diff options
Diffstat (limited to 'deps/node/deps/npm/changelogs')
| -rw-r--r-- | deps/node/deps/npm/changelogs/CHANGELOG-1.md | 743 | ||||
| -rw-r--r-- | deps/node/deps/npm/changelogs/CHANGELOG-2.md | 5344 | ||||
| -rw-r--r-- | deps/node/deps/npm/changelogs/CHANGELOG-3.md | 5245 | ||||
| -rw-r--r-- | deps/node/deps/npm/changelogs/CHANGELOG-4.md | 1566 | ||||
| -rw-r--r-- | deps/node/deps/npm/changelogs/CHANGELOG-5.md | 2360 |
5 files changed, 0 insertions, 15258 deletions
diff --git a/deps/node/deps/npm/changelogs/CHANGELOG-1.md b/deps/node/deps/npm/changelogs/CHANGELOG-1.md deleted file mode 100644 index ea409c3d..00000000 --- a/deps/node/deps/npm/changelogs/CHANGELOG-1.md +++ /dev/null @@ -1,743 +0,0 @@ -### v1.4.29 (2015-10-29): - -#### THINGS ARE HAPPENING IN LTS LAND - -In a special one-off release as part of the [strategy to get a version of npm -into Node LTS that works with the current -registry](https://github.com/nodejs/LTS/issues/37), modify npm to print out -this deprecation banner literally every time npm is invoked to do anything: - -``` -npm WARN deprecated This version of npm lacks support for important features, -npm WARN deprecated such as scoped packages, offered by the primary npm -npm WARN deprecated registry. Consider upgrading to at least npm@2, if not the -npm WARN deprecated latest stable version. To upgrade to npm@2, run: -npm WARN deprecated -npm WARN deprecated npm -g install npm@latest-2 -npm WARN deprecated -npm WARN deprecated To upgrade to the latest stable version, run: -npm WARN deprecated -npm WARN deprecated npm -g install npm@latest -npm WARN deprecated -npm WARN deprecated (Depending on how Node.js was installed on your system, you -npm WARN deprecated may need to prefix the preceding commands with `sudo`, or if -npm WARN deprecated on Windows, run them from an Administrator prompt.) -npm WARN deprecated -npm WARN deprecated If you're running the version of npm bundled with -npm WARN deprecated Node.js 0.10 LTS, be aware that the next version of 0.10 LTS -npm WARN deprecated will be bundled with a version of npm@2, which has some small -npm WARN deprecated backwards-incompatible changes made to `npm run-script` and -npm WARN deprecated semver behavior. -``` - -The message basically tells the tale: Node 0.10 will finally be getting -`npm@2`, so those of you who haven't upgraded your build systems to deal with -its (relatively small) breaking changes should do so now. - -Also, this version doesn't even pretend that it can deal with scoped packages, -which, given the confusing behavior of older versions of `npm@1.4`, where it -would sometimes try to install packages from GitHub, is a distinct improvement. - -There is no good reason for you as an end user to upgrade to this version of -npm yourself. - -* [`709e9b4`](https://github.com/npm/npm/commit/709e9b44f5df9817a1c4babfbf26a2329bd265fb) - Print 20-line deprecation banner on all command invocations. - ([@othiym23](https://github.com/othiym23)) -* [`0c29d09`](https://github.com/npm/npm/commit/0c29d0906608e8e174bd30a7a245e19795326051) - Crash out immediately with an exhortation to upgrade on attempts to use - scoped packages. ([@othiym23](https://github.com/othiym23)) - -### v1.5.0-alpha-4 (2014-07-18): - -* fall back to `_auth` config as default auth when using default registry - ([@isaacs](https://github.com/isaacs)) -* support for 'init.version' for those who don't want to deal with semver 0.0.x - oddities ([@rvagg](https://github.com/rvagg)) -* [`be06213`](https://github.com/npm/npm/commit/be06213415f2d51a50d2c792b4cd0d3412a9a7b1) - remove residual support for `win` log level - ([@aterris](https://github.com/aterris)) - -### v1.5.0-alpha-3 (2014-07-17): - -* [`a3a85dd`](https://github.com/npm/npm/commit/a3a85dd004c9245a71ad2f0213bd1a9a90d64cd6) - `--save` scoped packages correctly ([@othiym23](https://github.com/othiym23)) -* [`18a3385`](https://github.com/npm/npm/commit/18a3385bcf8bfb8312239216afbffb7eec759150) - `npm-registry-client@3.0.2` ([@othiym23](https://github.com/othiym23)) -* [`375988b`](https://github.com/npm/npm/commit/375988b9bf5aa5170f06a790d624d31b1eb32c6d) - invalid package names are an early error for optional deps - ([@othiym23](https://github.com/othiym23)) -* consistently use `node-package-arg` instead of arbitrary package spec - splitting ([@othiym23](https://github.com/othiym23)) - -### v1.5.0-alpha-2 (2014-07-01): - -* [`54cf625`](https://github.com/npm/npm/commit/54cf62534e3331e3f454e609e44f0b944e819283) - fix handling for 301s in `npm-registry-client@3.0.1` - ([@Raynos](https://github.com/Raynos)) -* [`e410861`](https://github.com/npm/npm/commit/e410861c69a3799c1874614cb5b87af8124ff98d) - don't crash if no username set on `whoami` - ([@isaacs](https://github.com/isaacs)) -* [`0353dde`](https://github.com/npm/npm/commit/0353ddeaca8171aa7dbdd8102b7e2eb581a86406) - respect `--json` for output ([@isaacs](https://github.com/isaacs)) -* [`b3d112a`](https://github.com/npm/npm/commit/b3d112ae190b984cc1779b9e6de92218f22380c6) - outdated: Don't show headings if there's nothing to output - ([@isaacs](https://github.com/isaacs)) -* [`bb4b90c`](https://github.com/npm/npm/commit/bb4b90c80dbf906a1cb26d85bc0625dc2758acc3) - outdated: Default to `latest` rather than `*` for unspecified deps - ([@isaacs](https://github.com/isaacs)) - -### v1.5.0-alpha-1 (2014-07-01): - -* [`eef4884`](https://github.com/npm/npm/commit/eef4884d6487ee029813e60a5f9c54e67925d9fa) - use the correct piece of the spec for GitHub shortcuts - ([@othiym23](https://github.com/othiym23)) - -### v1.5.0-alpha-0 (2014-07-01): - -* [`7f55057`](https://github.com/npm/npm/commit/7f55057807cfdd9ceaf6331968e666424f48116c) - install scoped packages ([#5239](https://github.com/npm/npm/issues/5239)) - ([@othiym23](https://github.com/othiym23)) -* [`0df7e16`](https://github.com/npm/npm/commit/0df7e16c0232d8f4d036ebf4ec3563215517caac) - publish scoped packages ([#5239](https://github.com/npm/npm/issues/5239)) - ([@othiym23](https://github.com/othiym23)) -* [`0689ba2`](https://github.com/npm/npm/commit/0689ba249b92b4c6279a26804c96af6f92b3a501) - support (and save) --scope=@s config - ([@othiym23](https://github.com/othiym23)) -* [`f34878f`](https://github.com/npm/npm/commit/f34878fc4cee29901e4daf7bace94be01e25cad7) - scope credentials to registry ([@othiym23](https://github.com/othiym23)) -* [`0ac7ca2`](https://github.com/npm/npm/commit/0ac7ca233f7a69751fe4386af6c4daa3ee9fc0da) - capture and store bearer tokens when sent by registry - ([@othiym23](https://github.com/othiym23)) -* [`63c3277`](https://github.com/npm/npm/commit/63c3277f089b2c4417e922826bdc313ac854cad6) - only delete files that are created by npm - ([@othiym23](https://github.com/othiym23)) -* [`4f54043`](https://github.com/npm/npm/commit/4f540437091d1cbca3915cd20c2da83c2a88bb8e) - `npm-package-arg@2.0.0` ([@othiym23](https://github.com/othiym23)) -* [`9e1460e`](https://github.com/npm/npm/commit/9e1460e6ac9433019758481ec031358f4af4cd44) - `read-package-json@1.2.3` ([@othiym23](https://github.com/othiym23)) -* [`719d8ad`](https://github.com/npm/npm/commit/719d8adb9082401f905ff4207ede494661f8a554) - `fs-vacuum@1.2.1` ([@othiym23](https://github.com/othiym23)) -* [`9ef8fe4`](https://github.com/npm/npm/commit/9ef8fe4d6ead3acb3e88c712000e2d3a9480ebec) - `async-some@1.0.0` ([@othiym23](https://github.com/othiym23)) -* [`a964f65`](https://github.com/npm/npm/commit/a964f65ab662107b62a4ca58535ce817e8cca331) - `npmconf@2.0.1` ([@othiym23](https://github.com/othiym23)) -* [`113765b`](https://github.com/npm/npm/commit/113765bfb7d3801917c1d9f124b8b3d942bec89a) - `npm-registry-client@3.0.0` ([@othiym23](https://github.com/othiym23)) - -### v1.4.28 (2014-09-12): - -* [`f4540b6`](https://github.com/npm/npm/commit/f4540b6537a87e653d7495a9ddcf72949fdd4d14) - [#6043](https://github.com/npm/npm/issues/6043) defer rollbacks until just - before the CLI exits ([@isaacs](https://github.com/isaacs)) -* [`1eabfd5`](https://github.com/npm/npm/commit/1eabfd5c03f33c2bd28823714ff02059eeee3899) - [#6043](https://github.com/npm/npm/issues/6043) `slide@1.1.6`: wait until all - callbacks have finished before proceeding - ([@othiym23](https://github.com/othiym23)) - -### v1.4.27 (2014-09-04): - -* [`4cf3c8f`](https://github.com/npm/npm/commit/4cf3c8fd78c9e2693a5f899f50c28f4823c88e2e) - [#6007](https://github.com/npm/npm/issues/6007) request@2.42.0: properly set - headers on proxy requests ([@isaacs](https://github.com/isaacs)) -* [`403cb52`](https://github.com/npm/npm/commit/403cb526be1472bb7545fa8e62d4976382cdbbe5) - [#6055](https://github.com/npm/npm/issues/6055) npmconf@1.1.8: restore - case-insensitivity of environmental config - ([@iarna](https://github.com/iarna)) - -### v1.4.26 (2014-08-28): - -* [`eceea95`](https://github.com/npm/npm/commit/eceea95c804fa15b18e91c52c0beb08d42a3e77d) - `github-url-from-git@1.4.0`: add support for git+https and git+ssh - ([@stefanbuck](https://github.com/stefanbuck)) -* [`e561758`](https://github.com/npm/npm/commit/e5617587e7d7ab686192391ce55357dbc7fed0a3) - `columnify@1.2.1` ([@othiym23](https://github.com/othiym23)) -* [`0c4fab3`](https://github.com/npm/npm/commit/0c4fab372ee76eab01dda83b6749429a8564902e) - `cmd-shim@2.0.0`: upgrade to graceful-fs 3 - ([@ForbesLindesay](https://github.com/ForbesLindesay)) -* [`2d69e4d`](https://github.com/npm/npm/commit/2d69e4d95777671958b5e08d3b2f5844109d73e4) - `github-url-from-username-repo@1.0.0`: accept slashes in branch names - ([@robertkowalski](https://github.com/robertkowalski)) -* [`81f9b2b`](https://github.com/npm/npm/commit/81f9b2bac9d34c223ea093281ba3c495f23f10d1) - ensure lifecycle spawn errors caught properly - ([@isaacs](https://github.com/isaacs)) -* [`bfaab8c`](https://github.com/npm/npm/commit/bfaab8c6e0942382a96b250634ded22454c36b5a) - `npm-registry-client@2.0.7`: properly encode % in passwords - ([@isaacs](https://github.com/isaacs)) -* [`91cfb58`](https://github.com/npm/npm/commit/91cfb58dda851377ec604782263519f01fd96ad8) - doc: Fix 'npm help index' ([@isaacs](https://github.com/isaacs)) - -### v1.4.25 (2014-08-21): - -* [`64c0ec2`](https://github.com/npm/npm/commit/64c0ec241ef5d83761ca8de54acb3c41b079956e) - `npm-registry-client@2.0.6`: Print the notification header returned by the - registry, and make sure status codes are printed without gratuitous quotes - around them. - ([@othiym23](https://github.com/othiym23)) -* [`a8ed12b`](https://github.com/npm/npm/commit/a8ed12b) `tar@1.0.1`: - Add test for removing an extract target immediately after unpacking. - ([@isaacs](https://github.com/isaacs)) -* [`70fd11d`](https://github.com/npm/npm/commit/70fd11d) - `lockfile@1.0.0`: Fix incorrect interaction between `wait`, `stale`, - and `retries` options. Part 2 of race condition leading to `ENOENT` - errors. - ([@isaacs](https://github.com/isaacs)) -* [`0072c4d`](https://github.com/npm/npm/commit/0072c4d) - `fstream@1.0.2`: Fix a double-finish call which can result in excess - FS operations after the `close` event. Part 2 of race condition - leading to `ENOENT` errors. - ([@isaacs](https://github.com/isaacs)) - -### v1.4.24 (2014-08-14): - -* [`9344bd9`](https://github.com/npm/npm/commit/9344bd9b2929b5c399a0e0e0b34d45bce7bc24bb) - doc: add new changelog ([@othiym23](https://github.com/othiym23)) -* [`4be76fd`](https://github.com/npm/npm/commit/4be76fd65e895883c337a99f275ccc8c801adda3) - doc: update version doc to include `pre-*` increment args - ([@isaacs](https://github.com/isaacs)) -* [`e4f2620`](https://github.com/npm/npm/commit/e4f262036080a282ad60e236a9aeebd39fde9fe4) - build: add `make tag` to tag current release as `latest` - ([@isaacs](https://github.com/isaacs)) -* [`ec2596a`](https://github.com/npm/npm/commit/ec2596a7cb626772780b25b0a94a7e547a812bd5) - build: publish with `--tag=v1.4-next` ([@isaacs](https://github.com/isaacs)) -* [`9ee55f8`](https://github.com/npm/npm/commit/9ee55f892b8b473032a43c59912c5684fd1b39e6) - build: add script to output `v1.4-next` publish tag - ([@isaacs](https://github.com/isaacs)) -* [`aecb56f`](https://github.com/npm/npm/commit/aecb56f95a84687ea46920a0b98aaa587fee1568) - build: remove outdated `docpublish` make target - ([@isaacs](https://github.com/isaacs)) -* [`b57a9b7`](https://github.com/npm/npm/commit/b57a9b7ccd13e6b38831ed63595c8ea5763da247) - build: remove unpublish step from `make publish` - ([@isaacs](https://github.com/isaacs)) -* [`2c6acb9`](https://github.com/npm/npm/commit/2c6acb96c71c16106965d5cd829b67195dd673c7) - install: rename `.gitignore` when unpacking foreign tarballs - ([@isaacs](https://github.com/isaacs)) -* [`22f3681`](https://github.com/npm/npm/commit/22f3681923e993a47fc1769ba735bfa3dd138082) - cache: detect non-gzipped tar files more reliably - ([@isaacs](https://github.com/isaacs)) - -### v1.4.23 (2014-07-31): - -* [`8dd11d1`](https://github.com/npm/npm/commit/8dd11d1) update several - dependencies to avoid using `semver`s starting with 0. - -### v1.4.22 (2014-07-31): - -* [`d9a9e84`](https://github.com/npm/npm/commit/d9a9e84) `read-package-json@1.2.4` - ([@isaacs](https://github.com/isaacs)) -* [`86f0340`](https://github.com/npm/npm/commit/86f0340) - `github-url-from-git@1.2.0` ([@isaacs](https://github.com/isaacs)) -* [`a94136a`](https://github.com/npm/npm/commit/a94136a) `fstream@0.1.29` - ([@isaacs](https://github.com/isaacs)) -* [`bb82d18`](https://github.com/npm/npm/commit/bb82d18) `glob@4.0.5` - ([@isaacs](https://github.com/isaacs)) -* [`5b6bcf4`](https://github.com/npm/npm/commit/5b6bcf4) `cmd-shim@1.1.2` - ([@isaacs](https://github.com/isaacs)) -* [`c2aa8b3`](https://github.com/npm/npm/commit/c2aa8b3) license: Cleaned up - legalese with actual lawyer ([@isaacs](https://github.com/isaacs)) -* [`63fe0ee`](https://github.com/npm/npm/commit/63fe0ee) `init-package-json@1.0.0` - ([@isaacs](https://github.com/isaacs)) - -### v1.4.21 (2014-07-14): - -* [`88f51aa`](https://github.com/npm/npm/commit/88f51aa27eb9a958d1fa7ec50fee5cfdedd05110) - fix handling for 301s in `npm-registry-client@2.0.3` - ([@Raynos](https://github.com/Raynos)) - -### v1.4.20 (2014-07-02): - -* [`0353dde`](https://github.com/npm/npm/commit/0353ddeaca8171aa7dbdd8102b7e2eb581a86406) - respect `--json` for output ([@isaacs](https://github.com/isaacs)) -* [`b3d112a`](https://github.com/npm/npm/commit/b3d112ae190b984cc1779b9e6de92218f22380c6) - outdated: Don't show headings if there's nothing to output - ([@isaacs](https://github.com/isaacs)) -* [`bb4b90c`](https://github.com/npm/npm/commit/bb4b90c80dbf906a1cb26d85bc0625dc2758acc3) - outdated: Default to `latest` rather than `*` for unspecified deps - ([@isaacs](https://github.com/isaacs)) - -### v1.4.19 (2014-07-01): - -* [`f687433`](https://github.com/npm/npm/commit/f687433) relative URLS for - working non-root registry URLS ([@othiym23](https://github.com/othiym23)) -* [`bea190c`](https://github.com/npm/npm/commit/bea190c) - [#5591](https://github.com/npm/npm/issues/5591) bump nopt and npmconf - ([@isaacs](https://github.com/isaacs)) - -### v1.4.18 (2014-06-29): - -* Bump glob dependency from 4.0.2 to 4.0.3. It now uses graceful-fs when - available, increasing resilience to [various filesystem - errors](https://github.com/isaacs/node-graceful-fs#improvements-over-fs-module). - ([@isaacs](https://github.com/isaacs)) - -### v1.4.17 (2014-06-27): - -* replace escape codes with ansicolors - ([@othiym23](https://github.com/othiym23)) -* Allow to build all the docs OOTB. ([@GeJ](https://github.com/GeJ)) -* Use core.longpaths on win32 git - fixes - [#5525](https://github.com/npm/npm/issues/5525) ([@bmeck](https://github.com/bmeck)) -* `npmconf@1.1.2` ([@isaacs](https://github.com/isaacs)) -* Consolidate color sniffing in config/log loading process - ([@isaacs](https://github.com/isaacs)) -* add verbose log when project config file is ignored - ([@isaacs](https://github.com/isaacs)) -* npmconf: Float patch to remove 'scope' from config defs - ([@isaacs](https://github.com/isaacs)) -* doc: npm-explore can't handle a version - ([@robertkowalski](https://github.com/robertkowalski)) -* Add user-friendly errors for ENOSPC and EROFS. - ([@voodootikigod](https://github.com/voodootikigod)) -* bump tar and fstream deps ([@isaacs](https://github.com/isaacs)) -* Run the npm-registry-couchapp tests along with npm tests - ([@isaacs](https://github.com/isaacs)) - -### v1.2.8000 (2014-06-17): - -* Same as v1.4.16, but with the spinner disabled, and a version number that - starts with v1.2. - -### v1.4.16 (2014-06-17): - -* `npm-registry-client@2.0.2` ([@isaacs](https://github.com/isaacs)) -* `fstream@0.1.27` ([@isaacs](https://github.com/isaacs)) -* `sha@1.2.4` ([@isaacs](https://github.com/isaacs)) -* `rimraf@2.2.8` ([@isaacs](https://github.com/isaacs)) -* `npmlog@1.0.1` ([@isaacs](https://github.com/isaacs)) -* `npm-registry-client@2.0.1` ([@isaacs](https://github.com/isaacs)) -* removed redundant dependency ([@othiym23](https://github.com/othiym23)) -* `npmconf@1.0.5` ([@isaacs](https://github.com/isaacs)) -* Properly handle errors that can occur in the config-loading process - ([@isaacs](https://github.com/isaacs)) - -### v1.4.15 (2014-06-10): - -* cache: atomic de-race-ified package.json writing - ([@isaacs](https://github.com/isaacs)) -* `fstream@0.1.26` ([@isaacs](https://github.com/isaacs)) -* `graceful-fs@3.0.2` ([@isaacs](https://github.com/isaacs)) -* `osenv@0.1.0` ([@isaacs](https://github.com/isaacs)) -* Only spin the spinner when we're fetching stuff - ([@isaacs](https://github.com/isaacs)) -* Update `osenv@0.1.0` which removes ~/tmp as possible tmp-folder - ([@robertkowalski](https://github.com/robertkowalski)) -* `ini@1.2.1` ([@isaacs](https://github.com/isaacs)) -* `graceful-fs@3` ([@isaacs](https://github.com/isaacs)) -* Update glob and things depending on glob - ([@isaacs](https://github.com/isaacs)) -* github-url-from-username-repo and read-package-json updates - ([@isaacs](https://github.com/isaacs)) -* `editor@0.1.0` ([@isaacs](https://github.com/isaacs)) -* `columnify@1.1.0` ([@isaacs](https://github.com/isaacs)) -* bump ansi and associated deps ([@isaacs](https://github.com/isaacs)) - -### v1.4.14 (2014-06-05): - -* char-spinner: update to not bork windows - ([@isaacs](https://github.com/isaacs)) - -### v1.4.13 (2014-05-23): - -* Fix `npm install` on a tarball. - ([`ed3abf1`](https://github.com/npm/npm/commit/ed3abf1aa10000f0f687330e976d78d1955557f6), - [#5330](https://github.com/npm/npm/issues/5330), - [@othiym23](https://github.com/othiym23)) -* Fix an issue with the spinner on Node 0.8. - ([`9f00306`](https://github.com/npm/npm/commit/9f003067909440390198c0b8f92560d84da37762), - [@isaacs](https://github.com/isaacs)) -* Re-add `npm.commands.cache.clean` and `npm.commands.cache.read` APIs, and - document `npm.commands.cache.