diff options
Diffstat (limited to 'deps/node/deps/npm/CHANGELOG.md')
| -rw-r--r-- | deps/node/deps/npm/CHANGELOG.md | 1633 |
1 files changed, 0 insertions, 1633 deletions
diff --git a/deps/node/deps/npm/CHANGELOG.md b/deps/node/deps/npm/CHANGELOG.md deleted file mode 100644 index 794ae106..00000000 --- a/deps/node/deps/npm/CHANGELOG.md +++ /dev/null @@ -1,1633 +0,0 @@ -## v6.7.0 (2019-01-23): - -Hey y'all! This is a quick hotfix release that includes some important fixes to -`npm@6.6.0` related to the large rewrite/refactor. We're tagging it as a feature -release because the changes involve some minor new features, and semver is -semver, but there's nothing major here. - -### NEW FEATURES - -* [`50463f58b`](https://github.com/npm/cli/commit/50463f58b4b70180a85d6d8c10fcf50d8970ef5e) - Improve usage errors to `npm org` commands and add optional filtering to `npm - org ls` subcommand. - ([@zkat](https://github.com/zkat)) - -### BUGFIXES - -* [`4027070b0`](https://github.com/npm/cli/commit/4027070b03be3bdae2515f2291de89b91f901df9) - Fix default usage printout for `npm org` so you actually see how it's supposed - to be used. - ([@zkat](https://github.com/zkat)) -* [`cfea6ea5b`](https://github.com/npm/cli/commit/cfea6ea5b67ec5e4ec57e3a9cb8c82d018cb5476) - fix default usage message for npm hook - ([@zkat](https://github.com/zkat)) - -### DOCS - -* [`e959e1421`](https://github.com/npm/cli/commit/e959e14217d751ddb295565fd75cc81de1ee0d5b) - Add manpage for `npm org` command. - ([@zkat](https://github.com/zkat)) - -### DEPENDENCY BUMPS - -* [`8543fc357`](https://github.com/npm/cli/commit/8543fc3576f64e91f7946d4c56a5ffb045b55156) - `pacote@9.4.0`: Fall back to "fullfat" packuments on ETARGET errors. This will - make it so that, when a package is published but the corgi follower hasn't - caught up, users can still install a freshly-published package. - ([@zkat](https://github.com/zkat)) -* [`75475043b`](https://github.com/npm/cli/commit/75475043b03a254b2e7db2c04c3f0baea31d8dc5) - [npm.community#4752](https://npm.community/t/npm-6-6-0-broke-authentication-with-npm-registry-couchapp/4752) - `libnpmpublish@1.1.1`: Fixes auth error for username/password legacy authentication. - ([@sreeramjayan](https://github.com/sreeramjayan)) -* [`0af8c00ac`](https://github.com/npm/cli/commit/0af8c00acb01849362ffca25b567cc62447c7175) - [npm.community#4746](https://npm.community/t/npm-6-6-0-release-breaking-docker-npm-ci-commands/4746) - `libcipm@3.0.3`: Fixes issue with "cannot run in wd" errors for run-scripts. - ([@zkat](https://github.com/zkat)) -* [`5a7962e46`](https://github.com/npm/cli/commit/5a7962e46f582c6bd91784b0ddc941ed45e9f802) - `write-file-atomic@2.4.2`: - Fixes issues with leaking `signal-exit` instances and file descriptors. - ([@iarna](https://github.com/iarna)) - -## v6.6.0 (2019-01-17): - -### REFACTORING OUT npm-REGISTRY-CLIENT - -Today is an auspicious day! This release marks the end of a massive internal -refactor to npm that means we finally got rid of the legacy -[`npm-registry-client`](https://npm.im/npm-registry-client) in favor of the -shiny, new, `window.fetch`-like -[`npm-registry-fetch`](https://npm.im/npm-registry-fetch). - -Now, the installer had already done most of this work with the release of -`npm@5`, but it turns out _every other command_ still used the legacy client. -This release updates all of those commands to use the new client, and while -we're at it, adds a few extra goodies: - -* All OTP-requiring commands will now **prompt**. `--otp` is no longer required for `dist-tag`, `access`, et al. -* We're starting to integrate a new config system which will eventually get extracted into a standalone package. -* We now use [`libnpm`](https://npm.im/libnpm) for the API functionality of a lot of our commands! That means you can install a library if you want to write your own tooling around them. -* There's now an `npm org` command for managing users in your org. -* [`pacote`](https://npm.im/pacote) now consumes npm-style configurations, instead of its own naming for various config vars. This will make it easier to load npm configs using `libnpm.config` and hand them directly to `pacote`. - -There's too many commits to list all of them here, so check out the PR if you're -curious about details: - -* [`c5af34c05`](https://github.com/npm/cli/commit/c5af34c05fd569aecd11f18d6d0ddeac3970b253) - [npm-registry-client@REMOVED](https://www.youtube.com/watch\?v\=kPIdRJlzERo) - ([@zkat](https://github.com/zkat)) -* [`4cca9cb90`](https://github.com/npm/cli/commit/4cca9cb9042c0eeb743377e8f1ae1c07733df43f) - [`ad67461dc`](https://github.com/npm/cli/commit/ad67461dc3a73d5ae6569fdbee44c67e1daf86e7) - [`77625f9e2`](https://github.com/npm/cli/commit/77625f9e20d4285b7726b3bf3ebc10cb21c638f0) - [`6e922aefb`](https://github.com/npm/cli/commit/6e922aefbb4634bbd77ed3b143e0765d63afc7f9) - [`584613ea8`](https://github.com/npm/cli/commit/584613ea8ff94b927db4957e5647504b30ca2b1f) - [`64de4ebf0`](https://github.com/npm/cli/commit/64de4ebf019b217179039124c6621e74651e4d27) - [`6cd87d1a9`](https://github.com/npm/cli/commit/6cd87d1a9bb90e795f9891ea4db384435f4a8930) - [`2786834c0`](https://github.com/npm/cli/commit/2786834c0257b8bb1bbb115f1ce7060abaab2e17) - [`514558e09`](https://github.com/npm/cli/commit/514558e094460fd0284a759c13965b685133b3fe) - [`dec07ebe3`](https://github.com/npm/cli/commit/dec07ebe3312245f6421c6e523660be4973ae8c2) - [`084741913`](https://github.com/npm/cli/commit/084741913c4fdb396e589abf3440b4be3aa0b67e) - [`45aff0e02`](https://github.com/npm/cli/commit/45aff0e02251785a85e56eafacf9efaeac6f92ae) - [`846ddcc44`](https://github.com/npm/cli/commit/846ddcc44538f2d9a51ac79405010dfe97fdcdeb) - [`8971ba1b9`](https://github.com/npm/cli/commit/8971ba1b953d4f05ff5094f1822b91526282edd8) - [`99156e081`](https://github.com/npm/cli/commit/99156e081a07516d6c970685bc3d858f89dc4f9c) - [`ab2155306`](https://github.com/npm/cli/commit/ab215530674d7f6123c9572d0ad4ca9e9b5fb184) - [`b37a66542`](https://github.com/npm/cli/commit/b37a66542ca2879069b2acd338b1904de71b7f40) - [`d2af0777a`](https://github.com/npm/cli/commit/d2af0777ac179ff5009dbbf0354a4a84f151b60f) - [`e0b4c6880`](https://github.com/npm/cli/commit/e0b4c6880504fa2e8491c2fbd098efcb2e496849) - [`ff72350b4`](https://github.com/npm/cli/commit/ff72350b4c56d65e4a92671d86a33080bf3c2ea5) - [`6ed943303`](https://github.com/npm/cli/commit/6ed943303ce7a267ddb26aa25caa035f832895dd) - [`90a069e7d`](https://github.com/npm/cli/commit/90a069e7d4646682211f4cabe289c306ee1d5397) - [`b24ed5fdc`](https://github.com/npm/cli/commit/b24ed5fdc3a4395628465ae5273bad54eea274c8) - [`ec9fcc14f`](https://github.com/npm/cli/commit/ec9fcc14f4e0e2f3967e2fd6ad8b8433076393cb) - [`8a56fa39e`](https://github.com/npm/cli/commit/8a56fa39e61136da45565447fe201a57f04ad4cd) - [`41d19e18f`](https://github.com/npm/cli/commit/41d19e18f769c6f0acfdffbdb01d12bf332908ce) - [`125ff9551`](https://github.com/npm/cli/commit/125ff9551595dda9dab2edaef10f4c73ae8e1433) - [`1c3b226ff`](https://github.com/npm/cli/commit/1c3b226ff37159c426e855e83c8f6c361603901d) - [`3c0a7b06b`](https://github.com/npm/cli/commit/3c0a7b06b6473fe068fc8ae8466c07a177975b87) - [`08fcb3f0f`](https://github.com/npm/cli/commit/08fcb3f0f26e025702b35253ed70a527ab69977f) - [`c8135d97a`](https://github.com/npm/cli/commit/c8135d97a424b38363dc4530c45e4583471e9849) - [`ae936f22c`](https://github.com/npm/cli/commit/ae936f22ce80614287f2769e9aaa9a155f03cc15) - [#2](https://github.com/npm/cli/pull/2) - Move rest of commands to `npm-registry-fetch` and use [`figgy-pudding`](https://npm.im/figgy-pudding) for configs. - ([@zkat](https://github.com/zkat)) - -### NEW FEATURES - -* [`02c837e01`](https://github.com/npm/cli/commit/02c837e01a71a26f37cbd5a09be89df8a9ce01da) - [#106](https://github.com/npm/cli/pull/106) - Make `npm dist-tags` the same as `npm dist-tag ls`. - ([@isaacs](https://github.com/isaacs)) -* [`1065a7809`](https://github.com/npm/cli/commit/1065a7809161fd4dc23e96b642019fc842fdacf2) - [#65](https://github.com/npm/cli/pull/65) - Add support for `IBM i`. - ([@dmabupt](https://github.com/dmabupt)) -* [`a22e6f5fc`](https://github.com/npm/cli/commit/a22e6f5fc3e91350d3c64dcc88eabbe0efbca759) - [#131](https://github.com/npm/cli/pull/131) - Update profile to support new npm-profile API. - ([@zkat](https://github.com/zkat)) - -### BUGFIXES - -* [`890a74458`](https://github.com/npm/cli/commit/890a74458dd4a55e2d85f3eba9dbf125affa4206) - [npm.community#3278](https://npm.community/t/3278) - Fix support for passing git binary path config with `--git`. - ([@larsgw](https://github.com/larsgw)) -* [`90e55a143`](https://github.com/npm/cli/commit/90e55a143ed1de8678d65c17bc3c2b103a15ddac) - [npm.community#2713](https://npm.community/t/npx-envinfo-preset-jest-fails-on-windows-with-a-stack-trace/2713) - Check for `npm.config`'s existence in `error-handler.js` to prevent weird - errors when failures happen before config object is loaded. - ([@BeniCheni](https://github.com/BeniCheni)) -* [`134207174`](https://github.com/npm/cli/commit/134207174652e1eb6d7b0f44fd9858a0b6a0cd6c) - [npm.community#2569](https://npm.community/t/2569) - Fix checking for optional dependencies. - ([@larsgw](https://github.com/larsgw)) -* [`7a2f6b05d`](https://github.com/npm/cli/commit/7a2f6b05d27f3bcf47a48230db62e86afa41c9d3) - [npm.community#4172](https://npm.community/t/4172) - Remove tink experiments. - ([@larsgw](https://github.com/larsgw)) -* [`c5b6056b6`](https://github.com/npm/cli/commit/c5b6056b6b35eefb81ae5fb00a5c7681c5318c22) - [#123](https://github.com/npm/cli/pull/123) - Handle git branch references correctly. - ([@johanneswuerbach](https://github.com/johanneswuerbach)) -* [`f58b43ef2`](https://github.com/npm/cli/commit/f58b43ef2c5e3dea2094340a0cf264b2d11a5da4) - [npm.community#3983](https://npm.community/t/npm-audit-error-messaging-update-for-401s/3983) - Report any errors above 400 as potentially not supporting audit. - ([@zkat](https://github.com/zkat)) -* [`a5c9e6f35`](https://github.com/npm/cli/commit/a5c9e6f35a591a6e2d4b6ace5c01bc03f2b75fdc) - [#124](https://github.com/npm/cli/pull/124) - Set default homepage to an empty string. - ([@anchnk](https://github.com/anchnk)) -* [`5d076351d`](https://github.com/npm/cli/commit/5d076351d7ec1d3585942a9289548166a7fbbd4c) - [npm.community#4054](https://npm.community/t/4054) - Fix npm-prefix description. - ([@larsgw](https://github.com/larsgw)) - -### DOCS - -* [`31a7274b7`](https://github.com/npm/cli/commit/31a7274b70de18b24e7bee51daa22cc7cbb6141c) - [#71](https://github.com/npm/cli/pull/71) - Fix typo in npm-token documentation. - ([@GeorgeTaveras1231](https://github.com/GeorgeTaveras1231)) -* [`2401b7592`](https://github.com/npm/cli/commit/2401b7592c6ee114e6db7077ebf8c072b7bfe427) - Correct