diff options
Diffstat (limited to 'deps/node/deps/npm/changelogs/CHANGELOG-4.md')
| -rw-r--r-- | deps/node/deps/npm/changelogs/CHANGELOG-4.md | 1566 |
1 files changed, 0 insertions, 1566 deletions
diff --git a/deps/node/deps/npm/changelogs/CHANGELOG-4.md b/deps/node/deps/npm/changelogs/CHANGELOG-4.md deleted file mode 100644 index 2c971bb1..00000000 --- a/deps/node/deps/npm/changelogs/CHANGELOG-4.md +++ /dev/null @@ -1,1566 +0,0 @@ -## v4.6.1 (2017-04-21) - -A little release to tide you over while we hammer out the last bits for npm@5. - -### FEATURES - -* [`d13c9b2f2`](https://github.com/npm/npm/commit/d13c9b2f24b6380427f359b6e430b149ac8aaa79) - `init-package-json@1.10.0`: - The `name:` prompt is now `package name:` to make this less ambiguous for new users. - - The default package name is now a valid package name. For example: If your package directory - has mixed case, the default package name will be all lower case. -* [`f08c66323`](https://github.com/npm/npm/commit/f08c663231099f7036eb82b92770806a3a79cdf1) - [#16213](https://github.com/npm/npm/pull/16213) - Add `--allow-same-version` option to `npm version` so that you can use `npm version` to run - your version lifecycles and tag your git repo without actually changing the version number in - your `package.json`. - ([@lucastheisen](https://github.com/lucastheisen)) -* [`f5e8becd0`](https://github.com/npm/npm/commit/f5e8becd05e0426379eb0c999abdbc8e87a7f6f2) - Timing has been added throughout the install implementation. You can see it by running - a command with `--loglevel=timing`. You can also run commands with `--timing` which will write - an `npm-debug.log` even on success and add an entry to `_timing.json` in your cache with - the timing information from that run. - ([@iarna](https://github.com/iarna)) - -### BUG FIXES - -* [`9c860f2ed`](https://github.com/npm/npm/commit/9c860f2ed3bdea1417ed059b019371cd253db2ad) - [#16021](https://github.com/npm/npm/pull/16021) - Fix a crash in `npm doctor` when used with a registry that does not support - the `ping` API endpoint. - ([@watilde](https://github.com/watilde)) -* [`65b9943e9`](https://github.com/npm/npm/commit/65b9943e9424c67547b0029f02b0258e35ba7d26) - [#16364](https://github.com/npm/npm/pull/16364) - Shorten the ELIFECYCLE error message. The shorter error message should make it much - easier to discern the actual cause of the error. - ([@j-f1](https://github.com/j-f1)) -* [`a87a4a835`](https://github.com/npm/npm/commit/a87a4a8359693518ee41dfeb13c5a8929136772a) - `npmlog@4.0.2`: - Fix flashing of the progress bar when your terminal is very narrow. - ([@iarna](https://github.com/iarna)) -* [`41c10974f`](https://github.com/npm/npm/commit/41c10974fe95a2e520e33e37725570c75f6126ea) - `write-file-atomic@1.3.2`: - Wait for `fsync` to complete before considering our file written to disk. - This will improve certain sorts of Windows diagnostic problems. -* [`2afa9240c`](https://github.com/npm/npm/commit/2afa9240ce5b391671ed5416464f2882d18a94bc) - [#16336](https://github.com/npm/npm/pull/16336) - Don't ham-it-up when expecting JSON. - ([@bdukes](https://github.com/bdukes)) - -### DOCUMENTATION FIXES - -* [`566f3eebe`](https://github.com/npm/npm/commit/566f3eebe741f935b7c1e004bebf19b8625a1413) - [#16296](https://github.com/npm/npm/pull/16296) - Use a single convention when referring to the `<command>` you're running. - ([@desfero](https://github.com/desfero)) -* [`ccbb94934`](https://github.com/npm/npm/commit/ccbb94934d4f677f680c3e2284df3d0ae0e65758) - [#16267](https://github.com/npm/npm/pull/16267) - Fix a missing space in the example package.json. - ([@famousgarkin](https://github.com/famousgarkin)) - -### DEPENDENCY UPDATES - -* [`ebde4ea33`](https://github.com/npm/npm/commit/ebde4ea3363dfc154c53bd537189503863c9b3a4) - `hosted-git-info@2.4.2` -* [`c46ad71bb`](https://github.com/npm/npm/commit/c46ad71bbe27aaa9ee10e107d8bcd665d98544d7) - `init-package-json@1.9.6` -* [`d856d570d`](https://github.com/npm/npm/commit/d856d570d2df602767c039cf03439d647bba2e3d) - `npm-registry-client@8.1.1` -* [`4a2e14436`](https://github.com/npm/npm/commit/4a2e1443613a199665e7adbda034d5b9d10391a2) - `readable-stream@2.2.9` -* [`f0399138e`](https://github.com/npm/npm/commit/f0399138e6d6f1cd7f807d523787a3b129996301) - `normalize-package-data@2.3.8` - -### v4.5.0 (2017-03-24) - -Welcome a wrinkle on npm's registry API! - -Codename: Corgi - - - -This release has some bug fixes, but it's mostly about bringing support for -MUCH smaller package metadata. How much smaller? Well, for npm itself it -reduces 416K of gzip compressed JSON to 24K. - -As a user, all you have to do is update to get to use the new API. If -you're interested in the details we've [documented the -changes](https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md) -in detail. - -#### CORGUMENTS - -Package metadata: now smaller. This means a smaller cache and less to download. - -* [`86dad0d74`](https://github.com/npm/npm/commit/86dad0d747f288eab467d49c9635644d3d44d6f0) - Add support for filtered package metadata. - ([@iarna](https://github.com/iarna)) -* [`41789cffa`](https://github.com/npm/npm/commit/41789cffac9845603f4bdf3f5b03f412144a0e9f) - `npm-registry-client@8.1.0` - ([@iarna](https://github.com/iarna)) - -#### NO SHRINKWRAP, NO PROBLEM - -Previously we needed to extract every package's tarball to look for an -`npm-shrinkwrap.json` before we could begin working through what its -dependencies were. This was one of the things stopping npm's network -accesses from happening more concurrently. The new filtered package -metadata provides a new key, `_hasShrinkwrap`. When that's set to `false` -then we know we don't have to look for one. - -* [`4f5060eb3`](https://github.com/npm/npm/commit/4f5060eb31b9091013e1d6a34050973613a294a3) - [#15969](https://github.com/npm/npm/pull/15969) - Add support for skipping `npm-shrinkwrap.json` extraction when the - registry can affirm that one doesn't exist. - ([@iarna](https://github.com/iarna)) - -#### INTERRUPTING SCRIPTS - -* [`878aceb25`](https://github.com/npm/npm/commit/878aceb25e6d6052dac15da74639ce274c8e62c5) - [#16129](https://github.com/npm/npm/pull/16129) - Better handle Ctrl-C while running scripts. `npm` will now no longer exit - until the script it is running has exited. If you press Ctrl-C a second - time it kill the script rather than just forwarding the Ctrl-C. - ([@jaridmargolin](https://github.com/jaridmargolin)) - -#### DEPENDENCY UPDATES: - -* [`def75eebf`](https://github.com/npm/npm/commit/def75eebf1ad437bf4fd3f5e103cc2d963bd2a73) - `hosted-git-info@2.4.1`: - Preserve case of the user name part of shortcut specifiers, previously they were lowercased. - ([@iarna](https://github.com/iarna)) -* [`eb3789fd1`](https://github.com/npm/npm/commit/eb3789fd18cfb063de9e6f80c3049e314993d235) - `node-gyp@3.6.0`: Add support for VS2017 and Chakracore improvements. - ([@refack](https://github.com/refack)) - ([@kunalspathak](https://github.com/kunalspathak)) -* [`245e25315`](https://github.com/npm/npm/commit/245e25315524b95c0a71c980223a27719392ba75) - `readable-stream@2.2.6` ([@mcollina](https://github.com/mcollina)) -* [`30357ebc5`](https://github.com/npm/npm/commit/30357ebc5691d7c9e9cdc6e0fe7dc6253220c9c2) - `which@1.2.14` ([@isaacs](https://github.com/isaacs)) - -### v4.4.4 (2017-03-16) - -๐ฉ๐ค๐
Okay! We have another `next` -release for ya today. So, yes! With v4.4.3 we fixed the bug that made -bundled scoped modules uninstallable. But somehow I overlooked the fact -that we: A) were using these and B) that made upgrading to v4.4.3 impossible. ๐ญ - -So I've renamed those two scoped modules to no longer use scopes and we now -have a shiny new test to ensure that scoped modules don't creep into our -transitive deps and make it impossible to upgrade to `npm`. - -(None of our woes applies to most of you all because most of you all don't -use bundled dependencies. `npm` does because we want the published artifact to be -installable without having to already have `npm`.) - -* [`2a7409fcb`](https://github.com/npm/npm/commit/2a7409fcba6a8fab716c80f56987b255983e048e) - [#16066](https://github.com/npm/npm/pull/16066) - Ensure we aren't using any scoped modules - Because `npm`s prior 4.4.3 can't install dependencies that have bundled scoped - modules. This didn't show up sooner because they ALSO had a bug that caused - bundled scoped modules to not be included in the bundle. - ([@iarna](https://github.com/iarna)) -* [`eb4c70796`](https://github.com/npm/npm/commit/eb4c70796c38f24ee9357f5d4a0116db582cc7a9) - [#16066](https://github.com/npm/npm/pull/16066) - Switch to move-concurrently to remove scoped dependency - ([@iarna](https://github.com/iarna)) - -### v4.4.3 (2017-03-15) - -This is a small patch release, mostly because the published tarball for -v4.4.2 was missing a couple of modules, due to a bug involving scoped -modules, bundled dependencies and legacy tree layouts. - -There are a couple of other things here that happened to be ready to go. So -without further adoโฆ - -#### BUG FIXES - -* [`3d80f8f70`](https://github.com/npm/npm/commit/3d80f8f70679ad2b8ce7227d20e8dbce257a47b9) - [npm/fs-vacuum#6](https://github.com/npm/fs-vacuum/pull/6) - `fs-vacuum@1.2.1`: Make sure we never, ever remove home directories. Previously if your - home directory was entirely empty then we might `rmdir` it. - ([@helio-frota](https://github.com/helio-frota)) -* [`1af85ca9f`](https://github.com/npm/npm/commit/1af85ca9f4d625f948e85961372de7df3f3774e2) - [#16040](https://github.com/npm/npm/pull/16040) - Fix bug where bundled transitive dependencies that happened to be - installed under bundled scoped dependencies wouldn't be included in the - tarball when building a package. - ([@iarna](https://github.com/iarna)) -* [`13c7fdc2e`](https://github.com/npm/npm/commit/13c7fdc2e87456a87b1c9385a3daeae228ed7c95) - [#16040](https://github.com/npm/npm/pull/16040) - Fix a bug where bundled scoped dependencies couldn't be extracted. - ([@iarna](https://github.com/iarna)) -* [`d6cde98c2`](https://github.com/npm/npm/commit/d6cde98c2513fe160eab41e31c3198dfde993207) - [#16040](https://github.com/npm/npm/pull/16040) - Stop printing `ENOENT` errors more than