*` as npm-cache(3). - ([`e06799e`](https://github.com/npm/npm/commit/e06799e77e60c1fc51869619083a25e074d368b3), - [@isaacs](https://github.com/isaacs)) - -### v1.4.12 (2014-05-23): - -* remove normalize-package-data from top level, de-^-ify inflight dep - ([@isaacs](https://github.com/isaacs)) -* Always sort saved bundleDependencies ([@isaacs](https://github.com/isaacs)) -* add inflight to bundledDependencies - ([@othiym23](https://github.com/othiym23)) - -### v1.4.11 (2014-05-22): - -* fix `npm ls` labeling issue -* `node-gyp@0.13.1` -* default repository to https:// instead of git:// -* addLocalTarball: Remove extraneous unpack - ([@isaacs](https://github.com/isaacs)) -* Massive cache folder refactor ([@othiym23](https://github.com/othiym23) and - [@isaacs](https://github.com/isaacs)) -* Busy Spinner, no http noise ([@isaacs](https://github.com/isaacs)) -* Per-project .npmrc file support ([@isaacs](https://github.com/isaacs)) -* `npmconf@1.0.0`, Refactor config/uid/prefix loading process - ([@isaacs](https://github.com/isaacs)) -* Allow once-disallowed characters in passwords - ([@isaacs](https://github.com/isaacs)) -* Send npm version as 'version' header ([@isaacs](https://github.com/isaacs)) -* fix cygwin encoding issue (Karsten Tinnefeld) -* Allow non-github repositories with `npm repo` - ([@evanlucas](https://github.com/evanlucas)) -* Allow peer deps to be satisfied by grandparent -* Stop optional deps moving into deps on `update --save` - ([@timoxley](https://github.com/timoxley)) -* Ensure only matching deps update with `update --save*` - ([@timoxley](https://github.com/timoxley)) -* Add support for `prerelease`, `preminor`, `prepatch` to `npm version` - -### v1.4.10 (2014-05-05): - -* Don't set referer if already set -* fetch: Send referer and npm-session headers -* `run-script`: Support `--parseable` and `--json` -* list runnable scripts ([@evanlucas](https://github.com/evanlucas)) -* Use marked instead of ronn for html docs - -### v1.4.9 (2014-05-01): - -* Send referer header (with any potentially private stuff redacted) -* Fix critical typo bug in previous npm release - -### v1.4.8 (2014-05-01): - -* Check SHA before using files from cache -* adduser: allow change of the saved password -* Make `npm install` respect `config.unicode` -* Fix lifecycle to pass `Infinity` for config env value -* Don't return 0 exit code on invalid command -* cache: Handle 404s and other HTTP errors as errors -* Resolve ~ in path configs to env.HOME -* Include npm version in default user-agent conf -* npm init: Use ISC as default license, use save-prefix for deps -* Many test and doc fixes - -### v1.4.7 (2014-04-15): - -* Add `--save-prefix` option that can be used to override the default of `^` - when using `npm install --save` and its counterparts. - ([`64eefdf`](https://github.com/npm/npm/commit/64eefdfe26bb27db8dc90e3ab5d27a5ef18a4470), - [@thlorenz](https://github.com/thlorenz)) -* Allow `--silent` to silence the echoing of commands that occurs with `npm - run`. - ([`c95cf08`](https://github.com/npm/npm/commit/c95cf086e5b97dbb48ff95a72517b203a8f29eab), - [@Raynos](https://github.com/Raynos)) -* Some speed improvements to the cache, which should improve install times. - ([`cb94310`](https://github.com/npm/npm/commit/cb94310a6adb18cb7b881eacb8d67171eda8b744), - [`3b0870f`](https://github.com/npm/npm/commit/3b0870fb2f40358b3051abdab6be4319d196b99d), - [`120f5a9`](https://github.com/npm/npm/commit/120f5a93437bbbea9249801574a2f33e44e81c33), - [@isaacs](https://github.com/isaacs)) -* Improve ability to retry registry requests when a subset of the registry - servers are down. - ([`4a5257d`](https://github.com/npm/npm/commit/4a5257de3870ac3dafa39667379f19f6dcd6093e), - https://github.com/npm/npm-registry-client/commit/7686d02cb0b844626d6a401e58c0755ef3bc8432, - [@isaacs](https://github.com/isaacs)) -* Fix marking of peer dependencies as extraneous. - ([`779b164`](https://github.com/npm/npm/commit/779b1649764607b062c031c7e5c972151b4a1754), - https://github.com/npm/read-installed/commit/6680ba6ef235b1ca3273a00b70869798ad662ddc, - [@isaacs](https://github.com/isaacs)) -* Fix npm crashing when doing `npm shrinkwrap` in the presence of a - `package.json` with no dependencies. - ([`a9d9fa5`](https://github.com/npm/npm/commit/a9d9fa5ad3b8c925a589422b7be28d2735f320b0), - [@kislyuk](https://github.com/kislyuk)) -* Fix error when using `npm view` on packages that have no versions or have - been unpublished. - ([`94df2f5`](https://github.com/npm/npm/commit/94df2f56d684b35d1df043660180fc321b743dc8), - [@juliangruber](https://github.com/juliangruber); - [`2241a09`](https://github.com/npm/npm/commit/2241a09c843669c70633c399ce698cec3add40b3), - [@isaacs](https://github.com/isaacs)) - -### v1.4.6 (2014-03-19): - -* Fix extraneous package detection to work in more cases. - ([`f671286`](https://github.com/npm/npm/commit/f671286), npm/read-installed#20, - [@LaurentVB](https://github.com/LaurentVB)) - -### v1.4.5 (2014-03-18): - -* Sort dependencies in `package.json` when doing `npm install --save` and all - its variants. - ([`6fd6ff7`](https://github.com/npm/npm/commit/6fd6ff7e536ea6acd33037b1878d4eca1f931985), - [@domenic](https://github.com/domenic)) -* Add `--save-exact` option, usable alongside `--save` and its variants, which - will write the exact version number into `package.json` instead of the - appropriate semver-compatibility range. - ([`17f07df`](https://github.com/npm/npm/commit/17f07df8ad8e594304c2445bf7489cb53346f2c5), - [@timoxley](https://github.com/timoxley)) -* Accept gzipped content from the registry to speed up downloads and save - bandwidth. - ([`a3762de`](https://github.com/npm/npm/commit/a3762de843b842be8fa0ab57cdcd6b164f145942), - npm/npm-registry-client#40, [@fengmk2](https://github.com/fengmk2)) -* Fix `npm ls`'s `--depth` and `--log` options. - ([`1d29b17`](https://github.com/npm/npm/commit/1d29b17f5193d52a5c4faa412a95313dcf41ed91), - npm/read-installed#13, [@zertosh](https://github.com/zertosh)) -* Fix "Adding a cache directory to the cache will make the world implode" in - certain cases. - ([`9a4b2c4`](https://github.com/npm/npm/commit/9a4b2c4667c2b1e0054e3d5611ab86acb1760834), - domenic/path-is-inside#1, [@pmarques](https://github.com/pmarques)) -* Fix readmes not being uploaded in certain rare cases. - ([`527b72c`](https://github.com/npm/npm/commit/527b72cca6c55762b51e592c48a9f28cc7e2ff8b), - [@isaacs](https://github.com/isaacs)) - -### v1.4.4 (2014-02-20): - -* Add `npm t` as an alias for `npm test` (which is itself an alias for `npm run - test`, or even `npm run-script test`). We like making running your tests - easy. ([`14e650b`](https://github.com/npm/npm/commit/14e650bce0bfebba10094c961ac104a61417a5de), [@isaacs](https://github.com/isaacs)) - -### v1.4.3 (2014-02-16): - -* Add back `npm prune --production`, which was removed in 1.3.24. - ([`acc4d02`](https://github.com/npm/npm/commit/acc4d023c57d07704b20a0955e4bf10ee91bdc83), - [@davglass](https://github.com/davglass)) -* Default `npm install --save` and its counterparts to use the `^` version - specifier, instead of `~`. - ([`0a3151c`](https://github.com/npm/npm/commit/0a3151c9cbeb50c1c65895685c2eabdc7e2608dc), - [@mikolalysenko](https://github.com/mikolalysenko)) -* Make `npm shrinkwrap` output dependencies in a sorted order, so that diffs - between shrinkwrap files should be saner now. - ([`059b2bf`](https://github.com/npm/npm/commit/059b2bfd06ae775205a37257dca80142596a0113), - [@Raynos](https://github.com/Raynos)) -* Fix `npm dedupe` not correctly respecting dependency constraints. - ([`86028e9`](https://github.com/npm/npm/commit/86028e9fd8524d5e520ce01ba2ebab5a030103fc), - [@rafeca](https://github.com/rafeca)) -* Fix `npm ls` giving spurious warnings when you used `"latest"` as a version - specifier. - (https://github.com/npm/read-installed/commit/d2956400e0386931c926e0f30c334840e0938f14, - [@bajtos](https://github.com/bajtos)) -* Fixed a bug where using `npm link` on packages without a `name` value could - cause npm to delete itself. - ([`401a642`](https://github.com/npm/npm/commit/401a64286aa6665a94d1d2f13604f7014c5fce87), - [@isaacs](https://github.com/isaacs)) -* Fixed `npm install ./pkg@1.2.3` to actually install the directory at - `pkg@1.2.3`; before it would try to find version `1.2.3` of the package - `./pkg` in the npm registry. - ([`46d8768`](https://github.com/npm/npm/commit/46d876821d1dd94c050d5ebc86444bed12c56739), - [@rlidwka](https://github.com/rlidwka); see also - [`f851b79`](https://github.com/npm/npm/commit/f851b79a71d9a5f5125aa85877c94faaf91bea5f)) -* Fix `npm outdated` to respect the `color` configuration option. - ([`d4f6f3f`](https://github.com/npm/npm/commit/d4f6f3ff83bd14fb60d3ac6392cb8eb6b1c55ce1), - [@timoxley](https://github.com/timoxley)) -* Fix `npm outdated --parseable`. - ([`9575a23`](https://github.com/npm/npm/commit/9575a23f955ce3e75b509c89504ef0bd707c8cf6), - [@yhpark](https://github.com/yhpark)) -* Fix a lockfile-related errors when using certain Git URLs. - ([`164b97e`](https://github.com/npm/npm/commit/164b97e6089f64e686db7a9a24016f245effc37f), - [@nigelzor](https://github.com/nigelzor)) - -### v1.4.2 (2014-02-13): - -* Fixed an issue related to mid-publish GET requests made against the registry. - (https://github.com/npm/npm-registry-client/commit/acbec48372bc1816c67c9e7cbf814cf50437ff93, - [@isaacs](https://github.com/isaacs)) - -### v1.4.1 (2014-02-13): - -* Fix `npm shrinkwrap` forgetting to shrinkwrap dependencies that were also - development dependencies. - ([`9c575c5`](https://github.com/npm/npm/commit/9c575c56efa9b0c8b0d4a17cb9c1de3833004bcd), - [@diwu1989](https://github.com/diwu1989)) -* Fixed publishing of pre-existing packages with uppercase characters in their - name. - (https://github.com/npm/npm-registry-client/commit/9345d3b6c3d8510dd5c4418f27ee1fce59acebad, - [@isaacs](https://github.com/isaacs)) - -### v1.4.0 (2014-02-12): - -* Remove `npm publish --force`. See - https://github.com/npm/npmjs.org/issues/148. - ([@isaacs](https://github.com/isaacs), - npm/npm-registry-client@2c8dba990de6a59af6545b75cc00a6dc12777c2a) -* Other changes to the registry client related to saved configs and couch - logins. ([@isaacs](https://github.com/isaacs); - npm/npm-registry-client@25e2b019a1588155e5f87d035c27e79963b75951, - npm/npm-registry-client@9e41e9101b68036e0f078398785f618575f3cdde, - npm/npm-registry-client@2c8dba990de6a59af6545b75cc00a6dc12777c2a) -* Show an error to the user when doing `npm update` and the `package.json` - specifies a version that does not exist. - ([@evanlucas](https://github.com/evanlucas), - [`027a33a`](https://github.com/npm/npm/commit/027a33a5c594124cc1d82ddec5aee2c18bc8dc32)) -* Fix some issues with cache ownership in certain installation configurations. - ([@outcoldman](https://github.com/outcoldman), - [`a132690`](https://github.com/npm/npm/commit/a132690a2876cda5dcd1e4ca751f21dfcb11cb9e)) -* Fix issues where GitHub shorthand dependencies `user/repo` were not always - treated the same as full Git URLs. - ([@robertkowalski](https://github.com/robertkowalski), - https://github.com/meryn/normalize-package-data/commit/005d0b637aec1895117fcb4e3b49185eebf9e240) - -### v1.3.26 (2014-02-02): - -* Fixes and updates to publishing code - ([`735427a`](https://github.com/npm/npm/commit/735427a69ba4fe92aafa2d88f202aaa42920a9e2) - and - [`c0ac832`](https://github.com/npm/npm/commit/c0ac83224d49aa62e55577f8f27d53bbfd640dc5), - [@isaacs](https://github.com/isaacs)) -* Fix `npm bugs` with no arguments. - ([`b99d465`](https://github.com/npm/npm/commit/b99d465221ac03bca30976cbf4d62ca80ab34091), - [@Hoops](https://github.com/Hoops)) - -### v1.3.25 (2014-01-25): - -* Remove gubblebum blocky font from documentation headers. - ([`6940c9a`](https://github.com/npm/npm/commit/6940c9a100160056dc6be8f54a7ad7fa8ceda7e2), - [@isaacs](https://github.com/isaacs)) - -### v1.3.24 (2014-01-19): - -* Make the search output prettier, with nice truncated columns, and a `--long` - option to create wrapping columns. - ([`20439b2`](https://github.com/npm/npm/commit/20439b2) and - [`3a6942d`](https://github.com/npm/npm/commit/3a6942d), - [@timoxley](https://github.com/timoxley)) -* Support multiple packagenames in `npm docs`. - ([`823010b`](https://github.com/npm/npm/commit/823010b), - [@timoxley](https://github.com/timoxley)) -* Fix the `npm adduser` bug regarding "Error: default value must be string or - number" again. ([`b9b4248`](https://github.com/npm/npm/commit/b9b4248), - [@isaacs](https://github.com/isaacs)) -* Fix `scripts` entries containing whitespaces on Windows. - ([`80282ed`](https://github.com/npm/npm/commit/80282ed), - [@robertkowalski](https://github.com/robertkowalski)) -* Fix `npm update` for Git URLs that have credentials in them - ([`93fc364`](https://github.com/npm/npm/commit/93fc364), - [@danielsantiago](https://github.com/danielsantiago)) -* Fix `npm install` overwriting `npm link`-ed dependencies when they are tagged - Git dependencies. ([`af9bbd9`](https://github.com/npm/npm/commit/af9bbd9), - [@evanlucas](https://github.com/evanlucas)) -* Remove `npm prune --production` since it buggily removed some dependencies - that were necessary for production; see - [#4509](https://github.com/npm/npm/issues/4509). Hopefully it can make its - triumphant return, one day. - ([`1101b6a`](https://github.com/npm/npm/commit/1101b6a), - [@isaacs](https://github.com/isaacs)) - -Dependency updates: -* [`909cccf`](https://github.com/npm/npm/commit/909cccf) `read-package-json@1.1.6` -* [`a3891b6`](https://github.com/npm/npm/commit/a3891b6) `rimraf@2.2.6` -* [`ac6efbc`](https://github.com/npm/npm/commit/ac6efbc) `sha@1.2.3` -* [`dd30038`](https://github.com/npm/npm/commit/dd30038) `node-gyp@0.12.2` -* [`c8c3ebe`](https://github.com/npm/npm/commit/c8c3ebe) `npm-registry-client@0.3.3` -* [`4315286`](https://github.com/npm/npm/commit/4315286) `npmconf@0.1.12` - -### v1.3.23 (2014-01-03): - -* Properly handle installations that contained a certain class of circular - dependencies. - ([`5dc93e8`](https://github.com/npm/npm/commit/5dc93e8c82604c45b6067b1acf1c768e0bfce754), - [@substack](https://github.com/substack)) - -### v1.3.22 (2013-12-25): - -* Fix a critical bug in `npm adduser` that would manifest in the error message - "Error: default value must be string or number." - ([`fba4bd2`](https://github.com/npm/npm/commit/fba4bd24bc2ab00ccfeda2043aa53af7d75ef7ce), - [@isaacs](https://github.com/isaacs)) -* Allow `npm bugs` in the current directory to open the current package's bugs - URL. - ([`d04cf64`](https://github.com/npm/npm/commit/d04cf6483932c693452f3f778c2fa90f6153a4af), - [@evanlucas](https://github.com/evanlucas)) -* Several fixes to various error messages to include more useful or updated - information. - ([`1e6f2a7`](https://github.com/npm/npm/commit/1e6f2a72ca058335f9f5e7ca22d01e1a8bb0f9f7), - [`ff46366`](https://github.com/npm/npm/commit/ff46366bd40ff0ef33c7bac8400bc912c56201d1), - [`8b4bb48`](https://github.com/npm/npm/commit/8b4bb4815d80a3612186dc5549d698e7b988eb03); - [@rlidwka](https://github.com/rlidwka), - [@evanlucas](https://github.com/evanlucas)) - -### v1.3.21 (2013-12-17): - -* Fix a critical bug that prevented publishing due to incorrect hash - calculation. - ([`4ca4a2c`](https://github.com/npm/npm-registry-client/commit/4ca4a2c6333144299428be6b572e2691aa59852e), - [@dominictarr](https://github.com/dominictarr)) - -### v1.3.20 (2013-12-17): - -* Fixes a critical bug in v1.3.19. Thankfully, due to that bug, no one could - install npm v1.3.19 :) - -### v1.3.19 (2013-12-16): - -* Adds atomic PUTs for publishing packages, which should result in far fewer - requests and less room for replication errors on the server-side. - -### v1.3.18 (2013-12-16): - -* Added an `--ignore-scripts` option, which will prevent `package.json` scripts - from being run. Most notably, this will work on `npm install`, so e.g. `npm - install --ignore-scripts` will not run preinstall and prepublish scripts. - ([`d7e67bf`](https://github.com/npm/npm/commit/d7e67bf0d94b085652ec1c87d595afa6f650a8f6), - [@sqs](https://github.com/sqs)) -* Fixed a bug introduced in 1.3.16 that would manifest with certain cache - configurations, by causing spurious errors saying "Adding a cache directory - to the cache will make the world implode." - ([`966373f`](https://github.com/npm/npm/commit/966373fad8d741637f9744882bde9f6e94000865), - [@domenic](https://github.com/domenic)) -* Re-fixed the multiple download of URL dependencies, whose fix was reverted in - 1.3.17. - ([`a362c3f`](https://github.com/npm/npm/commit/a362c3f1919987419ed8a37c8defa19d2e6697b0), - [@spmason](https://github.com/spmason)) - -### v1.3.17 (2013-12-11): - -* This release reverts - [`644c2ff`](https://github.com/npm/npm/commit/644c2ff3e3d9c93764f7045762477f48864d64a7), - which avoided re-downloading URL and shinkwrap dependencies when doing `npm - install`. You can see the in-depth reasoning in - [`d8c907e`](https://github.com/npm/npm/commit/d8c907edc2019b75cff0f53467e34e0ffd7e5fba); - the problem was, that the patch changed the behavior of `npm install -f` to - reinstall all dependencies. -* A new version of the no-re-downloading fix has been submitted as - [#4303](https://github.com/npm/npm/issues/4303) and will hopefully be - included in the next release. - -### v1.3.16 (2013-12-11): - -* Git URL dependencies are now updated on `npm install`, fixing a two-year old - bug - ([`5829ecf`](https://github.com/npm/npm/commit/5829ecf032b392d2133bd351f53d3c644961396b), - [@robertkowalski](https://github.com/robertkowalski)). Additional progress on - reducing the resulting Git-related I/O is tracked as - [#4191](https://github.com/npm/npm/issues/4191), but for now, this will be a - big improvement. -* Added a `--json` mode to `npm outdated` to give a parseable output. - ([`0b6c9b7`](https://github.com/npm/npm/commit/0b6c9b7c8c5579f4d7d37a0c24d9b7a12ccbe5fe), - [@yyx990803](https://github.com/yyx990803)) -* Made `npm outdated` much prettier and more useful. It now outputs a - color-coded and easy-to-read table. - ([`fd3017f`](https://github.com/npm/npm/commit/fd3017fc3e9d42acf6394a5285122edb4dc16106), - [@quimcalpe](https://github.com/quimcalpe)) -* Added the `--depth` option to `npm outdated`, so that e.g. you can do `npm - outdated --depth=0` to show only top-level outdated dependencies. - ([`1d184ef`](https://github.com/npm/npm/commit/1d184ef3f4b4bc309d38e9128732e3e6fb46d49c), - [@yyx990803](https://github.com/yyx990803)) -* Added a `--no-git-tag-version` option to `npm version`, for doing the usual - job of `npm version` minus the Git tagging. This could be useful if you need - to increase the version in other related files before actually adding the - tag. - ([`59ca984`](https://github.com/npm/npm/commit/59ca9841ba4f4b2f11b8e72533f385c77ae9f8bd), - [@evanlucas](https://github.com/evanlucas)) -* Made `npm repo` and `npm docs` work without any arguments, adding them to the - list of npm commands that work on the package in the current directory when - invoked without arguments. - ([`bf9048e`](https://github.com/npm/npm/commit/bf9048e2fa16d43fbc4b328d162b0a194ca484e8), - [@robertkowalski](https://github.com/robertkowalski); - [`07600d0`](https://github.com/npm/npm/commit/07600d006c652507cb04ac0dae9780e35073dd67), - [@wilmoore](https://github.com/wilmoore)). There are a few other commands we - still want to implement this for; see - [#4204](https://github.com/npm/npm/issues/4204). -* Pass through the `GIT_SSL_NO_VERIFY` environment variable to Git, if it is - set; we currently do this with a few other environment variables, but we - missed that one. - ([`c625de9`](https://github.com/npm/npm/commit/c625de91770df24c189c77d2e4bc821f2265efa8), - [@arikon](https://github.com/arikon)) -* Fixed `npm dedupe` on Windows due to incorrect path separators being used - ([`7677de4`](https://github.com/npm/npm/commit/7677de4583100bc39407093ecc6bc13715bf8161), - [@mcolyer](https://github.com/mcolyer)). -* Fixed the `npm help` command when multiple words were searched for; it - previously gave a `ReferenceError`. - ([`6a28dd1`](https://github.com/npm/npm/commit/6a28dd147c6957a93db12b1081c6e0da44fe5e3c), - [@dereckson](https://github.com/dereckson)) -* Stopped re-downloading URL and shrinkwrap dependencies, as demonstrated in - [#3463](https://github.com/npm/npm/issues/3463) - ([`644c2ff`](https://github.com/isaacs/npm/commit/644c2ff3e3d9c93764f7045762477f48864d64a7), - [@spmason](https://github.com/spmason)). You can use the `--force` option to - force re-download and installation of all dependencies. diff --git a/deps/node/deps/npm/changelogs/CHANGELOG-2.md b/deps/node/deps/npm/changelogs/CHANGELOG-2.md deleted file mode 100644 index c4d2b777..00000000 --- a/deps/node/deps/npm/changelogs/CHANGELOG-2.md +++ /dev/null @@ -1,5344 +0,0 @@ -### v2.15.12 (2017-03-24): - -This version brings the latest `node-gyp` to a soon to be released Node.js -4.x. The `node-gyp` update is particularly important to Windows folks due to -its addition of Visual Studio 2017 support. - -* [`cdd60e733`](https://github.com/npm/npm/commit/cdd60e733905a9994e1d6d832996bfdd12abeaee) - `node-gyp@3.6.0`: - Improvements to how Python is located. New `--devdir` flag. - Support for VS2017. - Chakracore support on ARM. - Remove path-array dependency, reducing size significantly. - ([@bnoordhuis](https://github.com/bnoordhuis)) - ([@mhart](https://github.com/mhart)) - ([@refack](https://github.com/refack)) - ([@kunalspathak](https://github.com/kunalspathak)) - -### v2.15.11 (2016-09-08): - -On we go with our monthly release cadence! This week is pretty much all -dependency updates and some documentation changes, as can be expected by now. - -Note that `npm@4` will almost certainly be released next month! It's not final -what we'll end up doing as far as LTS support goes, but the current thinking is -that, considering how small and resource-constrained our team is, support for -`npm@2` will be reduced to essentially maintenance, so we can better focus on -`npm@3` as the new LTS version (which will go into `node@6`), and `npm@4` as our -next main development version. - -#### DOCUMENTATION UPDATES - -* [`8f71038`](https://github.com/npm/npm/commit/8f71038310501ad5bc7445b2fa2ff0eaa377919a) - [#13892](https://github.com/npm/npm/pull/13892) - Update `LICENSE` file to match license on `master`. - ([@rvagg](https://github.com/rvagg)) -* [`e81b4f1`](https://github.com/npm/npm/commit/e81b4f1d18a4d79b7af8342747f2ed7dc3e84f0a) - [#12438](https://github.com/npm/npm/issues/12438) - Remind folks to use `#!