docs for fake-registry interface. - ([@iarna](https://github.com/iarna)) - -### DEPENDENCIES - -* [`9cefcdc1d`](https://github.com/npm/cli/commit/9cefcdc1d2289b56f9164d14d7e499e115cfeaee) - `npm-registry-fetch@3.8.0` - ([@zkat](https://github.com/zkat)) -* [`1c769c9b3`](https://github.com/npm/cli/commit/1c769c9b3e431d324c1a5b6dd10e1fddb5cb88c7) - `pacote@9.1.0` - ([@zkat](https://github.com/zkat)) -* [`f3bc5539b`](https://github.com/npm/cli/commit/f3bc5539b30446500abcc3873781b2c717f8e22c) - `figgy-pudding@3.5.1` - ([@zkat](https://github.com/zkat)) -* [`bf7199d3c`](https://github.com/npm/cli/commit/bf7199d3cbf50545da1ebd30d28f0a6ed5444a00) - `npm-profile@4.0.1` - ([@zkat](https://github.com/zkat)) -* [`118c50496`](https://github.com/npm/cli/commit/118c50496c01231cab3821ae623be6df89cb0a32) - `semver@5.5.1` - ([@isaacs](https://github.com/isaacs)) -* [`eab4df925`](https://github.com/npm/cli/commit/eab4df9250e9169c694b3f6c287d2932bf5e08fb) - `libcipm@3.0.2` - ([@zkat](https://github.com/zkat)) -* [`b86e51573`](https://github.com/npm/cli/commit/b86e515734faf433dc6c457c36c1de52795aa870) - `libnpm@1.4.0` - ([@zkat](https://github.com/zkat)) -* [`56fffbff2`](https://github.com/npm/cli/commit/56fffbff27fe2fae8bef27d946755789ef0d89bd) - `get-stream@4.1.0` - ([@zkat](https://github.com/zkat)) -* [`df972e948`](https://github.com/npm/cli/commit/df972e94868050b5aa42ac18b527fd929e1de9e4) - npm-profile@REMOVED - ([@zkat](https://github.com/zkat)) -* [`32c73bf0e`](https://github.com/npm/cli/commit/32c73bf0e3f0441d0c7c940292235d4b93aa87e2) - `libnpm@2.0.1` - ([@zkat](https://github.com/zkat)) -* [`569491b80`](https://github.com/npm/cli/commit/569491b8042f939dc13986b6adb2a0a260f95b63) - `licensee@5.0.0` - ([@zkat](https://github.com/zkat)) -* [`a3ba0ccf1`](https://github.com/npm/cli/commit/a3ba0ccf1fa86aec56b1ad49883abf28c1f56b3c) - move rimraf to prod deps - ([@zkat](https://github.com/zkat)) -* [`f63a0d6cf`](https://github.com/npm/cli/commit/f63a0d6cf0b7db3dcc80e72e1383c3df723c8119) - `spdx-license-ids@3.0.3`: - Ref: https://github.com/npm/cli/pull/121 - ([@zkat](https://github.com/zkat)) -* [`f350e714f`](https://github.com/npm/cli/commit/f350e714f66a77f71a7ebe17daeea2ea98179a1a) - `aproba@2.0.0` - ([@aeschright](https://github.com/aeschright)) -* [`a67e4d8b2`](https://github.com/npm/cli/commit/a67e4d8b214e58ede037c3854961acb33fd889da) - `byte-size@5.0.1` - ([@aeschright](https://github.com/aeschright)) -* [`8bea4efa3`](https://github.com/npm/cli/commit/8bea4efa34857c4e547904b3630dd442def241de) - `cacache@11.3.2` - ([@aeschright](https://github.com/aeschright)) -* [`9d4776836`](https://github.com/npm/cli/commit/9d4776836a4eaa4b19701b4e4f00cd64578bf078) - `chownr@1.1.1` - ([@aeschright](https://github.com/aeschright)) -* [`70da139e9`](https://github.com/npm/cli/commit/70da139e97ed1660c216e2d9b3f9cfb986bfd4a4) - `ci-info@2.0.0` - ([@aeschright](https://github.com/aeschright)) -* [`bcdeddcc3`](https://github.com/npm/cli/commit/bcdeddcc3d4dc242f42404223dafe4afdc753b32) - `cli-table3@0.5.1` - ([@aeschright](https://github.com/aeschright)) -* [`63aab82c7`](https://github.com/npm/cli/commit/63aab82c7bfca4f16987cf4156ddebf8d150747c) - `is-cidr@3.0.0` - ([@aeschright](https://github.com/aeschright)) -* [`d522bd90c`](https://github.com/npm/cli/commit/d522bd90c3b0cb08518f249ae5b90bd609fff165) - `JSONStream@1.3.5` - ([@aeschright](https://github.com/aeschright)) -* [`2a59bfc79`](https://github.com/npm/cli/commit/2a59bfc7989bd5575d8cbba912977c6d1ba92567) - `libnpmhook@5.0.2` - ([@aeschright](https://github.com/aeschright)) -* [`66d60e394`](https://github.com/npm/cli/commit/66d60e394e5a96330f90e230505758f19a3643ac) - `marked@0.6.0` - ([@aeschright](https://github.com/aeschright)) -* [`8213def9a`](https://github.com/npm/cli/commit/8213def9aa9b6e702887e4f2ed7654943e1e4154) - `npm-packlist@1.2.0` - ([@aeschright](https://github.com/aeschright)) -* [`e4ffc6a2b`](https://github.com/npm/cli/commit/e4ffc6a2bfb8d0b7047cb6692030484760fc8c91) - `unique-filename@1.1.1` - ([@aeschright](https://github.com/aeschright)) -* [`09a5c2fab`](https://github.com/npm/cli/commit/09a5c2fabe0d1c00ec8c99f328f6d28a3495eb0b) - `semver@5.6.0` - ([@aeschright](https://github.com/aeschright)) -* [`740e79e17`](https://github.com/npm/cli/commit/740e79e17a78247f73349525043c9388ce94459a) - `rimraf@2.6.3` - ([@aeschright](https://github.com/aeschright)) -* [`455476c8d`](https://github.com/npm/cli/commit/455476c8d148ca83a4e030e96e93dcf1c7f0ff5f) - `require-inject@1.4.4` - ([@aeschright](https://github.com/aeschright)) -* [`3f40251c5`](https://github.com/npm/cli/commit/3f40251c5868feaacbcdbcb1360877ce76998f5e) - `npm-pick-manifest@2.2.3` - ([@aeschright](https://github.com/aeschright)) -* [`4ffa8a8e9`](https://github.com/npm/cli/commit/4ffa8a8e9e80e5562898dd76fe5a49f5694f38c8) - `query-string@6.2.0` - ([@aeschright](https://github.com/aeschright)) -* [`a0a0ca9ec`](https://github.com/npm/cli/commit/a0a0ca9ec2a962183d420fa751f4139969760f18) - `pacote@9.3.0` - ([@aeschright](https://github.com/aeschright)) -* [`5777ea8ad`](https://github.com/npm/cli/commit/5777ea8ad2058be3166a6dad2d31d2d393c9f778) - `readable-stream@3.1.1` - ([@aeschright](https://github.com/aeschright)) -* [`887e94386`](https://github.com/npm/cli/commit/887e94386f42cb59a5628e7762b3662d084b23c8) - `lru-cache@4.1.5` - ([@aeschright](https://github.com/aeschright)) -* [`41f15524c`](https://github.com/npm/cli/commit/41f15524c58c59d206c4b1d25ae9e0f22745213b) - Updating semver docs. - ([@aeschright](https://github.com/aeschright)) -* [`fb3bbb72d`](https://github.com/npm/cli/commit/fb3bbb72d448ac37a465b31233b21381917422f3) - `npm-audit-report@1.3.2`: - ([@melkikh](https://github.com/melkikh)) - -### TESTING - -* [`f1edffba9`](https://github.com/npm/cli/commit/f1edffba90ebd96cf88675d2e18ebc48954ba50e) - Modernize maketest script. - ([@iarna](https://github.com/iarna)) -* [`ae263473d`](https://github.com/npm/cli/commit/ae263473d92a896b482830d4019a04b5dbd1e9d7) - maketest: Use promise based example common.npm call. - ([@iarna](https://github.com/iarna)) -* [`d9970da5e`](https://github.com/npm/cli/commit/d9970da5ee97a354eab01cbf16f9101693a15d2d) - maketest: Use newEnv for env production. - ([@iarna](https://github.com/iarna)) - -### MISCELLANEOUS - -* [`c665f35aa`](https://github.com/npm/cli/commit/c665f35aacdb8afdbe35f3dd7ccb62f55ff6b896) - [#119](https://github.com/npm/cli/pull/119) - Replace var with const/let in lib/repo.js. - ([@watilde](https://github.com/watilde)) -* [`46639ba9f`](https://github.com/npm/cli/commit/46639ba9f04ea729502f1af28b02eb67fb6dcb66) - Update package-lock.json for https tarball URLs - ([@aeschright](https://github.com/aeschright)) - -## v6.5.0 (2018-11-28): - -### NEW FEATURES - -* [`fc1a8d185`](https://github.com/npm/cli/commit/fc1a8d185fc678cdf3784d9df9eef9094e0b2dec) - Backronym `npm ci` to `npm clean-install`. - ([@zkat](https://github.com/zkat)) -* [`4be51a9cc`](https://github.com/npm/cli/commit/4be51a9cc65635bb26fa4ce62233f26e0104bc20) - [#81](https://github.com/npm/cli/pull/81) - Adds 'Homepage' to outdated --long output. - ([@jbottigliero](https://github.com/jbottigliero)) - -### BUGFIXES - -* [`89652cb9b`](https://github.com/npm/cli/commit/89652cb9b810f929f5586fc90cc6794d076603fb) - [npm.community#1661](https://npm.community/t/1661) - Fix sign-git-commit options. They were previously totally wrong. - ([@zkat](https://github.com/zkat)) -* [`414f2d1a1`](https://github.com/npm/cli/commit/414f2d1a1bdffc02ed31ebb48a43216f284c21d4) - [npm.community#1742](https://npm.community/t/npm-audit-making-non-rfc-compliant-requests-to-server-resulting-in-400-bad-request-pr-with-fix/1742) - Set lowercase headers for npm audit requests. - ([@maartenba](https://github.com/maartenba)) -* [`a34246baf`](https://github.com/npm/cli/commit/a34246bafe73218dc9e3090df9ee800451db2c7d) - [#75](https://github.com/npm/cli/pull/75) - Fix `npm edit` handling of scoped packages. - ([@larsgw](https://github.com/larsgw)) -* [`d3e8a7c72`](https://github.com/npm/cli/commit/d3e8a7c7240dd25379a5bcad324a367c58733c73) - [npm.community#2303](https://npm.community/t/npm-ci-logs-success-to-stderr/2303) - Make summary output for `npm ci` go to `stdout`, not `stderr`. - ([@alopezsanchez](https://github.com/alopezsanchez)) -* [`71d8fb4a9`](https://github.com/npm/cli/commit/71d8fb4a94d65e1855f6d0c5f2ad2b7c3202e3c4) - [npm.community#1377](https://npm.community/t/unhelpful-error-message-when-publishing-without-logging-in-error-eperm-operation-not-permitted-unlink/1377/3) - Close the file descriptor during publish if exiting upload via an error. This - will prevent strange error messages when the upload fails and make sure - cleanup happens correctly. - ([@macdja38](https://github.com/macdja38)) - -### DOCS UPDATES - -* [`b1a8729c8`](https://github.com/npm/cli/commit/b1a8729c80175243fbbeecd164e9ddd378a09a50) - [#60](https://github.com/npm/cli/pull/60) - Mention --otp flag when prompting for OTP. - ([@bakkot](https://github.com/bakkot)) -* [`bcae4ea81`](https://github.com/npm/cli/commit/bcae4ea8173e489a76cc226bbd30dd9eabe21ec6) - [#64](https://github.com/npm/cli/pull/64) - Clarify that git dependencies use the default branch, not just `master`. - ([@zckrs](https://github.com/zckrs)) -* [`15da82690`](https://github.com/npm/cli/commit/15da8269032bf509ade3252978e934f2a61d4499) - [#72](https://github.com/npm/cli/pull/72) - `bash_completion.d` dir is sometimes found in `/etc` not `/usr/local`. - ([@RobertKielty](https://github.com/RobertKielty)) -* [`8a6ecc793`](https://github.com/npm/cli/commit/8a6ecc7936dae2f51638397ff5a1d35cccda5495) - [#74](https://github.com/npm/cli/pull/74) - Update OTP documentation for `dist-tag add` to clarify `--otp` is needed right - now. - ([@scotttrinh](https://github.com/scotttrinh)) -* [`dcc03ec85`](https://github.com/npm/cli/commit/dcc03ec858bddd7aa2173b5a86b55c1c2385a2a3) - [#82](https://github.com/npm/cli/pull/82) - Note that `prepare` runs when installing git dependencies. - ([@seishun](https://github.com/seishun)) -* [`a91a470b7`](https://github.com/npm/cli/commit/a91a470b71e08ccf6a75d4fb8c9937789fa8d067) - [#83](https://github.com/npm/cli/pull/83) - Specify that --dry-run isn't available in older versions of npm publish. - ([@kjin](https://github.com/kjin)) -* [`1b2fabcce`](https://github.com/npm/cli/commit/1b2fabccede37242233755961434c52536224de5) - [#96](https://github.com/npm/cli/pull/96) - Fix inline code tag issue in docs. - ([@midare](https://github.com/midare)) -* [`6cc70cc19`](https://github.com/npm/cli/commit/6cc70cc1977e58a3e1ea48e660ffc6b46b390e59) - [#68](https://github.com/npm/cli/pull/68) - Add