once. - ([@iarna](https://github.com/iarna)) -* [`722fbf0f6`](https://github.com/npm/npm/commit/722fbf0f6cf4413cdc24b610bbd60a7dbaf2adfe) - [#16040](https://github.com/npm/npm/pull/16040) - Rewrite the `extract` action for greater clarity. - Specifically, this involves moving things around structurally to do the same - thing [`d0c6d194`](https://github.com/npm/npm/commit/d0c6d194) did, but in a more comprehensive manner. - This also fixes a long standing bug where errors from the move step would be - eaten during this phase and as a result we would get mysterious crashes in - the finalize phase when finalize tried to act on them. - ([@iarna](https://github.com/iarna)) -* [`6754dabb6`](https://github.com/npm/npm/commit/6754dabb6bd3301504efb3b62f36d3fe70958c19) - [#16040](https://github.com/npm/npm/pull/16040) - Flatten out `@npmcorp/move`'s deps for backwards compatibility reasons. Versions prior to this - one will fail to install any package that bundles a scoped dependency. This was responsible - for `ENOENT` errors during the `finalize` phase. - ([@iarna](https://github.com/iarna)) - -#### DOC UPDATES - -* [`fba51c582`](https://github.com/npm/npm/commit/fba51c582d1d08dd4aa6eb27f9044dddba91bb18) - [#15960](https://github.com/npm/npm/pull/15960) - Update troubleshooting and contribution guide links. - ([@watilde](https://github.com/watilde)) - - -### v4.4.2 (2017-03-09): - -This week, the focus on the release was mainly going through [all of npm's deps -that we manage -ourselves](https://github.com/npm/npm/wiki/npm-maintained-dependencies), and -making sure all their PRs and versions were up to date. That means there's a few -fixes here and there. Nothing too big codewise, though. - -The most exciting part of this release is probably our [shiny new -Contributing](https://github.com/npm/npm/blob/latest/CONTRIBUTING.md) and -[Troubleshooting](https://github.com/npm/npm/blob/latest/TROUBLESHOOTING.md) -docs! [@snopeks](https://github.com/snopeks) did some โจfantasticโจ work hashing it -out, and we're really hoping this is a nice big step towards making contributing -to npm easier. The troubleshooting doc will also hopefully solve common issues -for people! Do you think something is missing from it? File a PR and we'll add -it! The current document is just a baseline for further editing and additions. - -Also there's maybe a bit of an easter egg in this release. 'Cause those are fun and I'm a huge nerd. ๐ - -#### DOCUMENTATION AHOY - -* [`07e997a`](https://github.com/npm/npm/commit/07e997a7ecedba7b29ad76ffb2ce990d5c0200fc) - [#15756](https://github.com/npm/npm/pull/15756) - Overhaul `CONTRIBUTING.md` and add new `TROUBLESHOOTING.md` files. ๐๐ผ - ([@snopeks](https://github.com/snopeks)) -* [`2f3e4b6`](https://github.com/npm/npm/commit/2f3e4b645cdc268889cf95ba24b2aae572d722ad) - [#15833](https://github.com/npm/npm/pull/15833) - Mention the [24-hour unpublish - policy](http://blog.npmjs.org/post/141905368000/changes-to-npms-unpublish-policy) - on the main registry. - ([@carols10cents](https://github.com/carols10cents)) - -#### NOT REALLY FEATURES, NOT REALLY BUGFIXES. MORE LIKE TWEAKS? ๐ค - -* [`84be534`](https://github.com/npm/npm/commit/84be534aedb78c65cd8012427fc04871ceeccf90) - [#15888](https://github.com/npm/npm/pull/15888) - Stop flattening `ls`-tree output. From now on, deduped deps will be marked as - such in the place where they would've been before getting hoisted by the - installer. - ([@iarna](https://github.com/iarna)) -* [`e9a5dca`](https://github.com/npm/npm/commit/e9a5dca369ead646ab5922326cede1406c62bd3b) - [#15967](https://github.com/npm/npm/pull/15967) - Limit metadata fetches to 10 concurrent requests. - ([@iarna](https://github.com/iarna)) -* [`46aa9bc`](https://github.com/npm/npm/commit/46aa9bcae088740df86234fc199f7aef53b116df) - [#15967](https://github.com/npm/npm/pull/15967) - Limit concurrent installer actions to 10. - ([@iarna](https://github.com/iarna)) - -#### BUGFIXES - -* [`c3b994b`](https://github.com/npm/npm/commit/c3b994b71565eb4f943cce890bb887d810e6e2d4) - [#15901](https://github.com/npm/npm/pull/15901) - Use EXDEV aware move instead of rename. This will allow moving across devices - and moving when filesystems don't support renaming directories full of files. It might make folks using Docker a bit happier. - ([@iarna](https://github.com/iarna)) -* [`0de1a9c`](https://github.com/npm/npm/commit/0de1a9c1db90e6705c65c068df1fe82899e60d68) - [#15735](https://github.com/npm/npm/pull/15735) - Autocomplete support for npm scripts with `:` colons in the name. - ([@beyondcompute](https://github.com/beyondcompute)) -* [`84b0b92`](https://github.com/npm/npm/commit/84b0b92e7f78ec4add42e8161c555325c99b7f98) - [#15874](https://github.com/npm/npm/pull/15874) - Stop using [undocumented](https://github.com/nodejs/node/pull/11355) - `res.writeHeader` alias for `res.writeHead`. - ([@ChALkeR](https://github.com/ChALkeR)) -* [`895ffe4`](https://github.com/npm/npm/commit/895ffe4f3eecd674796395f91c30eda88aca6b36) - [#15824](https://github.com/npm/npm/pull/15824) - Fix empty versions column in `npm search` output. - ([@bcoe](https://github.com/bcoe)) -* [`38c8d7a`](https://github.com/npm/npm/commit/38c8d7adc1f43ab357d1e729ae7cd5d801a26e68) - `init-package-json@1.9.5`: [npm/init-package-json#61](https://github.com/npm/init-package-json/pull/61) Exclude existing `devDependencies` from being added to `dependencies`. Fixes [#12260](https://github.com/npm/npm/issues/12260). - ([@addaleax](https://github.com/addaleax)) - -### v4.4.1 (2017-03-06): - -This is a quick little patch release to forgo the update notification -checker if you're on an unsupported (but not otherwise broken) version of -Node.js. Right now that means 0.10 or 0.12. - -* [`56ac249`](https://github.com/npm/npm/commit/56ac249ef8ede1021f1bc62a0e4fe1e9ba556af2) - [#15864](https://github.com/npm/npm/pull/15864) - Only use `update-notifier` on supported versions. - ([@legodude17](https://github.com/legodude17)) - -### v4.4.0 (2017-02-23): - -Aaaah, [@iarna](https://github.com/iarna) here, it's been a little while -since I did one of these! This is a nice little release, we've got an -update notifier, vastly less verbose error messages, new warnings on package -metadata that will probably give you a bad day, and a sprinkling of bug -fixes. - -#### UPDATE NOTIFICATIONS - -We now have a little nudge to update your `npm`, courtesy of -[update-notifier](https://www.npmjs.com/package/update-notifier). - -* [`148ee66`](https://github.com/npm/npm/commit/148ee663740aa05877c64f16cdf18eba33fbc371) - [#15774](https://github.com/npm/npm/pull/15774) - `npm` will now check at start up to see if a newer version is available. - It will check once a day. If you want to disable this, set `optOut` to `true` in - `~/.config/configstore/update-notifier-npm.json`. - ([@ceejbot](https://github.com/ceejbot)) - -#### LESS VERBOSE ERROR MESSAGES - -`npm` has, for a long time, had very verbose error messages. There was a -lot of info in there, including the cause of the error you were seeing but -without a lot of experience reading them pulling that out was time consuming -and difficult. - -With this change the output is cut down substantially, centering the error -message. So, for example if you try to `npm run sdlkfj` then the entire -error you'll get will be: - -``` -npm ERR! missing script: sldkfj - -npm ERR! A complete log of this run can be found in: -npm ERR! /Users/rebecca/.npm/_logs/2017-02-24T00_41_36_988Z-debug.log -``` - -The CLI team has discussed cutting this down even further and stripping the -`npm ERR!` prefix off those lines too. We'd appreciate your feedback on -this! - -* [`e544124`](https://github.com/npm/npm/commit/e544124592583654f2970ec332003cfd00d04f2b) - [#15716](https://github.com/npm/npm/pull/15716) - Make error output less verbose. - ([@iarna](https://github.com/iarna)) -* [`166bda9`](https://github.com/npm/npm/commit/166bda97410d0518b42ed361020ade1887e684af) - [#15716](https://github.com/npm/npm/pull/15716) - Stop encouraging users to visit the issue tracker unless we know for - certain that it's an npm bug. - ([@iarna](https://github.com/iarna)) - -#### OTHER NEW FEATURES - -* [`53412eb`](https://github.com/npm/npm/commit/53412eb22c1c75d768e30f96d69ed620dfedabde) - [#15772](https://github.com/npm/npm/pull/15772) - We now warn if you have a module listed in both dependencies and - devDependencies. - ([@TedYav](https://github.com/TedYav)) -* [`426b180`](https://github.com/npm/npm/commit/426b1805904a13bdc5c0dd504105ba037270cbee) - [#15757](https://github.com/npm/npm/pull/15757) - Default reporting metrics to default registry. Previously it defaulted to using - `https://registry.npmjs.org`, now it will default to the result of - `npm config get registry`. For most folks this won't actually change anything, but it - means that folks who use a private registry will have metrics routed there by default. - This has the potential to be interesting because it means that in the - future private registry products ([npme](https://npme.npmjs.com/docs/)!) - will be able to report on these metrics. - ([@iarna](https://github.com/iarna)) - -#### BUG FIXES - -* [`8ea0de9`](https://github.com/npm/npm/commit/8ea0de98563648ba0db032acd4d23d27c4a50a66) - [#15716](https://github.com/npm/npm/pull/15716) - Write logs for `cb() never called` errors. -* [`c4e83dc`](https://github.com/npm/npm/commit/c4e83dca830b24305e3cb3201a42452d56d2d864) - Make it so that errors while reading the existing node_modules tree can't - result in installer crashes. - ([@iarna](https://github.com/iarna)) -* [`2690dc2`](https://github.com/npm/npm/commit/2690dc2684a975109ef44953c2cf0746dbe343bb) - Update `npm doctor` to not treat broken symlinks in your global modules as - a permission failure. This is particularly important if you link modules and your text - editor uses the convention of creating symlinks from `.