/usr/bin/env node` in their `bin` scripts to make files - executable directly. - ([@mxstbr](https://github.com/mxstbr)) -* [`f89789f`](https://github.com/npm/npm/commit/f89789f43d65bfc74f64f15a99356841377e1af3) - [#13655](https://github.com/npm/npm/pull/13655) - Document line comment syntax for `.npmrc`. - ([@mdjasper](https://github.com/mdjasper)) -* [`5cd3abc`](https://github.com/npm/npm/commit/5cd3abc3511515e09b4a1b781c0520e84c267c5b) - [#13493](https://github.com/npm/npm/pull/13493) - Document that the user config file can itself be configured either through the - `$NPM_CONFIG_USERCONFIG` environment variable, or `--userconfig` command line - flag. - ([@jasonkarns](https://github.com/jasonkarns)) -* [`dd71ca0`](https://github.com/npm/npm/commit/dd71ca0efc2094b824ccc9e23af0fc915499f2e6) - [#13911](https://github.com/npm/npm/pull/13911) - Minor documentation reword and cleanup. - ([@othiym23](https://github.com/othiym23)) -* [`f7a320c`](https://github.com/npm/npm/commit/f7a320c816947d578a050c97e0fb9878954be0e8) - [#13682](https://github.com/npm/npm/pull/13682) - Minor grammar fix in documentation for `npm scripts`. - ([@Ajedi32](https://github.com/Ajedi32)) -* [`e5cb5e8`](https://github.com/npm/npm/commit/e5cb5e8fcf4642836fedf3f3421c994a8e27e19b) - [#13717](https://github.com/npm/npm/pull/13717) - Document that `npm link` will link the files specified in the `bin` field of - `package.json` to `{prefix}/bin/{name}`. - ([@legodude17](https://github.com/legodude17)) - -#### DEPENDENCY UPDATES -* [`8bef026`](https://github.com/npm/npm/commit/8bef026603b6da888edf0d41308d9e532abfcd54) - `graceful-fs@4.1.6` - ([@francescoinfante](https://github.com/francescoinfante)) -* [`9f73f4a`](https://github.com/npm/npm/commit/9f73f4aab5f56b256c5cf9e461e81abfa2844945) - `glob@7.0.6` - ([@isaacs](https://github.com/isaacs)) -* [`5391b7e`](https://github.com/npm/npm/commit/5391b7e8cd4401fbadbf54e810fdc965a3662a21) - `which@1.2.1` - ([@isaacs](https://github.com/isaacs)) -* [`43bfec8`](https://github.com/npm/npm/commit/43bfec8376dd8ded7d56a8dabd6139919544760e) - `retry@0.10.0` - ([@tim-kos](https://github.com/tim-kos)) -* [`39305f1`](https://github.com/npm/npm/commit/39305f1c76f74bf9789c769ef72a94ea9a81d119) - `readable-stream@2.1.5` - ([@calvinmetcalf](https://github.com/calvinmetcalf)) -* [`a5512fa`](https://github.com/npm/npm/commit/a5512fafd72e23755e77e28f1122b008bc12a733) - `once@1.4.0` - ([@zkochan](https://github.com/zkochan)) -* [`06a208b`](https://github.com/npm/npm/commit/06a208b178c1de3d0da58bc35a854d200fea8ef0) - `npm-registry-client@7.2.1`: - * [npm/npm-registry-client#142](https://github.com/npm/npm-registry-client/pull/142) Fix `EventEmitter` warning spam from error handlers on socket. ([@addaleax](https://github.com/addaleax)) - * [npm/npm-registry-client#131](https://github.com/npm/npm-registry-client/pull/131) Adds support for streaming request bodies. ([@aredridel](https://github.com/aredridel)) - * Fixes [#13656](https://github.com/npm/npm/issues/13656). - * Dependency updates. - * Documentation improvements. - ([@othiym23](https://github.com/othiym23)) -* [`4f759be`](https://github.com/npm/npm/commit/4f759be1fb5e23180b970350e58f40a513daa680) - `inherits@2.0.3` - ([@isaacs](https://github.com/isaacs)) -* [`4258b76`](https://github.com/npm/npm/commit/4258b764e2565f6294ae1e34a5653895290b62e3) - `tap@7.1.1` - ([@isaacs](https://github.com/isaacs)) - -### v2.15.10 (2016-08-11): - -Hi all, today's our first release coming out of the new monthly release -cadence. See below for details. We're all recovered from conferences now and -raring to go! For LTS we see some bug fixes, documentation improvements and -a host of dependency updates. - -The most dramatic bug fix is probably the inclusion of scoped modules in -bundled dependencies. Prior to this release and -[v3.10.7](https://github.com/npm/npm/releases/v3.10.7), npm had ignored -scoped modules found in `bundleDependencies` entirely. - -#### NEW RELEASE CADENCE - -Releasing npm has been, for the most part, a very prominent part of our -weekly process process. As part of our efforts to find the most effective -ways to allocate our team's resources, we decided last month that we would -try and slow our releases down to a monthly cadence, and see if we found -ourselves with as much extra time and attention as we expected to have. -Process experiments are useful for finding more effective ways to do our -work, and we're at least going to keep doing this for a whole quarter, and -then measure how well it worked out. It's entirely likely that we'll switch -back to a more frequent cadence, specially if we find that the value that -weekly cadence was providing the community is not worth sacrificing for a -bit of extra time. Does this affect you significantly? Let us know! - -#### WINDOWS CORNER CASES - -* [`405c404`](https://github.com/npm/npm/commit/405c4048c69c14d66e6179aba0c8a35e504e8041) - [#13023](https://github.com/npm/npm/pull/13023) - Fixed a Windows issue with the cache where callbacks could be called more than once. - ([@zkat](https://github.com/zkat)) - -* [`bf348dc`](https://github.com/npm/npm/commit/bf348dcfb944dc4b9f71b779bf172f86a2e1f474) - [#13023](https://github.com/npm/npm/pull/13023) - Fixed a Windows corner case with correct-mkdir where if SUDO_UID or - SUDO_GID were set then we would try to chown things even though that can't - work on Windows. - ([@zkat](https://github.com/zkat)) - -#### RACES IN THE CACHE - -* [`68f29f1`](https://github.com/npm/npm/commit/68f29f18f65c7a7e1c58eb6933af41d786971379) - [#12669](https://github.com/npm/npm/issues/12669) - Ignore ENOENT errors on chownr while adding packages to cache. This change - works around problems with race conditions and local packages. - ([@julianduque](https://github.com/julianduque)) - -#### BETTER GIT ENVIRONMENT WHITELISTING - -* [`5e96566`](https://github.com/npm/npm/commit/5e96566088f0d88c1ed10c5a9cbb7c0cd4aa2aee) - [#13358](https://github.com/npm/npm/pull/13358) - Add GIT_EXEC_PATH to Git environment whitelist. - ([@mhart](https://github.com/mhart)) - -#### DOCUMENTATION - -* [`363e381`](https://github.com/npm/npm/commit/363e381a4076ead89707a00cc4a447b1d59df3bc) - [#13319](https://github.com/npm/npm/pull/13319) - As Node.js 0.8 is no longer supported, remove mention of it from the README. - ([@watilde](https://github.com/watilde)) -* [`e8fafa8`](https://github.com/npm/npm/commit/e8fafa887c60eb8842c76c4b3dffe85eb49fa434) - [#10167](https://github.com/npm/npm/pull/10167) - Clarify in scope documentation that npm@2 is required for scoped packages. - ([@danpaz](https://github.com/danpaz)) - -#### DEPENDENCIES - -* [`66ef279`](https://github.com/npm/npm/commit/66ef279b7c3b3e4f9454474dddd057cc1f21873b) - [npm/fstream-npm#22](https://github.com/npm/fstream-npm/pull/22) - `fstream@1.1.1`: - Always include NOTICE files now. Fix inclusion of scoped modules as bundled dependencies. - ([@kemitchell](https://github.com/kemitchell)) - ([@forivall](https://github.com/forivall)) -* [`fe8385b`](https://github.com/npm/npm/commit/fe8385bd655502feb175eed175a6a06cafb2247a) - `glob@7.0.5`: - Update minimatch dep for security fix. See the minimatch update below for details. - ([@isaacs](https://github.com/isaacs)) -* [`51d49d2`](https://github.com/npm/npm/commit/51d49d2f79b4c69264de73a492ed54f87188d554) - [isaacs/node-graceful-fs#71](https://github.com/isaacs/node-graceful-fs/pull/71) - `graceful-fs@4.1.5`: - `graceful-fs` had a [bug fix](https://github.com/isaacs/node-graceful-fs/pull/71) which - fixes a problem ([nodejs/node#7846](https://github.com/nodejs/node/pull/7846)) exposed - by recent changes to Node.js. - ([@thefourtheye](https://github.com/thefourtheye)) -* [`5c8f39d`](https://github.com/npm/npm/commit/5c8f39d152c43e96b9006ffe865646a36a433a8a) - `minimatch@3.0.3`: - Handle extremely long and terrible patterns more gracefully. - There were some magic numbers that assumed that every extglob pattern starts - and ends with a specific number of characters in the regular expression. - Since !(||) patterns are a little bit more complicated, this led to creating - an invalid regular expression and throwing. - ([@isaacs](https://github.com/isaacs)) -* [`d681e16`](https://github.com/npm/npm/commit/d681e16a475a49d6196af9a5cedaaf88712f3a9f) - [npm/npm-user-validate#9](https://github.com/npm/npm-user-validate/pull/9) - `npm-user-validate@0.1.5`: - Use correct, lower username length limit. - ([@aredridel](https://github.com/aredridel)) -* [`f918994`](https://github.com/npm/npm/commit/f918994bd05ca965766cd573606ac35fb3032d6e) - `request@2.74.0`: - Update `request` dependency `tough-cookie` to `2.3.0` to - to address [https://nodesecurity.io/advisories/130](https://nodesecurity.io/advisories/130). - Versions 0.9.7 through 2.2.2 contain a vulnerable regular expression that, - under certain conditions involving long strings of semicolons in the - "Set-Cookie" header, causes the event loop to block for excessive amounts of - time. - ([@stash-sfdc](https://github.com/stash-sfdc)) -* [`5540cc4`](https://github.com/npm/npm/commit/5540cc4d6bde65071fb6fc2cb074e8598bd1276f) - [isaacs/rimraf#111](https://github.com/isaacs/rimraf/issues/111) - `rimraf@2.5.4`: Clarify assertions: cb is required, options are not. - ([@isaacs](https://github.com/isaacs)) -* [`6357928`](https://github.com/npm/npm/commit/6357928673be85f520dae2104fea58c35742bd65) - `spdx-license-ids@1.2.2`: - New licenses synced from spdx.org. - ([@shinnn](https://github.com/shinnn)) - -### v2.15.9 (2016-06-30): - -What's this? An LTS release? Yes, that is indeed so. Small, as usual, and as -LTSs should be, really, but a release nonetheless! - -The star of the show is an updated `node-gyp` with some goodies. The rest is -just docs and some CI stuff. - -Happy hacking! - -#### DEPENDENCY UPDATE! - -* [`f9a07cc`](https://github.com/npm/npm/commit/f9a07cc873f1915827d8df97d0c43204d1eb128c) - [#13200](https://github.com/npm/npm/pull/13200) - [`node-gyp@3.4.0`](https://github.com/nodejs/node-gyp/blob/master/CHANGELOG.md): - AIX, Visual Studio 2015, and logging improvements. Oh my~! - ([@rvagg](https://github.com/rvagg)) - -#### CI TWEAKS - -* [`bee83b8`](https://github.com/npm/npm/commit/bee83b8500c31aba65451dfcb082f9b5d1d5ce34) - Globally install `rimraf` on CI to make the LTS self-install work better. - ([@othiym23](https://github.com/othiym23)) -* [`6b8c0ab`](https://github.com/npm/npm/commit/6b8c0ab6fcbf8a37e8693acb8bbac22293b10893) - This new Travis configuration only runs coverage checks against Node.js LTS, - which speeds up all the other test runs. By, like, a lot. Also, the entire - file has been extensively commented, so the next time we need to mess with it, - we'll be able to better remember why all the weird bits are there. - ([@othiym23](https://github.com/othiym23)) - -#### DOCUMENTATION FIXES - -* [`2c7a5be`](https://github.com/npm/npm/commit/2c7a5be080276e3fdca3375ab0f8f5edffff753e) - [#13156](https://github.com/npm/npm/pull/13156) - Fix old reference to `doc/install` in a source comment. - ([@sheerun](https://github.com/sheerun)) -* [`e1cf78c`](https://github.com/npm/npm/commit/e1cf78c5b77f95383bd4a7fc6eeb8adbbe68e12e) - [#13189](https://github.com/npm/npm/pull/13189) - [#13113](https://github.com/npm/npm/issues/13113) - [#13189](https://github.com/npm/npm/pull/13189) - Fixes a link to `npm-tag(3)` that was breaking to instead point to - `npm-dist-tag(1)`, as reported by [@SimenB](https://github.com/SimenB) - ([@macdonst](https://github.com/macdonst)) - -### v2.15.8 (2016-06-17): - -There's a very important bug fix and a long-awaited (and significant!) -deprecation in this hotfix release. [Hold on.](http://butt.holdings/) - -#### *WHOA* - -When Node.js 6.0.0 was released, the CLI team noticed an alarming upsurge in -bugs related to important files (like `README.md`) not being included in -published packages. The new bugs looked much like -[#5082](https://github.com/npm/npm/issues/5082), which had been around in one -form or another since April, 2014. #5082 used to be a very rare (and obnoxious) -bug that the CLI team hadn't had much luck reproducing, and we'd basically -marked it down as a race condition that arose on machines using slow and / or -rotating-media-based hard drives. - -Under 6.0.0, the behavior was reliable enough to be nearly deterministic, and -made it very difficult for publishers using `.npmignore` files in combination -with `"files"` stanzas in `package.json` to get their packages onto the -registry without one or more files missing from the packed tarball. The entire -saga is contained within [the issue](https://github.com/npm/npm/issues/5082), -but the summary is that an improvement to the performance of -[`fs.realpath()`](https://nodejs.org/api/fs.html#fs_fs_realpath_path_options_callback) -made it much more likely that the packing code would lose the race. - -Fixing this has proven to be very difficult, in part because the code used by -npm to produce package tarballs is more complicated than, strictly speaking, it -needs to be. [**@evanlucas**](https://github.com/evanlucas) contributed [a -patch](https://github.com/npm/fstream/pull/50) that passed the tests in a -[special test suite](https://github.com/othiym23/eliminate-5082) that I -([**@othiym23**](https://github.com/othiym23)) created (with help from -[**@addaleax**](https://github.com/addaleax)), but only _after_ we'd released -the fixed version of that package did we learn that it actually made the -problem _worse_ in other situations in npm proper. Eventually, -[**@rvagg**](https://github.com/rvagg) put together a more durable fix that -appears to completely address the errant behavior under Node.js 6.0.0. That's -the patch included in this release. Everybody should chip in for redback -insurance for Rod and his family; he's done the community a huge favor. - -Does this mean the long (2+ year) saga of #5082 is now over? At this point, I'm -going to quote from my latest summary on the issue: - -> The CLI team (mostly me, with input from the rest of the team) has decided that -> the overall complexity of the interaction between `fstream`, `fstream-ignore`, -> `fstream-npm`, and `node-tar` has grown more convoluted than the team is -> comfortable (maybe even capable of) supporting. -> -> - While I believe that @rvagg's (very targeted) fix addresses _this_ issue, I -> would be shocked if there aren't other race conditions in npm's packing -> logic. I've already identified a couple other places in the code that are -> most likely race conditions, even if they're harder to trigger than the -> current one. -> - The way that dependency bundling is integrated leads to a situation in -> which a bunch of logic is duplicated between `fstream-npm` and -> `lib/utils/tar.js` in npm itself, and the way `fstream`'s extension -> mechanism works makes this difficult to clean up. This caused a nasty -> regression ([#13088](https://github.com/npm/fstream/pull/50), see below) as -> of ~`npm@3.8.7` where the dependencies of `bundledDependencies` were no -> longer being included in the built package tarballs. -> - The interaction between `.npmignore`, `.gitignore`, and `files` is hopelessly -> complicated, scattered in many places throughout the code. We've been -> discussing [making the ignores and includes logic clearer and more -> predictable](https://github.com/npm/npm/wiki/Files-and-Ignores), and the -> current code fights our efforts to clean that up. -> -> So, our intention is still to replace `fstream`, `fstream-ignore`, and -> `fstream-npm` with something much simpler and purpose-built. There's no real -> reason to have a stream abstraction here when a simple recursive-descent -> filesystem visitor and a synchronous function that can answer whether a given -> path should be included in the packed tarball would do the job adequately. -> -> What's not yet clear is whether we'll need to replace `node-tar` in the -> process. `node-tar` is a very robust implementation of tar (it handles, like, -> everything), and it also includes some very important tweaks to prevent several -> classes of security exploits involving maliciously crafted packages. However, -> its packing API involves passing in an `fstream` instance, so we'd either need -> to produce something that follows enough of `fstream`'s contract for `node-tar` -> to keep working, or swap `node-tar` out for something like `tar-stream` (and -> then ensuring that our use of `tar-stream` is secure, which could involve -> security patches for either npm or `tar-stream`). - -The testing and review of `fstream@1.0.10` that the team has done leads us to -believe that this bug is fixed, but I'm feeling more than a little paranoid -about fstream now, so it's important that people keep a close eye on their -publishes for a while and let us know immediately if they notice any -irregularities. - -* [`2c49265`](https://github.com/npm/npm/commit/2c49265c6746d29ae0cd5f3532d28c5950f9847e) - [#5082](https://github.com/npm/npm/issues/5082) `fstream@1.0.10`: Ensure that - entries are collected after a paused stream resumes. - ([@rvagg](https://github.com/rvagg)) -* [`92e4344`](https://github.com/npm/npm/commit/92e43444d9204f749f83512aeab5d5e0a2d085a7) - [#5082](https://github.com/npm/npm/issues/5082) Remove the warning introduced - in `npm@3.10.0`, because it should no longer be necessary. - ([@othiym23](https://github.com/othiym23)) - -#### GOODBYE, FAITHFUL FRIEND - -At NodeConf Adventure 2016 (RIP in peace, Mikeal Rogers's NodeConf!), the CLI -team had an opportunity to talk to representatives from some of the larger -companies that we knew were still using Node.js 0.8 in production. After asking -them whether they were still using 0.8, we got back blank stares and questions -like, "0.8? You mean, from four years ago?" After establishing that being able -to run npm in their legacy environments was no longer necessary, the CLI team -made the decision to drop support for 0.8. (Faithful observers of our [team -meetings](https://github.com/npm/npm/issues?utf8=%E2%9C%93&q=is%3Aissue+npm+cli+team+meeting+) -will have known this was the plan for NodeConf since the beginning of 2016.) - -In practice, this means only what's in the commit below: we've removed 0.8 from -our continuous integration test matrix below, and will no longer be habitually -testing changes under Node 0.8. We may also give ourselves permission to use -`setImmediate()` in test code. However, since the project still supports -Node.js 0.10 and 0.12, it's unlikely that patches that rely on ES 2015 -functionality will land anytime soon. - -Looking forward, the team's current plan is to drop support for Node.js 0.10 -when its LTS maintenance window expires in October, 2016, and 0.12 when its -maintenance / LTS window ends at the end of 2016. We will also drop support for -Node.js 5.x when Node.js 6 becomes LTS and Node.js 7 is released, also in the -October-December 2016 timeframe. - -(Confused about Node.js's LTS policy? [Don't -be!](https://github.com/nodejs/LTS) If you look at [this -diagram](https://github.com/nodejs/LTS/blob/ce364a94b0e0619eba570cd57be396573e1ef889/schedule.png), -it should make all of the preceding clear.) - -If, in practice, this doesn't work with distribution packagers or other -community stakeholders responsible for packaging and distributing Node.js and -npm, please reach out to us. Aligning the npm CLI's LTS policy with Node's -helps everybody minimize the amount of work they need to do, and since all of -our teams are small and very busy, this is somewhere between a necessity and -non-negotiable. - -* [`4a1ecc0`](https://github.com/npm/npm/commit/4a1ecc068fb2660bd9bc3e2e2372aa0176d2193b) - Remove 0.8 from the Node.js testing matrix, and reorder to match real-world - priority, with comments. ([@othiym23](https://github.com/othiym23)) - -### v2.15.7 (2016-06-16): - -It pains me greatly that we haven't been able to fix -[#5082](https://github.com/npm/npm/issues/5082) yet, but warning you away from -potentially publishing incomplete packages takes priority over feeling cheesy -about landing a warning to help keep y'all out of trouble, so here you go -(_please read this next bit_ (_please clap_)): - -#### DANGER: PUBLISHING ON NODE 6.0.0 - -Publishing and packing are buggy under Node versions greater than 6.0.0. -Please use Node.js LTS (4.4.x) to publish packages. See -[#5082](https://github.com/npm/npm/issues/5082) for details and current -status. - -* [`dff00ce`](https://github.com/npm/npm/commit/dff00cedd56b9c04370f840299a7e657a7a835c6) - [#13077](https://github.com/npm/npm/pull/13077) - Warn when using Node 6+. - ([@othiym23](https://github.com/othiym23)) - -#### PACKAGING CHANGES - -* [`1877171`](https://github.com/npm/npm/commit/1877171648e20595a82de34073b643f7e01a339f) - [#12873](https://github.com/npm/npm/issues/12873) - Ignore `.nyc_output`. This will help avoid an accidental publish or commit filled with - code coverage data. - ([@TheAlphaNerd](https://github.com/TheAlphaNerd)) - -#### DOCUMENTATION CHANGES - -* [`470ae86`](https://github.com/npm/npm/commit/470ae86e052ae2f29ebec15b7547230b6240042e) - [#12983](https://github.com/npm/npm/pull/12983) - Describe how to run the lifecycle scripts of dependencies. How you do - this changed with `npm` v2. - ([@Tapppi](https://github.com/Tapppi)) -* [`9cedf37`](https://github.com/npm/npm/commit/9cedf37e5a3e26d0ffd6351af8cac974e3e011c2) - [#12776](https://github.com/npm/npm/pull/12776) - Remove mention of `<pkg>` arg for `run-script`. - ([@fibo](https://github.com/fibo)) -* [`55b8424`](https://github.com/npm/npm/commit/55b8424d7229f2021cac55f0b03de72403e7c0ff) - [#12840](https://github.com/npm/npm/pull/12840) - Remove sexualized language from comment. - ([@geek](https://github.com/geek)) -* [`d6bf0c3`](https://github.com/npm/npm/commit/d6bf0c393788a6398bf80b41c57956f2dbcf3b39) - [#12802](https://github.com/npm/npm/pull/12802) - Small grammar fix in `doc/cli/npm.md`. - ([@andresilveira](https://github.com/andresilveira)) - -#### DEPENDENCY UPDATES - -* [`2c2c568`](https://github.com/npm/npm/commit/2c2c56857ff801d5fe1b6d3157870cd16e65891b) - `readable-stream@2.1.4`: Brought up to date with Node 6.1.0's streams implementation. - ([@calvinmetcalf](https://github.com/calvinmetcalf)) -* [`d682e64`](https://github.com/npm/npm/commit/d682e6445845b0a2584935d5e2942409c43f6916) - [npm/npm-user-validate#8](https://github.com/npm/npm-user-validate/pull/8) - `npm-user-validate@0.1.4`: Add a maximum length limit for usernames based on - the (arbitrary) limit imposed by the primary npm registry. - ([@aredridel](https://github.com/aredridel)) -* [`448b65b`](https://github.com/npm/npm/commit/448b65b48cda3b782b714057fb4b8311cc1fa36a) - `which@1.2.10`: Remove unused dependency `is-absolute`, bug fixes. - ([@isaacs](https://github.com/isaacs)) -* [`7d15434`](https://github.com/npm/npm/commit/7d15434f0b0af8e70b119835b21968217224664f) - `require-inject@1.4.0`: Add `requireInject.withEmptyCache` and - `requireInject.installGlobally.andClearCache` to support loading modules to be - injected with an empty cache. - ([@iarna](https://github.com/iarna)) -* [`31845c0`](https://github.com/npm/npm/commit/31845c081bc6f3f8a2f3d83a3c792dccffbaa2a8) - `init-package-json@1.9.4`: - Replace use of reserved identifier `package` in, uh, the package. - ([@adius](https://github.com/adius)) -* [`d73ef3e`](https://github.com/npm/npm/commit/d73ef3e6b18d4905de668c5115bc6042905a02d9) - `glob@7.0.4`: Use userland `fs.realpath` implementation to get glob working under Node 6. - ([@isaacs](https://github.com/isaacs)) -* [`b47da85`](https://github.com/npm/npm/commit/b47da85cf83b946f2c8d29ab612c92028f31f6b0) - `inflight@1.0.5`: Correct link to package repository, add `"files"` stanza. - ([@iarna](https://github.com/iarna), [@jamestalmage](https://github.com/jamestalmage)) -* [`04815e4`](https://github.com/npm/npm/commit/04815e436035de785279fd000cdbc821cc1f3447) - [npm/npmlog#32](https://github.com/npm/npmlog/pull/32) - `npmlog@2.0.4`: Add `"files"` stanza to `package.json`. - ([@jamestalmage](https://github.com/jamestalmage)) -* [`9e29ad2`](https://github.com/npm/npm/commit/9e29ad227300bb970e7bcd21029944d4733e40db) - `wrappy@1.0.2`: Add `"files"` stanza to `package.json`. - ([@jamestalmage](https://github.com/jamestalmage)) -* [`44af4d4`](https://github.com/npm/npm/commit/44af4d475ac65bdce6d088173273ce4a4f74a49e) - `abbrev@1.0.9` ([@jorrit](https://github.com/jorrit)) -* [`6c977c0`](https://github.com/npm/npm/commit/6c977c0031d074479a26c7bec6ec83fd6c6526b2) - `npm-registry-client@7.1.2`: Add support for newer versions of `npmlog`. - ([@iarna](https://github.com/iarna)) - -### v2.15.6 (2016-05-12): - -I have a couple of doc fixes and a shrinkwrap fix for you all this week. - -#### PEER DEPENDENCIES AND SHRINKWRAPS - -* [`55c998a`](https://github.com/npm/npm/commit/55c998a098a306b90a84beef163a8890f9a616b1) - [#5135](https://github.com/npm/npm/issues/5135) - Fix a bug where peerDependencies & shrinkwraps didn't play nice together. (Where - the peerDependency resolver would end up installing its dep when it wasn't needed.) - ([@majgis](https://github.com/majgis)) - -#### NPM AND `node-gyp` DOCS IMPROVEMENTS - -* [`1826908`](https://github.com/npm/npm/commit/1826908b991510d8fbc71a0d0f2c01ff24fd83c2) - [#12636](https://github.com/npm/npm/pull/12636) - Improve `npm-scripts` documentation regarding when `node-gyp` is used. - ([@reconbot](https://github.com/reconbot)) -* [`f9ff7f3`](https://github.com/npm/npm/commit/f9ff7f36cc2c2c3fbb4f6eef91491b589d049d5f) - [#12586](https://github.com/npm/npm/pull/12586) - Correct `package.json` documentation as to when `node-gyp rebuild` called. - This now matches https://docs.npmjs.com/misc/scripts#default-values - ([@reconbot](https://github.com/reconbot)) - -### v2.15.5 (2016-05-05): - -This is a minor LTS release, bringing dependencies up to date and updating -our CI matrix to match what we support. - -Some of the dependency updates come out of our getting the development -branch's tests passing on Windows and so bring in fixes for a few Windows -related corner cases. - -#### CI UPDATES - -* [`bb6f0e5`](https://github.com/npm/npm/commit/bb6f0e5c95d4ad186768b1c962dd4c399f90ddb1) - [#12487](https://github.com/npm/npm/pull/12487) - Remove iojs from CI, add Node.js 6, prioritize 4 over 5. - ([@othiym23](https://github.com/othiym23)) - -#### DEPENDENCY UPDATES - -* [`f2f8753`](https://github.com/npm/npm/commit/f2f8753c4aef2a604a4bdca2677711c940234b8f) - `which@1.2.8`: - Properly handle relative path executables. - ([@isaacs](https://github.com/isaacs)) -* [`e287ca9`](https://github.com/npm/npm/commit/e287ca99c37680d8e4cfacf4cfebe2da98884865) - `read-package-json@2.0.4`: - Fix Windows issue with ENOTDIR detection. - ([@zkat](https://github.com/zkat)) -* [`1a0ce6c`](https://github.com/npm/npm/commit/1a0ce6cff4c347bad035dc89bba2ceed9dacbf73) - `realize-package-specifier@3.0.3`: - Use npa with windows fix. - Fix relative path resolution when the local file might also be a tag. - ([@zkat](https://github.com/zkat)) - ([@iarna](https://github.com/iarna)) -* [`a475c9a`](https://github.com/npm/npm/commit/a475c9a4e4b36d00080b11f379657ce68185adc6) - `lru-cache@4.0.1`: - Use Symbol if available. - ([@isaacs](https://github.com/isaacs)) -* [`7141e08`](https://github.com/npm/npm/commit/7141e08816c620b1889d7537c30dc5b254de4d1f) - `sorted-object@2.0.0` - ([@iamstarkov](https://github.com/iamstarkov)) -* [`27c6190`](https://github.com/npm/npm/commit/27c6190216cc8a5a280f0efbabb3444581968d40) - `request@2.72.0` - ([@simov](https://github.com/simov)) -* [`ab90daf`](https://github.com/npm/npm/commit/ab90daf70ba51b51f722fb4cd74ac5267621c4b4) - `readable-stream@2.1.2` - ([@calvinmetcalf](https://github.com/calvinmetcalf)) -* [`b1715f8`](https://github.com/npm/npm/commit/b1715f805426403273225bcfa91d1a52d7b56eb8) - `graceful-fs@4.1.4` - ([@isaacs](https://github.com/isaacs)) -* [`ca97de6`](https://github.com/npm/npm/commit/ca97de6c18059ef420235f4706898ad8758904e6) - `block-stream@0.0.9` - ([@isaacs](https://github.com/isaacs)) - -### v2.15.4 (2016-04-21): - -Gosh, it's been a peaceful couple of weeks! - -Overall, the CLI team has been focused on the project to [get the test suite -passing on Windows](https://github.com/npm/npm/pull/11444). Our efforts should -be paying off soon -- there's only a couple of tests left! - -It's very unlikely those particular changes will make their way into our current -`npm@2` LTS release, I think, but it will help `npm@3` a lot, as well as -whatever version makes it into [`node@6`, which will eventually be the next -Node.js LTS](https://github.com/nodejs/node/pull/6155). - -As far as this week goes, we've got a couple of dep updates and doc fixes. -Always happy to see community contributions flying in. 💚 - -#### DEP UPDATE MAGIC - -* [`b178c4a`](https://github.com/npm/npm/commit/b178c4ac9ce91c0a0794526a38b553c759132d18) - `spdx-license-ids@1.2.1`: - Minor project-related tweaks -- no license changes. - ([@shinnn](https://github.com/shinnn)) -* [`1adf179`](https://github.com/npm/npm/commit/1adf179948ab8cb97dfb2f46a61e9f37d944c42a) - `normalize-git-url@3.0.2`: - Fixes `file://` URLs on Windows. Turns out stuff like `file://C:\hello` is - actually fairly weird for a URL (it's not actually a valid URL, but we're just - gonna pretend.😉) - ([@zkat](https://github.com/zkat)) -* [`9cfd56c`](https://github.com/npm/npm/commit/9cfd56cdadc040c0b2fa7654cdb5e7d22dbef7cb) - `fs-vacuum@1.2.9`: - This one goes out to our fans at Big Blue: There was an AIX-specific issue - where `fs.rmDir` was failing with `EEXIST` instead of `ENOTEMPTY` with - non-empty directories. - ([@richardlau](https://github.com/richardlau)) - -#### HOORAY DOC CONTRIBUTIONS - -No seriously, we love these. Keep 'em comin'! - -* [`2afe8bf`](https://github.com/npm/npm/commit/2afe8bf415a159baa181a8102f72c96e1d189bc9) - [#12415](https://github.com/npm/npm/pull/12415) - Clarify that the `--cert` and `--key` options are actual certs and keys, not - paths to files containing them. - ([@rvedotrc](https://github.com/rvedotrc)) -* [`3522560`](https://github.com/npm/npm/commit/3522560b0a4bb6c9717a34f9728f156fd9760cad) - [#12107](https://github.com/npm/npm/pull/12107) - Document `npm login` as an alias to `npm adduser`. People are still surprised - by this so often. - ([@gnerkus](https://github.com/gnerkus)) - -### v2.15.3 (2016-03-31): - -Hiiiiiii!~👋 - -We're really happy to be getting more and more community contributions! Keep it -up! We really appreciate folks trying to help us, and we'll do our best to help -point you in the right direction. Even things like documentation are a huge -help. And remember -- you get socks for it, too!🎁 - -This week is as quiet as usual, aside from fixing a regression to `npm -deprecate` you might want to pay attention to! Other than that, just docs and -deps, as any good LTS release train should be. 🙆 - -#### FIXME - -* [`6e0b66e`](https://github.com/npm/npm/commit/6e0b66e282aa27d1b5371e2babaa859924121730) - [#11884](https://github.com/npm/npm/pull/11884) - Include `node_modules` in the list of files and directories that npm won't - include in packages ordinarily. (Modules listed in `bundledDependencies` and - things that those modules rely on, ARE included of course.) - ([@Jameskmonger](https://github.com/Jameskmonger)) -* [`9896290`](https://github.com/npm/npm/commit/98962909b160364030705575202ad133971033c1) - [#12079](https://github.com/npm/npm/pull/12079) - Back in `npm@2.13.1` we included [a patch that made it so `npm install pkg` - was basically `npm install pkg@latest` instead of - `pkg@*`](https://github.com/npm/npm/pull/9170) This is probably what most - users expected, but it also ended up [breaking `npm - deprecate`](https://github.com/npm/npm/pull/9170) when no version was provided - for a package. In that case, we were using `*` to mean "deprecate all - versions" and relying on the `pkg` -> `pkg@*` conversion. This patch fixes - `npm deprecate pkg` to work as it used to by special casing that particular - command's behavior. - ([@polm](https://github.com/polm)) -* [`6c1628f`](https://github.com/npm/npm/commit/6c1628f62b657db6c116be13849d00933a3388cd) - [#12146](https://github.com/npm/npm/pull/12146) - Adds `make doc-clean` to `prepublish` script, to clear out previously built - docs before publishing a new npm version. - ([@watilde](https://github.com/watilde)) -* [`6d3017e`](https://github.com/npm/npm/commit/6d3017e6eed8a771b395d10130ac1f498e2d3211) - [#12146](https://github.com/npm/npm/pull/12146) - Adds `doc-clean` phony target to `make publish`. - ([@watilde](https://github.com/watilde)) - -#### DOCS - -* [`d43921c`](https://github.com/npm/npm/commit/d43921c546617cdb94bbee444d7d67ef55f38dc5) - [#12147](https://github.com/npm/npm/pull/12147) - Document that the current behavior of `engines` is just to warn if the node - platform is incompatible. - ([@reconbot](https://github.com/reconbot)) -* [`3cfe99e`](https://github.com/npm/npm/commit/3cfe99e3a757c5d8cbb1c2789410e9802563abac) - [#12093](https://github.com/npm/npm/pull/12093) - Update `bugs` url in `package.json` to use the `https` URL for Github. - ([@watilde](https://github.com/watilde)) -* [`ecf865f`](https://github.com/npm/npm/commit/ecf865f4eed1419c75442e0d52bc34ba1647de15) - [#12075](https://github.com/npm/npm/pull/12075) - Add the `--ignore-scripts` flag to the `npm install` docs. - ([@paulirish](https://github.com/paulirish)) -* [`f0e6db3`](https://github.com/npm/npm/commit/f0e6db32827d88680ef2320e60c0863754a4fbc5) - [#12063](https://github.com/npm/npm/pull/12063) - Various minor fixes to the html docs homepage. - ([@watilde](https://github.com/watilde)) - -#### DEPS - -* [`e2660de`](https://github.com/npm/npm/commit/e2660de1c08ed68a1c6fc4ee75d10376595979be) - `npmlog@2.0.3` - ([@iarna](https://github.com/iarna)) - -### v2.15.2 (2016-03-24): - -It's always nice to see new contributors. 💚 - -This week sees another small release, but we're still chugging along on our -[Windows efforts](https://github.com/npm/npm/pull/11444). - -There's also some small process changes to our LTS process relatively recently -that you might wanna know about! 💁 - -For one, the `2.x` branch was removed in favor of just `lts`. If you're making -PRs exclusively against npm's LTS, please use that name from now on. `2.x` was -deleted. - -Also, [@othiym23](https://github.com/othiym23) put some time into [writing down -our LTS process and policy](https://github.com/npm/npm/wiki/LTS). Check it out -and ping us if you have questions or comments about it! - -In general, we're trying to make sure all our policy and such for our -contributors is written down, and we hope it makes it easier in general for -y'all. Forrest is also working on a shiny new Contributor's Guide right now, but -we'll link to that in the (near?) future, when it's ready to roll out. - -#### TESTS - -* [`1d0e468`](https://github.com/npm/npm/commit/1d0e468c06c7b8e2b95b7fe874a3399a16d9db74) - [#11931](https://github.com/npm/npm/pull/11931) - Removes a bunch of old, disabled tests that have just been sitting around, - doing nothing. - ([@othiym23](https://github.com/othiym23)) -* [`7ae8aa1`](https://github.com/npm/npm/commit/7ae8aa1d9dc47761024f6756114205db3fb2c80b) - [#11987](https://github.com/npm/npm/pull/11987) - There was a failure in the `outdated-symlink` test caused by using the default - registry instead of the mock registry tests. - ([@yodeyer](https://github.com/yodeyer)) - -#### DOCS - -* [`b2649fb`](https://github.com/npm/npm/commit/b2649fb360f239aadef1ab51a580cbf4fdf29722) - [#12006](https://github.com/npm/npm/pull/12006) - Access was Team and Team was Access, but someone from the community rolled - around and corrected it for us. Thanks a bunch! - ([@yaelz](https://github.com/yaelz)) - -### v2.15.1 (2016-03-17): - -#### SECURITY ADVISORY: BEARER TOKEN DISCLOSURE - -This release includes [the fix for a -vulnerability](https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401) -that could cause the unintentional leakage of bearer tokens. - -Here are details on this vulnerability and how it affects you. - -##### DETAILS - -Since 2014, npm’s registry has used HTTP bearer tokens to authenticate requests -from the npm’s command-line interface. A design flaw meant that the CLI was -sending these bearer tokens with _every_ request made by logged-in users, -regardless of the destination of their request. (The bearers only should have -been included for requests made against a registry or registries used for the -current install.) - -An attacker could exploit this flaw by setting up an HTTP server that could -collect authentication information, then use this authentication information to -impersonate the users whose tokens they collected. This impersonation would -allow them to do anything the compromised users could do, including publishing -new versions of packages. - -With the fixes we’ve released, the CLI will only send bearer tokens with -requests made against a registry. - -##### THINK YOU'RE AT RISK? REGENERATE YOUR TOKENS - -If you believe that your bearer token may have been leaked, [invalidate your -current npm bearer tokens](https://www.npmjs.com/settings/tokens) and rerun -`npm login` to generate new tokens. Keep in mind that this may cause continuous -integration builds in services like Travis to break, in which case you’ll need -to update the tokens in your CI server’s configuration. - -##### WILL THIS BREAK MY CURRENT SETUP? - -Maybe. - -npm’s CLI team believes that the fix won’t break any existing registry setups. -Due to the large number of registry software suites out in the wild, though, -it’s possible our change will be breaking in some cases. - -If so, please [file an issue](https://github.com/npm/npm/issues/new) describing -the software you’re using and how it broke. Our team will work with you to -mitigate the breakage. - -##### CREDIT & THANKS - -Thanks to Mitar, Will White & the team at Mapbox, Max Motovilov, and James -Taylor for reporting this vulnerability to npm. - -### BACK TO YOUR REGULARLY SCHEDULED PROGRAMMING - -Aside from that, it's another one of those releases again! Docs and tests, it -turns out, have a pretty easy time getting into LTS releases, and boring is -exactly how LTS should be. 💁 - -#### DOCS - -* [`981c89c`](https://github.com/npm/npm/commit/981c89c8e398ca22ab6bf466123b25728ef6f543) - [#11820](https://github.com/npm/npm/pull/11820) - The basic explanation for how `npm link` works was a bit confusing, and - somewhat incorrect. It should be clearer now. - ([@rhgb](https://github.com/rhgb)) -* [`35b2b45`](https://github.com/npm/npm/commit/35b2b45f181dcbfb297f53b577dc1f26efcf3aba) - [#11787](https://github.com/npm/npm/pull/11787) - The `verison` alias for `npm version` no longer shows up in the command list - when you do `npm -h`. - ([@doug-wade](https://github.com/doug-wade)) -* [`1c9d00f`](https://github.com/npm/npm/commit/1c9d00f788298a81a8a7293d7dcf430f01bdd7fd) - [#11786](https://github.com/npm/npm/pull/11786) - Add a comment to the `npm-scope.md` docs about `npm@>=2` being required in - order to use scoped packaged. - ([@doug-wade](https://github.com/doug-wade)) -* [`7d64fb1`](https://github.com/npm/npm/commit/7d64fb1452d360aa736f31c85d6776ce570b2365) - [#11762](https://github.com/npm/npm/pull/11762) - Roll back patch that previously advised people to use `--depth Infinity` - instead of `--depth 9999`. Just keep using `--depth 9999`. - ([@GriffinSchneider](https://github.com/GriffinSchneider)) - -#### TESTS - -* [`98a9ee4`](https://github.com/npm/npm/commit/98a9ee4773f83994b8eb63c0ff75a9283408ba1a) - [#11912](https://github.com/npm/npm/pull/11912) - Did you know npm can install itself? `npm install -g npm` is the way to - upgrade! Turns out that one of the tests that verified this functionality got - rewritten as part of our recent push for better tests, and in the process - omitted a detail about *how* the test ran. We're testing that corner case - again, now, by moving the install folder to `/tmp`, where the original legacy - test ran. - ([@iarna](https://github.com/iarna)) - -### v2.15.0 (2016-03-10): - -#### WHY IS THIS SEMVER-MINOR I THOUGHT THIS WAS LTS - -A brief note about LTS this week! - -npm, as you may know if you're using this `2.x` branch, has an LTS process for -releases. We also try and play nice with [Node.js' own LTS release -process](https://github.com/nodejs/LTS#lts-plan). That means we generally try to -avoid things like minor version bumps on our `2.x` branch (which is also tagged -`lts` in the `dist-tag`s). - -That said, we had a minor-bump update recently for `npm@3.8.0` which added a -`maxsockets` option to allow users to configure the number of concurrent sockets -that npm would keep open at a time -- a setting that has the potential to help a -bunch for people with fussy routers or internet connections that aren't very -happy with Node.js applications' usual concurrency storm. This change was done -to `npm-registry-client`, which we don't have a parallel LTS-tracking branch -for. - -After talking it over, we ended up deciding that this was a reasonable enough -addition to LTS, even though it's *technically* a `semver-minor` bump, taking -into account both its potential for bugfixing (specially on `2.x`!) and the -general hassle it would be to maintain another branch for `npm-registry-client`. - - -* [`6dd61e7`](https://github.com/npm/npm/commit/6dd61e781c145480dc255a3e6a748729868443fd) - Expose `maxsockets` config setting from new `npm-registry-client`. - ([@misterbyrne](https://github.com/misterbyrne)) -* [`8a021c3`](https://github.com/npm/npm/commit/8a021c35184e665bd1f3f70ae2f478af812ab614) - `npm-registry-client@7.1.0`: - Adds support for configuring the max number of concurrent sockets, defaulting - to `50`. - ([@iarna](https://github.com/iarna)) - -#### DOC PATCH IS HERE TOO - -* [`0ae9f74`](https://github.com/npm/npm/commit/0ae9f740001a1bdf5920bc464cf9e284d5d139f0) - [#11748](https://github.com/npm/npm/pull/11748) - Add command aliases as a separate section in documentation for npm - subcommands. - ([@watilde](https://github.com/watilde)) - -#### DEP UPDATES - -* [`bfc3888`](https://github.com/npm/npm/commit/bfc38887f832f701c16b7ee410c4e0220a90399f) - `strip-ansi@3.0.1` - ([@jbnicolai](https://github.com/jbnicolai)) -* [`d5f4d51`](https://github.com/npm/npm/commit/d5f4d51a1b7ea78d7431c7ed4fed30200b2622f8) - `node-gyp@3.3.1`: Fixes Android generator - ([@bnoordhuis](https://github.com/bnoordhuis)) -* [`4119df8`](https://github.com/npm/npm/commit/4119df8aecd2ae57b0492ad8c9a480d900833008) - `glob@7.0.3`: Some path-related fixes for Windows. - ([@isaacs](https://github.com/isaacs)) - -### v2.14.22 (2016-03-03): - -This week is all documentation improvements. In case you hadn't noticed, we -*love* doc patches. We love them so much, we give socks away if you submit -documentation PRs! - -These folks are all getting socks if they ask for them. The socks are -super-sweet. Do you have yours yet? 