semver link and a note on empty string format to `deprecate` doc. - ([@neverett](https://github.com/neverett)) -* [`61dbbb7c3`](https://github.com/npm/cli/commit/61dbbb7c3474834031bce88c423850047e8131dc) - Fix semver docs after version update. - ([@zkat](https://github.com/zkat)) -* [`4acd45a3d`](https://github.com/npm/cli/commit/4acd45a3d0ce92f9999446226fe7dfb89a90ba2e) - [#78](https://github.com/npm/cli/pull/78) - Correct spelling across various docs. - ([@hugovk](https://github.com/hugovk)) - -### DEPENDENCIES - -* [`4f761283e`](https://github.com/npm/cli/commit/4f761283e8896d0ceb5934779005646463a030e8) - `figgy-pudding@3.5.1` - ([@zkat](https://github.com/zkat)) -* [`3706db0bc`](https://github.com/npm/cli/commit/3706db0bcbc306d167bb902362e7f6962f2fe1a1) - [npm.community#1764](https://npm.community/t/crash-invalid-config-key-requested-error/1764) - `ssri@6.0.1` - ([@zkat](https://github.com/zkat)) -* [`83c2b117d`](https://github.com/npm/cli/commit/83c2b117d0b760d0ea8d667e5e4bdfa6a7a7a8f6) - `bluebird@3.5.2` - ([@petkaantonov](https://github.com/petkaantonov)) -* [`2702f46bd`](https://github.com/npm/cli/commit/2702f46bd7284fb303ca2119d23c52536811d705) - `ci-info@1.5.1` - ([@watson](https://github.com/watson)) -* [`4db6c3898`](https://github.com/npm/cli/commit/4db6c3898b07100e3a324e4aae50c2fab4b93a04) - `config-chain@1.1.1`:2 - ([@dawsbot](https://github.com/dawbot)) -* [`70bee4f69`](https://github.com/npm/cli/commit/70bee4f69bb4ce4e18c48582fe2b48d8b4aba566) - `glob@7.1.3` - ([@isaacs](https://github.com/isaacs)) -* [`e469fd6be`](https://github.com/npm/cli/commit/e469fd6be95333dcaa7cf377ca3620994ca8d0de) - `opener@1.5.1`: - Fix browser opening under Windows Subsystem for Linux (WSL). - ([@thijsputman](https://github.com/thijsputman)) -* [`03840dced`](https://github.com/npm/cli/commit/03840dced865abdca6e6449ea030962e5b19db0c) - `semver@5.5.1` - ([@iarna](https://github.com/iarna)) -* [`161dc0b41`](https://github.com/npm/cli/commit/161dc0b4177e76306a0e3b8660b3b496cc3db83b) - `bluebird@3.5.3` - ([@petkaantonov](https://github.com/petkaantonov)) -* [`bb6f94395`](https://github.com/npm/cli/commit/bb6f94395491576ec42996ff6665df225f6b4377) - `graceful-fs@4.1.1`:5 - ([@isaacs](https://github.com/isaacs)) -* [`43b1f4c91`](https://github.com/npm/cli/commit/43b1f4c91fa1d7b3ebb6aa2d960085e5f3ac7607) - `tar@4.4.8` - ([@isaacs](https://github.com/isaacs)) -* [`ab62afcc4`](https://github.com/npm/cli/commit/ab62afcc472de82c479bf91f560a0bbd6a233c80) - `npm-packlist@1.1.1`:2 - ([@isaacs](https://github.com/isaacs)) -* [`027f06be3`](https://github.com/npm/cli/commit/027f06be35bb09f390e46fcd2b8182539939d1f7) - `ci-info@1.6.0` - ([@watson](https://github.com/watson)) - -### MISCELLANEOUS - -* [`27217dae8`](https://github.com/npm/cli/commit/27217dae8adbc577ee9cb323b7cfe9c6b2493aca) - [#70](https://github.com/npm/cli/pull/70) - Automatically audit dependency licenses for npm itself. - ([@kemitchell](https://github.com/kemitchell)) - -## v6.4.1 (2018-08-22): - -### BUGFIXES - -* [`4bd40f543`](https://github.com/npm/cli/commit/4bd40f543dc89f0721020e7d0bb3497300d74818) - [#42](https://github.com/npm/cli/pull/42) - Prevent blowing up on malformed responses from the `npm audit` endpoint, such - as with third-party registries. - ([@framp](https://github.com/framp)) -* [`0e576f0aa`](https://github.com/npm/cli/commit/0e576f0aa6ea02653d948c10f29102a2d4a31944) - [#46](https://github.com/npm/cli/pull/46) - Fix `NO_PROXY` support by renaming npm-side config to `--noproxy`. The - environment variable should still work. - ([@SneakyFish5](https://github.com/SneakyFish5)) -* [`d8e811d6a`](https://github.com/npm/cli/commit/d8e811d6adf3d87474982cb831c11316ac725605) - [#33](https://github.com/npm/cli/pull/33) - Disable `update-notifier` checks when a CI environment is detected. - ([@Sibiraj-S](https://github.com/Sibiraj-S)) -* [`1bc5b8cea`](https://github.com/npm/cli/commit/1bc5b8ceabc86bfe4777732f25ffef0f3de81bd1) - [#47](https://github.com/npm/cli/pull/47) - Fix issue where `postpack` scripts would break if `pack` was used with - `--dry-run`. - ([@larsgw](https://github.com/larsgw)) - -### DEPENDENCY BUMPS - -* [`4c57316d5`](https://github.com/npm/cli/commit/4c57316d5633e940105fa545b52d8fbfd2eb9f75) - `figgy-pudding@3.4.1` - ([@zkat](https://github.com/zkat)) -* [`85f4d7905`](https://github.com/npm/cli/commit/85f4d79059865d5267f3516b6cdbc746012202c6) - `cacache@11.2.0` - ([@zkat](https://github.com/zkat)) -* [`d20ac242a`](https://github.com/npm/cli/commit/d20ac242aeb44aa3581c65c052802a02d5eb22f3) - `npm-packlist@1.1.11`: - No real changes in npm-packlist, but npm-bundled included a - circular dependency fix, as well as adding a proper LICENSE file. - ([@isaacs](https://github.com/isaacs)) -* [`e8d5f4418`](https://github.com/npm/cli/commit/e8d5f441821553a31fc8cd751670663699d2c8ce) - [npm.community#632](https://npm.community/t/using-npm-ci-does-not-run-prepare-script-for-git-modules/632) - `libcipm@2.0.2`: - Fixes issue where `npm ci` wasn't running the `prepare` lifecycle script when - installing git dependencies - ([@edahlseng](https://github.com/edahlseng)) -* [`a5e6f78e9`](https://github.com/npm/cli/commit/a5e6f78e916873f7d18639ebdb8abd20479615a9) - `JSONStream@1.3.4`: - Fixes memory leak problem when streaming large files (like legacy npm search). - ([@daern91](https://github.com/daern91)) -* [`3b940331d`](https://github.com/npm/cli/commit/3b940331dcccfa67f92366adb7ffd9ecf7673a9a) - [npm.community#1042](https://npm.community/t/3-path-variables-are-assigned-to-child-process-launched-by-npm/1042) - `npm-lifecycle@2.1.0`: - Fixes issue for Windows user where multiple `Path`/`PATH` variables were being - added to the environment and breaking things in all sorts of fun and - interesting ways. - ([@JimiC](https://github.com/JimiC)) -* [`d612d2ce8`](https://github.com/npm/cli/commit/d612d2ce8fab72026f344f125539ecbf3746af9a) - `npm-registry-client@8.6.0` - ([@iarna](https://github.com/iarna)) -* [`1f6ba1cb1`](https://github.com/npm/cli/commit/1f6ba1cb174590c1f5d2b00e2ca238dfa39d507a) - `opener@1.5.0` - ([@domenic](https://github.com/domenic)) -* [`37b8f405f`](https://github.com/npm/cli/commit/37b8f405f35c861b7beeed56f71ad20b0bf87889) - `request@2.88.0` - ([@mikeal](https://github.com/mikeal)) -* [`bb91a2a14`](https://github.com/npm/cli/commit/bb91a2a14562e77769057f1b6d06384be6d6bf7f) - `tacks@1.2.7` - ([@iarna](https://github.com/iarna)) -* [`30bc9900a`](https://github.com/npm/cli/commit/30bc9900ae79c80bf0bdee0ae6372da6f668124c) - `ci-info@1.4.0`: - Adds support for two more CI services - ([@watson](https://github.com/watson)) -* [`1d2fa4ddd`](https://github.com/npm/cli/commit/1d2fa4dddcab8facfee92096cc24b299387f3182) - `marked@0.5.0` - ([@joshbruce](https://github.com/joshbruce)) - -### DOCUMENTATION - -* [`08ecde292`](https://github.com/npm/cli/commit/08ecde2928f8c89a2fdaa800ae845103750b9327) - [#54](https://github.com/npm/cli/pull/54) - Mention registry terms of use in manpage and registry docs and update language - in README for it. - ([@kemitchell](https://github.com/kemitchell)) -* [`de956405d`](https://github.com/npm/cli/commit/de956405d8b72354f98579d00c6dd30ac3b9bddf) - [#41](https://github.com/npm/cli/pull/41) - Add documentation for `--dry-run` in `install` and `pack` docs. - ([@reconbot](https://github.com/reconbot)) -* [`95031b90c`](https://github.com/npm/cli/commit/95031b90ce0b0c4dcd5e4eafc86e3e5bfd59fb3e) - [#48](https://github.com/npm/cli/pull/48) - Update republish time and lightly reorganize republish info. - ([@neverett](https://github.com/neverett)) -* [`767699b68`](https://github.com/npm/cli/commit/767699b6829b8b899d5479445e99b0ffc43ff92d) - [#53](https://github.com/npm/cli/pull/53) - Correct `npm@6.4.0` release date in changelog. - ([@charmander](https://github.com/charmander)) -* [`3fea3166e`](https://github.com/npm/cli/commit/3fea3166eb4f43f574fcfd9ee71a171feea2bc29) - [#55](https://github.com/npm/cli/pull/55) - Align command descriptions in help text. - ([@erik](https://github.com/erik)) - -## v6.4.0 (2018-08-09): - -### NEW FEATURES - -* [`6e9f04b0b`](https://github.com/npm/cli/commit/6e9f04b0baed007169d4e0c341f097cf133debf7) - [npm/cli#8](https://github.com/npm/cli/pull/8) - Search for authentication token defined by environment variables by preventing - the translation layer from env variable to npm option from breaking - `:_authToken`. - ([@mkhl](https://github.com/mkhl)) -* [`84bfd23e7`](https://github.com/npm/cli/commit/84bfd23e7d6434d30595594723a6e1976e84b022) - [npm/cli#35](https://github.com/npm/cli/pull/35) - Stop filtering out non-IPv4 addresses from `local-addrs`, making npm actually - use IPv6 addresses when it must. - ([@valentin2105](https://github.com/valentin2105)) -* [`792c8c709`](https://github.com/npm/cli/commit/792c8c709dc7a445687aa0c8cba5c50bc4ed83fd) - [npm/cli#31](https://github.com/npm/cli/pull/31) - configurable audit level for non-zero exit - `npm audit` currently exits with exit code 1 if any vulnerabilities are found of any level. - Add a flag of `--audit-level` to `npm audit` to allow it to pass if only vulnerabilities below a certain level are found. - Example: `npm audit --audit-level=high` will exit with 0 if only low or moderate level vulns are detected. - ([@lennym](https://github.com/lennym)) - -### BUGFIXES - -* [`d81146181`](https://github.com/npm/cli/commit/d8114618137bb5b9a52a86711bb8dc18bfc8e60c) - [npm/cli#32](https://github.com/npm/cli/pull/32) - Don't check for updates to npm when we are updating npm itself. - ([@olore](https://github.com/olore)) - -### DEPENDENCY UPDATES - -A very special dependency update event! Since the [release of -`node-gyp@3.8.0`](https://github.com/nodejs/node-gyp/pull/1521), an awkward -version conflict that was preventing `request` from begin flattened was -resolved. This means two things: - -1. We've cut down the npm tarball size by another 200kb, to 4.6MB -2. `npm audit` now shows no vulnerabilities for npm itself! - -Thanks, [@rvagg](https://github.com/rvagg)! - -* [`866d776c2`](https://github.com/npm/cli/commit/866d776c27f80a71309389aaab42825b2a0916f6) - `request@2.87.0` - ([@simov](https://github.com/simov)) -* [`f861c2b57`](https://github.com/npm/cli/commit/f861c2b579a9d4feae1653222afcefdd4f0e978f) - `node-gyp@3.8.0` - ([@rvagg](https://github.com/rvagg)) -* [`32e6947c6`](https://github.com/npm/cli/commit/32e6947c60db865257a0ebc2f7e754fedf7a6fc9) - [npm/cli#39](https://github.com/npm/cli/pull/39) - `colors@1.1.2`: - REVERT REVERT, newer versions of this library are broken and print ansi - codes even when