#filename.js` to a - machine name and pid to lock files (eg emacs and compatible things). - ([@iarna](https://github.com/iarna)) -* [`f4c3f48`](https://github.com/npm/npm/commit/f4c3f489aa5787cf0d60e8436be2190e4b0d0ff7) - [#15777](https://github.com/npm/npm/pull/15777) - Not exactly a bug, but change a parameterless `.apply` to `.call`. - ([@notarseniy](https://github.com/notarseniy)) - -#### DEPENDENCY UPDATES - -* [`549dcff`](https://github.com/npm/npm/commit/549dcff58c7aaa1e7ba71abaa14008fdf2697297) - `rimraf@2.6.0`: - Retry EBUSY, ENOTEMPTY and EPERM on non-Windows platforms too. - More reliable `rimraf.sync` on Windows. - ([@isaacs](https://github.com/isaacs)) -* [`052dfb6`](https://github.com/npm/npm/commit/052dfb623da508f2b5f681da0258125552a18a4a) - `validate-npm-package-name@3.0.0`: - Remove ableist language in README. - Stop allowing ~'!()* in package names. - ([@tomdale](https://github.com/tomdale)) - ([@chrisdickinson](https://github.com/chrisdickinson)) -* [`6663ea6`](https://github.com/npm/npm/commit/6663ea6ac0f0ecec5a3f04a3c01a71499632f4dc) - `abbrev@1.1.0` ([@isaacs](https://github.com/isaacs)) -* [`be6de9a`](https://github.com/npm/npm/commit/be6de9aab9e20b6eac70884e8626161eebf8721a) - `opener@1.4.3` ([@dominic](https://github.com/dominic)) -* [`900a5e3`](https://github.com/npm/npm/commit/900a5e3e3411ec221306455f99b24b9ce35757c0) - `readable-stream@2.2.3` ([@RangerMauve](https://github.com/RangerMauve)) ([@mcollina](https://github.com/mcollina)) -* [`c972a8b`](https://github.com/npm/npm/commit/c972a8b0f20a61a79c45b6642f870bea8c55c7e4) - `tacks@1.2.6` - ([@iarna](https://github.com/iarna)) -* [`85a36ef`](https://github.com/npm/npm/commit/85a36efdac0c24501876875cb9ad40292024e0b0) - [`7ac9265`](https://github.com/npm/npm/commit/7ac9265c56b4d9eeaca6fcfb29513f301713e7bb) - `tap@10.2.0` - ([@isaacs](https://github.com/saacs)) - -### v4.3.0 (2017-02-09): - -Yay! Release time! It's a rainy day, and we have another smallish release for -y'all. These things are not necessarily related. Or are they ๐ง๐ค - -As far as news go, you may have noticed that the CLI team dropped support for -`node@0.12` when that version went out of maintenance. Still, we've avoided -explicitly breaking it and `node@0.10` so far -- but not much longer. - -Sometime soon, the CLI team plans on switching over to language features only -available as of `node@4 LTS`, and will likely start dropping old versions of node -as they go out of maintenance. The new features are exciting! We're really -looking forward to using them in the core CLI (and its dependencies) as we keep up -with our current feature work. - -And speaking of features, this release is a minor bump due to a small change in -how `npm login` works for the sake of supporting OAuth-based login for npm -Enterprise users. But we won't leave the rest of y'all out -- we're working on a -larger version of this feature. Soon enough, you'll be able to log in to npm -with, say, GitHub -- and use some shiny features that come from the integration. -Or turn on 2FA and other such security features. Keep your eyes peeled for new -on this in the next few releases and our weekly newsletter! - -#### NEW AUTH TYPES - -There's a new command line option: `--auth-type`, which can be used to log in to -a supporting registry with OAuth2 or SAML. The current implementation is mainly -meant to support npmE customers, so if you're one of those: ask us about using -it! If not, just hold off cause we'll have a much more complete version of this -feature out soon. - -* [`ac8595e`](https://github.com/npm/npm/commit/ac8595e3c9b615ff95abc3301fac1262c434792c) [`bcf2dd8`](https://github.com/npm/npm/commit/bcf2dd8a165843255c06515fa044c6e4d3b71ca4) [`9298d20`](https://github.com/npm/npm/commit/9298d20af58b92572515bfa9cf7377bd4221dc7d) [`66b61bc`](https://github.com/npm/npm/commit/66b61bc42e81ee8a1ee00fc63517f62284140688) [`dc85de7`](https://github.com/npm/npm/commit/dc85de7df6bb61f7788611813ee82ae695a18f1f) - [#13389](https://github.com/npm/npm/pull/13389) - Implement single-sign-on support with `--auth-type` option. - ([@zkat](https://github.com/zkat)) - -#### FASTER STARTUP. SOMETIMES! - -`request` is pretty heavy. And it loads a bunch of things. It's actually a -pretty big chunk of npm's load time. This small patch by Rebecca will make it so -npm only loads that module when we're actually intending to make network -requests. Those of you who use npm commands that run offline might see a small -speedup in startup time. - -* [`ac73568`](https://github.com/npm/npm/commit/ac735682e666e8724549d56146821f3b8b018e25) - [#15631](https://github.com/npm/npm/pull/15631) - Lazy load `caching-registry-client`. - ([@iarna](https://github.com/iarna)) - -#### DOCUMENTATION - -* [`4ad9247`](https://github.com/npm/npm/commit/4ad9247aa82f7553c9667ee93c74ec7399d6ceec) - [#15630](https://github.com/npm/npm/pull/15630) - Fix formatting/rendering for root npm README. - ([@ungoldman](https://github.com/ungoldman)) - -#### DEPENDENCY UPDATES - -* [`8cc1112`](https://github.com/npm/npm/commit/8cc1112958638ff88ac2c24c4a065acacb93d64b) - [npm/hosted-git-info#21](https://github.com/npm/hosted-git-info/pull/21) - `hosted-git-info@2.2.0`: - Add support for `.tarball()` URLs. - ([@zkat](https://github.com/zkat)) -* [`6eacc1b`](https://github.com/npm/npm/commit/6eacc1bc1925fe3cc79fc97bdc3194d944fce55e) - `npm-registry-mock@1.1.0` - ([@addaleax](https://github.com/addaleax)) -* [`a9b6d77`](https://github.com/npm/npm/commit/a9b6d775e61cf090df0e13514c624f99bf31d1e7) - `aproba@1.1.1` - ([@iarna](https://github.com/iarna)) - -### v4.2.0 (2017-01-26): - -Hi all! I'm Kat, and I'm currently sitting in a train traveling at ~300km/h -through Spain. So clearly, this release should have *something* to do with -speed. And it does! Heck, with this release, you could say we're really -_blazing_, even. ๐ฒ๐ฅ๐ - -#### IMPROVED CLI SEARCH~ - -You might recall if you've been keeping up that one of the reasons for a -semver-major bump to `npm@4` was an improved CLI search (read: no longer blowing -up Node). The work done for that new search system, while still relying on a -full metadata download and local search, was also meant to act as groundwork for -then-ongoing work on a brand-new, smarter search system for npm. Shortly after -`npm@4` came out, the bulk of the server-side work was done, and with this -release, the npm CLI has integrated use of the new endpoint for high-quality, -fast-turnaround searches. - -No, seriously, it's *fast*. And *relevant*: - -[](https://github.com/npm/npm/pull/15481) - -Give it a shot! And remember to check out the new website version of the search, -too, which uses the same backend as the CLI now. ๐ - -Incidentally, the backend is a public service, so you can write your own search -tools, be they web-based, CLI, or GUI-based. You can read up on the [full -documentation for the search -endpoint](https://github.com/npm/registry/blob/master/docs/REGISTRY-API.md#get-v1search), -and let us know about the cool things you come up with! - -* [`ce3ca51`](https://github.com/npm/npm/commit/ce3ca51ca2d60e15e901c8bf6256338e53e1eca2) - [#15481](https://github.com/npm/npm/pull/15481) - Add an internal `gunzip-maybe` utility for optional gunzipping. - ([@zkat](https://github.com/zkat)) -* [`e322932`](https://github.com/npm/npm/commit/e3229324d507fda10ea9e94fd4de8a4ae5025c75) [`a53055e`](https://github.com/npm/npm/commit/a53055e423f1fe168f05047aa0dfec6d963cb211) [`a1f4365`](https://github.com/npm/npm/commit/a1f436570730c6e4a173ca92d1967a87c29b7f2d) [`c56618c`](https://github.com/npm/npm/commit/c56618c62854ea61f6f716dffe7bcac80b5f4144) - [#15481](https://github.com/npm/npm/pull/15481) - Add support for using the new npm search endpoint for fast, quality search - results. Includes a fallback to "classic" search. - ([@zkat](https://github.com/zkat)) - -#### WHERE DID THE DEBUG LOGS GO - -This is another pretty significant change: Usually, when the npm process -crashed, you would get an `npm-debug.log` in your current working directory. -This debug log would get cleared out as soon as you ran npm again. This was a -bit annoying because 1) you would get a random file in your `git status` that -you might accidentally commit, and 2) if you hit a hard-to-reproduce bug and -instinctually tried again, you would no longer have access to the repro -`npm-debug.log`. - -So now, any time a crash happens, we'll save your debug logs to your cache -folder, under `_logs` (`~/.npm` on *nix, by default -- use `npm config get -cache` to see what your current value is). The cache will now hold a -(configurable) number of `npm-debug.log` files, which you can access in the -future. Hopefully this will help clean stuff up and reduce frustration from -missed repros! In the future, this will also be used by `npm report` to make it -super easy to put up issues about crashes you run into with npm. ๐๐บ๐ฟ๐ฏโโ๏ธ - -* [`04fca22`](https://github.com/npm/npm/commit/04fca223a0f704b69340c5f81b26907238fad878) - [#11439](https://github.com/npm/npm/pull/11439) - Put debug logs in `$(npm get cache)/_logs` and store multiple log files. - ([@KenanY](https://github.com/KenanY)) - ([@othiym23](https://github.com/othiym23)) - ([@isaacs](https://github.com/isaacs)) - ([@iarna](https://github.com/iarna)) - -#### DOCS - -* [`ae8e71c`](https://github.com/npm/npm/commit/ae8e71c2b7d64d782af287a21e146d7cea6e5273) - [#15402](https://github.com/npm/npm/pull/15402) - Add missing backtick in one of the `npm doctor` messages. - ([@watilde](https://github.com/watilde), [@charlotteis](https://github.com/charlotteis)) -* [`821fee6`](https://github.com/npm/npm/commit/821fee6d0b12a324e035c397ae73904db97d07d2) - [#15480](https://github.com/npm/npm/pull/15480) - Clarify that unscoped packages can depend on scoped packages and vice-versa. - ([@chocolateboy](https://github.com/chocolateboy)) -* [`2ee45a8`](https://github.com/npm/npm/commit/2ee45a884137ae0706b7c741c671fef2cb3bac96) - [#15515](https://github.com/npm/npm/pull/15515) - Update minimum supported Node version number in the README to `node@>=4`. - ([@watilde](https://github.com/watilde)) -* [`af06aa9`](https://github.com/npm/npm/commit/af06aa9a357578a8fd58c575f3dbe55bc65fc376) - [#15520](https://github.com/npm/npm/pull/15520) - Add section to `npm-scope` docs to explain that scope owners will own scoped - packages with that scope. That is, user `@alice` is not allowed to publish to - `@bob/my-package` unless explicitly made an owner by user (or