run-script
by using--ignore-scripts
(@ruyadorno)
-
707207bdd
add@npmcli/config
dependency -
5cb9a1d4d
#1688 use@npmcli/config
for configuration (@isaacs) -
a4295f5db
npm-registry-fetch@8.1.4
:- Redact passwords from HTTP logs
-
a5a6a516d
json-parse-even-better-errors@2.3.0
:- Adds support for indentation/newline formatting preservation
-
a14054558
read-package-json-fast@1.2.1
:- Adds support for indentation/newline formatting preservation
-
f8603c8af
libnpmversion@1.0.4
:- Adds support for indentation/newline formatting preservation
-
9891fa71c
read-package-json@2.1.2
:- Adds support for indentation/newline formatting preservation
-
b44768aac
#1662 #1693 #1690@npmcli/arborist@0.0.17
:- Load root project
package.json
when running loadVirtual. - Fetch metadata from registry when loading tree from outdated package-lock.json file. This avoids a situation where a lockfile or shrinkwrap from npm v5 would result in deleting dependencies on install.
- Preserve
package.json
andpackage-lock.json
formatting in all places where these files are written.
- Load root project
-
281da6fdc
tar@6.0.5
-
1faa5b33d
#1655 show usage whenhelp-search
finds no results -
88e4241c5
#1698 add lib/logout.js unit tests (@ruyadorno)
b718b0e28
#1657 display multiple versions when using--json
withnpm view
(@claudiahdz)9e7cc42f6
#1071 migrate frommeant
toleven
(@jamesgeorge007)85027f40c
#1664 refactor and add tests fornpm adduser
(@ruyadorno)6e03e5583
#1672 refactor and add tests fornpm audit
(@claudiahdz)
Replace some environment variables that were excluded. This implements the amendment to RFC0021.
Bring back support for npm audit --production
, fix a minor npm version
annoyance, and track down a very serious issue where a project could be
blown away when it matches a meta-dep in the tree.
5fb217701
#1641@npmcli/arborist@0.0.15
3598fe1f2
@npmcli/arborist@0.0.16
Add support fornpm audit --production
8ba2aeaee
libnpmversion@1.0.3
New notification style for updates, and a working doctor.
cf2819210
#1622 Improve abbrevs for install and helpd062b2c02
new npm-specific update-notifier implementationf6d468a3b
update doctor commandb8b4d77af
#1638 Direct users to our GitHub issues instead of npm.community
Fix some issues found in the beta pubish process, and initial attempts to use npm v7 with citgm.
2c305e8b7
output generated tarball filename0808328c9
pack: set correct filename for scoped packages (@isaacs)cf27df035
@npmcli/arborist@0.0.14
(@isaacs)
Major refactoring and overhaul of, well, pretty much everything. Almost
all dependencies have been updated, many have been removed, and the entire
Installer
class is moved into
@npmcli/arborist
.
- You can install GitHub pull requests by adding
#pull/<number>
to the git url. So it'd be something likenpm install github:user/project#pull/123
to install PR number 123 of theuser/project
git repo. You can of course also use this in dependencies, or anywhere else dependency specifiers are found. - Initial Workspaces support is added. If you
npm install
in a project with aworkspaces
declaration, npm will install all your sub-projects' dependencies as well, and link everything up proper. npm exec
is added, to run any arbitrary command as if it was an npm script. This is sort of likenpx
, which is also ported to usenpm exec
under the hood.npm audit
output is tightened up, and prettified. Audit can also now fix a few more classes of problems, sends far less data over the wire, and doesn't place blame on the wrong maintainers. (Technically this is a breaking change if you depend on the specific audit output, but it's also a big improvement!)npm install
got faster. Like a lot faster. "So fast you'll think it's broken" faster.npm ls
got even fasterer. A lot of stuff sped up, is what we're saying.- Support has been dropped for Node.js versions less than v10.
The Semantic Versioning specification precisely defines what constitutes a "breaking" change. In a nutshell, it's any change that causes a you to change your code in order to start using our code. We hasten to point this out, because a "breaking change" does not mean that something about the update is "broken", necessarily.