disabled. - ([@iarna](https://github.com/iarna)) -* [`beb96b92c`](https://github.com/npm/cli/commit/beb96b92caf061611e3faafc7ca10e77084ec335) - `libcipm@2.0.1` - ([@zkat](https://github.com/zkat)) -* [`348fc91ad`](https://github.com/npm/cli/commit/348fc91ad223ff91cd7bcf233018ea1d979a2af1) - `validate-npm-package-license@3.0.4`: Fixes errors with empty or string-only - license fields. - ([@Gudahtt](https://github.com/Gudahtt)) -* [`e57d34575`](https://github.com/npm/cli/commit/e57d3457547ef464828fc6f82ae4750f3e511550) - `iferr@1.0.2` - ([@shesek](https://github.com/shesek)) -* [`46f1c6ad4`](https://github.com/npm/cli/commit/46f1c6ad4b2fd5b0d7ec879b76b76a70a3a2595c) - `tar@4.4.6` - ([@isaacs](https://github.com/isaacs)) -* [`50df1bf69`](https://github.com/npm/cli/commit/50df1bf691e205b9f13e0fff0d51a68772c40561) - `hosted-git-info@2.7.1` - ([@iarna](https://github.com/iarna)) - ([@Erveon](https://github.com/Erveon)) - ([@huochunpeng](https://github.com/huochunpeng)) - -### DOCUMENTATION - -* [`af98e76ed`](https://github.com/npm/cli/commit/af98e76ed96af780b544962aa575585b3fa17b9a) - [npm/cli#34](https://github.com/npm/cli/pull/34) - Remove `npm publish` from list of commands not affected by `--dry-run`. - ([@joebowbeer](https://github.com/joebowbeer)) -* [`e2b0f0921`](https://github.com/npm/cli/commit/e2b0f092193c08c00f12a6168ad2bd9d6e16f8ce) - [npm/cli#36](https://github.com/npm/cli/pull/36) - Tweak formatting in repository field examples. - ([@noahbenham](https://github.com/noahbenham)) -* [`e2346e770`](https://github.com/npm/cli/commit/e2346e7702acccefe6d711168c2b0e0e272e194a) - [npm/cli#14](https://github.com/npm/cli/pull/14) - Used `process.env` examples to make accessing certain `npm run-scripts` - environment variables more clear. - ([@mwarger](https://github.com/mwarger)) - -## v6.3.0 (2018-08-01): - -This is basically the same as the prerelease, but two dependencies have been -bumped due to bugs that had been around for a while. - -* [`0a22be42e`](https://github.com/npm/cli/commit/0a22be42eb0d40cd0bd87e68c9e28fc9d72c0e19) - `figgy-pudding@3.2.0` - ([@zkat](https://github.com/zkat)) -* [`0096f6997`](https://github.com/npm/cli/commit/0096f69978d2f40b170b28096f269b0b0008a692) - `cacache@11.1.0` - ([@zkat](https://github.com/zkat)) - -## v6.3.0-next.0 (2018-07-25): - -### NEW FEATURES - -* [`ad0dd226f`](https://github.com/npm/cli/commit/ad0dd226fb97a33dcf41787ae7ff282803fb66f2) - [npm/cli#26](https://github.com/npm/cli/pull/26) - `npm version` now supports a `--preid` option to specify the preid for - prereleases. For example, `npm version premajor --preid rc` will tag a version - like `2.0.0-rc.0`. - ([@dwilches](https://github.com/dwilches)) - -### MESSAGING IMPROVEMENTS - -* [`c1dad1e99`](https://github.com/npm/cli/commit/c1dad1e994827f2eab7a13c0f6454f4e4c22ebc2) - [npm/cli#6](https://github.com/npm/cli/pull/6) - Make `npm audit fix` message provide better instructions for vulnerabilities - that require manual review. - ([@bradsk88](https://github.com/bradsk88)) -* [`15c1130fe`](https://github.com/npm/cli/commit/15c1130fe81961706667d845aad7a5a1f70369f3) - Fix missing colon next to tarball url in new `npm view` output. - ([@zkat](https://github.com/zkat)) -* [`21cf0ab68`](https://github.com/npm/cli/commit/21cf0ab68cf528d5244ae664133ef400bdcfbdb6) - [npm/cli#24](https://github.com/npm/cli/pull/24) - Use the default OTP explanation everywhere except when the context is - "OTP-aware" (like when setting double-authentication). This improves the - overall CLI messaging when prompting for an OTP code. - ([@jdeniau](https://github.com/jdeniau)) - -### MISC - -* [`a9ac8712d`](https://github.com/npm/cli/commit/a9ac8712dfafcb31a4e3deca24ddb92ff75e942d) - [npm/cli#21](https://github.com/npm/cli/pull/21) - Use the extracted `stringify-package` package. - ([@dpogue](https://github.com/dpogue)) -* [`9db15408c`](https://github.com/npm/cli/commit/9db15408c60be788667cafc787116555507dc433) - [npm/cli#27](https://github.com/npm/cli/pull/27) - `wrappy` was previously added to dependencies in order to flatten it, but we - no longer do legacy-style for npm itself, so it has been removed from - `package.json`. - ([@rickschubert](https://github.com/rickschubert)) - -### DOCUMENTATION - -* [`3242baf08`](https://github.com/npm/cli/commit/3242baf0880d1cdc0e20b546d3c1da952e474444) - [npm/cli#13](https://github.com/npm/cli/pull/13) - Update more dead links in README.md. - ([@u32i64](https://github.com/u32i64)) -* [`06580877b`](https://github.com/npm/cli/commit/06580877b6023643ec780c19d84fbe120fe5425c) - [npm/cli#19](https://github.com/npm/cli/pull/19) - Update links in docs' `index.html` to refer to new bug/PR URLs. - ([@watilde](https://github.com/watilde)) -* [`ca03013c2`](https://github.com/npm/cli/commit/ca03013c23ff38e12902e9569a61265c2d613738) - [npm/cli#15](https://github.com/npm/cli/pull/15) - Fix some typos in file-specifiers docs. - ([@Mstrodl](https://github.com/Mstrodl)) -* [`4f39f79bc`](https://github.com/npm/cli/commit/4f39f79bcacef11bf2f98d09730bc94d0379789b) - [npm/cli#16](https://github.com/npm/cli/pull/16) - Fix some typos in file-specifiers and package-lock docs. - ([@watilde](https://github.com/watilde)) -* [`35e51f79d`](https://github.com/npm/cli/commit/35e51f79d1a285964aad44f550811aa9f9a72cd8) - [npm/cli#18](https://github.com/npm/cli/pull/18) - Update build status badge url in README. - ([@watilde](https://github.com/watilde)) -* [`a67db5607`](https://github.com/npm/cli/commit/a67db5607ba2052b4ea44f66657f98b758fb4786) - [npm/cli#17](https://github.com/npm/cli/pull/17/) - Replace TROUBLESHOOTING.md with [posts in - npm.community](https://npm.community/c/support/troubleshooting). - ([@watilde](https://github.com/watilde)) -* [`e115f9de6`](https://github.com/npm/cli/commit/e115f9de65bf53711266152fc715a5012f7d3462) - [npm/cli#7](https://github.com/npm/cli/pull/7) - Use https URLs in documentation when appropriate. Happy [Not Secure Day](https://arstechnica.com/gadgets/2018/07/todays-the-day-that-chrome-brands-plain-old-http-as-not-secure/)! - ([@XhmikosR](https://github.com/XhmikosR)) - -## v6.2.0 (2018-07-13): - -In case you missed it, [we -moved!](https://blog.npmjs.org/post/175587538995/announcing-npmcommunity). We -look forward to seeing future PRs landing in -[npm/cli](https://github.com/npm/cli) in the future, and we'll be chatting with -you all in [npm.community](https://npm.community). Go check it out! - -This final release of `npm@6.2.0` includes a couple of features that weren't -quite ready on time but that we'd still like to include. Enjoy! - -### FEATURES - -* [`244b18380`](https://github.com/npm/npm/commit/244b18380ee55950b13c293722771130dbad70de) - [#20554](https://github.com/npm/npm/pull/20554) - Add support for tab-separated output for `npm audit` data with the - `--parseable` flag. - ([@luislobo](https://github.com/luislobo)) -* [`7984206e2`](https://github.com/npm/npm/commit/7984206e2f41b8d8361229cde88d68f0c96ed0b8) - [#12697](https://github.com/npm/npm/pull/12697) - Add new `sign-git-commit` config to control whether the git commit itself gets - signed, or just the tag (which is the default). - ([@tribou](https://github.com/tribou)) - -### FIXES - -* [`4c32413a5`](https://github.com/npm/npm/commit/4c32413a5b42e18a34afb078cf00eed60f08e4ff) - [#19418](https://github.com/npm/npm/pull/19418) - Do not use `SET` to fetch the env in git-bash or Cygwin. - ([@gucong3000](https://github.com/gucong3000)) - -### DEPENDENCY BUMPS - -* [`d9b2712a6`](https://github.com/npm/npm/commit/d9b2712a670e5e78334e83f89a5ed49616f1f3d3) - `request@2.81.0`: Downgraded to allow better deduplication. This does - introduce a bunch of `hoek`-related audit reports, but they don't affect npm - itself so we consider it safe. We'll upgrade `request` again once `node-gyp` - unpins it. - ([@simov](https://github.com/simov)) -* [`2ac48f863`](https://github.com/npm/npm/commit/2ac48f863f90166b2bbf2021ed4cc04343d2503c) - `node-gyp@3.7.0` - ([@MylesBorins](https://github.com/MylesBorins)) -* [`8dc6d7640`](https://github.com/npm/npm/commit/8dc6d76408f83ba35bda77a2ac1bdbde01937349) - `cli-table3@0.5.0`: `cli-table2` is unmaintained and required `lodash`. With - this dependency bump, we've removed `lodash` from our tree, which cut back - tarball size by another 300kb. - ([@Turbo87](https://github.com/Turbo87)) -* [`90c759fee`](https://github.com/npm/npm/commit/90c759fee6055cf61cf6709432a5e6eae6278096) - `npm-audit-report@1.3.1` - ([@zkat](https://github.com/zkat)) -* [`4231a0a1e`](https://github.com/npm/npm/commit/4231a0a1eb2be13931c3b71eba38c0709644302c) - Add `cli-table3` to bundleDeps. - ([@iarna](https://github.com/iarna)) -* [`322d9c2f1`](https://github.com/npm/npm/commit/322d9c2f107fd82a4cbe2f9d7774cea5fbf41b8d) - Make `standard` happy. - ([@iarna](https://github.com/iarna)) - -### DOCS - -* [`5724983ea`](https://github.com/npm/npm/commit/5724983ea8f153fb122f9c0ccab6094a26dfc631) - [#21165](https://github.com/npm/npm/pull/21165) - Fix some markdown formatting in npm-disputes.md. - ([@hchiam](https://github.com/hchiam)) -* [`738178315`](https://github.com/npm/npm/commit/738178315fe48e463028657ea7ae541c3d63d171) - [#20920](https://github.com/npm/npm/pull/20920) - Explicitly state that republishing an unpublished package requires a 72h - waiting period. - ([@gmattie](https://github.com/gmattie)) -* [`f0a372b07`](https://github.com/npm/npm/commit/f0a372b074cc43ee0e1be28dbbcef0d556b3b36c) - Replace references to the old repo or issue tracker. We're at npm/cli now! - ([@zkat](https://github.com/zkat)) - -## v6.2.0-next.1 (2018-07-05): - -This is a quick patch to the release to fix an issue that was preventing users -from installing `npm@next`. - -* [`ecdcbd745`](https://github.com/npm/npm/commit/ecdcbd745ae1edd9bdd102dc3845a7bc76e1c5fb) - [#21129](https://github.com/npm/npm/pull/21129) - Remove postinstall script that depended on source files, thus preventing - `npm@next` from being installable from the registry. - ([@zkat](https://github.com/zkat)) - -## v6.2.0-next.0 (2018-06-28): - -### NEW FEATURES - -* [`ce0793358`](https://github.com/npm/npm/commit/ce07933588ec2da1cc1980f93bdaa485d6028ae2) - [#20750](https://github.com/npm/npm/pull/20750) - You can now disable the update notifier entirely by using - `--no-update-notifier` or setting it in your config with `npm config set - update-notifier false`. - ([@travi](https://github.com/travi)) -* [`d2ad776f6`](https://github.com/npm/npm/commit/d2ad776f6dcd92ae3937465736dcbca171131343) - [#20879](https://github.com/npm/npm/pull/20879) - When `npm run-script <script>` fails due to a typo or missing script, npm will - now do a "did you mean?..." for scripts that do