org) `@bob`. - ([@hzoo](https://github.com/hzoo)) -* [`bc892e6`](https://github.com/npm/npm/commit/bc892e6d07a4c6646480703641a4d71129c38b6d) - [#15539](https://github.com/npm/npm/pull/15539) - Replace `http` with `https` and fix typos in some docs. - ([@watilde](https://github.com/watilde)) -* [`1dfe875`](https://github.com/npm/npm/commit/1dfe875b9ac61a0ab9f61a2eab02bacf6cce583c) - [#15545](https://github.com/npm/npm/pull/15545) - Update Node.js download link to point to the right place. - ([@watilde](https://github.com/watilde)) - -#### DEPENDENCIES - - * [`b824bfb`](https://github.com/npm/npm/commit/b824bfbeb2d89c92762e9170b026af98b5a3668a) - `ansi-regex@2.1.1` - * [`81ea3e8`](https://github.com/npm/npm/commit/81ea3e8e4ea34cd9c2b418512dcb508abcee1380) - `mississippi@1.3.0` - -#### MISC - -* [`98df212`](https://github.com/npm/npm/commit/98df212a91fd6ff4a02b9cd247f4166f93d3977a) - [#15492](https://github.com/npm/npm/pull/15492) - Update the "master" node version used for AppVeyor to `node@7`. - ([@watilde](https://github.com/watilde)) -* [`d75fc03`](https://github.com/npm/npm/commit/d75fc03eda5364f12ac266fa4f66e31c2e44e864) - [#15413](https://github.com/npm/npm/pull/15413) - `npm run-script` now exits with the child process' exit code on exit. - ([@kapals](https://github.com/kapals)) - -### v4.1.2 (2017-01-12) - -We have a twee little release this week as we come back from the holidays. - -#### 0.12 IS UNSUPPORTED NOW (really) - -After [jumping the gun a -little](https://github.com/npm/npm/releases/tag/v4.0.2), we can now -officially remove 0.12 from our supported versions list. The Node.js -project has now officially ended even maintenance support for 0.12 and thus, -so will we. To reiterate from the last time we did this: - -What this means: - -* Your contributions will no longer block on the tests passing on 0.12. -* We will no longer block dependency upgrades on working with 0.12. -* Bugs filed on the npm CLI that are due to incompatibilities with 0.12 - (and older versions) will be closed with a strong urging to upgrade to a - supported version of Node. -* On the flip side, we'll continue to (happily!) accept patches that - address regressions seen when running the CLI with Node.js 0.12. - -What this doesn't mean: - -* The CLI is going to start depending on ES2015+ features. npm continues - to work, in almost all cases, all the way back to Node.js 0.8, and our - long history of backwards compatibility is a source of pride for the - team. -* We aren't concerned about the problems of users who, for whatever - reason, can't update to newer versions of npm. As mentioned above, we're - happy to take community patches intended to address regressions. - -We're not super interested in taking sides on what version of Node.js -you "should" be running. We're a workflow tool, and we understand that -you all have a diverse set of operational environments you need to be -able to support. At the same time, we _are_ a small team, and we need -to put some limits on what we support. Tracking what's supported by our -runtime's own team seems most practical, so that's what we're doing. - -* [`c7bbba8`](https://github.com/npm/npm/commit/c7bbba8744b62448103a1510c65d9751288abb5d) - Remove 0.12 from our supported versions list. - ([@iarna](https://github.com/iarna)) - -#### WRITING TO SYMLINKED `package.json` (AND OTHER FILES) - -If your `package.json`, `npm-shrinkwrap.json` or `.npmrc` were a symlink and -you used an `npm` command that modified one of these (eg `npm config set` or -`npm install --save`) then previously we would have removed your symlink and -replaced it with an ordinary file. While making these files symlinks is pretty -uncommon, this was still surprising behavior. With this fix we now overwrite -the _destination_ of the symlink and preserve the symlink itself. - -* [`a583983`](https://github.com/npm/npm/commit/a5839833d3de7072be06884b91902c093aff1aed) - [write-file-atomic/#5](https://github.com/npm/write-file-atomic/issues/5) - [#10223](https://github.com/npm/npm/10223) - `write-file-atomic@1.3.1`: - When the target is a symlink, write-file-atomic now overwrites the - _destination_ of the symlink, instead of replacing the symlink itself. This - makes it's behavior match `fs.writeFile`. - - Fixed a bug where it would ALWAYS fs.stat to look up default mode and chown - values even if you'd passed them in. (It still used the values you passed - in, but did a needless stat.) - ([@iarna](https://github.com/iarna)) - -#### DEPENDENCY UPDATES - -* [`521f230`](https://github.com/npm/npm/commit/521f230dd57261e64ac9613b3db62f5312971dca) - `node-gyp@3.5.0`: - Improvements to how Python is located. New `--devdir` flag. - ([@bnoordhuis](https://github.com/bnoordhuis)) - ([@mhart](https://github.com/mhart)) -* [`ccd83e8`](https://github.com/npm/npm/commit/ccd83e8a70d35fb0904f8a9adb2ff7ac8a6b2706) - `JSONStream@1.3.0`: - Add new emitPath option. - ([@nathanwills](https://github.com/nathanwills)) - -#### TEST IMPROVEMENTS - -* [`d76e084`](https://github.com/npm/npm/commit/d76e08463fd65705217624b861a1443811692f34) - Disable metric reporting for test suite even if the user has it enabled. - ([@iarna](https://github.com/iarna)) - -### v4.1.1 (2016-12-16) - -This fixes a bug in the metrics reporting where, if you had enabled it then -installs would create a metrics reporting process, that would create a -metrics reporting process, that wouldโฆ well, you get the idea. The only -way to actually kill these processes is to turn off your networking, then -on MacOS/Linux kill them with `kill -9`. Alternatively you can just reboot. - -Anyway, this is a quick release to fix that bug: - -* [`51c393f`](https://github.com/npm/npm/commit/51c393feff5f4908c8a9fb02baef505b1f2259be) - [#15237](https://github.com/npm/npm/pull/15237) - Don't launch a metrics sender process if we're running from a metrics - sender process. - ([@iarna](https://github.com/iarna)) - -### v4.1.0 (2016-12-15) - -I'm really excited about `npm@4.1.0`. I know, I know, I'm kinda overexcited -in my changelogs, but this one is GREAT. We've got a WHOLE NEW subcommand, I -mean, when was the last time you saw that? YEARS! And we have the beginnings -of usage metrics reporting. Then there's a fix for a really subtle bug that -resulted in `shasum` errors. And then we also have a few more bug fixes and -other improvements. - -#### ANONYMOUS METRIC REPORTING - -We're adding the ability for you all to help us track the quality of your -experiences using `npm`. Metrics will be sent if you run: - -``` -npm config set send-metrics true -``` - -Then `npm` will report to `registry.npmjs.org` the number of successful and -failed installations you've had. The data contains no identifying -information and npm will not attempt to correlate things like IP address -with the metrics being submitted. - -Currently we only track number of successful and failed installations. In -the future we would like to find additional metrics to help us better -quantify the quality of the `npm` experience. - -* [`190a658`](https://github.com/npm/npm/commit/190a658c4222f6aa904cbc640fc394a5c875e4db) - [#15084](https://github.com/npm/npm/pull/15084) - Add facility for recording and reporting success metrics. - ([@iarna](https://github.com/iarna)) -* [`87afc8b`](https://github.com/npm/npm/commit/87afc8b466f553fb49746c932c259173de48d0a4) - [npm/npm-registry-client#147](https://github.com/npm/npm-registry-client/pull/148) - `npm-registry-client@7.4.5`: - Add support for sending anonymous CLI metrics. - ([@iarna](https://github.com/iarna), - [@sisidovski](https://github.com/sisidovski)) - -### NPM DOCTOR - -<pre> -<u>Check</u> <u>Value</u> <u>Recommendation</u> -npm ping ok -npm -v v4.0.5 -node -v v4.6.1 Use node v6.9.2 -npm config get registry https://registry.npmjs.org/ -which git /Users/rebecca/bin/git -Perms check on cached files ok -Perms check on global node_modules ok -Perms check on local node_modules ok -Checksum cached files ok -</pre> - -It's a rare day that we add a new command to `npm`, so I'm excited to -present to you `npm doctor`. It checks for a number of common problems and -provides some recommended solutions. It was put together through the hard -work of [@watilde](https://github.com/watilde). - -* [`2359505`](https://github.com/npm/npm/commit/23595055669f76c9fe8f5f1cf4a705c2e794f0dc) - [`0209ee5`](https://github.com/npm/npm/commit/0209ee50448441695fbf9699019d34178b69ba73) - [#14582](https://github.com/npm/npm/pull/14582) - Add new `npm doctor` to give your project environment a health check. - ([@watilde](https://github.com/watilde)) - -#### FIX MAJOR SOURCE OF SHASUM ERRORS - -If you've been getting intermittent shasum errors then you'll be pleased to -know that we've tracked down at least one source of them, if not THE source -of them. - -* [`87afc8b`](https://github.com/npm/npm/commit/87afc8b466f553fb49746c932c259173de48d0a4) - [#14626](https://github.com/npm/npm/issues/14626) - [npm/npm-registry-client#148](https://github.com/npm/npm-registry-client/pull/148) - `npm-registry-client@7.4.5`: - Fix a bug where an `ECONNRESET` while fetching a package file would result - in a partial download that would be reported as a "shasum mismatch". It - now throws away the partial download and retries it. - ([@iarna](https://github.com/iarna)) - -#### FILE URLS AND NODE.JS 7 - -When `npm` was formatting `file` URLs we took advantage of `url.format` to -construct them. Node.js 7 changed the behavior in such a way that our use of -`url.format` stopped producing URLs that we could make use of. - -The reasons for this have to do with the `file` URL specification and how -invalid (according to the specification) URLs are handled. How this changed -is most easily explained with a table: - -<table> -<tr><th></th><th>URL</th><th>Node.js <= 6</th><th><tt>npm</tt>'s understanding</th><th>Node.js 7</th><th><tt>npm</tt>'s understanding</th></tr> -<tr><td>VALID</td><td><tt>file:///abc/def</tt></td><td><tt>file:///abc/def</tt></td><td><tt>/abc/def</tt></td><td><tt>file:///abc/def</tt></td><td><tt>/abc/def</tt></td></tr> -<tr><td>invalid</td><td><tt>file:/abc/def</tt></td><td><tt>file:/abc/def</tt></td><td><tt>/abc/def</tt></td><td><tt>file:///abc/def</tt></td><td><tt>/abc/def</tt></td></tr> -<tr><td>invalid</td><td><tt>file:abc/def</tt></td><td><tt>file:abc/def</tt></td><td><tt>$CWD/abc/def</tt></td><td><tt>file://abc/def</tt></td><td><tt>/def</tt> on the <tt>abc</tt> host</td></tr> -<tr><td>invalid</td><td><tt>file:../abc/def</tt></td><td><tt>file:../abc/def</tt></td><td><tt>$CWD/../abc/def</tt></td><td><tt>file://../abc/def</tt></td><td><tt>/abc/def</tt> on the <tt>..