We're sure that some things likely are broken in this beta, because beta software, and a healthy pessimism about things. But nothing is "broken" on purpose here, and if you find a bug, we'd love for you to let us know.
It's beta software!
We have not yet gotten to 100% test coverage of the npm CLI codebase. As such, there are almost certainly bugs lying in wait. We do have 100% test coverage of most of the commands, and all recently-updated dependencies in the npm stack, so it's certainly more well-tested than any version of npm before.
The documentation is incorrect and out of date in most places. Prior to a GA release, we'll be going through all of our documentation with a fine-toothed comb to minimize the lies that it tells.
There are a few cases where this release will just say something failed, and not give you as much help as we'd like. We know, and we'll fix that prior to the GA 7.0.0 release.
In particular, if you install a project that has conflicting
peerDependencies
in the tree, it'll just say "Unable to resolve package
tree". Prior to GA release, it'll tell you how to fix it. (For the time
being, just run it again with --legacy-peer-deps
, and that'll make it
operate like npm v6.)
There is a known performance issue in some cases that we've identified
where npm audit
can spin wildly out of control like a dancer gripped by a
fever, heating up your laptop with fires of passion and CPU work. This
happens when a vulnerability is in a tree with a lot of cross-linked
dependencies that all depend on one another.
We have a fix for it, but if you run into this issue, you can run with
--no-audit
to tell npm to chill out a little bit.
That's about it! It's ready to use, and you should try it out.
Now on to the list of BREAKING CHANGES!
- RFC
20
The CLI and its dependencies no longer use the
figgy-pudding
library for configs. Configuration is done using a flat plain old JavaScript object. - The
lib/fetch-package-metadata.js
module is removed. Usepacote
to fetch package metadata. @npmcli/arborist
should be used to do most things programmatically involving dependency trees.- The
onload-script
option is no longer supported. - The
log-stream
option is no longer supported. npm.load()
MUST be called with two arguments (the parsed cli options and a callback).npm.root
alias fornpm.dir
removed.- The
package.json
in npm now defines anexports
field, making it no longer possible torequire()
npm's internal modules. (This was always a bad idea, but now it won't work.)
The following affect all commands that contact the npm registry.
referer
header no longer sentnpm-command
header added
The environment for lifecycle scripts (eg, build scripts, npm test
, etc.)
has changed.
-
RFC 21 Environment no longer includes
npm_package_*
fields, ornpm_config_*
fields for default configs.npm_package_json
,npm_package_integrity
,npm_package_resolved
, andnpm_command
environment variables added. -
RFC 22 Scripts run during the normal course of installation are silenced unless they exit in error (ie, with a signal or non-zero exit status code), and are for a non-optional dependency.
-
RFC 24
PATH
environment variable includes allnode_modules/.bin
folders, even if found outside of an existingnode_modules
folder hierarchy. -
The
user
,group
,uid
,gid
, andunsafe-perms
configurations are no longer relevant. When npm is run as root, scripts are always run with the effectiveuid
andgid
of the working directory owner. -
Commands that just run a single script (
npm test
,npm start
,npm stop
, andnpm restart
) will now run their script even if--ignore-scripts
is set. Prior to the GA v7.0.0 release, they will not run the pre/post scripts, however. (So, it'll be possible to runnpm test --ignore-scripts
to run your test but not your linter, for example.)
The npx
binary was rewritten in npm v7, and the standalone npx
package
deprecated when v7.0.0 hits GA. npx
uses the new npm exec
command
instead of a separate argument parser and install process, with some
affordances to maintain backwards compatibility with the arguments it
accepted in previous versions.
This resulted in some shifts in its functionality:
- Any
npm
config value may be provided. - To prevent security and user-experience problems from mistyping package
names,
npx
prompts before installing anything. Suppress this prompt with the-y
or--yes
option. - The
--no-install
option is deprecated, and will be converted to--no
. - Shell fallback functionality is removed, as it is not advisable.
- The
-p
argument is a shorthand for--parseable
in npm, but shorthand for--package
in npx. This is maintained, but only for thenpx
executable. (Ie, runningnpm exec -p foo
will be different from runningnpx -p foo
.) - The
--ignore-existing
option is removed. Locally installed bins are always present in the executed processPATH
. - The
--npm
option is removed.npx
will always use thenpm
it ships with. - The
--node-arg
and-n
options are removed. - The
--always-spawn
option is redundant, and thus removed. - The
--shell
option is replaced with--script-shell
, but maintained in thenpx
executable for backwards compatibility.