exist. - ([@watilde](https://github.com/watilde)) - -### BUGFIXES - -* [`8f033d72d`](https://github.com/npm/npm/commit/8f033d72da3e84a9dbbabe3a768693817af99912) - [#20948](https://github.com/npm/npm/pull/20948) - Fix the regular expression matching in `xcode_emulation` in `node-gyp` to also - handle version numbers with multiple-digit major versions which would - otherwise break under use of XCode 10. - ([@Trott](https://github.com/Trott)) -* [`c8ba7573a`](https://github.com/npm/npm/commit/c8ba7573a4ea95789f674ce038762d6a77a8b047) - Stop trying to hoist/dedupe bundles dependencies. - ([@iarna](https://github.com/iarna)) -* [`cd698f068`](https://github.com/npm/npm/commit/cd698f06840b7c9407ac802efa96d16464722a7d) - [#20762](https://github.com/npm/npm/pull/20762) - Add synopsis to brief help for `npm audit` and suppress trailing newline. - ([@wyardley](https://github.com/wyardley)) -* [`6808ee3bd`](https://github.com/npm/npm/commit/6808ee3bd59560b1334a18aa6c6e0120094b03c0) - [#20881](https://github.com/npm/npm/pull/20881) - Exclude /.github directory from npm tarball. - ([@styfle](https://github.com/styfle)) -* [`177cbb476`](https://github.com/npm/npm/commit/177cbb4762c1402bfcbf0636c4bc4905fd684fc1) - [#21105](https://github.com/npm/npm/pull/21105) - Add suggestion to use a temporary cache instead of `npm cache clear --force`. - ([@karanjthakkar](https://github.com/karanjthakkar)) - -### DOCS - -* [`7ba3fca00`](https://github.com/npm/npm/commit/7ba3fca00554b884eb47f2ed661693faf2630b27) - [#20855](https://github.com/npm/npm/pull/20855) - Direct people to npm.community instead of the GitHub issue tracker on error. - ([@zkat](https://github.com/zkat)) -* [`88efbf6b0`](https://github.com/npm/npm/commit/88efbf6b0b403c5107556ff9e1bb7787a410d14d) - [#20859](https://github.com/npm/npm/pull/20859) - Fix typo in registry docs. - ([@strugee](https://github.com/strugee)) -* [`61bf827ae`](https://github.com/npm/npm/commit/61bf827aea6f98bba08a54e60137d4df637788f9) - [#20947](https://github.com/npm/npm/pull/20947) - Fixed a small grammar error in the README. - ([@bitsol](https://github.com/bitsol)) -* [`f5230c90a`](https://github.com/npm/npm/commit/f5230c90afef40f445bf148cbb16d6129a2dcc19) - [#21018](https://github.com/npm/npm/pull/21018) - Small typo fix in CONTRIBUTING.md. - ([@reggi](https://github.com/reggi)) -* [`833efe4b2`](https://github.com/npm/npm/commit/833efe4b2abcef58806f823d77ab8bb8f4f781c6) - [#20986](https://github.com/npm/npm/pull/20986) - Document current structure/expectations around package tarballs. - ([@Maximaximum](https://github.com/Maximaximum)) -* [`9fc0dc4f5`](https://github.com/npm/npm/commit/9fc0dc4f58d728bac6a8db7143d04863d7b653db) - [#21019](https://github.com/npm/npm/pull/21019) - Clarify behavior of `npm link ../path` shorthand. - ([@davidgilbertson](https://github.com/davidgilbertson)) -* [`3924c72d0`](https://github.com/npm/npm/commit/3924c72d06b9216ac2b6a9d951fd565a1d5eda89) - [#21064](https://github.com/npm/npm/pull/21064) - Add missing "if" - ([@roblourens](https://github.com/roblourens)) - -### DEPENDENCY SHUFFLE! - -We did some reshuffling and moving around of npm's own dependencies. This -significantly reduces the total bundle size of the npm pack, from 8MB to 4.8MB -for the distributed tarball! We also moved around what we actually commit to the -repo as far as devDeps go. - -* [`0483f5c5d`](https://github.com/npm/npm/commit/0483f5c5deaf18c968a128657923103e49f4e67a) - Flatten and dedupe our dependencies! - ([@iarna](https://github.com/iarna)) -* [`ef9fa1ceb`](https://github.com/npm/npm/commit/ef9fa1ceb5f9d175fd453138b1a26d45a5071dfd) - Remove unused direct dependency `ansi-regex`. - ([@iarna](https://github.com/iarna)) -* [`0d14b0bc5`](https://github.com/npm/npm/commit/0d14b0bc59812f4e33798194e11ffacbea3c0493) - Reshuffle ansi-regex for better deduping. - ([@iarna](https://github.com/iarna)) -* [`68a101859`](https://github.com/npm/npm/commit/68a101859b2b6f78b2e7c3a936492acdb15f7c4a) - Reshuffle strip-ansi for better deduping. - ([@iarna](https://github.com/iarna)) -* [`0d5251f97`](https://github.com/npm/npm/commit/0d5251f97dc8b8b143064869e530d465c757ffbb) - Reshuffle is-fullwidth-code-point for better deduping. - ([@iarna](https://github.com/iarna)) -* [`2d0886632`](https://github.com/npm/npm/commit/2d08866327013522fc5fbe61ed872b8f30e92775) - Add fake-registry, npm-registry-mock replacement. - ([@iarna](https://github.com/iarna)) - -### DEPENDENCIES - -* [`8cff8eea7`](https://github.com/npm/npm/commit/8cff8eea75dc34c9c1897a7a6f65d7232bb0c64c) - `tar@4.4.3` - ([@zkat](https://github.com/zkat)) -* [`bfc4f873b`](https://github.com/npm/npm/commit/bfc4f873bd056b7e3aee389eda4ecd8a2e175923) - `pacote@8.1.6` - ([@zkat](https://github.com/zkat)) -* [`532096163`](https://github.com/npm/npm/commit/53209616329119be8fcc29db86a43cc8cf73454d) - `libcipm@2.0.0` - ([@zkat](https://github.com/zkat)) -* [`4a512771b`](https://github.com/npm/npm/commit/4a512771b67aa06505a0df002a9027c16a238c71) - `request@2.87.0` - ([@iarna](https://github.com/iarna)) -* [`b7cc48dee`](https://github.com/npm/npm/commit/b7cc48deee45da1feab49aa1dd4d92e33c9bcac8) - `which@1.3.1` - ([@iarna](https://github.com/iarna)) -* [`bae657c28`](https://github.com/npm/npm/commit/bae657c280f6ea8e677509a9576e1b47c65c5441) - `tar@4.4.4` - ([@iarna](https://github.com/iarna)) -* [`3d46e5c4e`](https://github.com/npm/npm/commit/3d46e5c4e3c5fecd9bf05a7425a16f2e8ad5c833) - `JSONStream@1.3.3` - ([@iarna](https://github.com/iarna)) -* [`d0a905daf`](https://github.com/npm/npm/commit/d0a905dafc7e3fcd304e8053acbe3da40ba22554) - `is-cidr@2.0.6` - ([@iarna](https://github.com/iarna)) -* [`4fc1f815f`](https://github.com/npm/npm/commit/4fc1f815fec5a7f6f057cf305e01d4126331d1f2) - `marked@0.4.0` - ([@iarna](https://github.com/iarna)) -* [`f72202944`](https://github.com/npm/npm/commit/f722029441a088d03df94bdfdeeec51cfd318659) - `tap@12.0.1` - ([@iarna](https://github.com/iarna)) -* [`bdce96eb3`](https://github.com/npm/npm/commit/bdce96eb3c30fcff873aa3f1190e8ae4928d690b) - `npm-profile@3.0.2` - ([@iarna](https://github.com/iarna)) -* [`fe4240e85`](https://github.com/npm/npm/commit/fe4240e852144770bf76d7b1952056ca5baa63cf) - `uuid@3.3.2` - ([@zkat](https://github.com/zkat)) - -## v6.1.0 (2018-05-17): - -### FIX WRITE AFTER END ERROR - -First introduced in 5.8.0, this finally puts to bed errors where you would -occasionally see `Error: write after end at MiniPass.write`. - -* [`171f3182f`](https://github.com/npm/npm/commit/171f3182f32686f2f94ea7d4b08035427e0b826e) - [node-tar#180](https://github.com/npm/node-tar/issues/180) - [npm.community#35](https://npm.community/t/write-after-end-when-installing-packages-with-5-8-and-later/35) - `pacote@8.1.5`: Fix write-after-end errors. - ([@zkat](https://github.com/zkat)) - -### DETECT CHANGES IN GIT SPECIFIERS - -* [`0e1726c03`](https://github.com/npm/npm/commit/0e1726c0350a02d5a60f5fddb1e69c247538625e) - We can now determine if the commitid of a git dependency in the lockfile is derived - from the specifier in the package.json and if it isn't we now trigger an update for it. - ([@iarna](https://github.com/iarna)) - -### OTHER BUGS - -* [`442d2484f`](https://github.com/npm/npm/commit/442d2484f686e3a371b07f8473a17708f84d9603) - [`2f0c88351`](https://github.com/npm/npm/commit/2f0c883519f17c94411dd1d9877c5666f260c12f) - [`631d30a34`](https://github.com/npm/npm/commit/631d30a340f5805aed6e83f47a577ca4125599b2) - When requesting the update of a direct dependency that was also a - transitive dependency to a version incompatible with the transitive - requirement and you had a lock-file but did not have a `node_modules` - folder then npm would fail to provide a new copy of the transitive - dependency, resulting in an invalid lock-file that could not self heal. - ([@iarna](https://github.com/iarna)) -* [`be5dd0f49`](https://github.com/npm/npm/commit/be5dd0f496ec1485b1ea3094c479dfc17bd50d82) - [#20715](https://github.com/npm/npm/pull/20715) - Cleanup output of `npm ci` summary report. - ([@legodude17](https://github.com/legodude17)) -* [`98ffe4adb`](https://github.com/npm/npm/commit/98ffe4adb55a6f4459271856de2e27e95ee63375) - Node.js now has a test that scans for things that look like conflict - markers in source code. This was triggering false positives on a fixture in a test - of npm's ability to heal lockfiles with conflicts in them. - ([@iarna](https://github.com/iarna)) - -### DEPENDENCY UPDATES - -* [`3f2e306b8`](https://github.com/npm/npm/commit/3f2e306b884a027df03f64524beb8658ce1772cb) - Using `npm audit fix`, replace some transitive dependencies with security - issues with versions that don't have any. - ([@iarna](https://github.com/iarna)) -* [`1d07134e0`](https://github.com/npm/npm/commit/1d07134e0b157f7484a20ce6987ff57951842954) - `tar@4.4.1`: - Dropping to 4.4.1 from 4.4.2 due to https://github.com/npm/node-tar/issues/183 - ([@zkat](https://github.com/zkat)) - - -## v6.1.0-next.0 (2018-05-17): - -Look at that! A feature bump! `npm@6` was super-exciting not just because it -used a bigger number than ever before, but also because it included a super -shiny new command: `npm audit`. Well, we've kept working on it since then and -have some really nice improvements for it. You can expect more of them, and the -occasional fix, in the next few releases as more users start playing with it and -we get more feedback about what y'all would like to see from something like -this. - -I, for one, have started running it (and the new subcommand...) in all my -projects, and it's one of those things that I don't know how I ever functioned --without- it! This will make a world of difference to so many people as far as -making the npm ecosystem a higher-quality, safer commons for all of us. - -This is also a good time to remind y'all that we have a new [RFCs -repository](https://github.com/npm/rfcs), along with a new process for them. -This repo is open to anyone's RFCs, and has already received some great ideas -about where we can take the CLI (and, to a certain extent, the registry). It's a -great place to get feedback, and completely replaces feature requests in the -main repo, so we won't be accepting feature requests there at all anymore. Check -it out if you have something you'd like to suggest, or if you want to keep track -of what the future might look like! - -### NEW FEATURE: `npm audit fix` - -This is the biggie with this release! `npm audit fix` does exactly what it says -on the tin. It takes all the actionable reports from your `npm audit` and runs -the installs automatically for you, so you don't have to try to do all that -mechanical work yourself! - -Note that by default, `npm audit fix` will