👣 - -* [`3f3c7d0`](https://github.com/npm/npm/commit/3f3c7d080f052a5db91ff6091f8b1b13f26b53d6) - [#11441](https://github.com/npm/npm/pull/11441) - Add a link to the [Contribution - Guidelines](https://github.com/npm/npm/wiki/Contributing-Guidelines) to the - main npm docs. - ([@watilde](https://github.com/watilde)) -* [`9f87bb1`](https://github.com/npm/npm/commit/9f87bb1934acb33b678c17b7827165b17c071a82) - [#11441](https://github.com/npm/npm/pull/11441) - Remove Google Group email from npm docs about contributing. - ([@watilde](https://github.com/watilde)) -* [`93eaab3`](https://github.com/npm/npm/commit/93eaab3ee5ad16c7d90d1a4b38a95403fcf3f0f6) - [#11474](https://github.com/npm/npm/pull/11474) - Fix an invalid JSON error overlooked in - [#11196](https://github.com/npm/npm/pull/11196). - ([@robludwig](https://github.com/robludwig)) -* [`a407ca2`](https://github.com/npm/npm/commit/a407ca2bcf6a05117e55cf2ab69376e09094995e) - [#11483](https://github.com/npm/npm/pull/11483) - Add more details and an example to the documentation for bundledDependencies. - ([@gnerkus](https://github.com/gnerkus)) -* [`2c851a2`](https://github.com/npm/npm/commit/2c851a231afd874baa77c42ea5ba539c454ac79c) - [#11490](https://github.com/npm/npm/pull/11490) - Document the `--registry` flag for `npm search`. - ([@plumlee](https://github.com/plumlee)) - -### v2.14.21 (2016-02-25): - -Good news, everyone! There's a new LTS release with a few shinies here and there! - -#### USE THIS ONE INSTEAD - -We had some cases where the versions of npm and node used in some scripting situations were different than the ideal, or what folks actually expected. These should be particularly helpful to our Windows friends! <3 - -* [`02813c5`](https://github.com/npm/npm/commit/02813c55782a9def23f7f1e614edc38c6c88aed3) [#9253](https://github.com/npm/npm/issues/9253) Fix a bug where, when running lifecycle scripts, if the Node.js binary you ran `npm` with wasn't in your `PATH`, `npm` wouldn't use it to run your scripts. ([@segrey](https://github.com/segrey) and [@narqo](https://github.com/narqo)) -* [`a985dd5`](https://github.com/npm/npm/commit/a985dd50e06ee51ba5544577f977c7440c227ba2) [#11526](https://github.com/npm/npm/pull/11526) Prefer locally installed npm in Git Bash -- previous behavior was to use the global one. This was done previously for other shells, but not for Git Bash. ([@destroyerofbuilds](https://github.com/destroyerofbuilds)) - -#### SOCKS FOR THE SOCK GOD - -* [`f961092`](https://github.com/npm/npm/commit/f9610920079d8b88ae464b30007a92c594bd85a8) - [#11636.](https://github.com/npm/npm/issues/11636.) - Document the `--save-bundle` option for `npm install`. - ([@datyayu](https://github.com/datyayu)) -* [`7c908b6`](https://github.com/npm/npm/commit/7c908b618f7123f0a3b860c71eb779e33df35964) - [#11644](https://github.com/npm/npm/pull/11644) - Add documentation for the `test` directory for packages. - ([@lewiscowper](https://github.com/lewiscowper)) - -#### INTERNAL TEST IMPROVEMENTS - -The npm CLI team's time recently has been sunk into npm's many years of tech debt. Specifically, we've been working on improving the test suite. This isn't user visible, but in future should mean a more stable, easier to contribute to npm. Ordinarily we don't report these kinds of changes in the change log, but I thought I might share this week as this chunk is bigger than usual. - -These patches were previously released for `npm@3`, and then ported back to `npm@2` LTS. - -* [`437c537`](https://github.com/npm/npm/commit/437c537e2be5923c6d2c2753154564ba13db8fd9) [#11613](https://github.com/npm/npm/pull/11613) Fix up one of the tests after rebasing the legacy test rewrite to `npm@2`. ([@zkat](https://github.com/zkat)) -* [`55abd0c`](https://github.com/npm/npm/commit/55abd0cc20e87a144d33ce2d459f65e7506da576) [#11613](https://github.com/npm/npm/pull/11613) Test that the `package.json` `files` section and `.npmignore` do what they're supposed to. ([@zkat](https://github.com/zkat)) -* [`a2b99b6`](https://github.com/npm/npm/commit/a2b99b6273ada14b2121ebc0acb7933e630edd9d) [#11613](https://github.com/npm/npm/pull/11613) Test that npm's distribution binary is complete and can be installed and used. ([@iarna](https://github.com/iarna)) -* [`8a8c36c`](https://github.com/npm/npm/commit/8a8c36ce51166006022e5c5d4f8655bbc458d651) [#11613](https://github.com/npm/npm/pull/11613) Test that environment variables are properly passed into scripts. - ([@iarna](https://github.com/zkat)) -* [`a95b550`](https://github.com/npm/npm/commit/a95b5507616bd51e83d7eab5f2337b1aff6480b1) [#11613](https://github.com/npm/npm/pull/11613) Test that we don't leak auth info into the environment. ([@iarna](https://github.com/iarna)) -* [`a1c1c52`](https://github.com/npm/npm/commit/a1c1c52efeab24f6dba154d054f85d9efc833486) [#11613](https://github.com/npm/npm/pull/11613) Remove all the relatively cryptic legacy tests and creates new tap tests that check the same functionality. The *legacy* tests were tests that were originally a shell script that was ported to javascript early in `npm`'s history. ([@iarna](https:\\github.com/iarna) and [@zkat](https://github.com/zkat)) -* [`9d89581`](https://github.com/npm/npm/commit/9d895811d3ee70c2e672f3d8fa06574495b5b488) [#11613](https://github.com/npm/npm/pull/11613) `tacks@1.0.9`: Add a package that provides a tool to generate fixtures from folders and, relatedly, a module that an create and tear down filesystem fixtures easily. ([@iarna](https://github.com/iarna)) - -### v2.14.20 (2016-02-18): - -Hope y'all are having a nice week! As usual, it's a fairly limited release. The -most notable thing is some dependency updates that might help the Node.js CI -setup for Windows run a little better, even if we have some work to do on that -path length things, still. - -#### WHITTLING AWAY AT PATH LENGTHS - -So for all of you who don't know -- Node.js does, in fact, support long Windows -paths. Unfortunately, depending on the tool and the Windows version, a lot of -external tooling does not. This means, for example, that some (all?) versions of -Windows Explorer *can literally never delete npm from their system entirely -because of deeply-nested npm dependencies*. Which is pretty gnarly. - -Incidentally, if you run into that in particularly, you can use -[rimraf](npm.im/rimraf) to remove such files 💁. - -The latest victim of this issue was the Node.js CI setup for testing on Windows, -which uses some tooling or another that croaks on the usual path length limit -for that OS: 255 characters. - -This issue, of course, is largely not a problem as of `npm@3`, with its flat -trees, but it still occasionally and viciously bites LTS. - -We've taken another baby step towards alleviating this in this release by -updating a couple of dependencies that were preventing `npmlog` from deduping, -and then doing a dedupe on that and `gauge`. Hopefully it helps. - -* [`4199551`](https://github.com/npm/npm/commit/41995517e617674710748ab6d262670c96124393) - [#11528](https://github.com/npm/npm/pull/11528) - `npm-install-checks@1.0.7`: Just updates the version of npmlog so we can - dedupe it better. - ([@zkat](https://github.com/zkat)) -* [`14d72c7`](https://github.com/npm/npm/commit/14d72c756b89e2d167eb52c1849263dbddcb9f35) - [#11552](https://github.com/npm/npm/pull/11552) - [#11528](https://github.com/npm/npm/pull/11528) - `node-gyp@3.3.0`: AIX support, new `gyp`, update `npmlog` (for the dedupe), - adds `--cafile` command line option, and allows configuration of Node.js and - io.js mirrors. - ([@rvagg](https://github.com/rvagg)) -* [`0453cb9`](https://github.com/npm/npm/commit/0453cb94b33520eb723b7072cd2654b1d0142533) - [#11528](https://github.com/npm/npm/pull/11528) - Do a `dedupe` on `gauge` to flatten our dependencies a bit more. - ([@zkat](https://github.com/zkat)) - -#### OTHER DEP STUFF - -* [`686c0b3`](https://github.com/npm/npm/commit/686c0b37ec3a7b65f9b3849e1099805e5221c408) - `rimraf@2.5.2`: Just updates to glob@7. - ([@isaacs](https://github.com/isaacs)) - -#### @wyze, DOCUMENTATION HERO OF THE PEOPLE, GETS THEIR OWN HEADER - -* [`7232948`](https://github.com/npm/npm/commit/72329484c775376cb40d5b348f453eaaf2f0b821) - [#11416](https://github.com/npm/npm/pull/11416) - Logout docs were using a section copy-pasted from the adduser docs. - ([@wyze](https://github.com/wyze)) -* [`922b33a`](https://github.com/npm/npm/commit/922b33aba4362e1e90f42e9348f061a1cc73eafb) - [#11414](https://github.com/npm/npm/pull/11414) - Add colon for consistency. - ([@wyze](https://github.com/wyze)) - -### v2.14.19 (2016-02-11): - -Really tiny micro-release this week! The main thing to note is a dependency -update that means we no longer have `graceful-fs@3` in our dependency tree. This -has some implications for being able to run on future Node.js releases, so -better to get this out the door. 😁 - -#### DEPS - -* [`a556e0f`](https://github.com/npm/npm/commit/a556e0f9dcb5d7b44224ba9c16c9d0dc6c8d2532) - `cmd-shim@2.0.2`: Final straggler using `graceful-fs@<4`. - ([@ForbesLindesay](https://github.com/ForbesLindesay)) - -#### DOCS - -* [`69a2d59`](https://github.com/npm/npm/commit/69a2d599bf0cba674ee268483e9bd5c14333b89f) - [#11391](https://github.com/npm/npm/pull/11391) - Fixed versions of `shrinkwrap.json` in examples in documentation for `npm - shrinkwrap`, which did not quite match up. - ([@xcatliu](https://github.com/xcatliu)) - -### v2.14.18 (2016-02-04): - -Clearly our docs are perfect after all those wonderful PRs, 'cause this week's -gonna be all about dependency updates. Note: There is a small security-related -fix included here! - -#### SECURITY-RELATED DEPENDENCY UPDATE - -* [`5c095ef`](https://github.com/npm/npm/commit/5c095eff8dc006980d4d083f2007e4dacff23be3) - [#11341](https://github.com/npm/npm/pull/11341) - `request@2.69.0`: Includes security-related dependency updates involving - `hawk` and `is-my-json-valid` - ([@remy](https://github.com/remy) and [@simov](https://github.com/simov)) - -#### OTHER DEPENDENCY UPDATES - -* [`f9c2668`](https://github.com/npm/npm/commit/f9c2668ca3e6e2602d91250ce61280e5e12d0a00) - `which@1.2.4` - ([@isaacs](https://github.com/isaacs)) -* [`2907c43`](https://github.com/npm/npm/commit/2907c43ad4ef87e5f730c2576f680d6837fcbad0) - `spdx-license-ids@1.2.0` - ([@shinnn](https://github.com/shinnn)) -* [`7734069`](https://github.com/npm/npm/commit/773406960bf7f4a87b2ecb6ebf593c62d0e9f95d) - `rimraf@2.5.1` - ([@isaacs](https://github.com/isaacs)) -* [`f4b39a7`](https://github.com/npm/npm/commit/f4b39a7dd5e1335d92aa22c46d99abb33f271b8b) - `retry@0.9.0` - ([@tim-kos](https://github.com/tim-kos)) -* [`ded1e7a`](https://github.com/npm/npm/commit/ded1e7a1c9c7bec29bb7c30a8f85546670e75b56) - Nest `retry@0.8.0` inside `npm-registry-client` to prevent invalid - dependency issue until the latter gets a dependency update. - ([@zkat](https://github.com/zkat)) -* [`ab9f867`](https://github.com/npm/npm/commit/ab9f8679f9687f91ad03adaab6211a897aeebbae) - `read-package-json@2.0.3` - ([@iarna](https://github.com/iarna)) -* [`b638c41`](https://github.com/npm/npm/commit/b638c41607bb936b9eaaceba2aeeda1d34e3a9b2) - `npmlog@2.0.2` - ([@iarna](https://github.com/iarna)) -* [`49f34af`](https://github.com/npm/npm/commit/49f34af463a674359269025d8438feb6a7c69960) - `init-package-json@1.9.3` - ([@iarna](https://github.com/iarna)) -* [`2305dab`](https://github.com/npm/npm/commit/2305dab4e7bff09bb7686cec653cf1e663dbf15d) - `graceful-fs@4.1.3`: Fixed `.close()` not being patched. - ([@isaacs](https://github.com/isaacs)) -* [`18496d9`](https://github.com/npm/npm/commit/18496d9a0fff94e3652655998e8333056aa52b15) - `fs-write-stream-atomic@1.0.8` - ([@iarna](https://github.com/iarna)) -* [`6637bc7`](https://github.com/npm/npm/commit/6637bc7a0e194d82554cd7c91e1794018fef5943) - `config-chain@1.1.10` - ([@dominictarr](https://github.com/dominictarr)) -* [`4222bad`](https://github.com/npm/npm/commit/4222badffed9e9edacea6a8a96a99a164d376158) - `columnify@1.5.4` - ([@timoxley](https://github.com/timoxley)) -* [`df9016f`](https://github.com/npm/npm/commit/df9016f327a2a9ce492ebc75b882b03069438e13) - `ansi@0.3.1`: Added a license file. - ([@TooTallNate](https://github.com/TooTallNate)) - -### v2.14.17 (2016-01-28): - -Another week, another small LTS release! - -#### BETTER ERROR REPORTING YAY - -So as it turns out, when stuff goes wrong, it's actually nice to give people a -better clue rather than just say "oh well 😏". - -* [`5b8ccb9`](https://github.com/npm/npm/commit/5b8ccb91cf11b4edb463609cd4ed1dee84ed4db0) - [#11289](https://github.com/npm/npm/pull/11289) - There is an obscure feature that lets you monkey-patch npm when it starts up. - If the module being required with this feature failed, it would previous just - make npm error out– this reduces that to a warning. - ([@evanlucas](https://github.com/evanlucas)) -* [`556e42a`](https://github.com/npm/npm/commit/556e42ac6bab078722ddc1dc6cce4428d001133b) - [#11300](https://github.com/npm/npm/pull/11300) - Report symlinked packages as 'linked' in the output for `npm outdated`. - ([@halhenke](https://github.com/halhenke)) -* [`3842317`](https://github.com/npm/npm/commit/3842317583e0ea2eca78e39aa03f5bc06ba21de7) - [#11290](https://github.com/npm/npm/pull/11290) - Suppress warnings about pre-release node versions. This should get node's CI - passing on non-Windows platforms without needing to modify the node version to - get rid of the pre-release suffix. - ([@iarna](https://github.com/iarna)) - -#### EVERYONE WANTS THOSE NPM SOCKS, GEEZE - -Did you know that you can get npm socks for contributing to our docs? I bet -these people do, and now so do you! - -* [`dcde451`](https://github.com/npm/npm/commit/dcde451cb85a6ca08acc6ef45782c652f1d8fc89) - [#11232](https://github.com/npm/npm/pull/11232) - Update automatically included/excluded packages in `package.json`. - ([@jscissr](https://github.com/jscissr)) -* [`e3f8d5b`](https://github.com/npm/npm/commit/e3f8d5be5ac5ec1d72db42f7abf50cc4a8c5935c) - [#11273](https://github.com/npm/npm/pull/11273) - Add an example for `npm view <pkg> versions`. - ([@vedatmahir](https://github.com/vedatmahir)) -* [`6a06ef2`](https://github.com/npm/npm/commit/6a06ef2252748089f0013de951f2d06160b90306) - [#11272](https://github.com/npm/npm/pull/11272) - Fix a typo in `npm-update.md`. - ([@jonathanp](https://github.com/jonathanp)) -* [`2515ff1`](https://github.com/npm/npm/commit/2515ff1de28f0b261fb25c79a66bd762a65961c4) - [#11215](https://github.com/npm/npm/pull/11215) - Correct small thinko in docs for SPDX expressions. - ([@kemitchell](https://github.com/kemitchell)) -* [`70f897b`](https://github.com/npm/npm/commit/70f897b03da9a5d5d4fd34614e9ee40e6f9e9653) - [#11196](https://github.com/npm/npm/pull/11196) - Make JSON snippets valid JSON in `npm update` docs. - ([@s100](https://github.com/s100)) - -### v2.14.16 (2016-01-21): - -Good to see you all again! It's been a while since we had an LTS release, and -the team continues to work hard to both get the issue tracker under control, and -get our test suite to be awesome and reliable. - -This is also the first LTS release of this year. - -We're gonna have an interesting time -- most of our focus this year will be -around stability and maintainability of the CLI, so you might actually end up -seeing a number of updates even over here, just for the sake of making sure -we're stable, that bugs get fixed, and tests have proper coverage. - -What better way to start this effort, then, than getting Travis tests green, fix -a few things here and there, and tweak a bunch of documentation? 😁 - -#### FIX ALL THE BUGS AND TWEAK ALL THE THINGS - -* [`24b13fb`](https://github.com/npm/npm/commit/24b13fbc57d34db1d5b0a37bcca122c00deba978) - [#11158](https://github.com/npm/npm/pull/11158) - Fix custom node-gyp env var quoting on Windows. - ([@orangemocha](https://github.com/orangemocha)) -* [`e2503f2`](https://github.com/npm/npm/commit/e2503f2be40157b05a9c500ec3b5d16090ffee50) - [#11142](https://github.com/npm/npm/pull/11142) - Fix race condition with `correctMkdir` in the cache directory. - ([@Jimbly](https://github.com/Jimbly)) - -* [`5c0e4c4`](https://github.com/npm/npm/commit/5c0e4c45a29d774ab729e86044377d4e5e424252) - [#10940](https://github.com/npm/npm/pull/10940) - Ignore failures replacing `package.json`. writeFileAtomic is not atomic in - Windows, it fails if the file is being accessed concurrently. - ([@orangemocha](https://github.com/orangemocha)) -* [`2c44d8d`](https://github.com/npm/npm/commit/2c44d8dc8c267d5e054d0175ce2f4750f0986463) - [#10903](https://github.com/npm/npm/pull/10903) - Add tests for `npm adduser --scope`. - ([@ekmartin](https://github.com/ekmartin)) -* [`4cb25d0`](https://github.com/npm/npm/commit/4cb25d0fed5c7792dfd1aec891380ecc1f8a5761) - [#10903](https://github.com/npm/npm/pull/10903) - Add a message informing users when they have been successfully logged in. - ([@ekmartin](https://github.com/ekmartin)) -* [`fe3ec6d`](https://github.com/npm/npm/commit/fe3ec6d6658262054c0c19c55373c21e84ab9f17) - [#10628](https://github.com/npm/npm/pull/10628) - Tell users how to open an issue with a package that has errored. - ([@trodrigues](https://github.com/trodrigues)) - -#### DOCS DOCS DOCS - -We got a TON of lovely documentation patches, too! Thanks all for submitting! - -* [`22482a1`](https://github.com/npm/npm/commit/22482a1f22079d72c3f8ca55c2f0c153bdd024c0) - [#11188](https://github.com/npm/npm/pull/11188) - Briefly explain what's included when you publish. - ([@beaugunderson](https://github.com/beaugunderson)) -* [`fa47724`](https://github.com/npm/npm/commit/fa4772438df0c66a19309dd1c1a3ce43cbee5461) - [#11150](https://github.com/npm/npm/pull/11150) - Advise use of `--depth Infinity` instead of `--depth 9999` in `npm update`. - ([@halhenke](https://github.com/halhenke)) -* [`248ddfe`](https://github.com/npm/npm/commit/248ddfe8f7ddd3318e14bf61de41cab4a638c8a3) - [#11130](https://github.com/npm/npm/pull/11130) - Nuke "using npm programmatically" section from README. The programmatic npm - API is unsupported, and is not guaranteed not to break in non-major versions. - Removing this section so newcomers aren't encouraged to discover or use it. - ([@ljharb](https://github.com/ljharb)) -* [`ae9c452`](https://github.com/npm/npm/commit/ae9c4521222d60ab4a69c19fee5e361c62f41fae) - [#11128](https://github.com/npm/npm/pull/11128) - Add link to local paths section indocs for `package.json`. - ([@orangejulius](https://github.com/orangejulius)) -* [`663a8c6`](https://github.com/npm/npm/commit/663a8c6b4b1647f9b86c15ef32e30023edc8c060) - [#11044](https://github.com/npm/npm/pull/11044) - Update default value documentation for the color option in npm's config. - ([@scottaddie](https://github.com/scottaddie)) -* [`5c1dda0`](https://github.com/npm/npm/commit/5c1dda0d3a18b2954872dba33fbc696ff0700ffe) - [#11037](https://github.com/npm/npm/pull/11037) - Correct the name property max length constraint verbiage. - ([@scottaddie](https://github.com/scottaddie)) -* [`8288365`](https://github.com/npm/npm/commit/8288365d08e97fa3a5b0d31703c015a8be49e07f) - [#10990](https://github.com/npm/npm/pull/10990) - Update folder docs to reflect that process.installPrefix was removed as of - 0.8.x. - ([@jeffmcmahan](https://github.com/jeffmcmahan)) -* [`61d63fa`](https://github.com/npm/npm/commit/61d63fa22c4f09742180c2de460a4ffb6c32738e) - [#10790](https://github.com/npm/npm/pull/10790) - Clarify that `npm install foo` is the same as `npm install foo@latest` now. - ([@cvrebert](https://github.com/cvrebert)) -* [`442c920`](https://github.com/npm/npm/commit/442c9207f375354c91d36df8711ba2d33e1c97f3) - [#10789](https://github.com/npm/npm/pull/10789) - Link over to `npm-dist-tag(1)` in `npm install` docs when they talk about the - `pkg@<tag>` syntax. - ([@cvrebert](https://github.com/cvrebert)) -* [`dca7a5e`](https://github.com/npm/npm/commit/dca7a5e2be3bfa306a870a123707d35c732406c0) - [#10788](https://github.com/npm/npm/pull/10788) - Link to tag docs in docs for `npm publish --tag`. - ([@cvrebert](https://github.com/cvrebert)) -* [`a72904e`](https://github.com/npm/npm/commit/a72904e8d4ab1d43ae8150fbe3f6468b0cbb1efd) - [#10787](https://github.com/npm/npm/pull/10787) - Explain why the `latest` tag matters. - ([@cvrebert](https://github.com/cvrebert)) -* [`9d0697a`](https://github.com/npm/npm/commit/9d0697a534046df7efda32170014041bbc1f4e7d) - [#10785](https://github.com/npm/npm/pull/10785) - Replace some quite marks in `npm dist-tag` docs for the sake of consistency. - ([@cvrebert](https://github.com/cvrebert)) - -#### I REALLY LIKE GREEN. CAN YOU TELL? - -So Travis is all green now on `npm@2`, thanks to the removal of nock and a few -other test suite tweaks. This is a fantastic step towards making sure we can all -have confidence in our test suite! 