</tt> host</td></tr> -</table> - -So the result was that passing a `file` URL that npm had received that used -through Node.js 7's `url.format` changed its meaning as far as `npm` was -concerned. As those kinds of URLs are, per the specification, invalid, how -they should be handled is undefined and so the change in Node.js wasn't a -bug per se. - -Our solution is to stop using `url.format` when constructing this kind of -URL. - -* [`173935b`](https://github.com/npm/npm/commit/173935b4298e09c4fdcb8f3a44b06134d5aff181) - [#15114](https://github.com/npm/npm/issues/15114) - Stop using `url.format` for relative local dep paths. - ([@zkat](https://github.com/zkat)) - -#### EXTRANEOUS LIFECYCLE SCRIPT EXECUTION WHEN REMOVING - -* [`afb1dfd`](https://github.com/npm/npm/commit/afb1dfd944e57add25a05770c0d52d983dc4e96c) - [#15090](https://github.com/npm/npm/pull/15090) - Skip top level lifecycles when uninstalling. - ([@iarna](https://github.com/iarna)) - -#### REFACTORING AND INTERNALS - -* [`c9b279a`](https://github.com/npm/npm/commit/c9b279aca0fcb8d0e483e534c7f9a7250e2a9392) - [#15205](https://github.com/npm/npm/pull/15205) - [#15196](https://github.com/npm/npm/pull/15196) - Only have one function that determines which version of a package to use - given a specifier and a list of versions. - ([@iarna](https://github.com/iarna), - [@zkat](https://github.com/zkat)) - -* [`981ce63`](https://github.com/npm/npm/commit/981ce6395e7892dde2591b44e484e191f8625431) - [#15090](https://github.com/npm/npm/pull/15090) - Rewrite prune to use modern npm plumbing. - ([@iarna](https://github.com/iarna)) - -* [`bc4b739`](https://github.com/npm/npm/commit/bc4b73911f58a11b4a2d28b49e24b4dd7365f95b) - [#15089](https://github.com/npm/npm/pull/15089) - Rename functions and variables in the module that computes what changes to - make to your installation. - ([@iarna](https://github.com/iarna)) - -* [`2449f74`](https://github.com/npm/npm/commit/2449f74a202b3efdb1b2f5a83356a78ea9ecbe35) - [#15089](https://github.com/npm/npm/pull/15089) - When computing changes to make to your installation, use a function to add - new actions to take instead of just pushing on a list. - ([@iarna](https://github.com/iarna)) - -#### IMPROVED LOGGING - -* [`335933a`](https://github.com/npm/npm/commit/335933a05396258eead139d27eea3f7668ccdfab) - [#15089](https://github.com/npm/npm/pull/15089) - Log when we remove obsolete dependencies in the tree. - ([@iarna](https://github.com/iarna)) - -#### DOCUMENTATION - -* [`33ca4e6`](https://github.com/npm/npm/commit/33ca4e6db3c1878cbc40d5e862ab49bb0e82cfb2) - [#15157](https://github.com/npm/npm/pull/15157) - Update `npm cache` docs to use more consistent language - ([@JonahMoses](https://github.com/JonahMoses)) - -#### DEPENDENCY UPDATES - -* [`c2d22fa`](https://github.com/npm/npm/commit/c2d22faf916e8260136a1cc95913ca474421c0d3) - [#15215](https://github.com/npm/npm/pull/15215) - `nopt@4.0.1`: - The breaking change is a small tweak to how empty string values are - handled. See the brand-new - [CHANGELOG.md for nopt](https://github.com/npm/nopt/blob/v4.0.1/CHANGELOG.md) for further - details about what's changed in this release! - ([@adius](https://github.com/adius), - [@samjonester](https://github.com/samjonester), - [@elidoran](https://github.com/elidoran), - [@helio](https://github.com/helio), - [@silkentrance](https://github.com/silkentrance), - [@othiym23](https://github.com/othiym23)) -* [`54d949b`](https://github.com/npm/npm/commit/54d949b05adefffeb7b5b10229c5fe0ccb929ac3) - [npm/lockfile#24](https://github.com/npm/lockfile/pull/24) - `lockfile@1.0.3`: - Handled case where callback was not passed in by the user. - ([@ORESoftware](https://github.com/ORESoftware)) -* [`54acc03`](https://github.com/npm/npm/commit/54acc0389b39850c0725d0868cb5e61317b57503) - `npmlog@4.0.2`: - Documentation update. - ([@helio-frota](https://github.com/helio-frota)) -* [`57f4bc1`](https://github.com/npm/npm/commit/57f4bc1150322294c1ea0a287ad0a8e457c151e6) - `osenv@0.1.4`: - Test changes. - ([@isaacs](https://github.com/isaacs)) -* [`bea1a2d`](https://github.com/npm/npm/commit/bea1a2d0db566560e13ecc1d5f42e55811269c88) - `retry@0.10.1`: - No changes. - ([@tim-kos](https://github.com/tim-kos)) -* [`6749e39`](https://github.com/npm/npm/commit/6749e395f868109afd97f79d36507e6567dd48fb) - [kapouer/marked-man#9](https://github.com/kapouer/marked-man/pull/9) - `marked-man@0.2.0`: - Add table support. - ([@gholk](https://github.com/gholk)) - -### v4.0.5 (2016-12-01) - -It's that time of year! December is upon us, which means y'all are just going to -be doing a lot less, in general, for the next month or so. The "Xmas Chasm", as -we like to call it, has already begun. So for those of you reading it from the -other side: Hi! Welcome back! - -This week's release is a relatively small one, involving just a few bugfixes and -dependency upgrades. The CLI team has been busy recently with scoping out -`npm@5`, and starting to do initial spec work for in-scope stuff. - -#### BUGFIXES - -On to the actual changes! - -* [`9776d8f`](https://github.com/npm/npm/commit/9776d8f70a0ea8d921cbbcab7a54e52c15fc455f) - [#15081](https://github.com/npm/npm/pull/15081) - `bundledDependencies` are intended to be left untouched by the installer, as - much as possible -- if they're bundled, we assume that you want to be - particular about the contents of your bundle. - - The installer used to have a corner case where existing dependencies that had - bundledDependencies would get clobbered by as the installer moved stuff - around, even though the installer already avoided moving deps that were - themselves bundled. This is now fixed, along with the connected crasher, and - your bundledDeps should be left even more intact than before! - ([@iarna](https://github.com/iarna)) -* [`fc61c08`](https://github.com/npm/npm/commit/fc61c082122104031ccfb2a888432c9f809a0e8b) - [#15082](https://github.com/npm/npm/pull/15082) - Initialize nodes from bundled dependencies. This should address - [#14427](https://github.com/npm/npm/issues/14427) and related issues, but it's - turned out to be a tremendously difficult issue to reproduce in a test. We - decided to include it even pending tests, because we found the root cause of - the errors. - ([@iarna](https://github.com/iarna)) -* [`d8471a2`](https://github.com/npm/npm/commit/d8471a294ef848fc893f60e17d6ec6695b975d16) - [#12811](https://github.com/npm/npm/pull/12811) - Consider `devDependencies` when deciding whether to hoist a package. This - should resolve a variety of missing dependency issues some folks were seeing - when `devDependencies` happened to also be dependencies of your - `dependencies`. This often manifested as modules going missing, or only being - installed, after `npm install` was called twice. - ([@schmod](https://github.com/schmod)) - -#### DEPENDENCY UPDATES - -* [`5978703`](https://github.com/npm/npm/commit/5978703da8669adae464789b1b15ee71d7f8d55d) - `graceful-fs@4.1.11`: - `EPERM` errors are Windows are now handled more gracefully. Windows users that - tended to see these errors due to, say, an antivirus-induced race condition, - should see them much more rarely, if at all. - ([@zkatr](https://github.com/zkat)) -* [`85b0174`](https://github.com/npm/npm/commit/85b0174ba9842e8e89f3c33d009e4b4a9e877c7d) - `request@2.79.0` - ([@zkat](https://github.com/zkat)) -* [`9664d36`](https://github.com/npm/npm/commit/9664d36653503247737630440bc2ff657de965c3) - `tap@8.0.1` - ([@zkat](https://github.com/zkat)) - -#### MISCELLANEOUS - -* [`f0f7b0f`](https://github.com/npm/npm/commit/f0f7b0fd025daa2b69994130345e6e8fdaaa0304) - [#15083](https://github.com/npm/npm/pull/15083) - Removed dead code. - ([@iarna](https://github.com/iarna))
* [`bc32afe`](https://github.com/npm/npm/commit/bc32afe4d12e3760fb5a26466dc9c26a5a2981d5) [`c8a22fe`](https://github.com/npm/npm/commit/c8a22fe5320550e09c978abe560b62ce732686f4) [`db2666d`](https://github.com/npm/npm/commit/db2666d8c078fc69d0c02c6a3de9b31be1e995e9) - [#15085](https://github.com/npm/npm/pull/15085) - Change some network tests so they can run offline. - ([@iarna](https://github.com/iarna)) -* [`744a39b`](https://github.com/npm/npm/commit/744a39b836821b388ad8c848bd898c1d006689a9) - [#15085](https://github.com/npm/npm/pull/15085) - Make Node.js tests compatible with Windows. - ([@iarna](https://github.com/iarna)) - -### v4.0.3 (2016-11-17) - -Hey you all, we've got a couple of bug fixes for you, a slew of -documentation improvements and some improvements to our CI environment. I -know we just got v4 out the door, but the CLI team is already busy planning -v5. We'll have more for you in early December. - -#### BUG FIXES - -* [`45d40d9`](https://github.com/npm/npm/commit/45d40d96d2cd145f1e36702d6ade8cd033f7f332) - [`ba2adc2`](https://github.com/npm/npm/commit/ba2adc2e822d5e75021c12f13e3f74ea2edbde32) - [`1dc8908`](https://github.com/npm/npm/commit/1dc890807bd78a1794063688af31287ed25a2f06) - [`2ba19ee`](https://github.com/npm/npm/commit/2ba19ee643d612d103cdd8f288d313b00d05ee87) - [#14403](https://github.com/npm/npm/pull/14403) - Fix a bug where a scoped module could produce crashes when incorrectly - computing the paths related to their location. This patch reorganizes how path information - is passed in to eliminate the possibility of this sort of bug. - ([@iarna](https://github.com/iarna)) - ([@NatalieWolfe](https://github.com/NatalieWolfe)) -* [`1011ec6`](https://github.com/npm/npm/commit/1011ec61230288c827a1c256735c55cf03d6228f) - [npm/npmlog#46](https://github.com/npm/npmlog/pull/46) - `npmlog@4.0.1`: Fix a bug where the progress bar would still display even if - you passed in `--no-progress`. - ([@iarna](https://github.com/iarna)) - -#### DOCUMENTATION UPDATES - -* [`c3ac177`](https://github.com/npm/npm/commit/c3ac177236124c80524c5f252ba8f6670f05dcd8) - [#14406](https://github.com/npm/npm/pull/14406) - Sync