stick to semver-compatible changes, -so you should be able to safely run it on most projects and carry on with your -day without having to track down what breaking changes were included. If you -want your (toplevel) dependencies to accept semver-major bumps as well, you can -use `npm audit fix --force` and it'll toss those in, as well. Since it's running -the npm installer under the hood, it also supports `--production` and -`--only=dev` flags, as well as things like `--dry-run`, `--json`, and -`--package-lock-only`, if you want more control over what it does. - -Give it a whirl and tell us what you think! See `npm help audit` for full docs! - -* [`3800a660d`](https://github.com/npm/npm/commit/3800a660d99ca45c0175061dbe087520db2f54b7) - Add `npm audit fix` subcommand to automatically fix detected vulnerabilities. - ([@zkat](https://github.com/zkat)) - -### OTHER NEW `audit` FEATURES - -* [`1854b1c7f`](https://github.com/npm/npm/commit/1854b1c7f09afceb49627e539a086d8a3565601c) - [#20568](https://github.com/npm/npm/pull/20568) - Add support for `npm audit --json` to print the report in JSON format. - ([@finnp](https://github.com/finnp)) -* [`85b86169d`](https://github.com/npm/npm/commit/85b86169d9d0423f50893d2ed0c7274183255abe) - [#20570](https://github.com/npm/npm/pull/20570) - Include number of audited packages in `npm install` summary output. - ([@zkat](https://github.com/zkat)) -* [`957cbe275`](https://github.com/npm/npm/commit/957cbe27542d30c33e58e7e6f2f04eeb64baf5cd) - `npm-audit-report@1.2.1`: - Overhaul audit install and detail output format. The new format is terser and - fits more closely into the visual style of the CLI, while still providing you - with the important bits of information you need. They also include a bit more - detail on the footer about what actions you can take! - ([@zkat](https://github.com/zkat)) - -### NEW FEATURE: GIT DEPS AND `npm init <pkg>`! - -Another exciting change that came with `npm@6` was the new `npm init` command -that allows for community-authored generators. That means you can, for example, -do `npm init react-app` and it'll one-off download, install, and run -[`create-react-app`](https://npm.im/create-react-app) for you, without requiring -or keeping around any global installs. That is, it basically just calls out to -[`npx`](https://npm.im/npx). - -The first version of this command only really supported registry dependencies, -but now, [@jdalton](https://github.com/jdalton) went ahead and extended this -feature so you can use hosted git dependencies, and their shorthands. - -So go ahead and do `npm init facebook/create-react-app` and it'll grab the -package from the github repo now! Or you can use it with a private github -repository to maintain your organizational scaffolding tools or whatnot. ✨ - -* [`483e01180`](https://github.com/npm/npm/commit/483e011803af82e63085ef41b7acce5b22aa791c) - [#20403](https://github.com/npm/npm/pull/20403) - Add support for hosted git packages to `npm init <name>`. - ([@jdalton](https://github.com/jdalton)) - -### BUGFIXES - -* [`a41c0393c`](https://github.com/npm/npm/commit/a41c0393cba710761a15612c6c85c9ef2396e65f) - [#20538](https://github.com/npm/npm/pull/20538) - Make the new `npm view` work when the license field is an object instead of a - string. - ([@zkat](https://github.com/zkat)) -* [`eb7522073`](https://github.com/npm/npm/commit/eb75220739302126c94583cc65a5ff12b441e3c6) - [#20582](https://github.com/npm/npm/pull/20582) - Add support for environments (like Docker) where the expected binary for - opening external URLs is not available. - ([@bcoe](https://github.com/bcoe)) -* [`212266529`](https://github.com/npm/npm/commit/212266529ae72056bf0876e2cff4b8ba01d09d0f) - [#20536](https://github.com/npm/npm/pull/20536) - Fix a spurious colon in the new update notifier message and add support for - the npm canary. - ([@zkat](https://github.com/zkat)) -* [`5ee1384d0`](https://github.com/npm/npm/commit/5ee1384d02c3f11949d7a26ec6322488476babe6) - [#20597](https://github.com/npm/npm/pull/20597) - Infer a version range when a `package.json` has a dist-tag instead of a - version range in one of its dependency specs. Previously, this would cause - dependencies to be flagged as invalid. - ([@zkat](https://github.com/zkat)) -* [`4fa68ae41`](https://github.com/npm/npm/commit/4fa68ae41324293e59584ca6cf0ac24b3e0825bb) - [#20585](https://github.com/npm/npm/pull/20585) - Make sure scoped bundled deps are shown in the new publish preview, too. - ([@zkat](https://github.com/zkat)) -* [`1f3ee6b7e`](https://github.com/npm/npm/commit/1f3ee6b7e1b36b52bdedeb9241296d4e66561d48) - `cacache@11.0.2`: - Stop dropping `size` from metadata on `npm cache verify`. - ([@jfmartinez](https://github.com/jfmartinez)) -* [`91ef93691`](https://github.com/npm/npm/commit/91ef93691a9d6ce7c016fefdf7da97854ca2b2ca) - [#20513](https://github.com/npm/npm/pull/20513) - Fix nested command aliases. - ([@mmermerkaya](https://github.com/mmermerkaya)) -* [`18b2b3cf7`](https://github.com/npm/npm/commit/18b2b3cf71a438648ced1bd13faecfb50c71e979) - `npm-lifecycle@2.0.3`: - Make sure different versions of the `Path` env var on Windows all get - `node_modules/.bin` prepended when running lifecycle scripts. - ([@laggingreflex](https://github.com/laggingreflex)) - -### DOCUMENTATION - -* [`a91d87072`](https://github.com/npm/npm/commit/a91d87072f292564e58dcab508b5a8c6702b9aae) - [#20550](https://github.com/npm/npm/pull/20550) - Update required node versions in README. - ([@legodude17](https://github.com/legodude17)) -* [`bf3cfa7b8`](https://github.com/npm/npm/commit/bf3cfa7b8b351714c4ec621e1a5867c8450c6fff) - Pull in changelogs from the last `npm@5` release. - ([@iarna](https://github.com/iarna)) -* [`b2f14b14c`](https://github.com/npm/npm/commit/b2f14b14ca25203c2317ac2c47366acb50d46e69) - [#20629](https://github.com/npm/npm/pull/20629) - Make tone in `publishConfig` docs more neutral. - ([@jeremyckahn](https://github.com/jeremyckahn)) - -### DEPENDENCY BUMPS - -* [`5fca4eae8`](https://github.com/npm/npm/commit/5fca4eae8a62a7049b1ae06aa0bbffdc6e0ad6cc) - `byte-size@4.0.3` - ([@75lb](https://github.com/75lb)) -* [`d9ef3fba7`](https://github.com/npm/npm/commit/d9ef3fba79f87c470889a6921a91f7cdcafa32b9) - `lru-cache@4.1.3` - ([@isaacs](https://github.com/isaacs)) -* [`f1baf011a`](https://github.com/npm/npm/commit/f1baf011a0d164f8dc8aa6cd31e89225e3872e3b) - `request@2.86.0` - ([@simonv](https://github.com/simonv)) -* [`005fa5420`](https://github.com/npm/npm/commit/005fa542072f09a83f77a9d62c5e53b8f6309371) - `require-inject@1.4.3` - ([@iarna](https://github.com/iarna)) -* [`1becdf09a`](https://github.com/npm/npm/commit/1becdf09a2f19716726c88e9a2342e1e056cfc71) - `tap@11.1.5` - ([@isaacs](https://github.com/isaacs)) - -## v6.0.1 (2018-05-09): - -### AUDIT SHOULDN'T WAIT FOREVER - -This will likely be reduced further with the goal that the audit process -shouldn't noticibly slow down your builds regardless of your network -situation. - -* [`3dcc240db`](https://github.com/npm/npm/commit/3dcc240dba5258532990534f1bd8a25d1698b0bf) - Timeout audit requests eventually. - ([@iarna](https://github.com/iarna)) - -### Looking forward - -We're still a way from having node@11, so now's a good time to ensure we -don't warn about being used with it. - -* [`ed1aebf55`](https://github.com/npm/npm/commit/ed1aebf55) - Allow node@11, when it comes. - ([@iarna](https://github.com/iarna)) - -## v6.0.1-next.0 (2018-05-03): - -### CTRL-C OUT DURING PACKAGE EXTRACTION AS MUCH AS YOU WANT! - -* [`b267bbbb9`](https://github.com/npm/npm/commit/b267bbbb9ddd551e3dbd162cc2597be041b9382c) - [npm/lockfile#29](https://github.com/npm/lockfile/pull/29) - `lockfile@1.0.4`: - Switches to `signal-exit` to detect abnormal exits and remove locks. - ([@Redsandro](https://github.com/Redsandro)) - -### SHRONKWRAPS AND LACKFILES - -If a published modules had legacy `npm-shrinkwrap.json` we were saving -ordinary registry dependencies (`name@version`) to your `package-lock.json` -as `https://` URLs instead of versions. - -* [`89102c0d9`](https://github.com/npm/npm/commit/89102c0d995c3d707ff2b56995a97a1610f8b532) - When saving the lock-file compute how the dependency is being required instead of using - `_resolved` in the `package.json`. This fixes the bug that was converting - registry dependencies into `https://` dependencies. - ([@iarna](https://github.com/iarna)) -* [`676f1239a`](https://github.com/npm/npm/commit/676f1239ab337ff967741895dbe3a6b6349467b6) - When encountering a `https://` URL in our lockfiles that point at our default registry, extract - the version and use them as registry dependencies. This lets us heal - `package-lock.json` files produced by 6.0.0 - ([@iarna](https://github.com/iarna)) - -### AUDIT AUDIT EVERYWHERE - -You can't use it _quite_ yet, but we do have a few last moment patches to `npm audit` to make -it even better when it is turned on! - -* [`b2e4f48f5`](https://github.com/npm/npm/commit/b2e4f48f5c07b8ebc94a46ce01a810dd5d6cd20c) - Make sure we hide stream errors on background audit submissions. Previously some classes - of error could end up being displayed (harmlessly) during installs. - ([@iarna](https://github.com/iarna)) -* [`1fe0c7fea`](https://github.com/npm/npm/commit/1fe0c7fea226e592c96b8ab22fd9435e200420e9) - Include session and scope in requests (as we do in other requests to the registry). - ([@iarna](https://github.com/iarna)) -* [`d04656461`](https://github.com/npm/npm/commit/d046564614639c37e7984fff127c79a8ddcc0c92) - Exit with non-zero status when vulnerabilities are found. So you can have `npm audit` as a test or prepublish step! - ([@iarna](https://github.com/iarna)) -* [`fcdbcbacc`](https://github.com/npm/npm/commit/fcdbcbacc16d96a8696dde4b6d7c1cba77828337) - Verify lockfile integrity before running. You'd get an error either way, but this way it's - faster and can give you more concrete instructions on how to fix it. - ([@iarna](https://github.com/iarna)) -* [`2ac8edd42`](https://github.com/npm/npm/commit/2ac8edd4248f2393b35896f0300b530e7666bb0e) - Refuse to run in global mode. Audits require a lockfile and globals don't have one. Yet. - ([@iarna](https://github.com/iarna)) - -### DOCUMENTATION IMPROVEMENTS - -* [`b7fca1084`](https://github.com/npm/npm/commit/b7fca1084b0be6f8b87ec0807c6daf91dbc3060a) - [#20407](https://github.com/npm/npm/pull/20407) - Update the lock-file spec doc to mention that we now generate the from field for `git`-type dependencies. - ([@watilde](https://github.com/watilde)) -* [`7a6555e61`](https://github.com/npm/npm/commit/7a6555e618e4b8459609b7847a9e17de2d4fa36e) - [#20408](https://github.com/npm/npm/pull/20408) - Describe