🎉 - -* [`64995be`](https://github.com/npm/npm/commit/64995be6d874356b15c136f9867302d805dfe1e9) [`75ab216`](https://github.com/npm/npm/commit/75ab2164cf79e28ac7f7ebe714f3c5aee99c6626) [`a9f6fe9`](https://github.com/npm/npm/commit/a9f6fe9dc558f17c4a7b9eb83329ac080f7df4b7) [`649c193`](https://github.com/npm/npm/commit/649c193adadf714c2819837f9372a29d724a5ec0) [`94cb05e`](https://github.com/npm/npm/commit/94cb05eaa9e5ad6675cf15c4ac0a44fbdde05900) [`6541690`](https://github.com/npm/npm/commit/65416907008061ac5a5f66b1630a57776803b526) [`255be6f`](https://github.com/npm/npm/commit/255be6f5bca9e3d216f3a5cbdf6714c6c9fcf132) [`9e84fa4`](https://github.com/npm/npm/commit/9e84fa43c49d04cf86ca1678e2a61412f5559cb9) [`8a587b0`](https://github.com/npm/npm/commit/8a587b0c1696ae7302891fa6355fc3e8670e00d3) [`bf812a5`](https://github.com/npm/npm/commit/bf812a54e497a573493346399798aa0b9373ac24) - [#10903](https://github.com/npm/npm/pull/10903) - Get rid of nock from tests, and get Travis green. - ([@zkat](https://github.com/zkat) and [@iarna](https://github.com/iarna)) -* [`70a5310`](https://github.com/npm/npm/commit/70a5310712c6666e753ca8f3bfff4a780ec6292d) - `npm-registry-couchapp@2.6.12`: - Better 0.8 compatibility, and ability to run in travis docker stuff. This - means the test suite should run a lot faster, too! - ([@iarna](https://github.com/iarna)) -* [`28fae39`](https://github.com/npm/npm/commit/28fae399212eda5554e6c0ffd8c9591144ab7b9d) - Get rid of sudo, for Travis! - ([@zkat](https://github.com/zkat)) - -### v2.14.15 (2015-12-10): - -Did you know that Bob Ross reached the rank of master sergeant in the US Air -Force before becoming perhaps the most soothing painter of all time? - -#### TWO HAPPY LITTLE BUG FIXES - -* [`f482664`](https://github.com/npm/npm/commit/f4826645dc6b5c0f05c5f9187efb28c1a293554f) - [#10505](https://github.com/npm/npm/issues/10505) `npm ls --json --depth=0` - now respects the depth parameter, when it is zero and when it is not zero. - ([@MarkReeder](https://github.com/MarkReeder)) -* [`529fa1f`](https://github.com/npm/npm/commit/529fa1ff2c6432a773af99a1c5209c0865f7a19c) - [#9099](https://github.com/npm/npm/issues/9099) I had always thought you - could run `npm version` from subdirectories in your project, which is great, - because now you can. I guess I was just ahead of my time. - ([@ekmartin](https://github.com/ekmartin)) - -#### NOW PAINT IN SOME NICE DOCS CHANGES - -* [`1fc7f2b`](https://github.com/npm/npm/commit/1fc7f2b523ea760e08adb9b861b28e3ba450e565) - [#10546](https://github.com/npm/npm/issues/10546) Goodbye, FAQ! You were - cheeky and fun until you weren't! Don't worry: npm still loves everyone, - especially you! ([@ashleygwilliams](https://github.com/ashleygwilliams)) -* [`7fe6950`](https://github.com/npm/npm/commit/7fe6950b44d241bb4d90857a44d89d750af1e2b3) - [#10570](https://github.com/npm/npm/issues/10570) Update documentation URLs - to be HTTPS everywhere sensible. No HTTP shall be spared! - ([@rsp](https://github.com/rsp)) -* [`96ebb90`](https://github.com/npm/npm/commit/96ebb902439e4f6f37f8beffb589769146fecf24) - [#10650](https://github.com/npm/npm/issues/10650) Correctly note that there - are two lifecycle scripts run by an install phase in an example, instead of - three. ([@eymengunay](https://github.com/eymengunay)) -* [`5196893`](https://github.com/npm/npm/commit/5196893a7496f68a514b83641ff6b72f14d664dd) - [#10687](https://github.com/npm/npm/issues/10687) `npm outdated`'s output can - be a little puzzling sometimes. I've attempted to make it clearer, with some - examples, of what's going on with "wanted" and "latest" in more cases. - ([@othiym23](https://github.com/othiym23)) -* [`8e6712d`](https://github.com/npm/npm/commit/8e6712d4ee128858cab36c77723e35bddbb977ba) - [#10700](https://github.com/npm/npm/issues/10700) Hey, do you remember when - `search.npmjs.org` was a thing? I think I do? The last time I used it was in - like 2012, and it's gone now, so remove it from the docs. - ([@gagern](https://github.com/gagern)) -* [`27d2612`](https://github.com/npm/npm/commit/27d2612b3f5aa88b12c943d04e162ce4c3a350ae) - `semver@5.1.0`: Include BNF for SemVer expression grammar (which is also now - included in `npm help semver`). ([@isaacs](https://github.com/isaacs)) - -#### LAND YOUR DEPENDENCY UPGRADES IN PAIRS SO EVERYONE HAS A FRIEND - -* [`fc6c3c5`](https://github.com/npm/npm/commit/fc6c3c53a31e9e11c2616fcd378202e5b80bf286) - `request@2.67.0` ([@simov](https://github.com/simov)) -* [`07013fd`](https://github.com/npm/npm/commit/07013fd0fd55a2eb31fb9334631ee5d0dd5c41bb) - [isaacs/rimraf#89](https://github.com/isaacs/rimraf/pull/89) `rimraf@2.4.4` - ([@zerok](https://github.com/zerok)) -* [`bc149be`](https://github.com/npm/npm/commit/bc149bef871f0f00639509898cece531af3aa8b3) - [isaacs/once#7](https://github.com/isaacs/once/pull/7) `once@1.3.3` - ([@floatdrop](https://github.com/floatdrop)) -* [`ac598d3`](https://github.com/npm/npm/commit/ac598d36e1ad207bc0d8a7eadfd84b26146aec1f) - `lru-cache@3.2.0` ([@isaacs](https://github.com/isaacs)) -* [`1b915ce`](https://github.com/npm/npm/commit/1b915ce1e0787ccb6d8aa235d002d66565f2175d) - `npm-registry-client@7.0.9` ([@othiym23](https://github.com/othiym23)) -* [`df7dd78`](https://github.com/npm/npm/commit/df7dd78b8fe3cc58202996fa6c994fc55419bfa5) - `tap@2.3.1` ([@isaacs](https://github.com/isaacs)) - -### v2.14.14 (2015-12-03): - -#### FIX URL IN LICENSE - -The license incorrectly identified the registry URL as `registry.npmjs.com` and -this has been corrected to `registry.npmjs.org`. - -* [`6051a69`](https://github.com/npm/npm/commit/6051a69b1adc80f5f200077067e831643f655bd4) - [#10685](https://github.com/npm/npm/pull/10685) - Fix npm public registry URL in notices. - ([@kemitchell](https://github.com/kemitchell)) - -#### NO MORE MD5 - -We updated modules that had been using MD5 for non-security purposes. While -this is perfectly safe, if you compile Node in FIPS-compliance mode it will -explode if you try to use MD5. We've replaced MD5 with Murmur, which conveys -our intent better and is faster to boot. - -* [`30b5994`](https://github.com/npm/npm/commit/30b599496a9762482e1cef945a378e3a534fd366) - [#10629](https://github.com/npm/npm/issues/10629) - `write-file-atomic@1.1.4` - ([@othiym23](https://github.com/othiym23)) -* [`68c63ff`](https://github.com/npm/npm/commit/68c63ff1279d3d5ea7b2c970ab5562a8e0536f27) - [#10629](https://github.com/npm/npm/issues/10629) - `fs-write-stream-atomic@1.0.5` - ([@othiym23](https://github.com/othiym23)) - -#### DEPENDENCY UPDATES - -* [`e48e5a9`](https://github.com/npm/npm/commit/e48e5a90b4dcf76124b7e9ea3b295c1383e7f0c8) - [nodejs/node-gyp#831](https://github.com/nodejs/node-gyp/pull/831) - `node-gyp@3.2.1`: Improved \*BSD support. - ([@bnoordhuis](https://github.com/bnoordhuis)) - -### v2.14.13 (2015-11-25): - -#### THE npm CLI !== THE npm REGISTRY !== npm, INC. - -npm-the-CLI is licensed under the terms of the [Artistic License -2.0](https://github.com/npm/npm/blob/8d79c1a39dae908f27eaa37ff6b23515d505ef29/LICENSE), -which is a liberal open-source license that allows you to take this code and do -pretty much whatever you like with it (that is, of course, not legal language, -and if you're doing anything with npm that leaves you in doubt about your legal -rights, please seek the review of qualified counsel, which is to say, not -members of the CLI team, none of whom have passed the bar, to my knowledge). At -the same time the primary registry the CLI uses when looking up and downloading -packages is a commercial service run by npm, Inc., and it has its own [Terms of -Use](https://www.npmjs.com/policies/terms). - -Aside from clarifying the terms of use (and trying to make sure they're more -widely known), the only recent changes to npm's licenses have been making the -split between the CLI and registry clearer. You are still free to do whatever -you like with the CLI's source, and you are free to view, download, and publish -packages to and from `registry.npmjs.org`, but now the existing terms under -which you can do so are more clearly documented. Aside from the two commits -below, see also [the release notes for -`npm@2.14.11`](https://github.com/npm/npm/releases/tag/v2.14.11), which is where -the split between the CLI's code and the terms of use for the registry was -first made more clear. - -* [`1f3e936`](https://github.com/npm/npm/commit/1f3e936aab6840667948ef281e0c3621df365131) - [#10532](https://github.com/npm/npm/issues/10532) Clarify that - `registry.npmjs.org` is the default, but that you're free to use the npm CLI - with whatever registry you wish. ([@kemitchell](https://github.com/kemitchell)) -* [`6733539`](https://github.com/npm/npm/commit/6733539eeb9b32a5f2d1a6aa797987e2252fa760) - [#10532](https://github.com/npm/npm/issues/10532) Having semi-duplicate - release information in `README.md` was confusing and potentially inaccurate, - so remove it. ([@kemitchell](https://github.com/kemitchell)) - -#### EASE UP ON WINDOWS BASH USERS - -It turns out that a fair number of us use bash on Windows (through MINGW or -bundled with Git, plz – Cygwin is still a bridge too far, for both npm and -Node.js). [@jakub-g](https://github.com/jakub-g) did us all a favor and relaxed -the check for npm completion to support MINGW bash. Thanks, Jakub! - -* [`460cc09`](https://github.com/npm/npm/commit/460cc0950fd6a005c4e5c4f85af807814209b2bb) - [#10156](https://github.com/npm/npm/issues/10156) completion: enable on - Windows in git bash ([@jakub-g](https://github.com/jakub-g)) - -#### MAKE NODE-GYP A LITTLE BLUER - -* [`333e118`](https://github.com/npm/npm/commit/333e1181082842c21edc62f0ce515928424dff1f) - `node-gyp@3.2.0`: Support AIX, use `which` to find Python, updated to a newer - version of `gyp`, and more! ([@bnoordhuis](https://github.com/bnoordhuis)) - -#### WE LIKE SPDX AND ALL BUT IT'S NOT ACTUALLY A DIRECT DEP, SORRY - -* [`1f4b4bb`](https://github.com/npm/npm/commit/1f4b4bbdf8758281beecb7eaf75d05a6c4a77c15) - Removed `spdx` as a direct npm dependency, since we don't actually need it at - that level, and updated subdeps for `validate-npm-package-license` - ([@othiym23](https://github.com/othiym23)) - -#### A BOUNTEOUS THANKSGIVING CORNUCOPIA OF DOC TWEAKS - -These are great! Keep them coming! Sorry for letting them pile up so deep, -everybody. Also, a belated Thanksgiving to our Canadian friends, and a happy -Thanksgiving to all our friends in the USA. - -* [`6101f44`](https://github.com/npm/npm/commit/6101f44737645d9379c3396fae81bbc4d94e1f7e) - [#10250](https://github.com/npm/npm/issues/10250) Correct order of `org:team` - in `npm team` documentation. ([@louislarry](https://github.com/louislarry)) -* [`e8769f9`](https://github.com/npm/npm/commit/e8769f9807b91582c15ef130733e2e72b6c7bda4) - [#10371](https://github.com/npm/npm/issues/10371) Remove broken / duplicate - link to tag. ([@WickyNilliams](https://github.com/WickyNilliams)) -* [`1ae2dbe`](https://github.com/npm/npm/commit/1ae2dbe759feb80d8634569221ec6ee2c6d1d1ff) - [#10419](https://github.com/npm/npm/issues/10419) Remove references to - nonexistent `npm-rm(1)` documentation. ([@KenanY](https://github.com/KenanY)) -* [`777a271`](https://github.com/npm/npm/commit/777a271830a42d4ee62540a89f764a6e7d62de19) - [#10474](https://github.com/npm/npm/issues/10474) Clarify that install finds - dependencies in `package.json`. ([@sleekweasel](https://github.com/sleekweasel)) -* [`dcf4b5c`](https://github.com/npm/npm/commit/dcf4b5cbece1b0ef55ab7665d9acacc0b6b7cd6e) - [#10497](https://github.com/npm/npm/issues/10497) Clarify what a package is - slightly. ([@aredridel](https://github.com/aredridel)) -* [`447b3d6`](https://github.com/npm/npm/commit/447b3d669b2b6c483b8203754ac0a002c67bf015) - [#10539](https://github.com/npm/npm/issues/10539) Remove an extra, spuriously - capitalized letter. ([@alexlukin-softgrad](https://github.com/alexlukin-softgrad)) - -### v2.14.12 (2015-11-19): - -#### TEEN ORCS AT THE GATES - -This week heralds the general release of the primary npm registry's [new -support for private packages for -organizations](http://blog.npmjs.org/post/133542170540/private-packages-for-organizations). -For many potential users, it's the missing piece needed to make it easy for you -to move your organization's private work onto npm. And now it's here! The -functionality to support it has been in place in the CLI for a while now, -thanks to [@zkat](https://github.com/zkat)'s hard work. - -During our final testing before the release, our ace support team member -[@snopeks](https://github.com/snopeks) noticed that there had been some drift -between the CLI team's implementation and what npm was actually preparing to -ship. In the interests of everyone having a smooth experience with this -_extremely useful_ new feature, we quickly made a few changes to square up the -CLI and the web site experiences. - -* [`0e8b15e`](https://github.com/npm/npm/commit/0e8b15e9fbc89e31bd00e573b648846beddfb835) - [#9327](https://github.com/npm/npm/issues/9327) `npm access` no longer has - problems when run in a directory that doesn't contain a `package.json`. - ([@othiym23](https://github.com/othiym23)) -* [`c4e939c`](https://github.com/npm/npm/commit/c4e939c1d493601d25dcb88e6ffcca73076fd3fd) - [npm/npm-registry-client#126](https://github.com/npm/npm-registry-client/issues/126) - `npm-registry-client@7.0.8`: Allow the CLI to grant, revoke, and list - permissions on unscoped (public) packages on the primary registry. - ([@othiym23](https://github.com/othiym23)) - -#### A BRIEF NOTE ON NPM'S BACKWARDS COMPATIBILITY - -We don't often have much to say about the changes we make to our internal -testing and tooling, but I'm going to take this opportunity to reiterate that -npm tries hard to maintain compatibility with a wide variety of Node versions. -As this change shows, we want to ensure that npm works the same across: - -* Node.js 0.8 -* Node.js 0.10 -* Node.js 0.12 -* the latest io.js release -* Node.js 4 LTS -* Node.js 5 - -Contributors who send us pull requests often notice that it's very rare that -our tests pass across all of those versions (ironically, almost entirely due to -the packages we use for testing instead of any issues within npm itself). We're -currently beginning an effort, lasting the rest of 2015, to clean up our test -suite, and not only get it passing on all of the above versions of Node.js, but -working solidly on Windows as well. This is a compounding form of technical -debt that we're finally paying down, and our hope is that cleaning up the tests -will produce a more robust CLI that's a lot easier to write patches for. - -* [`d743620`](https://github.com/npm/npm/commit/d743620a0005213a65d25de771661b4d48a09717) - [#10233](https://github.com/npm/npm/issues/10233) Update Node.js versions - that Travis uses to test npm. ([@iarna](https://github.com/iarna)) - -#### TYPOS IN THE LICENSE, OH MY - -* [`58ac241`](https://github.com/npm/npm/commit/58ac241f556b2c202a8ee33321965e2540361ca7) - [#10478](https://github.com/npm/npm/issues/10478) Correct two typos in npm's - LICENSE. ([@jorrit](https://github.com/jorrit)) - -### v2.14.11 (2015-11-12): - -#### ASK FOR NOTHING, GET LATEST - -When you run `npm install foo`, you probably expect that you'll get the -`latest` version of `foo`, whatever that is. And good news! That's what this -change makes it do. - -We _think_ this is what everyone wants, but if this causes problems for you, we -want to know! If it proves problematic for people we will consider reverting it -(preferably before this becomes `npm@latest`). - -Previously, when you ran `npm install foo` we would act as if you typed `npm -install foo@*`. Now, like any range-type specifier, in addition to matching the -range, it would also have to be `<=` the value of the `latest` dist-tag. -Further, it would exclude prerelease versions from the list of versions -considered for a match. - -This worked as expected most of the time, unless your `latest` was a prerelease -version, in which case that version wouldn't be used, to everyone's surprise. - -* [`6f0a646`](https://github.com/npm/npm/commit/6f0a646cd865b24fe3ff25365bf5421780e63e01) - [#10189](https://github.com/npm/npm/issues/10189) `npm-package-arg@4.1.0`: - Change the default version from `*` to `latest`. - ([@zkat](https://github.com/zkat)) - -#### LICENSE CLARIFICATION - -* [`54a9046`](https://github.com/npm/npm/commit/54a90461f068ea89baa5d70248cdf1581897936d) - [#10326](https://github.com/npm/npm/issues/10326) Clarify what-all is covered - by npm's license and point to the registry's terms of use. - ([@kemitchell](https://github.com/kemitchell)) - -#### CLOSER TO GREEN TRAVIS - -* [`28efd3d`](https://github.com/npm/npm/commit/28efd3d7dfb2fa3755076ae706ea4d38c6ee6900) - [#10232](https://github.com/npm/npm/issues/10232) `nock@1.9.0`: Downgrade - nock to a version that doesn't depend on streams2 in core so that more of our - tests can pass in 0.8. ([@iarna](https://github.com/iarna)) - -#### A BUG FIX - -* [`eacac8f`](https://github.com/npm/npm/commit/eacac8f05014d15217c3d8264d0b00a72eafe2d2) - [#9965](https://github.com/npm/npm/issues/9965) Fix a corrupt `package.json` - file introduced by a merge conflict in - [`022691a`](https://github.com/npm/npm/commit/022691a). - ([@waynebloss](https://github.com/waynebloss)) - -#### A DEPENDENCY UPGRADE - -* [`ea7d8e0`](https://github.com/npm/npm/commit/ea7d8e00a67a3d5877ed72c9728909c848468a9b) - [npm/nopt#51](https://github.com/npm/nopt/pull/51) `nopt@3.0.6`: Allow - types checked to be validated by passed-in name in addition to the JS name of - the type / class. ([@wbecker](https://github.com/wbecker)) - -### v2.14.10 (2015-11-05): - -There's nothing in here that that isn't in the `npm@3.4.0` release notes, but -all of the commit shasums have been adjusted to be correct. Enjoy! - -#### BUG FIXES VIA DEPENDENCY UPDATES - -* [`204c558`](https://github.com/npm/npm/commit/204c558c06637a753c0b41d0cf19f564a1ac3715) - [#8640](https://github.com/npm/npm/issues/8640) - [npm/normalize-package-data#69](https://github.com/npm/normalize-package-data/pull/69) - `normalize-package-data@2.3.5`: Fix a bug where if you didn't specify the - name of a scoped module's binary, it would install it such that it was - impossible to call it. ([@iarna](https://github.com/iarna)) -* [`bbdf4ee`](https://github.com/npm/npm/commit/bbdf4ee0a3cd12be6a2ace255b67d573a72f1f8f) - [npm/fstream-npm#14](https://github.com/npm/fstream-npm/pull/14) - `fstream-npm@1.0.7`: Only filter `config.gypi` when it's in the build - directory. ([@mscdex](https://github.com/mscdex)) -* [`d82ff81`](https://github.com/npm/npm/commit/d82ff81403e906931fac701775723626dcb443b3) - [npm/fstream-npm#15](https://github.com/npm/fstream-npm/pull/15) - `fstream-npm@1.0.6`: Stop including directories that happened to have names - matching whitelisted npm files in npm module tarballs. The most common cause - was that if you had a README directory then everything in it would be - included if wanted it or not. ([@taion](https://github.com/taion)) - -#### DOCUMENTATION FIXES - -* [`16361d1`](https://github.com/npm/npm/commit/16361d122f2ff6d1a4729c66153b7c24c698fd19) - [#10036](https://github.com/npm/npm/pull/10036) Fix typo / over-abbreviation. - ([@ifdattic](https://github.com/ifdattic)) -* [`d1343dd`](https://github.com/npm/npm/commit/d1343dda42f113dc322f95687f5a8c7d71a97c35) - [#10176](https://github.com/npm/npm/pull/10176) Fix broken link, scopes => - scope. ([@ashleygwilliams](https://github.com/ashleygwilliams)) -* [`110663d`](https://github.com/npm/npm/commit/110663d000a3908a4853393d9abae481700cf4dc) - [#9460](https://github.com/npm/npm/issue/9460) Specifying the default command - run by "npm start" and the fact that you can pass it arguments. - ([@JuanCaicedo](https://github.com/JuanCaicedo)) - -#### DEPENDENCY UPDATES FOR THEIR OWN SAKE - -* [`7476d2d`](https://github.com/npm/npm/commit/7476d2d31552a41671c425aa7fcc2844e0381008) - [npm/npmlog#19](https://github.com/npm/npmlog/pull/19) - `npmlog@2.0.0`: Make it possible to emit log messages with `error` as the - prefix. - ([@bengl](https://github.com/bengl)) -* [`6ca7888`](https://github.com/npm/npm/commit/6ca7888862cfe8bf802dc7c66632c102acd94cf5) - `read-package-json@2.0.2`: Minor cleanups. - ([@KenanY](https://github.com/KenanY)) - -### v2.14.9 (2015-10-29): - -There's still life in `npm@2`, but for now, enjoy these dependency upgrades! -Also, [@othiym23](https://github.com/othiym23) says hi! _waves_ -[@zkat](https://github.com/zkat) has her hands full, and -[@iarna](https://github.com/iarna)'s handling `npm@3`, so I'm dealing with -`npm@2` and the totally nonexistent weird bridge `npm@1.4` LTS release that may -or may not be happening this week. - -#### CAN'T STOP WON'T STOP UPDATING THOSE DEPENDENCIES - -* [`f52f0cb`](https://github.com/npm/npm/commit/f52f0cb51526314197e9d67619feebbd82a397b7) - [#10150](https://github.com/npm/npm/issues/10150) `chmodr@1.0.2`: Use - `fs.lstat()` to check if an entry is a directory, making `chmodr()` work - properly with NFS mounts on Windows. ([@sheerun](https://github.com/sheerun)) -* [`f7011d7`](https://github.com/npm/npm/commit/f7011d7b3b1d9148a6cd8f7b8359d6fe3269a912) - [#10150](https://github.com/npm/npm/issues/10150) `which@1.2.0`: Additional - command-line parameters, which is nice but not used by npm. - ([@isaacs](https://github.com/isaacs)) -* [`ebcc0d8`](https://github.com/npm/npm/commit/ebcc0d8629388da0b849bbbad590382cd7268f51) - [#10150](https://github.com/npm/npm/issues/10150) `minimatch@3.0.0`: Don't - package browser version. ([@isaacs](https://github.com/isaacs)) -* [`8c98dce`](https://github.com/npm/npm/commit/8c98dce5ffe242bafbe92b849e73e8de1803e256) - [#10150](https://github.com/npm/npm/issues/10150) `fstream-ignore@1.0.3`: - Upgrade to use `minimatch@3` (for deduping purposes). - ([@othiym23](https://github.com/othiym23)) -* [`db9ef33`](https://github.com/npm/npm/commit/db9ef337c253ecf21c921055bf8742e10d1cb3bb) - [#10150](https://github.com/npm/npm/issues/10150) `request@2.65.0`: - Dependency upgrades and a few bug fixes, mostly related to cookie handling. - ([@simov](https://github.com/simov)) - -#### DEVDEPENDENCIES TOO, I GUESS, IT'S COOL - -* [`dfbf621`](https://github.com/npm/npm/commit/dfbf621afa09c46991249b4f9a995d1823ea7ede) - [#10150](https://github.com/npm/npm/issues/10150) `tap@2.2.0`: Better - handling of test order handling (including some test fixes for npm). - ([@isaacs](https://github.com/isaacs)) -* [`cf5ad5a`](https://github.com/npm/npm/commit/cf5ad5a8c88bfd72e30ef8a8d1d3c5508e0b3c23) - [#10150](https://github.com/npm/npm/issues/10150) `nock@2.16.0`: More - expectations, documentation, and bug fixes. - ([@pgte](https://github.com/pgte)) - -### v2.14.8 (2015-10-08): - -#### SLOWLY RECOVERING FROM FEELINGS - -OS&F is definitely my favorite convention I've gone to. Y'all should check it -out next year! Rebecca and Kat are back, although Forrest is out at -[&yet conf](http://andyetconf.com/). - -This week sees another tiny LTS release with non-code-related patches -- just -CI/release things. - -Meanwhile, have you heard? `npm@3` is much faster now! Go upgrade with `npm -install -g npm@latest` and give it a whirl if you haven't already! - -#### IF YOU CHANGE CASING ON A FILE, YOU ARE NOT MY FRIEND - -Seriously. I love me some case-sensitive filesystems, but a lot of us have to -deal with `git` and its funky support for case normalizing systems. Have mercy -and just don't bother if all you're changing is casing, please? Otherwise, I -have to do this little dance to prevent horrible conflicts. - -* [`c3a7b61`](https://github.com/npm/npm/commit/c3a7b619786650a45653c8b55b8741fc7bb5cfda) - [#9804](https://github.com/npm/npm/pulls/9804) Remove the readme file with - weird casing. - ([@zkat](https://github.com/zkat)) -* [`f3f619e`](https://github.com/npm/npm/commit/f3f619e06e4be1378dbf286f897b50e9c69c9557) - [#9804](https://github.com/npm/npm/pulls/9804) Add the readme file back in, - with desired casing. - ([@zkat](https://github.com/zkat)) - -#### IDK. OUR CI DOESN'T EVEN FULLY WORK YET BUT SURE - -Either way, it's nice to make sure we're running stuff on the latest Node. `4.2` -is getting released very soon, though (this week?), and that'll be the first -official LTS