up the dispute policy included with the CLI with the [current official text](https://www.npmjs.com/policies/disputes). - ([@mike-engel](https://github.com/mike-engel)) -* [`9c663b2`](https://github.com/npm/npm/commit/9c663b2dd8552f892dc0205330bbc73a484ecd81) - [#14627](https://github.com/npm/npm/pull/14627) - Update build status branch in README. - ([@cameronroe](https://github.com/cameronroe)) -* [`8a8a0a3`](https://github.com/npm/npm/commit/8a8a0a3d490fc767def208f925cdff57e16e565b) - [#14609](https://github.com/npm/npm/pull/14609) - Update examples URLs of GitHub repos where those repos have moved to new URLs. - ([@dougwilson](https://github.com/dougwilson)) -* [`7a6425b`](https://github.com/npm/npm/commit/7a6425bcd4decde5d4b0af8b507e98723a07c680) - [#14472](https://github.com/npm/npm/pull/14472) - Document `sign-git-tag` in - [npm-version(1)](https://github.com/npm/npm/blob/release-next/doc/cli/npm-version.md)'s - configuration section. - ([@strugee](https://github.com/strugee)) -* [`f3087cc`](https://github.com/npm/npm/commit/f3087cc58c903d9a70275be805ebaf0eadbcbe1b) - [#14546](https://github.com/npm/npm/pull/14546) - Add a note about the dangers of configuring npm via uppercase env vars. - ([@tuhoojabotti](https://github.com/tuhoojabotti)) -* [`50e51b0`](https://github.com/npm/npm/commit/50e51b04a143959048cf9e1e4c8fe15094f480b0) - [#14559](https://github.com/npm/npm/pull/14559) - Remove documentation that incorrectly stated that we check `.npmrc` permissions. - ([@iarna](https://github.com/iarna)) - -##### OH UH, HELLO AGAIN NODE.JS 0.12 - -* [`6f0c353`](https://github.com/npm/npm/commit/6f0c353e4e89b0378a4c88c829ccf9a1c5ae829d) - [`f78bde6`](https://github.com/npm/npm/commit/f78bde6983bdca63d5fcb9c220c87e8f75ffb70e) - [#14591](https://github.com/npm/npm/pull/14591) - Reintroduce Node.js 0.12 to our support matrix. We jumped the gun when - removing it. We won't drop support for it till the Node.js project does - so at the end of December 2016. - ([@othiym23](https://github.com/othiym23)) - -#### TEST/CI UPDATES - -* [`aa73d1c`](https://github.com/npm/npm/commit/aa73d1c1cc22608f95382a35b33da252addff38e) - [`c914e80`](https://github.com/npm/npm/commit/c914e80f5abcb16c572fe756c89cf0bcef4ff991) -* [`58fe064`](https://github.com/npm/npm/commit/58fe064dcc80bc08c677647832f2adb4a56b538a) - [#14602](https://github.com/npm/npm/pull/14602) - When running tests with coverage, use nyc's cache. This provides an 8x speedup! - ([@bcoe](https://github.com/bcoe)) -* [`ba091ce`](https://github.com/npm/npm/commit/ba091ce843af5d694f4540e825b095435b3558d8) - [#14435](https://github.com/npm/npm/pull/14435) - Remove an unused zero byte `package.json` found in the test fixtures. - ([@baderbuddy](https://github.com/baderbuddy)) - -#### DEPENDENCY UPDATES - -* [`442e01e`](https://github.com/npm/npm/commit/442e01e42d8a439809f6726032e3b73ac0d2b2f8) - `readable-stream@2.2.2`: - Bring in latest changes from Node.js 7.x. - ([@calvinmetcalf](https://github.com/calvinmetcalf)) -* [`bfc4a1c`](https://github.com/npm/npm/commit/bfc4a1c0c17ef0a00dfaa09beba3389598a46535) - `which@1.2.12`: - Remove unused require. - ([@isaacs](https://github.com/isaacs)) - -#### DEV DEPENDENCY UPDATES - -* [`7075b05`](https://github.com/npm/npm/commit/7075b054d8d2452bb53bee9b170498a48a0dc4e9) - `marked-man@0.1.6` - ([@kapouer](https://github.com/kapouer)) -* [`3e13fea`](https://github.com/npm/npm/commit/3e13fea907ee1141506a6de7d26cbc91c28fdb80) - `tap@8.0.0` - ([@isaacs](https://github.com/isaacs)) - -### v4.0.2 (2016-11-03) - -Hola, amigxs. I know it's been a long time since I rapped at ya, but I -been spending a lotta time quietly reflecting on all the things going on -in my life. I was, like, [in Japan for a while](https://gist.github.com/othiym23/c98bd4ef5d9fb3f496835bd481ef40ae), -and before that my swell colleagues [@zkat](https://github.com/zkat) and -[@iarna](https://github.com/iarna) have been very capably managing the release -process for quite a while. But I returned from Japan somewhat refreshed, very -jetlagged, and filled with a burning urge to get `npm@4` as stable as possible -before we push it out to the user community at large, so I decided to do this -release myself. (Also, huge thanks to Kat and Rebecca for putting out `npm@4` -so capably while I was on vacation! So cool to return to a major release having -gone so well without my involvement!) - -That said... - -#### NEVER TRUST AN X.0.0 RELEASE - -Even though 4.0.1 came out hard on the heels of 4.0.0 with a couple -critical fixes, we've found a couple other major issues that we want to -see fixed before making `npm@4` into `npm@latest`. Some of these are -arguably breaking changes on their own, so now is the time to get them -out if we're going to do so before `npm@5`, and all of them are pretty -significant blockers for a substantial number of users, so now is the -best time to fix them. - -##### PREPUBLISHONLY WHOOPS - -The code running the `publish*` lifecycle events was very confusingly written. -In fact, we didn't really figure out what it was doing until we added the new -`prepublishOnly` event and it was running people's scripts from the wrong -directory. We made it simpler. See the [commit -message](https://github.com/npm/npm/commit/8b32d67aa277fd7e62edbed886387a855f58387f) -for details. - -Because the change is no longer running publish events when publishing prebuilt -artifacts, it's technically a breaking / semver-major change. In the off chance -that the new behavior breaks any of y'all's workflows, let us know, and we can -roll some or all of this change back until `npm@5` (or forever, if that works -better for you). - -* [`8b32d67`](https://github.com/npm/npm/commit/8b32d67aa277fd7e62edbed886387a855f58387f) - [#14502](https://github.com/npm/npm/pull/14502) - Simplify lifecycle invocation and fix `prepublishOnly`. - ([@othiym23](https://github.com/othiym23)) - -##### G'BYE NODE.JS 0.10, 0.12, and 5.X; HI THERE, NODE 7 - -With the advent of the second official Node.js LTS release, Node 6.x -'Boron', the Node.js project has now officially dropped versions 0.10 -and 0.12 out of the maintenance phase of LTS. (Also, Node 5 was never -part of LTS, and will see no further support now that Node 7 has been -released.) As a small team with limited resources, the npm CLI team is -following suit and dropping those versions of Node from its CI test -matrix. - -What this means: - -* Your contributions will no longer block on the tests passing on 0.10 and 0.12. -* We will no longer block dependency upgrades on working with 0.10 and 0.12. -* Bugs filed on the npm CLI that are due to incompatibilities with 0.10 - or 0.12 (and older versions) will be closed with a strong urging to - upgrade to a supported version of Node. -* On the flip side, we'll continue to (happily!) accept patches that - address regressions seen when running the CLI with Node.js 0.10 and - 0.12. - -What this doesn't mean: - -* The CLI is going to start depending on ES2015+ features. npm continues - to work, in almost all cases, all the way back to Node.js 0.8, and our - long history of backwards compatibility is a source of pride for the - team. -* We aren't concerned about the problems of users who, for whatever - reason, can't update to newer versions of npm. As mentioned above, we're - happy to take community patches intended to address regressions. - -We're not super interested in taking sides on what version of Node.js -you "should" be running. We're a workflow tool, and we understand that -you all have a diverse set of operational environments you need to be -able to support. At the same time, we _are_ a small team, and we need -to put some limits on what we support. Tracking what's supported by our -runtime's own team seems most practical, so that's what we're doing. - -* [`ab630c9`](https://github.com/npm/npm/commit/ab630c9a7a1b40cdd4f1244be976c25ab1525907) - [#14503](https://github.com/npm/npm/pull/14503) - Node 6 is LTS; 5.x, 0.10, and 0.12 are unsupported. - ([@othiym23](https://github.com/othiym23)) -* [`731ae52`](https://github.com/npm/npm/commit/731ae526fb6e9951c43d82a26ccd357b63cc56c2) - [#14503](https://github.com/npm/npm/pull/14503) - Update supported version expression. - ([@othiym23](https://github.com/othiym23)) - -##### DISENTANGLING SCOPE - -The new `Npm-Scope` header was previously reusing the `scope` -configuration option to pass the current scope back to your current -registry (which, as [described -previously](https://github.com/npm/npm/blob/release-next/CHANGELOG.md#send-extra-headers-to-registry), is meant to set up some upcoming -registry features). It turns out that had some [seriously weird -consequences](https://github.com/npm/npm/issues/14412) in the case where -you were already configuring `scope` in your own environment. The CLI -now uses separate configuration for this. - -* [`39358f7`](https://github.com/npm/npm/commit/39358f732ded4aa46d86d593393a0d6bca5dc12a) - [#14477](https://github.com/npm/npm/pull/14477) - Differentiate registry scope from project scope in configuration. - ([@zkat](https://github.com/zkat)) - -#### SMALLER CHANGES - -* [`7f41295`](https://github.com/npm/npm/commit/7f41295775f28b958a926f9cb371cb37b05771dd) - [#14519](https://github.com/npm/npm/pull/14519) - Document that as of `npm@4.0.1`, `npm shrinkwrap` now includes `devDependencies` unless - instructed otherwise. - ([@iarna](https://github.com/iarna)) -* [`bdc2f9e`](https://github.com/npm/npm/commit/bdc2f9e255ddf1a47fd13ec8749d17ed41638b2c) - [#14501](https://github.com/npm/npm/pull/14501) - The `ENOSELF` error message is tricky to word. It's also an error that - normally bites new users. Clean it up in an effort to make it easier - to understand what's going on. - ([@snopeks](https://github.com/snopeks), [@zkat](https://github.com/zkat)) - -#### DEPENDENCY UPGRADES - -* [`a52d0f0`](https://github.com/npm/npm/commit/a52d0f0c9cf2de5caef77e12eabd7dca9e89b49c) - `glob@7.1.1`: - - Handle files without associated perms on Windows. - - Fix failing case with `absolute` option. - ([@isaacs](https://github.com/isaacs), [@phated](https://github.com/phated)) -* [`afda66d`](https://github.com/npm/npm/commit/afda66d9afcdcbae1d148f589287583c4182d124) - [isaacs/node-graceful-fs#97](https://github.com/isaacs/node-graceful-fs/pull/97) - `graceful-fs@4.1.10`: Better backoff for EPERM on Windows. - ([@sam-github](https://github.com/sam-github)) -* [`e0023c0`](https://github.com/npm/npm/commit/e0023c089ded9161fbcbe544f12b07e12e3e5729) - [npm/inflight#3](https://github.com/npm/inflight/pull/3) - `inflight@1.0.6`: Clean up even if / when a callback throws. - ([@phated](https://github.com/phated)) -* [`1d91594`](https://github.com/npm/npm/commit/1d9159440364d2fe21e8bc15e08e284aaa118347) - `request@2.78.0` - ([@othiym23](https://github.com/othiym23)) - -### v4.0.1 (2016-10-24) - -Ayyyy~ ๐ - -So thanks to folks who were running on `npm@next`, we managed to find a few -issues of notes in that preview version, and we're rolling out a small patch -change to fix them. Most notably, anyone who was using a symlinked `node` binary -(for example, if they installed Node.js through `homebrew`), was getting a very -loud warning every time they ran scripts. Y'all should get warnings in a more -useful way, now that we're resolving those path symlinks. - -Another fairly big change that we decided to slap into this version, since -`npm@4.0.0` is never going to be `latest`, is to make it so `devDependencies` -are included in `npm-shrinkwrap.json` by default -- if you do not want this, use -`--production` with `npm shrinkwrap`. - -#### BIG FIXES/CHANGES - -* [`eff46dd`](https://github.com/npm/npm/commit/eff46dd498ed007bfa77ab7782040a3a828b852d) - [#14374](https://github.com/npm/npm/pull/14374) - Fully resolve the path for `node` executables in both `$PATH` and - `process.execPath` to avoid issues with symlinked `node`. - ([@addaleax](https://github.com/addaleax)) -* [`964f2d3`](https://github.com/npm/npm/commit/964f2d3a0675584267e6ece95b0115a53c6ca6a9) - [#14375](https://github.com/npm/npm/pull/14375) - Make including `devDependencies` in `npm-shrinkwrap.json` the default. This - should help make the transition to `npm@5` smoother in the future. - ([@iarna](https://github.com/iarna)) - -#### BUGFIXES - -* [`a5b0a8d`](https://github.com/npm/npm/commit/a5b0a8db561916086fc7dbd6eb2836c952a42a7e) - [#14400](https://github.com/npm/npm/pull/14400) - Recently, we've had some consistent timeout failures while running the test - suite under Travis. This tweak to tests should take care of those issues and - Travis should go back to being reliably green. - ([@iarna](https://github.com/iarna)) - -#### DOC PATCHES - -* [`c5907b2`](https://github.com/npm/npm/commit/c5907b2fc1a82ec919afe3b370ecd34d8895c7a2) - [#14251](https://github.com/npm/npm/pull/14251) - Update links to Node.js downloads. They previously pointed to 404 pages.๐ฌ - ([@ArtskydJ](https://github.com/ArtskydJ)) -* [`0c122f2`](https://github.com/npm/npm/commit/0c122f24ff1d4d400975edda2b7262aaaf6f7d69) - [#14380](https://github.com/npm/npm/pull/14380) - Add note and clarification on when `prepare` script is run. Make it more - consistent with surrounding descriptions. - ([@SimenB](https://github.com/SimenB)) -* [`51a62ab`](https://github.com/npm/npm/commit/51a62abd88324ba3dad18e18ca5e741f1d60883c) - [#14359](https://github.com/npm/npm/pull/14359) - Fixes typo in `npm@4` changelog. - ([@kimroen](https://github.com/kimroen)) - -### v4.0.0 (2016-10-20) - -Welcome to `npm@4`, friends! - -This is our first semver major release since the release of `npm@3` just over a -year ago. Back then, `@3` turned out to be a bit of a ground-shaking release, -with a brand-new installer with significant structural changes to how npm set up -your tree. This is the end of an era, in a way. `npm@4` also marks the release -when we move *both* `npm@2` and `npm@3` into maintenance: We will no longer be -updating those release branches with anything except critical bugfixes and -security patches. - -While its predecessor had some pretty serious impaact, `npm@4` is expected to -have a much smaller effect on your day-to-day use of npm. Over the past year, -we've collected a handful of breaking changes that we wanted to get in which are -only breaking under a strict semver interpretation (which we follow). Some of -these are simple usability improvements, while others fix crashes and serious -issues that required a major release to include. - -We hope this release sees you well, and you can look forward to an accelerated -release pace now that the CLI team is done focusing on sustaining work -- our -Windows fixing and big bugs pushes -- and we can start focusing again on -usability, features, and performance. Keep an eye out for `npm@5` in Q1 2017, -too: We're planning a major overhaul of `shrinkwrap` as well as various speed -and usability fixes for that release. It's gonna be a fun ride. I promise. ๐ - -#### BRIEF OVERVIEW OF **BREAKING** CHANGES - -The following breaking changes are included in this release: - -* `npm search` rewritten to stream results, and no longer supports sorting. -* `npm scripts` no longer prepend the path of the node executable used to run - npm before running scripts. A `--scripts-prepend-node-path` option has been - added to configure this behavior. -* `npat` has been removed. -* `prepublish` has been deprecated, replaced by `prepare`. A `prepublishOnly` - script has been temporarily added, which will *only* run on `npm publish`. -* `npm outdated` exits with exit code `1` if it finds any outdated packages. -* `npm tag` has been removed after a deprecation cycle. Use `npm dist-tag`. -* Partial shrinkwraps are no longer supported. `npm-shrinkwrap.json` is - considered a complete installation manifest except for `devDependencies`. -* npm's default git branch is no longer `master`. We'll be using `latest` from - now on. - -#### SEARCH REWRITE (**BREAKING**) - -Let's face it -- `npm search` simply doesn't work anymore. Apart from the fact -that it grew slower over the years, it's reached a point where we can no longer -fit the entire registry metadata in memory, and anyone who tries to use the -command now sees a really awful memory overflow crash from node. - -It's still going to be some time before the CLI, registry, and web team are able -to overhaul `npm search` altogether, but until then, we've rewritten the -previous `npm search` implementation to *stream* results on the fly, from both -the search endpoint and a local cache. In absolute terms, you won't see a -performance increase and this patch *does* come at the cost of sorting -capabilities, but what it does do is start outputting results as it finds them. -This should make the experience much better, overall, and we believe this is an -acceptable band-aid until we have that search endpoint in place. - -Incidentally, if you want a really nice search experience, we recommend checking -out [npms.io](http://npms.io), which includes a handy-dandy -[`npms-cli`](https://npm.im/npms-cli) for command-line usage -- it's an npm -search site that returns high-quality results quickly and is operated by members -of the npm community. - -* [`cfd43b4`](https://github.com/npm/npm/commit/cfd43b49aed36d0e8ea6c35b07ed8b303b69be61) [`2b8057b`](https://github.com/npm/npm/commit/2b8057be2e1b51e97b1f8f38d7f58edf3ce2c145) - [#13746](https://github.com/npm/npm/pull/13746) - Stream search process end-to-end. - ([@zkat](https://github.com/zkat) and [@aredridel](https://github.com/aredridel)) -* [`50f4ec8`](https://github.com/npm/npm/commit/50f4ec8e8ce642aa6a58cb046b2b770ccf0029db) [`70b4bc2`](https://github.com/npm/npm/commit/70b4bc22ec8e81cd33b9448f5b45afd1a50d50ba) [`8fb470f`](https://github.com/npm/npm/commit/8fb470fe755c4ad3295cb75d7b4266f8e67f8d38) [`ac3a6e0`](https://github.com/npm/npm/commit/ac3a6e0eba61fb40099b1370c74ad1598777def4) [`bad54dd`](https://github.com/npm/npm/commit/bad54dd9f1119fe900a8d065f8537c6f1968b589) [`87d504e`](https://github.com/npm/npm/commit/87d504e0a61bccf09f5e975007d018de3a1c5f50) - [#13746](https://github.com/npm/npm/pull/13746) - Updated search-related tests. - ([@zkat](https://github.com/zkat)) -* [`3596de8`](https://github.com/npm/npm/commit/3596de88598c69eb5bae108703c8e74ca198b20c) - [#13746](https://github.com/npm/npm/pull/13746) - `JSONStream@1.2.1` - ([@zkat](https://github.com/zkat)) -* [`4b09209`](https://github.com/npm/npm/commit/4b09209bb605f547243065032a8b37772669745f) - [#13746](https://github.com/npm/npm/pull/13746) - `mississippi@1.2.0` - ([@zkat](https://github.com/zkat)) -* [`b650b39`](https://github.com/npm/npm/commit/b650b39d42654abb9eed1c7cd463b1c595ca2ef9) - [#13746](https://github.com/npm/npm/pull/13746) - `sorted-union-stream@2.1.3` - ([@zkat](https://github.com/zkat)) - -#### SCRIPT NODE PATH (**BREAKING**) - -Thanks to some great work by [@addaleax](https://github.com/addaleax), we've -addressed a fairly tricky issue involving the node process used by `npm -scripts`. - -Previously, npm would prefix the path of the node executable to the script's -`PATH`. This had the benefit of making sure that the node process would be the -same for both npm and `scripts` unless you had something like -[`node-bin`](https://npm.im/node-bin) in your `node_modules`. And it turns out -lots of people relied on this behavior being this way! - -It turns out that this had some unintended consequences: it broke systems like -[`nyc`](https://npm.im/nyc), but also completely broke/defeated things like -[`rvm`](https://rvm.io/) and -[`virtualenv`](https://virtualenv.pypa.io/en/stable/) by often causing things -that relied on them to fall back to the global system versions of ruby and -python. - -In the face of two perfectly valid, and used alternatives, we decided that the -second case was much more surprising for users, and that we should err on the -side of doing what those users expect. Anna put some hard work in and managed to -put together a patch that changes npm's behavior such that we no longer prepend -the node executable's path *by default*, and adds a new option, -`--scripts-prepend-node-path`, to allow users who rely on this behavior to have -it add the node path for them. - -This patch also makes it so this feature is discoverable by people who might run -into the first case above, by warning if the node executable is either missing -or shadowed by another one in `PATH`. This warning