what the colors in outdated mean. - ([@teameh](https://github.com/teameh)) - -### DEPENDENCY UPDATES - -* [`5e56b3209`](https://github.com/npm/npm/commit/5e56b3209c4719e3c4d7f0d9346dfca3881a5d34) - `npm-audit-report@1.0.8` - ([@evilpacket](https://github.com/evilpacket)) -* [`58a0b31b4`](https://github.com/npm/npm/commit/58a0b31b43245692b4de0f1e798fcaf71f8b7c31) - `lock-verify@2.0.2` - ([@iarna](https://github.com/iarna)) -* [`e7a8c364f`](https://github.com/npm/npm/commit/e7a8c364f3146ffb94357d8dd7f643e5563e2f2b) - [zkat/pacote#148](https://github.com/zkat/pacote/pull/148) - `pacote@8.1.1` - ([@redonkulus](https://github.com/redonkulus)) -* [`46c0090a5`](https://github.com/npm/npm/commit/46c0090a517526dfec9b1b6483ff640227f0cd10) - `tar@4.4.2` - ([@isaacs](https://github.com/isaacs)) -* [`8a16db3e3`](https://github.com/npm/npm/commit/8a16db3e39715301fd085a8f4c80ae836f0ec714) - `update-notifier@2.5.0` - ([@alexccl](https://github.com/alexccl)) -* [`696375903`](https://github.com/npm/npm/commit/6963759032fe955c1404d362e14f458d633c9444) - `safe-buffer@5.1.2` - ([@feross](https://github.com/feross)) -* [`c949eb26a`](https://github.com/npm/npm/commit/c949eb26ab6c0f307e75a546f342bb2ec0403dcf) - `query-string@6.1.0` - ([@sindresorhus](https://github.com/sindresorhus)) - -## v6.0.0 (2018-04-20): - -Hey y'all! Here's another `npm@6` release -- with `node@10` around the corner, -this might well be the last prerelease before we tag `6.0.0`! There's two major -features included with this release, along with a few miscellaneous fixes and -changes. - -### EXTENDED `npm init` SCAFFOLDING - -Thanks to the wonderful efforts of [@jdalton](https://github.com/jdalton) of -lodash fame, `npm init` can now be used to invoke custom scaffolding tools! - -You can now do things like `npm init react-app` or `npm init esm` to scaffold an -npm package by running `create-react-app` and `create-esm`, respectively. This -also adds an `npm create` alias, to correspond to Yarn's `yarn create` feature, -which inspired this. - -* [`008a83642`](https://github.com/npm/npm/commit/008a83642e04360e461f56da74b5557d5248a726) [`ed81d1426`](https://github.com/npm/npm/commit/ed81d1426776bcac47492cabef43f65e1d4ab536) [`833046e45`](https://github.com/npm/npm/commit/833046e45fe25f75daffd55caf25599a9f98c148) - [#20303](https://github.com/npm/npm/pull/20303) - Add an `npm init` feature that calls out to `npx` when invoked with positional - arguments. ([@jdalton](https://github.com/jdalton)) - -### DEPENDENCY AUDITING - -This version of npm adds a new command, `npm audit`, which will run a security -audit of your project's dependency tree and notify you about any actions you may -need to take. - -The registry-side services required for this command to work will be available -on the main npm registry in the coming weeks. Until then, you won't get much out -of trying to use this on the CLI. - -As part of this change, the npm CLI now sends scrubbed and cryptographically -anonymized metadata about your dependency tree to your configured registry, to -allow notifying you about the existence of critical security flaws. For details -about how the CLI protects your privacy when it shares this metadata, see `npm -help audit`, or [read the docs for `npm audit` -online](https://github.com/npm/npm/blob/release-next/doc/cli/npm-audit.md). You -can disable this altogether by doing `npm config set audit false`, but will no -longer benefit from the service. - -* [`f4bc648ea`](https://github.com/npm/npm/commit/f4bc648ea7b19d63cc9878c9da2cb1312f6ce152) - [#20389](https://github.com/npm/npm/pull/20389) - `npm-registry-fetch@1.1.0` - ([@iarna](https://github.com/iarna)) -* [`594d16987`](https://github.com/npm/npm/commit/594d16987465014d573c51a49bba6886cc19f8e8) - [#20389](https://github.com/npm/npm/pull/20389) - `npm-audit-report@1.0.5` - ([@iarna](https://github.com/iarna)) -* [`8c77dde74`](https://github.com/npm/npm/commit/8c77dde74a9d8f9007667cd1732c3329e0d52617) [`1d8ac2492`](https://github.com/npm/npm/commit/1d8ac2492196c4752b2e41b23d5ddc92780aaa24) [`552ff6d64`](https://github.com/npm/npm/commit/552ff6d64a5e3bcecb33b2a861c49a3396adad6d) [`09c734803`](https://github.com/npm/npm/commit/09c73480329e75e44fb8e55ca522f798be68d448) - [#20389](https://github.com/npm/npm/pull/20389) - Add new `npm audit` command. - ([@iarna](https://github.com/iarna)) -* [`be393a290`](https://github.com/npm/npm/commit/be393a290a5207dc75d3d70a32973afb3322306c) - [#20389](https://github.com/npm/npm/pull/20389) - Temporarily suppress git metadata till there's an opt-in. - ([@iarna](https://github.com/iarna)) -* [`8e713344f`](https://github.com/npm/npm/commit/8e713344f6e0828ddfb7733df20d75e95a5382d8) - [#20389](https://github.com/npm/npm/pull/20389) - Document the new command. - ([@iarna](https://github.com/iarna)) -* - [#20389](https://github.com/npm/npm/pull/20389) - Default audit to off when running the npm test suite itself. - ([@iarna](https://github.com/iarna)) - -### MORE `package-lock.json` FORMAT CHANGES?! - -* [`820f74ae2`](https://github.com/npm/npm/commit/820f74ae22b7feb875232d46901cc34e9ba995d6) - [#20384](https://github.com/npm/npm/pull/20384) - Add `from` field back into package-lock for git dependencies. This will give - npm the information it needs to figure out whether git deps are valid, - specially when running with legacy install metadata or in - `--package-lock-only` mode when there's no `node_modules`. This should help - remove a significant amount of git-related churn on the lock-file. - ([@zkat](https://github.com/zkat)) - -### BUGFIXES - -* [`9d5d0a18a`](https://github.com/npm/npm/commit/9d5d0a18a5458655275056156b5aa001140ae4d7) - [#20358](https://github.com/npm/npm/pull/20358) - `npm install-test` (aka `npm it`) will no longer generate `package-lock.json` - when running with `--no-package-lock` or `package-lock=false`. - ([@raymondfeng](https://github.com/raymondfeng)) -* [`e4ed976e2`](https://github.com/npm/npm/commit/e4ed976e20b7d1114c920a9dc9faf351f89a31c9) - [`2facb35fb`](https://github.com/npm/npm/commit/2facb35fbfbbc415e693d350b67413a66ff96204) - [`9c1eb945b`](https://github.com/npm/npm/commit/9c1eb945be566e24cbbbf186b0437bdec4be53fc) - [#20390](https://github.com/npm/npm/pull/20390) - Fix a scenario where a git dependency had a comittish associated with it - that was not a complete commitid. `npm` would never consider that entry - in the `package.json` as matching the entry in the `package-lock.json` and - this resulted in inappropriate pruning or reinstallation of git - dependencies. This has been addressed in two ways, first, the addition of the - `from` field as described in [#20384](https://github.com/npm/npm/pull/20384) means - we can exactly match the `package.json`. Second, when that's missing (when working with - older `package-lock.json` files), we assume that the match is ok. (If - it's not, we'll fix it up when a real installation is done.) - ([@iarna](https://github.com/iarna)) - - -### DEPENDENCIES - -* [`1c1f89b73`](https://github.com/npm/npm/commit/1c1f89b7319b2eef6adee2530c4619ac1c0d83cf) - `libnpx@10.2.0` - ([@zkat](https://github.com/zkat)) -* [`242d8a647`](https://github.com/npm/npm/commit/242d8a6478b725778c00be8ba3dc85f367006a61) - `pacote@8.1.0` - ([@zkat](https://github.com/zkat)) - -### DOCS - -* [`a1c77d614`](https://github.com/npm/npm/commit/a1c77d614adb4fe6769631b646b817fd490d239c) - [#20331](https://github.com/npm/npm/pull/20331) - Fix broken link to 'private-modules' page. The redirect went away when the new - npm website went up, but the new URL is better anyway. - ([@vipranarayan14](https://github.com/vipranarayan14)) -* [`ad7a5962d`](https://github.com/npm/npm/commit/ad7a5962d758efcbcfbd9fda9a3d8b38ddbf89a1) - [#20279](https://github.com/npm/npm/pull/20279) - Document the `--if-present` option for `npm run-script`. - ([@aleclarson](https://github.com/aleclarson)) - -## v6.0.0-next.1 (2018-04-12): - -### NEW FEATURES - -* [`a9e722118`](https://github.com/npm/npm/commit/a9e7221181dc88e14820d0677acccf0648ac3c5a) - [#20256](https://github.com/npm/npm/pull/20256) - Add support for managing npm webhooks. This brings over functionality - previously provided by the [`wombat`](https://www.npmjs.com/package/wombat) CLI. - ([@zkat](https://github.com/zkat)) -* [`8a1a64203`](https://github.com/npm/npm/commit/8a1a64203cca3f30999ea9e160eb63662478dcee) - [#20126](https://github.com/npm/npm/pull/20126) - Add `npm cit` command that's equivalent of `npm ci && npm t` that's equivalent of `npm it`. - ([@SimenB](https://github.com/SimenB)) -* [`fe867aaf1`](https://github.com/npm/npm/commit/fe867aaf19e924322fe58ed0cf0a570297a96559) - [`49d18b4d8`](https://github.com/npm/npm/commit/49d18b4d87d8050024f8c5d7a0f61fc2514917b1) - [`ff6b31f77`](https://github.com/npm/npm/commit/ff6b31f775f532bb8748e8ef85911ffb35a8c646) - [`78eab3cda`](https://github.com/npm/npm/commit/78eab3cdab6876728798f876d569badfc74ce68f) - The `requires` field in your lock-file will be upgraded to use ranges from - versions on your first use of npm. - ([@iarna](https://github.com/iarna)) -* [`cf4d7b4de`](https://github.com/npm/npm/commit/cf4d7b4de6fa241a656e58f662af0f8d7cd57d21) - [#20257](https://github.com/npm/npm/pull/20257) - Add shasum and integrity to the new `npm view` output. - ([@zkat](https://github.com/zkat)) - -### BUG FIXES - -* [`685764308`](https://github.com/npm/npm/commit/685764308e05ff0ddb9943b22ca77b3a56d5c026) - Fix a bug where OTPs passed in via the commandline would have leading - zeros deleted resulted in authentication failures. - ([@iarna](https://github.com/iarna)) -* [`8f3faa323`](https://github.com/npm/npm/commit/8f3faa3234b2d2fcd2cb05712a80c3e4133c8f45) - [`6800f76ff`](https://github.com/npm/npm/commit/6800f76ffcd674742ba8944f11f6b0aa55f4b612) - [`ec90c06c7`](https://github.com/npm/npm/commit/ec90c06c78134eb2618612ac72288054825ea941) - [`825b5d2c6`](https://github.com/npm/npm/commit/825b5d2c60e620da5459d9dc13d4f911294a7ec2) - [`4785f13fb`](https://github.com/npm/npm/commit/4785f13fb69f33a8c624ecc8a2be5c5d0d7c94fc) - [`bd16485f5`](https://github.com/npm/npm/commit/bd16485f5b3087625e13773f7251d66547d6807d) - Restore the ability to bundle dependencies that are uninstallable from the - registry. This also eliminates needless registry lookups for bundled - dependencies. - - Fixed a bug where attempting to install a dependency that is bundled - inside another module without reinstalling that module would result in - ENOENT errors. - ([@iarna](https://github.com/iarna)) -* [`429498a8c`](https://github.com/npm/npm/commit/429498a8c8d4414bf242be6a3f3a08f9a2adcdf9) - [#20029](https://github.com/npm/npm/pull/20029) - Allow