release! - -* [`bd0b9ab`](https://github.com/npm/npm/commit/bd0b9ab6e60a31448794bbd88f94672572c3cb55) - [#9827](https://github.com/npm/npm/pulls/9827) Add node `4.0` and `4.1` to - TravisCI - ([@JaKXz](https://github.com/JaKXz)) - -### v2.14.7 (2015-10-01): - -#### MORE RELEASE STAGGERING?! - -Hi all, and greetings from [Open Source & Feelings](http://osfeels.com)! - -So we're switching gears a little with how we handle our weekly releases: from -now on, we're going to stagger release weeks between dependency bumps and -regular patches. So, this week, aside from a doc change, we'll be doing only -version bumps. Expect actual patches next week! - -#### TOTALLY FOLLOWING THE RULES ALREADY - -So I snuck this in, because it's our own [@snopeks](https://github.com/snopeks)' -first contribution to the main `npm` repo. She's been helping with building -support documents for Orgs, and contributed her general intro guide to the new -feature so you can read it with `npm help orgs` right in your terminal! - -* [`8324ea0`](https://github.com/npm/npm/commit/8324ea023ace4e08b6b8959ad199e2457af9f9cf) - [#9761](https://github.com/npm/npm/pull/9761) Added general user guide for - Orgs. - ([@snopeks](https://github.com/snopeks)) - -#### JUST. ONE. MORE. - -* [`9a502ca`](https://github.com/npm/npm/commit/9a502ca96e2d43ec75a8f684c9ca33af7e910f0a) - Use unique package name in tests to work around weird test-state-based - failures. - ([@iarna](https://github.com/iarna)) - -#### OKAY ACTUALLY THE THING I WAS SUPPOSED TO DO - -Anyway -- here's your version bump! :) - -* [`4aeb94c`](https://github.com/npm/npm/commit/4aeb94c9f0df3f41802cf2e0397a998f3b527c25) - `request@2.64.0`: No longer defaulting to `application/json` for `json` - requests. Also some minor doc and packaging patches. - ([@simov](https://github.com/simov)) - `minimatch@3.0.0`: No longer packaging browser modules. - ([@isaacs](https://github.com/isaacs)) -* [`a18b213`](https://github.com/npm/npm/commit/a18b213e6945a8f5faf882927829ac95f844e2aa) - `glob@5.0.15`: Upgraded `minimatch` dependency. - ([@isaacs](https://github.com/isaacs)) -* [`9eb64d4`](https://github.com/npm/npm/commit/9eb64e44509519ca9d788502edb2eba4cea5c86b) - `nock@2.13.0` - ([@pgte](https://github.com/pgte)) - -### v2.14.6 (2015-09-24): - -#### `¯\_(ツ)_/¯` - -Since `2.x` is LTS now, you can expect a slowdown in overall release sizes. On -top of that, we had our all-company-npm-internal-conf thing on Monday and -Tuesday so there wasn't really time to do much at all. - -Still, we're bringing you a couple of tiny little changes this week! - -* [`7b7da13`](https://github.com/npm/npm/commit/7b7da13c6cdf5eae53c20d5c69afc4c16e6f715d) - [#9471](https://github.com/npm/npm/pull/9471) When the port for a tarball is - different than the registry it's in, but the hostname is the same, the - protocol is now allowed to change, too. - ([@fastest963](https://github.com/fastest963)) -* [`6643ada`](https://github.com/npm/npm/commit/6643adaf9f37f08893e3ad28b797c55a36b2a152) - `request@2.63.0`: Use `application/json` as the default content type when - making `json` requests. - ([@simov](https://github.com/simov)) - -### v2.14.5 (2015-09-17): - -#### NPM IS DEAD. LONG LIVE NPM - -That's right folks. As of this week, `npm@next` is `npm@3`, which means it'll be -`npm@latest` next week! There's some really great shiny new things over there, -and you should really take a look. - -Many kudos to [@iarna](https://github.com/iarna) for her hard work on `npm@3`! - -Don't worry, we'll keep `2.x` around for a while (as LTS), but you won't see -many, if any, new features on this end. From now on, we're going to use -`latest-2` and `next-2` as the dist tags for the `npm@2` branch. - -#### OKAY THAT'S FINE CAN I DEPRECATE THINGS NOW? - -Yes! Specially if you're using scoped packages. Apparently, deprecating them -never worked, but that should be better now. :) - -* [`eca7b24`](https://github.com/npm/npm/commit/eca7b24de9a0090da02a93a69726f5e70ab80543) - [#9558](https://github.com/npm/npm/issues/9558) Add tests for npm deprecate. - ([@zkat](https://github.com/zkat)) -* [`648fe16`](https://github.com/npm/npm/commit/648fe16157ef0db22395ae056d1dd4b4c1605bf4) - [#9558](https://github.com/npm/npm/issues/9558) `npm-registry-client@7.0.7`: - Fixes `npm deprecate` so you can actually deprecate scoped modules now (it - never worked). - ([@zkat](https://github.com/zkat)) - -#### WTF IS `node-waf` - -idk. Some old thing. We don't talk about it anymore. - -* [`cf1b39f`](https://github.com/npm/npm/commit/cf1b39fc95a9ffad7fba4c2fee705c53b19d1d16) - [#9584](https://github.com/npm/npm/issues/9584) Fix ancient references to - `node-waf` in the docs to refer to the `node-gyp` version of things. - ([@KenanY](https://github.com/KenanY)) - -#### THE `graceful-fs` AND `node-gyp` SAGA CONTINUES - -Last week had some sweeping `graceful-fs` upgrades, and this takes care of one -of the stragglers, as well as bumping `node-gyp`. `node@4` users might be -excited about this, or even `node@<4` users who previously had to cherry-pick a -bunch of patches to get the latest npm working. - -* [`e07354f`](https://github.com/npm/npm/commit/e07354f3ff3a6be568fe950f1f825897f72912d8) - `sha@2.0.1`: Upgraded graceful-fs! - ([@ForbesLindesay](https://github.com/ForbesLindesay)) -* [`83cb6ee`](https://github.com/npm/npm/commit/83cb6ee4045b85e565e9678ca1878877e1dc75bd) - `node-gyp@3.0.3` - ([@rvagg](https://github.com/rvagg)) - -#### DEPS! DEPS! MORE DEPS! OK STOP DEPS - -* [`0d60888`](https://github.com/npm/npm/commit/0d608889615a1cb63f5f852337e955053f201aeb) - `normalize-package-data@2.3.4`: Use an external package to check for built-in - node modules. - ([@sindresorhus](https://github.com/sindresorhus)) -* [`79b4dac`](https://github.com/npm/npm/commit/79b4dac11f1c2d8ad5489fc3104734e1c10d4793) - `retry@0.8.0` - ([@tim-kos](https://github.com/tim-kos)) -* [`c164941`](https://github.com/npm/npm/commit/c164941d3c792904d5b126a4fd36eefbe0699f52) - `request@2.62.0`: node 4 added to build targets. Option initialization issues - fixed. - ([@simov](https://github.com/simov)) -* [`0fd878a`](https://github.com/npm/npm/commit/0fd878a44d5ae303325808d1f00df4dce7549d50) - `lru-cache@2.7.0`: Cache serialization support and fixes a cache length bug. - ([@isaacs](https://github.com/isaacs)) -* [`6a7a114`](https://github.com/npm/npm/commit/6a7a114a45b4699995d6e09164fdfd0fa1274591) - `nock@2.12.0` - ([@pgte](https://github.com/pgte)) -* [`6b25e6d`](https://github.com/npm/npm/commit/6b25e6d2235c11f4444104db4545cb42a0267666) - `semver@5.0.3`: Removed uglify-js dead code. - ([@isaacs](https://github.com/isaacs)) - -### v2.14.4 (2015-09-10): - -#### THE GREAT NODEv4 SAGA - -So [Node 4 is out now](https://nodejs.org/en/blog/release/v4.0.0/) and that's -going to involve a number of things over in npm land. Most importantly, it's the -last major release that will include the `2.x` branch of npm. That also means -that `2.x` is going to go into LTS mode in the coming weeks -- once `npm@3` -becomes our official `latest` release. You can most likely expect Node 5 to -include `npm@3` by default, whenever that happens. We'll go into more detail -about LTS at that point, as well, so keep your eyes peeled for announcements! - -#### NODE IS DEAD. LONG LIVE NODE! - -Node 4 being released means that a few things that used to be floating patches -are finally making it right into npm proper. This week, we've got two such -updates, both to dependencies: - -* [`505d9e4`](https://github.com/npm/npm/commit/505d9e40c13b8b0bb3f70ee9886f7b73ba569407) - `node-gyp@3.0.1`: Support for node nightlies and compilation for both node and - io.js without extra patching - ([@rvagg](https://github.com/rvagg)) - -[@thefourtheye](https://github.com/thefourtheye) was kind enough to submit a -*bunch* of PRs to npm's dependencies updating them to `graceful-fs@4.1.2`, which -mainly makes it so we're no longer monkey-patching `fs`. The following are all -updates related to this: - -* [`10cb189`](https://github.com/npm/npm/commit/10cb189c773fef804214018d57509cc7a943184b) - `write-file-atomic@1.1.3` - ([@thefourtheye](https://github.com/thefourtheye)) -* [`edfb80b`](https://github.com/npm/npm/commit/edfb80b39f8cfce9a993f139eb98248001198e09) - `tar@2.2.1` - ([@thefourtheye](https://github.com/thefourtheye)) -* [`aa6e1ee`](https://github.com/npm/npm/commit/aa6e1eede7d71fa69d7256afdfbaa3406bc39a5b) - `read-package-json@2.0.1` - ([@thefourtheye](https://github.com/thefourtheye)) -* [`18971a3`](https://github.com/npm/npm/commit/18971a361635ed3958ecd39b63930ae1e56f8612) - `read-installed@4.0.3` - ([@thefourtheye](https://github.com/thefourtheye)) -* [`a4cba71`](https://github.com/npm/npm/commit/a4cba71bd2532236fda7385bf55e8790cafd4f0a) - `fstream@1.0.8` - ([@thefourtheye](https://github.com/thefourtheye)) -* [`70a38e2`](https://github.com/npm/npm/commit/70a38e29418951ac61ab6cf269d188074fe8ac3a) - `fs-write-stream-atomic@1.0.4` - ([@thefourtheye](https://github.com/thefourtheye)) -* [`9cbd20f`](https://github.com/npm/npm/commit/9cbd20f691e37960e4ba12d401abd1069657cb47) - `fs-vacuum@1.2.7` - ([@thefourtheye](https://github.com/thefourtheye)) - -#### OTHER PATCHES - -* [`c4dd521`](https://github.com/npm/npm/commit/c4dd5213b2f3283ea0392845e5f78cac4573529e) - [#9506](https://github.com/npm/npm/issues/9506) Make `npm link` work on - Windows when using node pre-release/RC releases. - ([@jon-hall](https://github.com/jon-hall)) -* [`b6bc29c`](https://github.com/npm/npm/commit/b6bc29c1401b3d6b570c09cbef1866bdb0436b59) - [#9544](https://github.com/npm/npm/issues/9549) `process.binding` is being - deprecated, so our only direct usage has been removed. - ([@ChALkeR](https://github.com/ChALkeR)) - -#### MORE DEPENDENCIES! - -* [`d940594`](https://github.com/npm/npm/commit/d940594e479a7f012b6dd6952e8ef985ba2a6216) - `tap@1.4.1` - ([@isaacs](https://github.com/isaacs)) -* [`ee38486`](https://github.com/npm/npm/commit/ee3848669331fd98879a3175789d963543f67ce3) - `which@1.1.2`: Added tests for Windows-related dead code that was previously - helping a silent failure happen. Travis stuff, too. - ([@isaacs](https://github.com/isaacs)) - -#### DOC UPDATES - -* [`475daf5`](https://github.com/npm/npm/commit/475daf54ad07777938d1d7ee1a3e576961e84510) - [#9492](https://github.com/npm/npm/issues/9492) Clarify how `.npmignore` and - `.gitignore` are found and used by npm. - ([@addaleax](https://github.com/addaleax)) -* [`b2c391d`](https://github.com/npm/npm/commit/b2c391d7833249626a6d7650363a83bcc778717a) - `nopt@3.0.4`: Minor clarifications to docs about how array and errors work. - ([@zkat](https://github.com/zkat)) - -### v2.14.3 (2015-09-03): - -#### TEAMS AND ORGS STILL BETA. CLI CODE STILL SOLID. - -Our closed beta for Teens and Orcs is happening! The web team is hard at work -making sure everything looks pretty and usable and such. Once we fix things -stemming from that beta, you can expect the feature to be available publicly. -Some time after that, it'll even be available for free for FOSS orgs. It'll Be -Done When It's Done™. - -#### OH GOOD, I CAN ACTUALLY UPSTREAM NOW - -Looks like last week's release foiled our own test suite when trying to upstream -it to Node! Just a friendly reminder that no, `.npmrc` is no longer included -then you pack/release a package! [@othiym23](https://github.com/othiym23) and -[@isaacs](https://github.com/isaacs) managed to suss the really strange test -failures resulting from that, and we've patched it in this release. - -* [`01a3428`](https://github.com/npm/npm/commit/01a3428534b754dca89a56fd1e49f55cb22f6f25) - [#9476](https://github.com/npm/npm/issues/9476) test: Recreate missing - `.npmrc` files when missing so downstream packagers can run tests on packed - npm. - ([@othiym23](https://github.com/othiym23)) - -#### TALKING ABOUT THE CHANGELOG IN THE CHANGELOG IS LIKE, POMO OR SOMETHING - -* [`c1e7a83`](https://github.com/npm/npm/commit/c1e7a83c0ae7aadf01aecc57cf8a0ae2009d4da8) - [#9431](https://github.com/npm/npm/issues/9431) CHANGELOG: clarify - windows-related nature of patch - ([@saper](https://github.com/saper)) - -#### devDependencies UPDATED - -No actual dep updates this week, but we're bumping a couple of devDeps: - -* [`8454835`](https://github.com/npm/npm/commit/84548351bfd63e3e305d195abbcad24c6b7c3e8e) - `tap@1.4.0`: Add `t.contains()` as alias to `t.match()` - ([@isaacs](https://github.com/isaacs)) -* [`13d2216`](https://github.com/npm/npm/commit/13d22161bcdeb6e1ed095d5ba2f77e6abfffa5eb) - `deep-equal@1.0.1`: Make `null == undefined` in non-strict mode - ([@isaacs](https://github.com/isaacs)) - -### v2.14.2 (2015-08-27): - -#### GETTING THAT PESKY `preferGlobal` WARNING RIGHT - -So apparently the `preferGlobal` option hasn't quite been warning correctly for -some time. But now it should be all better! tl;dr: if you try and install a -dependency with `preferGlobal: true`, and it's _not already_ in your -`package.json`, you'll get a warning that the author would really rather you -install it with `--global`. This should prevent Windows PowerShell from thinking -npm has failed just because of a benign warning. - -* [`bbb25f3`](https://github.com/npm/npm/commit/bbb25f30d582f8979168c79233a9f8f840974f90) - [#8841](https://github.com/npm/npm/issues/8841) - [#9409](https://github.com/npm/npm/issues/9409) The `preferGlobal` - warning shouldn't happen if the dependency being installed is listed in - `devDependencies`. ([@saper](https://github.com/saper)) -* [`222fcec`](https://github.com/npm/npm/commit/222fcec85ccd30d35899e5037079fb14625af4e2) - [#9409](https://github.com/npm/npm/issues/9409) `preferGlobal` now prints a - warning when there are no dependencies for the current package. - ([@zkat](https://github.com/zkat)) -* [`5cfed6d`](https://github.com/npm/npm/commit/5cfed6d7a1a5f2731688cfc8293b5e43a6355393) - [#9409](https://github.com/npm/npm/issues/9409) Verify that - `preferGlobal` is warning as expected (when a `preferGlobal` dependency is - installed, but isn't listed in either `dependencies` or `devDependencies`). - ([@zkat](https://github.com/zkat)) - -#### BUMP +1 - -* [`eeafce2`](https://github.com/npm/npm/commit/eeafce2d06883c0f51bf403415b6bc5f2647eba3) - `validate-npm-package-license@3.0.1`: Include additional metadata in parsed license object, - useful for license checkers. ([@kemitchell](https://github.com/kemitchell)) -* [`1502a28`](https://github.com/npm/npm/commit/1502a285f84aa548806b3eafc8889e6288e810f3) - `normalise-package-data@2.3.2`: Updated to use `validate-npm-package-license@3.0.1`. - ([@othiym23](https://github.com/othiym23)) -* [`cbde823`](https://github.com/npm/npm/commit/cbde8233436bf0ea62a4740869b4990322c20659) - `init-package-json@1.9.1`: Add a `silent` option to suppress output on writing the - generated `package.json`. Also, updated to use `validate-npm-package-license@3.0.1`. - ([@zkat](https://github.com/zkat)) -* [`08fda46`](https://github.com/npm/npm/commit/08fda465452b4d77f1ced8050ee3a35a77fc30a5) - `tar@2.2.0`: Minor improvements. ([@othiym23](https://github.com/othiym23)) -* [`dc2f20b`](https://github.com/npm/npm/commit/dc2f20b53fff77203139c863b48da0e959df2ac9) - `rimraf@2.4.3`: `EPERM` now triggers a delay / retry loop (since Windows throws - this when things still hold a handle). ([@isaacs](https://github.com/isaacs)) -* [`e8acb27`](https://github.com/npm/npm/commit/e8acb273aa67ee0394d0431650e1b2a7d09c8554) - `read@1.0.7`: Fix licensing ambiguity. ([@isaacs](https://github.com/isaacs)) - -#### OTHER STUFF THAT'S RELEVANT - -* [`73a1ee0`](https://github.com/npm/npm/commit/73a1ee0be90fa1928521b63f28bef83b8ffab61d) - [#9386](https://github.com/npm/npm/issues/9386) Include additional unignorable files in - documentation. - ([@mjhasbach](https://github.com/mjhasbach)) -* [`0313e40`](https://github.com/npm/npm/commit/0313e40ee0f757fce8861be590ad668c23d7be53) - [#9396](https://github.com/npm/npm/issues/9396) Improve the `EISDIR` error - message returned by npm's error-handling code to give users a better hint of - what's most likely going on. Usually, error reports with this error code are - about people trying to install things without a `package.json`. - ([@KenanY](https://github.com/KenanY)) -* [`2677457`](https://github.com/npm/npm/commit/26774579c739c5951351e58263cf4d6ea3d66ec8) - [#9360](https://github.com/npm/npm/issues/9360) Make it easier to run - only _some_ of npm tests with lifecycle scripts via `npm tap test/tap/testname.js`. - ([@iarna](https://github.com/iarna)) - -### v2.14.1 (2015-08-20): - -#### SECURITY FIX - -There are patches for two information leaks of moderate severity in `npm@2.14.1`: - -1. In some cases, npm was leaking sensitive credential information into the - child environment when running package and lifecycle scripts. This could - lead to packages being published with files (most notably `config.gypi`, a - file created by `node-gyp` that is a cache of environmental information - regenerated on every run) containing the bearer tokens used to authenticate - users to the registry. Users with affected packages have been notified (and - the affected tokens invalidated), and now npm has been modified to not - upload files that could contain this information, as well as scrubbing the - sensitive information out of the environment passed to child scripts. -2. Per-package `.npmrc` files are used by some maintainers as a way to scope - those packages to a specific registry and its credentials. This is a - reasonable use case, but by default `.npmrc` was packed into packages, - leaking those credentials. npm will no longer include `.npmrc` when packing - tarballs. - -If you maintain packages and believe you may be affected by either -of the above scenarios (especially if you've received a security -notification from npm recently), please upgrade to `npm@2.14.1` as -soon as possible. If you believe you may have inadvertently leaked -your credentials, upgrade to `npm@2.14.1` on the affected machine, -and run `npm logout` and then `npm login`. Your access tokens will be -invalidated, which will eliminate any risk posed by tokens inadvertently -included in published packages. We apologize for the inconvenience this -causes, as well as the oversight that led to the existence of this issue -in the first place. - -Huge thanks to [@ChALkeR](https://github.com/ChALkeR) for bringing these -issues to our attention, and for helping us identify affected packages -and maintainers. Thanks also to the Node.js security working group for -their coördination with the team in our response to this issue. We -appreciate everybody's patience and understanding tremendously. - -* [`b9474a8`](https://github.com/npm/npm/commit/b9474a843ca55b7c5fac6da33989e8eb39aff8b1) - `fstream-npm@1.0.5`: Stop publishing build cruft (`config.gypi`) and per-project - `.npmrc` files to keep local configuration out of published packages. - ([@othiym23](https://github.com/othiym23)) -* [`13c286d`](https://github.com/npm/npm/commit/13c286dbdc3fa8fec4cb79fc4d1ee505c8a41b2e) - [#9348](https://github.com/npm/npm/issues/9348) Filter "private" - (underscore-prefixed, even when scoped to a registry) configuration values - out of child environments. ([@othiym23](https://github.com/othiym23)) - -#### BETTER WINDOWS INTEGRATION, ONE STEP AT A TIME - -* [`e40e71f`](https://github.com/npm/npm/commit/e40e71f2f838a8a42392f44e3eeec04e323ab743) - [#6412](https://github.com/npm/npm/issues/6412) Improve the search strategy - used by the npm shims for Windows to prioritize your own local npm installs. - npm has really needed this tweak for a long time, so hammer on it and let us - know if you run into issues, but with luck it will Just Work. - ([@joaocgreis](https://github.com/joaocgreis)) -* [`204ebbb`](https://github.com/npm/npm/commit/204ebbb3e0cab696a429a878ceeb4a7e78ec2b94) - [#8751](https://github.com/npm/npm/issues/8751) - [#7333](https://github.com/npm/npm/issues/7333) Keep [autorun - scripts](https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) from - interfering with npm package and lifecycle script execution on Windows by - adding `/d` and `/s` when invoking `cmd.exe`. - ([@saper](https://github.com/saper)) - -#### IT SEEMED LIKE AN IDEA AT THE TIME - -* [`286f3d9`](https://github.com/npm/npm/commit/286f3d97103812f0fd84b70352addbe899e258f9) - [#9201](https://github.com/npm/npm/pull/9201) For a while npm was building - HTML partials for use on [`docs.npmjs.com`](https://docs.npmjs.com), but we - weren't actually using them. Stop building them, which makes running the full - test suite and installation process around a third faster. - ([@isaacs](https://github.com/isaacs)) - -#### A SINGLE LONELY DEPENDENCY UPGRADE - -* [`b343b95`](https://github.com/npm/npm/commit/b343b956ef777e321e4251ddc96ec6d80827d9e2) - `request@2.61.0`: Bug fixes and keep-alive tweaks. - ([@simov](https://github.com/simov)) - -### v2.14.0 (2015-08-13): - -#### IT'S HERE! KINDA! - -This release adds support for teens and orcs (err, teams and organizations) to -the npm CLI! Note that the web site and registry-side features of this are -still not ready for public consumption. - -A beta should be starting in the next couple of weeks, and the features -themselves will become public once all that's done. Keep an eye out for more -news! - -All of these changes were done under [`#9011`](https://github.com/npm/npm/pull/9011): - -* [`6424170`](https://github.com/npm/npm/commit/6424170fc17c666a6efc090370ec691e0cab1792) - Added new `npm team` command and subcommands. - ([@zkat](https://github.com/zkat)) -* [`52220d1`](https://github.com/npm/npm/commit/52220d146d474ec29b683bd99c06f75cbd46a9f4) - Added documentation