Skip to content
This repository has been archived by the owner on Aug 11, 2022. It is now read-only.

v2.8.0
Compare
Choose a tag to compare
@othiym23 othiym23 released this 13 Apr 02:36
v2.8.0
8767113

WE WILL NEVER BE DONE FIXING NPM'S GIT SUPPORT

If you look at the last release's release notes, you will note that they confidently assert that it's perfectly OK to force all GitHub URLs through the same git: -> git+ssh: fallback flow for cloning. It turns out that many users depend on git+https: URLs in their build environments because they use GitHub auth tokens instead of SSH keys. Also, in some cases you just want to be able to explicitly say how a given dependency should be cloned from GitHub.

Because of the way we resolved the inconsistency in GitHub shorthand handling before, this turned out to be difficult to work around. So instead of hacking around it, we completely redid how git is handled within npm and its attendant packages. Again. This time, we changed things so that normalize-package-data and read-package-json leave more of the git logic to npm itself, which makes handling shorthand syntax consistently much easier, and also allows users to resume using explicit, fully-qualified git URLs without npm messing with them.

Here's a summary of what's changed:

  • Instead of converting the GitHub shorthand syntax to a git+ssh:, git:, or
    git+https: URL and saving that, save the shorthand itself to
    package.json.
  • If presented with shortcuts, try cloning via the git protocol, SSH, and HTTPS
    (in that order).
  • No longer prompt for credentials -- it didn't work right with the spinner,
    and wasn't guaranteed to work anyway. We may experiment with doing this a
    better way in the future. Users can override this by setting GIT_ASKPASS in
    their environment if they want to experiment with interactive cloning, but
    should also set --no-spin on the npm command line (or run npm config set spin=false).
  • EXPERIMENTAL FEATURE: Add support for github:, gist:, bitbucket:,
    and gitlab: shorthand prefixes. GitHub shortcuts will continue to be
    normalized to org/repo instead of being saved as github:org/repo, but
    gitlab:, gist:, and bitbucket: prefixes will be used on the command
    line and from package.json. BE CAREFUL WITH THIS. package.json files
    published with the new shorthand syntax can only be read by npm@2.8.0 and
    later, and this feature is mostly meant for playing around with it. If you
    want to save git dependencies in a form that older versions of npm can read,
    use --save-exact, which will save the git URL and resolved commit hash of
    the head of the branch in a manner simiilar to the way that --save-exact
    pins versions for registry dependencies. This is documented (so check npm help install for details), but we're not going to make a lot of noise about
    it until it has a chance to bake in a little more.

It is @othiym23's sincere hope that this will resolve all of the inconsistencies users were seeing with GitHub and git-hosted packages, but given the level of change here, that may just be a fond wish. Extra testing of this release is requested.

  • 6b0f588
    #7867 Use git shorthand and git
    URLs as presented by user. Support new hosted-git-info shortcut syntax.
    Save shorthand in package.json. Try cloning via git:, git+ssh:, and
    git+https:, in that order, when supported by the underlying hosting
    provider. (@othiym23)
  • 75d4267
    #7867 Document new GitHub, GitHub
    gist, Bitbucket, and GitLab shorthand syntax.
    (@othiym23)
  • 7d92c75
    #7867 When --save-exact is used
    with git shorthand or URLs, save the fully-resolved URL, with branch name
    resolved to the exact hash for the commit checked out.
    (@othiym23)
  • 9220e59
    #7867 Ensure that non-prefixed and
    non-normalized GitHub shortcuts are saved to package.json.
    (@othiym23)
  • dd398e9
    #7867 hosted-git-info@2.1.1:
    Ensure that gist: shorthand survives being round-tripped through
    package.json. (@othiym23)
  • 33d1420
    #7867 hosted-git-info@2.1.0: Add
    support for auth embedded directly in git URLs.
    (@othiym23)
  • 23a1d5a
    #7867 hosted-git-info@2.0.2: Make
    it possible to determine in which form a hosted git URL was passed.
    (@iarna)
  • eaf75ac
    #7867
    normalize-package-data@2.0.0: Normalize GitHub specifiers so they pass
    through shortcut syntax and preserve explicit URLs.
    (@iarna)
  • 95e0535
    #7867 npm-package-arg@4.0.0: Add
    git URL and shortcut to hosted git spec and use hosted-git-info@2.0.2.
    (@iarna)
  • a808926
    #7867
    realize-package-specifier@3.0.0: Use npm-package-arg@4.0.0 and test
    shortcut specifier behavior. (@iarna)
  • 6dd1e03
    #7867 init-package-json@1.4.0:
    Allow dependency on read-package-json@2.0.0.
    (@iarna)
  • 63254bb
    #7867 read-installed@4.0.0: Use
    read-package-json@2.0.0. (@iarna)
  • 254b887
    #7867 read-package-json@2.0.0:
    Use normalize-package-data@2.0.0. (@iarna)
  • 0b9f8be
    #7867 npm-registry-client@6.3.0:
    Mark compatibility with normalize-package-data@2.0.0 and
    npm-package-arg@4.0.0. (@iarna)
  • f40ecaa
    #7867 Extract a common method to
    use when cloning git repos for testing.
    (@othiym23)

TEST FIXES FOR NODE 0.8

npm continues to get closer to being completely green on Travis for Node 0.8.

SMALL FIX AND DOC TWEAK

  • 20e9003
    tar@2.0.1: Fix regression where relative symbolic links within an
    extraction root that pointed within an extraction root would get normalized
    to absolute symbolic links. (@isaacs)
  • 2ef8898
    #7879 Better document that npm publish --tag=foo will not set latest to that version.
    (@linclark)
Assets 2
Loading