can also be disabled with the -`--scripts-prepend-node-path` option as needed. - -* [`3fb1eb3`](https://github.com/npm/npm/commit/3fb1eb3e00b5daf37f14e437d2818e9b65a43392) [`6a7d375`](https://github.com/npm/npm/commit/6a7d375d779ba5416fd5df154c6da673dd745d9d) [`378ae08`](https://github.com/npm/npm/commit/378ae08851882d6d2bc9b631b16b8c875d0b9704) - [#13409](https://github.com/npm/npm/pull/13409) - Add a `--scripts-prepend-node-path` option to configure whether npm prepends - the current node executable's path to `PATH`. - ([@addaleax](https://github.com/addaleax)) -* [`70b352c`](https://github.com/npm/npm/commit/70b352c6db41533b9a4bfaa9d91f7a2a1178f74e) - [#13409](https://github.com/npm/npm/pull/13409) - Change the default behaviour of npm to never prepending the current node - executableโs directory to `PATH` but printing a warning in the cases in which - it previously did. - ([@addaleax](https://github.com/addaleax)) - -#### REMOVE `npat` (**BREAKING**) - -Let's be real here -- almost no one knows this feature ever existed, and it's a -vestigial feature of the days when the ideal for npm was to distribute full -packages that could be directly developed on, even from the registry. - -It turns out the npm community decided to go a different way: primarily -publishing packages in a production-ready format, with no tests, build tools, -etc. And so, we say goodbye to `npat`. - -* [`e16c14a`](https://github.com/npm/npm/commit/e16c14afb6f52cb8b7adf60b2b26427f76773f2e) - [#14329](https://github.com/npm/npm/pull/14329) - Remove the npat feature. - ([@iarna](https://github.com/iarna)) - -#### NEW `prepare` SCRIPT. `prepublish` DEPRECATED (**BREAKING**) - -If there's anything that really seemed to confuse users, it's that the -`prepublish` script ran when invoking `npm install` without any arguments. - -Turns out many, many people really expected that it would only run on `npm -publish`, even if it actually did what most people expected: prepare the package -for publishing on the registry. - -And so, we've added a `prepare` command that runs in the exact same cases where -`prepublish` ran, and we've begun a deprecation cycle for `prepublish` itself -**only when run by `npm install`**, which will now include a warning any time -you use it that way. - -We've also added a `prepublishOnly` script which will execute **only** when `npm -publish` is invoked. Eventually, `prepublish` will stop executing on `npm -install`, and `prepublishOnly` will be removed, leaving `prepare` and -`prepublish` as two distinct lifecycles. - -* [`9b4a227`](https://github.com/npm/npm/commit/9b4a2278cee0a410a107c8ea4d11614731e0a943) [`bc32078`](https://github.com/npm/npm/commit/bc32078fa798acef0e036414cb448645f135b570) - [#14290](https://github.com/npm/npm/pull/14290) - Add `prepare` and `prepublishOnly` lifecycle events. - ([@othiym23](https://github.com/othiym23)) -* [`52fdefd`](https://github.com/npm/npm/commit/52fdefddb48f0c39c6e8eb4c118eb306c9436117) - [#14290](https://github.com/npm/npm/pull/14290) - Warn when running `prepublish` on `npm pack`. - ([@othiym23](https://github.com/othiym23)) -* [`4c2a948`](https://github.com/npm/npm/commit/4c2a9481b564cae3df3f4643766db4b987018a7b) [`a55bd65`](https://github.com/npm/npm/commit/a55bd651284552b93f7d972a2e944f65c1aa6c35) - [#14290](https://github.com/npm/npm/pull/14290) - Added `prepublish` warnings to `npm install`. - ([@zkat](https://github.com/zkat)) -* [`c27412b`](https://github.com/npm/npm/commit/c27412bb9fc7b09f7707c7d9ad23128959ae1abc) - [#14290](https://github.com/npm/npm/pull/14290) - Replace `prepublish` with `prepare` in `npm help package.json` documentation. - ([@zkat](https://github.com/zkat)) - -#### NO MORE PARTIAL SHRINKWRAPS (**BREAKING**) - -That's right. No more partial shrinkwraps. That means that if you have an -`npm-shrinkwrap.json` in your project, npm will no longer install anything that -isn't explicitly listed there, unless it's a `devDependency`. This will open -doors to some nice optimizations and make use of `npm shrinkwrap` just generally -smoother by removing some awful corner cases. We will also skip `devDependency` -installation from `package.json` if you added `devDependencies` to your -shrinkwrap by using `npm shrinkwrap --dev`. - -* [`b7dfae8`](https://github.com/npm/npm/commit/b7dfae8fd4dc0456605f7a921d20a829afd50864) - [#14327](https://github.com/npm/npm/pull/14327) - Use `readShrinkwrap` to read top level shrinkwrap. There's no reason for npm - to be doing its own bespoke heirloom-grade artisanal thing here. - ([@iarna](https://github.com/iarna)) -* [`0ae1f4b`](https://github.com/npm/npm/commit/0ae1f4b9d83af2d093974beb33f26d77fcc95bb9) [`4a54997`](https://github.com/npm/npm/commit/4a549970dc818d78b6de97728af08a1edb5ae7f0) [`f22a1ae`](https://github.com/npm/npm/commit/f22a1ae54b5d47f1a056a6e70868013ebaf66b79) [`3f61189`](https://github.com/npm/npm/commit/3f61189cb3843fee9f54288fefa95ade9cace066) - [#14327](https://github.com/npm/npm/pull/14327) - Treat shrinkwrap as canonical. That is, don't try to fill in for partial - shrinkwraps. Partial shrinkwraps should produce partial installs. If your - shrinkwrap contains NO `devDependencies` then we'll still try to install them - from your `package.json` instead of assuming you NEVER want `devDependencies`. - ([@iarna](https://github.com/iarna)) - -#### `npm tag` REMOVED (**BREAKING**) - -* [`94255da`](https://github.com/npm/npm/commit/94255da8ffc2d9ed6a0434001a643c1ad82fa483) - [#14328](https://github.com/npm/npm/pull/14328) - Remove deprecated tag command. Folks must use the `dist-tag` command from now - on. - ([@iarna](https://github.com/iarna)) - -#### NON-ZERO EXIT CODE ON OUTDATED DEPENDENCIES (**BREAKING**) - -* [`40a04d8`](https://github.com/npm/npm/commit/40a04d888d10a5952d5ca4080f2f5d2339d2038a) [`e2fa18d`](https://github.com/npm/npm/commit/e2fa18d9f7904eb048db7280b40787cb2cdf87b3) [`3ee3948`](https://github.com/npm/npm/commit/3ee39488b74c7d35fbb5c14295e33b5a77578104) [`3fa25d0`](https://github.com/npm/npm/commit/3fa25d02a8ff07c42c595f84ae4821bc9ee908df) - [#14013](https://github.com/npm/npm/pull/14013) - Do `exit 1` if any outdated dependencies are found by `npm outdated`. - ([@watilde](https://github.com/watilde)) -* [`c81838a`](https://github.com/npm/npm/commit/c81838ae96b253f4b1ac66af619317a3a9da418e) - [#14013](https://github.com/npm/npm/pull/14013) - Log non-zero exit codes at `verbose` level -- this isn't something command - line tools tend to do. It's generally the shell's job to display, if at all. - ([@zkat](https://github.com/zkat)) - -#### SEND EXTRA HEADERS TO REGISTRY - -For the purposes of supporting shiny new registry features, we've started -sending `Npm-Scope` and `Npm-In-CI` headers in outgoing requests. - -* [`846f61c`](https://github.com/npm/npm/commit/846f61c1dd4a033f77aa736ab01c27ae6724fe1c) - [npm/npm-registry-client#145](https://github.com/npm/npm-registry-client/pull/145) - [npm/npm-registry-client#147](https://github.com/npm/npm-registry-client/pull/147) - `npm-registry-client@7.3.0`: - * Allow npm to add headers to outgoing requests. - * Add `Npm-In-CI` header that reports whether we're running in CI. - ([@iarna](https://github.com/iarna)) -* [`6b6bb08`](https://github.com/npm/npm/commit/6b6bb08af661221224a81df8adb0b72019ca3e11) - [#14129](https://github.com/npm/npm/pull/14129) - Send `Npm-Scope` header along with requests to registry. `Npm-Scope` is set to - the `@scope` of the current top level project. This will allow registries to - implement user/scope-aware features and services. - ([@iarna](https://github.com/iarna)) -* [`506de80`](https://github.com/npm/npm/commit/506de80dc0a0576ec2aab0ed8dc3eef3c1dabc23) - [#14129](https://github.com/npm/npm/pull/14129) - Add test to ensure `Npm-In-CI` header is being sent when CI is set in env. - ([@iarna](https://github.com/iarna)) - -#### BUGFIXES - -* [`bc84012`](https://github.com/npm/npm/commit/bc84012c2c615024b08868acbd8df53a7ca8d146) - [#14117](https://github.com/npm/npm/pull/14117) - Fixes a bug where installing a shrinkwrapped package would fail if the - platform failed to install an optional dependency included in the shrinkwrap. - ([@watilde](https://github.com/watilde)) -* [`a40b32d`](https://github.com/npm/npm/commit/a40b32dc7fe18f007a672219a12d6fecef800f9d) - [#13519](https://github.com/npm/npm/pull/13519) - If a package has malformed metadata, `node.requiredBy` is sometimes missing. - Stop crashing when that happens. - ([@creationix](https://github.com/creationix)) - -#### OTHER PATCHES - -* [`643dae2`](https://github.com/npm/npm/commit/643dae2197c56f1c725ecc6539786bf82962d0fe) - [#14244](https://github.com/npm/npm/pull/14244) - Remove some ancient aliases that we'd rather not have around. - ([@zkat](https://github.com/zkat)) -* [`bdeac3e`](https://github.com/npm/npm/commit/bdeac3e0fb226e4777d4be5cd3c3bec8231c8044) - [#14230](https://github.com/npm/npm/pull/14230) - Detect unsupported Node.js versions and warn about it. Also error on really - old versions where we know we can't work. - ([@iarna](https://github.com/iarna)) - -#### DOC UPDATES - -* [`9ca18ad`](https://github.com/npm/npm/commit/9ca18ada7cc1c10b2d32bbb59d5a99dd1c743109) - [#13746](https://github.com/npm/npm/pull/13746) - Updated docs for `npm search` options. - ([@zkat](https://github.com/zkat)) -* [`e02a47f`](https://github.com/npm/npm/commit/e02a47f9698ff082488dc2b1738afabb0912793e) - Move the `npm@3` changelog into the archived changelogs directory. - ([@zkat](https://github.com/zkat)) -* [`c12bbf8`](https://github.com/npm/npm/commit/c12bbf8c5a5dff24a191b66ac638f552bfb76601) - [#14290](https://github.com/npm/npm/pull/14290) - Document prepublish-on-install deprecation. - ([@othiym23](https://github.com/othiym23)) -* [`c246a75`](https://github.com/npm/npm/commit/c246a75ac8697f4ca11d316b7e7db5f24af7972b) - [#14129](https://github.com/npm/npm/pull/14129) - Document headers added by npm to outgoing registry requests. - ([@iarna](https://github.com/iarna)) - -#### DEPENDENCIES - -* [`cb20c73`](https://github.com/npm/npm/commit/cb20c7373a32daaccba2c1ad32d0b7e1fc01a681) - [#13953](https://github.com/npm/npm/pull/13953) - `signal-exit@3.0.1` - ([@benjamincoe](https://github.com/benjamincoe)) |