We do intend to continue supporting the npx
that npm ships; just not the
npm install -g npx
library that is out in the wild today.
- RFC
13
Installed
package.json
files no longer are mutated to include extra metadata. (This extra metadata is stored in the lockfile.) package-lock.json
is updated to a newer format, using"lockfileVersion": 2
. This format is backwards-compatible with npm CLI versions using"lockfileVersion": 1
, but older npm clients will print a warning about the version mismatch.yarn.lock
files used as source of package metadata and resolution guidance, if available. (Prior to v7, they were ignored.)
These changes affect install
, ci
, install-test
, install-ci-test
,
update
, prune
, dedupe
, uninstall
, link
, and audit fix
.
-
RFC 25
peerDependencies
are installed by default. This behavior can be disabled by setting thelegacy-peer-deps
configuration flag.BREAKING CHANGE: this can cause some packages to not be installable, if they have unresolveable peer dependency conflicts. While the correct solution is to fix the conflict, this was not forced upon users for several years, and some have come to rely on this lack of correctness. Use the
--legacy-peer-deps
config flag if impacted. -
RFC 23 Support for
acceptDependencies
is added. This can result in dependency resolutions that previous versions of npm will incorrectly flag as invalid. -
Git dependencies on known git hosts (GitHub, BitBucket, etc.) will always attempt to fetch package contents from the relevant tarball CDNs if possible, falling back to
git+ssh
for private packages.resolved
value inpackage-lock.json
will always reflect thegit+ssh
url value. Saved value inpackage.json
dependencies will always reflect the canonical shorthand value. -
Support for the
--link
flag (to install a link to a globall-installed copy of a module if present, otherwise install locally) has been removed. Local installs are always local, andnpm link <pkg>
must be used explicitly if desired. -
Installing a dependency with the same name as the root project no longer requires
--force
. (That is, theENOSELF
error is removed.)
- RFC
26
First phase of
workspaces
support is added. This changes npm's behavior when a root project'spackage.json
file contains aworkspaces
field.
- RFC
19
Update all dependencies when
npm update
is run without any arguments. As it is no longer relevant,--depth
config flag removed fromnpm update
.
- RFC
27
Remove
--depth
config fromnpm outdated
. Only top-level dependencies are shown, unless--all
config option is set.
- The
--sso
options are deprecated, and will print a warning.
-
Output and data structure is significantly refactored to call attention to issues, identify classes of fixes not previously available, and remove extraneous data not used for any purpose.
BREAKING CHANGE: Any tools consuming the output of
npm audit
will almost certainly need to be updated, as this has changed significantly, both in the readable and--json
output styles.
-
Performs a full dependency tree reification to disk. As a result,
npm dedupe
can cause missing or invalid packages to be installed or updated, though it will only do this if required by the stated dependency semantics. -
Note that the
--prefer-dedupe
flag has been added, so that you may install in a maximally deduplicated state from the outset.
- Human readable output updated, reinstating depth level to the printed output.
- Extraneous dependencies are listed based on their location in the
node_modules
tree. npm ls
only prints the first level of dependencies by default. You can make it print more of the tree by using--depth=<n>
to set a specific depth, or--all
to print all of them.
- Generated gzipped tarballs no longer contain the zlib OS indicator. As a result, they are truly dependent only on the contents of the package, and fully reproducible. However, anyone relying on this byte to identify the operating system of a package's creation may no longer rely on it.
- Runs package installation scripts as well as re-creating links to bins.
Properly respects the
--ignore-scripts
and--bin-links=false
configuration options.
- These two internal commands were removed, as they are no longer needed.
- When no test is specified, will fail with
missing script: test
rather than injecting a syntheticecho 'Error: no test specified'
test script into thepackage.json
data.
Huge thanks to the people who wrote code for this update, as well as our group of dedicated Open RFC call participants. Your participation has contributed immeasurably to the quality and design of npm.