packages with non-registry specifiers to follow the fast path that - the we use with the lock-file for registry specifiers. This will improve install time - especially when operating only on the package-lock (`--package-lock-only`). - ([@zkat](https://github.com/zkat)) - - Fix the a bug where `npm i --only=prod` could remove development - dependencies from lock-file. - ([@iarna](https://github.com/iarna)) -* [`834b46ff4`](https://github.com/npm/npm/commit/834b46ff48ade4ab4e557566c10e83199d8778c6) - [#20122](https://github.com/npm/npm/pull/20122) - Improve the update-notifier messaging (borrowing ideas from pnpm) and - eliminate false positives. - ([@zkat](https://github.com/zkat)) -* [`f9de7ef3a`](https://github.com/npm/npm/commit/f9de7ef3a1089ceb2610cd27bbd4b4bc2979c4de) - [#20154](https://github.com/npm/npm/pull/20154) - Let version succeed when `package-lock.json` is gitignored. - ([@nwoltman](https://github.com/nwoltman)) -* [`f8ec52073`](https://github.com/npm/npm/commit/f8ec520732bda687bc58d9da0873dadb2d65ca96) - [#20212](https://github.com/npm/npm/pull/20212) - Ensure that we only create an `etc` directory if we are actually going to write files to it. - ([@buddydvd](https://github.com/buddydvd)) -* [`ab489b753`](https://github.com/npm/npm/commit/ab489b75362348f412c002cf795a31dea6420ef0) - [#20140](https://github.com/npm/npm/pull/20140) - Note in documentation that `package-lock.json` version gets touched by `npm version`. - ([@srl295](https://github.com/srl295)) -* [`857c2138d`](https://github.com/npm/npm/commit/857c2138dae768ea9798782baa916b1840ab13e8) - [#20032](https://github.com/npm/npm/pull/20032) - Fix bug where unauthenticated errors would get reported as both 404s and - 401s, i.e. `npm ERR! 404 Registry returned 401`. In these cases the error - message will now be much more informative. - ([@iarna](https://github.com/iarna)) -* [`d2d290bca`](https://github.com/npm/npm/commit/d2d290bcaa85e44a4b08cc40cb4791dd4f81dfc4) - [#20082](https://github.com/npm/npm/pull/20082) - Allow optional @ prefix on scope with `npm team` commands for parity with other commands. - ([@bcoe](https://github.com/bcoe)) -* [`b5babf0a9`](https://github.com/npm/npm/commit/b5babf0a9aa1e47fad8a07cc83245bd510842047) - [#19580](https://github.com/npm/npm/pull/19580) - Improve messaging when two-factor authentication is required while publishing. - ([@jdeniau](https://github.com/jdeniau)) -* [`471ee1c5b`](https://github.com/npm/npm/commit/471ee1c5b58631fe2e936e32480f3f5ed6438536) - [`0da38b7b4`](https://github.com/npm/npm/commit/0da38b7b4aff0464c60ad12e0253fd389efd5086) - Fix a bug where optional status of a dependency was not being saved to - the package-lock on the initial install. - ([@iarna](https://github.com/iarna)) -* [`b3f98d8ba`](https://github.com/npm/npm/commit/b3f98d8ba242a7238f0f9a90ceea840b7b7070af) - [`9dea95e31`](https://github.com/npm/npm/commit/9dea95e319169647bea967e732ae4c8212608f53) - Ensure that `--no-optional` does not remove optional dependencies from the lock-file. - ([@iarna](https://github.com/iarna)) - -### MISCELLANEOUS - -* [`ec6b12099`](https://github.com/npm/npm/commit/ec6b120995c9c1d17ff84bf0217ba5741365af2d) - Exclude all tests from the published version of npm itself. - ([@iarna](https://github.com/iarna)) - -### DEPENDENCY UPDATES - -* [`73dc97455`](https://github.com/npm/npm/commit/73dc974555217207fb384e39d049da19be2f79ba) - [zkat/cipm#46](https://github.com/zkat/cipm/pull/46) - `libcipm@1.6.2`: - Detect binding.gyp for default install lifecycle. Let's `npm ci` work on projects that - have their own C code. - ([@caleblloyd](https://github.com/caleblloyd)) -* [`77c3f7a00`](https://github.com/npm/npm/commit/77c3f7a0091f689661f61182cd361465e2d695d5) - `iferr@1.0.0` -* [`dce733e37`](https://github.com/npm/npm/commit/dce733e37687c21cb1a658f06197c609ac39c793) - [zkat/json-parse-better-errors#1](https://github.com/zkat/json-parse-better-errors/pull/1) - `json-parse-better-errors@1.0.2` - ([@Hoishin](https://github.com/Hoishin)) -* [`c52765ff3`](https://github.com/npm/npm/commit/c52765ff32d195842133baf146d647760eb8d0cd) - `readable-stream@2.3.6` - ([@mcollina](https://github.com/mcollina)) -* [`e160adf9f`](https://github.com/npm/npm/commit/e160adf9fce09f226f66e0892cc3fa45f254b5e8) - `update-notifier@2.4.0` - ([@sindersorhus](https://github.com/sindersorhus)) -* [`9a9d7809e`](https://github.com/npm/npm/commit/9a9d7809e30d1add21b760804be4a829e3c7e39e) - `marked@0.3.1` - ([@joshbruce](https://github.com/joshbruce)) -* [`f2fbd8577`](https://github.com/npm/npm/commit/f2fbd857797cf5c12a68a6fb0ff0609d373198b3) - [#20256](https://github.com/npm/npm/pull/20256) - `figgy-pudding@2.0.1` - ([@zkat](https://github.com/zkat)) -* [`44972d53d`](https://github.com/npm/npm/commit/44972d53df2e0f0cc22d527ac88045066205dbbf) - [#20256](https://github.com/npm/npm/pull/20256) - `libnpmhook@3.0.0` - ([@zkat](https://github.com/zkat)) -* [`cfe562c58`](https://github.com/npm/npm/commit/cfe562c5803db08a8d88957828a2cd1cc51a8dd5) - [#20276](https://github.com/npm/npm/pull/20276) - `node-gyp@3.6.2` -* [`3c0bbcb8e`](https://github.com/npm/npm/commit/3c0bbcb8e5440a3b90fabcce85d7a1d31e2ecbe7) - [zkat/npx#172](https://github.com/zkat/npx/pull/172) - `libnpx@10.1.1` - ([@jdalton](https://github.com/jdalton)) -* [`0573d91e5`](https://github.com/npm/npm/commit/0573d91e57c068635a3ad4187b9792afd7b5e22f) - [zkat/cacache#128](https://github.com/zkat/cacache/pull/128) - `cacache@11.0.1` - ([@zkat](https://github.com/zkat)) -* [`396afa99f`](https://github.com/npm/npm/commit/396afa99f61561424866d5c8dd7aedd6f91d611a) - `figgy-pudding@3.1.0` - ([@zkat](https://github.com/zkat)) -* [`e7f869c36`](https://github.com/npm/npm/commit/e7f869c36ec1dacb630e5ab749eb3bb466193f01) - `pacote@8.0.0` - ([@zkat](https://github.com/zkat)) -* [`77dac72df`](https://github.com/npm/npm/commit/77dac72dfdb6add66ec859a949b1d2d788a379b7) - `ssri@6.0.0` - ([@zkat](https://github.com/zkat)) -* [`0b802f2a0`](https://github.com/npm/npm/commit/0b802f2a0bfa15c6af8074ebf9347f07bccdbcc7) - `retry@0.12.0` - ([@iarna](https://github.com/iarna)) -* [`4781b64bc`](https://github.com/npm/npm/commit/4781b64bcc47d4e7fb7025fd6517cde044f6b5e1) - `libnpmhook@4.0.1` - ([@zkat](https://github.com/zkat)) -* [`7bdbaeea6`](https://github.com/npm/npm/commit/7bdbaeea61853280f00c8443a3b2d6e6b893ada9) - `npm-package-arg@6.1.0` - ([@zkat](https://github.com/zkat)) -* [`5f2bf4222`](https://github.com/npm/npm/commit/5f2bf4222004117eb38c44ace961bd15a779fd66) - `read-package-tree@5.2.1` - ([@zkat](https://github.com/zkat)) - -## v6.0.0-0 (2018-03-23): - -Sometimes major releases are a big splash, sometimes they're something -smaller. This is the latter kind. That said, we expect to keep this in -release candidate status until Node 10 ships at the end of April. There -will likely be a few more features for the 6.0.0 release line between now -and then. We do expect to have a bigger one later this year though, so keep -an eye out for `npm@7`! - -### *BREAKING* AVOID DEPRECATED - -When selecting versions to install, we now avoid deprecated versions if -possible. For example: - -``` -Module: example -Versions: -1.0.0 -1.1.0 -1.1.2 -1.1.3 (deprecated) -1.2.0 (latest) -``` - -If you ask `npm` to install `example@~1.1.0`, `npm` will now give you `1.1.2`. - -By contrast, if you installed `example@~1.1.3` then you'd get `1.1.3`, as -it's the only version that can match the range. - -* [`78bebc0ce`](https://github.com/npm/npm/commit/78bebc0cedc4ce75c974c47b61791e6ca1ccfd7e) - [#20151](https://github.com/npm/npm/pull/20151) - Skip deprecated versions when possible. - ([@zkat](https://github.com/zkat)) - -### *BREAKING* UPDATE AND OUTDATED - -When `npm install` is finding a version to install, it first checks to see -if the specifier you requested matches the `latest` tag. If it doesn't, -then it looks for the highest version that does. This means you can do -release candidates on tags other than `latest` and users won't see them -unless they ask for them. Promoting them is as easy as setting the `latest` -tag to point at them. - -Historically `npm update` and `npm outdated` worked differently. They just -looked for the most recent thing that matched the semver range, disregarding -the `latest` tag. We're changing it to match `npm install`'s behavior. - -* [`3aaa6ef42`](https://github.com/npm/npm/commit/3aaa6ef427b7a34ebc49cd656e188b5befc22bae) - Make update and outdated respect latest interaction with semver as install does. - ([@iarna](https://github.com/iarna)) -* [`e5fbbd2c9`](https://github.com/npm/npm/commit/e5fbbd2c999ab9c7ec15b30d8b4eb596d614c715) - `npm-pick-manifest@2.1.0` - ([@iarna](https://github.com/iarna)) - -### PLUS ONE SMALLER PATCH - -Technically this is a bug fix, but the change in behavior is enough of an -edge case that I held off on bringing it in until a major version. - -When we extract a binary and it starts with a shebang (or "hash bang"), that -is, something like: - -``` -#!/usr/bin/env node -``` - -If the file has Windows line endings we strip them off of the first line. -The reason for this is that shebangs are only used in Unix-like environments -and the files with them can't be run if the shebang has a Windows line ending. - -Previously we converted ALL line endings from Windows to Unix. With this -patch we only convert the line with the shebang. (Node.js works just fine -with either set of line endings.) - -* [`814658371`](https://github.com/npm/npm/commit/814658371bc7b820b23bc138e2b90499d5dda7b1) - [`7265198eb`](https://github.com/npm/npm/commit/7265198ebb32d35937f4ff484b0167870725b054) - `bin-links@1.1.2`: - Only rewrite the CR after a shebang (if any) when fixing up CR/LFs. - ([@iarna](https://github.com/iarna)) - -### *BREAKING* SUPPORTED NODE VERSIONS - -Per our supported Node.js policy, we're dropping support for both Node 4 and -Node 7, which are no longer supported by the Node.js project. - -* [`077cbe917`](https://github.com/npm/npm/commit/077cbe917930ed9a0c066e10934d540e1edb6245) - Drop support for Node 4 and Node 7. - ([@iarna](https://github.com/iarna)) - -### DEPENDENCIES - -* [`478fbe2d0`](https://github.com/npm/npm/commit/478fbe2d0bce1534b1867e0b80310863cfacc01a) - `iferr@1.0.0` -* [`b18d88178`](https://github.com/npm/npm/commit/b18d88178a4cf333afd896245a7850f2f5fb740b) - `query-string@6.0.0` -* [`e02fa7497`](https://github.com/npm/npm/commit/e02fa7497f89623dc155debd0143aa54994ace74) - `is-cidr@2.0.5` -* [`c8f8564be`](https://github.com/npm/npm/commit/c8f8564be6f644e202fccd9e3de01d64f346d870) - [`311e55512`](https://github.com/npm/npm/commit/311e5551243d67bf9f0d168322378061339ecff8) - `standard@11.0.1` |