for new `npm team` command. - ([@zkat](https://github.com/zkat)) -* [`4e66830`](https://github.com/npm/npm/commit/4e668304850d02df8eb27a779fda76fe5de645e7) - Updated `npm access` to support teams and organizations. - ([@zkat](https://github.com/zkat)) -* [`ea3eb87`](https://github.com/npm/npm/commit/ea3eb8733d9fa09ce34106b1b19fb1a8f95844a5) - Gussied up docs for `npm access` with new commands. - ([@zkat](https://github.com/zkat)) -* [`6e0b431`](https://github.com/npm/npm/commit/6e0b431c1de5e329c86e57d097aa88ebfedea864) - Fix up `npm whoami` to make the underlying API usable elsewhere. - ([@zkat](https://github.com/zkat)) -* [`f29c931`](https://github.com/npm/npm/commit/f29c931012ce5ccd69c29d83548f27e443bf7e62) - `npm-registry-client@7.0.1`: Upgrade `npm-registry-client` API to support - `team` and `access` calls against the registry. - ([@zkat](https://github.com/zkat)) - -#### A FEW EXTRA VERSION BUMPS - -* [`c977e12`](https://github.com/npm/npm/commit/c977e12cbfa50c2f52fc807f5cc19ba1cc1b39bf) - `init-package-json@1.8.0`: Checks for some `npm@3` metadata. - ([@iarna](https://github.com/iarna)) -* [`5c8c9e5`](https://github.com/npm/npm/commit/5c8c9e5ae177ba7d0d298cfa42f3fc7f0271e4ec) - `columnify@1.5.2`: Updated some dependencies. - ([@timoxley](https://github.com/timoxley)) -* [`5d56742`](https://github.com/npm/npm/commit/5d567425768b75aeab402c817a53d8b2bc60d8de) - `chownr@1.0.1`: Tests, docs, and minor style nits. - ([@isaacs](https://github.com/isaacs)) - -#### ALSO A DOC FIX - -* [`846fcc7`](https://github.com/npm/npm/commit/846fcc79b86984b109a97366b0422f995a45f8bf) - [`#9200`](https://github.com/npm/npm/pull/9200) Remove single quotes - around semver range, thus making it valid semver. - ([@KenanY](https://github.com/KenanY)) - -### v2.13.5 (2015-08-07): - -This is another quiet week for the `npm@2` release. -[@zkat](https://github.com/zkat) has been working hard on polishing the CLI -bits of the registry's new feature to support direct management of teams and -organizations, and [@iarna](https://github.com/iarna) continues to work through -the list of issues blocking the general release of `npm@3`, which is looking -more and more solid all the time. - -[@othiym23](https://github.com/othiym23) and [@zkat](https://github.com/zkat) -have also been at this week's Node.js / io.js [collaborator -summit](https://github.com/nodejs/summit/tree/master), both as facilitators and -participants. This is a valuable opportunity to get some face time with other -contributors and to work through a bunch of important discussions, but it does -leave us feeling kind of sleepy. Running meetings is hard! - -What does that leave for this release? A few of the more tricky bug fixes that -have been sitting around for a little while now, and a couple dependency -upgrades. Nothing too fancy, but most of these were contributed by developers -like _you_, which we think is swell. Thanks! - -#### BUG FIXES - -* [`d7271b8`](https://github.com/npm/npm/commit/d7271b8226712479cdd339bf85faf7e394923e0d) - [#4530](https://github.com/npm/npm/issues/4530) The bash completion script - for npm no longer alters global completion behavior around word breaks. - ([@whitty](https://github.com/whitty)) -* [`c9ce294`](https://github.com/npm/npm/commit/c9ce29415a0a8fc610690b6e9d91b64d6e36cfcc) - [#7198](https://github.com/npm/npm/issues/7198) When setting up dependencies - to be shared via `npm link <package>`, only run the lifecycle scripts during - the original link, not when running `npm link <package>` or `npm install - --link` against them. ([@murgatroid99](https://github.com/murgatroid99)) -* [`422da66`](https://github.com/npm/npm/commit/422da664bd3ce71313da447f170507faf5aac46a) - [#9108](https://github.com/npm/npm/issues/9108) Clear up minor confusion - around wording in `bundledDependencies` section of `package.json` docs. - ([@derekpeterson](https://github.com/derekpeterson)) -* [`6b42d99`](https://github.com/npm/npm/commit/6b42d99460885e715772d3487b1c548d2bc8a738) - [#9146](https://github.com/npm/npm/issues/9146) Include scripts that run for - `preversion`, `version`, and `postversion` in the section for lifecycle - scripts rather than the generic `npm run-script` output. - ([@othiym23](https://github.com/othiym23)) - -#### NOPE, NOT DONE WITH DEPENDENCY UPDATES - -* [`91a48bb`](https://github.com/npm/npm/commit/91a48bb5ef5a990781c86f8b69b8a32cf4fac2d9) - `chmodr@1.0.1`: Ignore symbolic links when recursively changing mode, just - like the Unix command. ([@isaacs](https://github.com/isaacs)) -* [`4bbc86e`](https://github.com/npm/npm/commit/4bbc86e3825e2eee9a8758ba26bdea0cb6a2581e) - `nock@2.10.0` ([@pgte](https://github.com/pgte)) - -### v2.13.4 (2015-07-30): - -#### JULY ENDS ON A FAIRLY QUIET NOTE - -Hey everyone! I hope you've had a great week. We're having a fairly small -release this week while we wrap up Teams and Orgs (or, as we've taken to calling -it internally, _Teens and Orcs_). - -In other exciting news, a bunch of us are gonna be at the [Node.js Collaborator -Summit](https://github.com/nodejs/summit/issues/1), and you can also find us at -[wafflejs](https://wafflejs.com/) on Wednesday. Hopefully we'll be seeing some -of you there. :) - -#### THE PATCH!!! - -So here it is. The patch. Hope it helps. (Thanks, -[@ktarplee](https://github.com/ktarplee)!) - -* [`2e58c48`](https://github.com/npm/npm/commit/2e58c4819e3cafe4ae23ab7f4a520fe09258cfd7) - [#9033](https://github.com/npm/npm/pull/9033) `npm version` now works on git - submodules - ([@ktarplee](https://github.com/ktarplee)) - -#### OH AND THERE'S A DEV DEPENDENCIES UPDATE - -Hooray. - -* [`d204683`](https://github.com/npm/npm/commit/d2046839d471322e61e3ceb0f00e78e5c481f967) - `nock@2.9.1` - ([@pgte](https://github.com/pgte)) - -### v2.13.3 (2015-07-23): - -#### I'M SAVING THE GOOD JOKES FOR MORE INTERESTING RELEASES - -It's pretty hard to outdo last week's release buuuuut~ I promise I'll have a -treat when we release our shiny new **Teams and Organizations** feature! :D -(Coming Soon™). It'll be a real *gem*. - -That means it's a pretty low-key release this week. We got some nice -documentation tweaks, a few bugfixes, and other such things, though! - -Oh, and a _bunch of version bumps_. Thanks, `semver`! - -#### IT'S THE LITTLE THINGS THAT MATTER - -* [`2fac6ae`](https://github.com/npm/npm/commit/2fac6aeffefba2934c3db395b525d931599c34d8) - [#9012](https://github.com/npm/npm/issues/9012) A convenience for releases -- - using the globally-installed npm before now was causing minor annoyances, so - we just use the exact same npm we're releasing to build the new release. - ([@zkat](https://github.com/zkat)) - -#### WHAT DOES THIS BUTTON DO? - -There's a couple of doc updates! The last one might be interesting. - -* [`4cd3205`](https://github.com/npm/npm/commit/4cd32050c0f89b7f1ae486354fa2c35eea302ba5) - [#9002](https://github.com/npm/npm/issues/9002) Updated docs to list the - various files that npm automatically includes and excludes, regardless of - settings. - ([@SimenB](https://github.com/SimenB)) -* [`cf09e75`](https://github.com/npm/npm/commit/cf09e754931739af32647d667b671e72a4c79081) - [#9022](https://github.com/npm/npm/issues/9022) Document the `"access"` field - in `"publishConfig"`. Did you know you don't need to use `--access=public` - when publishing scoped packages?! Just put it in your `package.json`! - Go refresh yourself on scopes packages by [checking our docs](https://docs.npmjs.com/getting-started/scoped-packages) on them. - ([@boennemann](https://github.com/boennemann)) -* [`bfd73da`](https://github.com/npm/npm/commit/bfd73da33349cc2afb8278953b2ae16ea95023de) - [#9013](https://github.com/npm/npm/issues/9013) fixed typo in changelog - ([@radarhere](https://github.com/radarhere)) - -#### THE SEMVER MAJOR VERSION APOCALYPSE IS UPON US - -Basically, `semver` is up to `@5`, and that meant we needed to go in an update a -bunch of our dependencies manually. `node-gyp` is still pending update, since -it's not ours, though! - -* [`9232e58`](https://github.com/npm/npm/commit/9232e58d54c032c23716ef976023d36a42bfdcc9) - [#8972](https://github.com/npm/npm/issues/8972) `init-package-json@1.7.1` - ([@othiym23](https://github.com/othiym23)) -* [`ba44f6b`](https://github.com/npm/npm/commit/ba44f6b4201a4faee025341b123e372d8f45b6d9) - [#8972](https://github.com/npm/npm/issues/8972) `normalize-package-data@2.3.1` - ([@othiym23](https://github.com/othiym23)) -* [`3901d3c`](https://github.com/npm/npm/commit/3901d3cf191880bb4420b1d6b8aedbcd8fc26cdf) - [#8972](https://github.com/npm/npm/issues/8972) `npm-install-checks@1.0.6` - ([@othiym23](https://github.com/othiym23)) -* [`ffcc7dd`](https://github.com/npm/npm/commit/ffcc7dd12f8bb94ff0f64c465c57e460b3f24a24) - [#8972](https://github.com/npm/npm/issues/8972) `npm-package-arg@4.0.2` - ([@othiym23](https://github.com/othiym23)) -* [`7128f9e`](https://github.com/npm/npm/commit/7128f9ec10c0c8482087511b716dbddb54249626) - [#8972](https://github.com/npm/npm/issues/8972) `npm-registry-client@6.5.1` - ([@othiym23](https://github.com/othiym23)) -* [`af28911`](https://github.com/npm/npm/commit/af28911ecd54a844f848c6ae41887097d6aa2f3b) - [#8972](https://github.com/npm/npm/issues/8972) `read-installed@4.0.2` - ([@othiym23](https://github.com/othiym23)) -* [`3cc817a`](https://github.com/npm/npm/commit/3cc817a0f34f698b580ff6ff02308700efc54f7c) - [#8972](https://github.com/npm/npm/issues/8972) node-gyp needs its own version - of semver - ([@othiym23](https://github.com/othiym23)) -* [`f98eccc`](https://github.com/npm/npm/commit/f98eccc6e3a6699ca0aa9ecbad93a3b995583871) - [#8972](https://github.com/npm/npm/issues/8972) `semver@5.0.1`: Stop including - browser builds. - ([@isaacs](https://github.com/isaacs)) - -#### \*BUMP\* - -And some other version bumps for good measure. - -* [`254ecfb`](https://github.com/npm/npm/commit/254ecfb04f026c2fd16427db01a53600c1892c8b) - [#8990](https://github.com/npm/npm/issues/8990) `marked-man@0.1.5`: Fixes an - issue with documentation rendering where backticks in 2nd-level headers would - break rendering (?!?!) - ([@steveklabnik](https://github.com/steveklabnik)) -* [`79efd79`](https://github.com/npm/npm/commit/79efd79ac216da8cee8636fb2ed926b0196a4eb6) - `minimatch@2.0.10`: A pattern like `'*.!(x).!(y)'` should not match a name - like `'a.xyz.yab'`. - ([@isaacs](https://github.com/isaacs)) -* [`39c7dc9`](https://github.com/npm/npm/commit/39c7dc9a4e17cd35a5ed882ba671821c9a900f9e) - `request@2.60.0`: A few bug fixes and doc updates. - ([@simov](https://github.com/simov)) -* [`72d3c3a`](https://github.com/npm/npm/commit/72d3c3a9e1e461608aa21b14c01a650333330da9) - `rimraf@2.4.2`: Minor doc and dep updates - ([@isaacs](https://github.com/isaacs)) -* [`7513035`](https://github.com/npm/npm/commit/75130356a06f5f4fbec3786aac9f9f0b36dfe010) - `nock@2.9.1` - ([@pgte](https://github.com/pgte)) -* [`3d9aa82`](https://github.com/npm/npm/commit/3d9aa82260f0643a32c13d0c1ed16f644b6fd4ab) - Fixes this thing where Kat decided to save `nock` as a regular dependency ;) - ([@othiym23](https://github.com/othiym23)) - -### v2.13.2 (2015-07-16): - -#### HOLD ON TO YOUR TENTACLES... IT'S NPM RELEASE TIME! - -Kat: Hooray! Full team again, and we've got a pretty small patch release this -week, about everyone's favorite recurring issue: git URLs! - -Rebecca: No Way! Again? - -Kat: The ride never ends! In the meantime, there's some fun, exciting work in -the background to get orgs and teams out the door. Keep an eye out for news. :) - -Rebecca: And make sure to keep an eye out for patches for the super-fresh -`npm@3`! - -#### LET'S GIT INKY - -Rebecca: So what's this about another git URL issue? - -Kat: Welp, I apparently broke backwards-compatibility on what are actually -invalid `git+https` URLs! So I'm making it work, but we're gonna deprecate URLs -that look like `git+https://user@host:path/is/here`. - -Rebecca: What should we use instead?! - -Kat: Just do me a solid and use `git+ssh://user@host:path/here` or -`git+https://user@host/absolute/https/path` instead! - -* [`769f06e`](https://github.com/npm/npm/commit/769f06e5455d7a9fc738379de2e05868df0dab6f) - Updated tests for `getResolved` so the URLs are run through - `normalize-git-url`. - ([@zkat](https://github.com/zkat)) -* [`edbae68`](https://github.com/npm/npm/commit/edbae685bf48971e878ced373d6825fc1891ee47) - [#8881](https://github.com/npm/npm/issues/8881) Added tests to verify that `git+https:` URLs are handled compatibly. - ([@zkat](https://github.com/zkat)) - -#### NEWS FLASH! DOCUMENTATION IMPROVEMENTS! - -* [`bad4e014`](https://github.com/npm/npm/commit/bad4e0143cc95754a682f1da543b2b4e196e924b) - [#8924](https://github.com/npm/npm/pull/8924) Make sure documented default - values in `lib/cache.js` properly correspond to current code. - ([@watilde](https://github.com/watilde)) -* [`e7a11fd`](https://github.com/npm/npm/commit/e7a11fdf70e333cdfe3dac94a1a30907adb76d59) - [#8036](https://github.com/npm/npm/issues/8036) Clarify the documentation for - `.npmrc` to clarify that it's not read at the project level when doing global - installs. - ([@espadrine](https://github.com/espadrine)) - -#### STAY FRESH~ - -Kat: That's it for npm core changes! - -Rebecca: Great! Let's look at the fresh new dependencies, then! - -Kat: See you all next week! - -Both: Stay Freeesh~ - -(some cat form of Forrest can be seen snoring in the corner) - -* [`bfa1f45`](https://github.com/npm/npm/bfa1f45ee760d05039557d2245b7e3df9fda8def) - `normalize-git-url@3.0.1`: Fixes url normalization such that `git+https:` - accepts scp syntax, but get converted into absolute-path `https:` URLs. Also - fixes scp syntax so you can have absolute paths after the `:` - (`git@myhost.org:/some/absolute/place.git`) - ([@zkat](https://github.com/zkat)) -* [`6f757d2`](https://github.com/npm/npm/6f757d22b53f91da0bebec6b5d16c1f4dbe130b4) - `glob@5.0.15`: Better handling of ENOTSUP - ([@isaacs](https://github.com/isaacs)) -* [`0920819`](https://github.com/npm/npm/09208197fb8b0c6d5dbf6bd7f59970cf366de989) - `node-gyp@2.0.2`: Fixes an issue with long paths on Win32 - ([@TooTallNate](https://github.com/TooTallNate)) - -### v2.13.1 (2015-07-09): - -#### KAUAI WAS NICE. I MISS IT. - -But Forrest's still kinda on vacation, and not just mentally, because he's -hanging out with the fine meatbags at CascadiaFest. Enjoy this small bug -release. - -#### MAKE OURSELVES HAPPY - -* [`40981f2`](https://github.com/npm/npm/commit/40981f2e0c9c12bb003ccf188169afd1d201f5af) - [#8862](https://github.com/npm/npm/issues/8862) Make the lifecycle's safety - check work with scoped packages. ([@tcort](https://github.com/tcort)) -* [`5125856`](https://github.com/npm/npm/commit/512585622481dbbda9a0306932468d59efaff658) - [#8855](https://github.com/npm/npm/issues/8855) Make dependency versions of - `"*"` match `"latest"` when all versions are prerelease. - ([@iarna](https://github.com/iarna)) -* [`22fdc1d`](https://github.com/npm/npm/commit/22fdc1d52602ba7098af978c75fca8f7d1060141) - Visually emphasize the correct way to write lifecycle scripts. - ([@josh-egan](https://github.com/josh-egan)) - -#### MAKE TRAVIS HAPPY - -* [`413c3ac`](https://github.com/npm/npm/commit/413c3ac2ab2437f3011c6ca0d1630109ec14e604) - Use npm's `2.x` branch for testing its `2.x` branch. - ([@iarna](https://github.com/iarna)) -* [`7602f64`](https://github.com/npm/npm/commit/7602f64826f7a465d9f3a20bd87a376d992607e6) - Don't prompt for GnuPG passphrase in version lifecycle tests. - ([@othiym23](https://github.com/othiym23)) - -#### MAKE `npm outdated` HAPPY - -* [`d338668`](https://github.com/npm/npm/commit/d338668601d1ebe5247a26237106e80ea8cd7f48) - [#8796](https://github.com/npm/npm/issues/8796) `fstream-npm@1.0.4`: When packing the - package tarball, npm no longer crashes for packages with certain combinations of - `.npmignore` entries, `.gitignore` entries, and lifecycle scripts. - ([@iarna](https://github.com/iarna)) -* [`dbe7c9c`](https://github.com/npm/npm/commit/dbe7c9c74734be870d16dd61b9e7f746123011f6) - `nock@2.7.0`: Add matching based on query strings. - ([@othiym23](https://github.com/othiym23)) - -There are new versions of `strip-ansi` and `ansi-regex`, but npm only uses them -indirectly, so we pushed them down into their dependencies where they can get -updated at their own pace. - -* [`06b6ca5`](https://github.com/npm/npm/commit/06b6ca5b5333025f10c8d901628859bd4678e027) - undeduplicate `ansi-regex` ([@othiym23](https://github.com/othiym23)) -* [`b168e33`](https://github.com/npm/npm/commit/b168e33ad46faf47020a45f72ba8cec8c644bdb9) - undeduplicate `strip-ansi` ([@othiym23](https://github.com/othiym23)) - -### v2.13.0 (2015-07-02): - -#### FORREST IS OUT! LET'S SNEAK IN ALL THE THINGS! - -Well, not _everything_. Just a couple of goodies, like the new `npm ping` -command, and the ability to add files to the commits created by `npm version` -with the new version hooks. There's also a couple of bugfixes in `npm` itself -and some of its dependencies. Here we go! - -#### YES HELLO THIS IS NPM REGISTRY SORRY NO DOG HERE - -Yes, that's right! We now have a dedicated `npm ping` command. It's super simple -and super easy. You ping. We tell you whether you pinged right by saying hello -right back. This should help out folks dealing with things like proxy issues or -other registry-access debugging issues. Give it a shot! - -This addresses [#5750](https://github.com/npm/npm/issues/5750), and will help -with the `npm doctor` stuff described in -[#6756](https://github.com/npm/npm/issues/6756). - -* [`f1f7a85`](https://github.com/npm/npm/commit/f1f7a85) - Add ping command to CLI - ([@michaelnisi](https://github.com/michaelnisi)) -* [`8cec629`](https://github.com/npm/npm/commit/8cec629) - Add ping command to npm-registry-client - ([@michaelnisi](https://github.com/michaelnisi)) -* [`0c0c92d`](https://github.com/npm/npm/0c0c92d) - Fixed ping command issues (added docs, tests, fixed minor bugs, etc) - ([@zkat](https://github.com/zkat)) - -#### I'VE WANTED THIS FOR `version` SINCE LIKE LITERALLY FOREVER AND A DAY - -Seriously! This patch lets you add files to the `version` commit before it's -made, So you can add additional metadata files, more automated changes to -`package.json`, or even generate `CHANGELOG.md` automatically pre-commit if -you're into that sort of thing. I'm so happy this is there I can't even. Do you -have other fun usecases for this? Tell -[npmbot (@npmjs)](http://twitter.com/npmjs) about it! - -* [`582f170`](https://github.com/npm/npm/commit/582f170) - [#8620](https://github.com/npm/npm/issues/8620) version: Allow scripts to add - files to the commit. - ([@jamestalmage](https://github.com/jamestalmage)) - -#### ALL YOUR FILE DESCRIPTORS ARE BELONG TO US - -We've had problems in the past with things like `EMFILE` errors popping up when -trying to install packages with a bunch of dependencies. Isaac patched up -[`graceful-fs`](https://github.com/isaacs/node-graceful-fs) to handle this case -better, so we should be seeing fewer of those. - -* [`022691a`](https://github.com/npm/npm/commit/022691a) - `graceful-fs@4.1.2`: Updated so we can monkey patch globally. - ([@isaacs](https://github.com/isaacs)) -* [`c9fb0fd`](https://github.com/npm/npm/commit/c9fb0fd) - Globally monkey-patch graceful-fs. This should fix some errors when installing - packages with lots of dependencies. - ([@isaacs](https://github.com/isaacs)) - -#### READ THE FINE DOCS. THEY'VE IMPROVED - -* [`5587d0d`](https://github.com/npm/npm/commit/5587d0d) - Nice clarification for `directories.bin` - ([@ujane](https://github.com/ujane)) -* [`20673c7`](https://github.com/npm/npm/commit/20673c7) - Hey, Windows folks! Check out - [`nvm-windows`](https://github.com/coreybutler/nvm-windows) - ([@ArtskydJ](https://github.com/ArtskydJ)) - -#### MORE NUMBERS! MORE VALUE! - -* [`5afa2d5`](https://github.com/npm/npm/commit/5afa2d5) - `validate-npm-package-name@2.2.2`: Documented package name rules in README - ([@zeusdeux](https://github.com/zeusdeux)) -* [`021f4d9`](https://github.com/npm/npm/commit/021f4d9) - `rimraf@2.4.1`: [#74](https://github.com/isaacs/rimraf/issues/74) Use async - function for bin (to better handle Window's `EBUSY`) - ([@isaacs](https://github.com/isaacs)) -* [`5223432`](https://github.com/npm/npm/commit/5223432) - `osenv@0.1.3`: Use `os.homedir()` polyfill for more reliable output. io.js - added the function and the polyfill does a better job than the prior solution. - ([@sindresorhus](https://github.com/sindresorhus)) -* [`8ebbc90`](https://github.com/npm/npm/commit/8ebbc90) - `npm-cache-filename@1.0.2`: Make sure different git references get different - cache folders. This should prevent `foo/bar#v1.0` and `foo/bar#master` from - sharing the same cache folder. - ([@tomekwi](https://github.com/tomekwi)) -* [`367b854`](https://github.com/npm/npm/commit/367b854) - `lru-cache@2.6.5`: Minor test/typo changes - ([@isaacs](https://github.com/isaacs)) -* [`9fcae61`](https://github.com/npm/npm/commit/9fcae61) - `glob@5.0.13`: Tiny doc change + stop firing 'match' events for ignored items. - ([@isaacs](https://github.com/isaacs)) - -#### OH AND ONE MORE THING - -* [`7827249`](https://github.com/npm/npm/commit/7827249) - `PeerDependencies` errors now include the package version. - ([@NickHeiner](https://github.com/NickHeiner)) - -### v2.12.1 (2015-06-25): - -#### HEY WHERE DID EVERYBODY GO - -I keep [hearing some commotion](https://github.com/npm/npm/releases/tag/v3.0.0). -Is there something going on? Like, a party or something? Anyway, here's a small -release with at least two significant bug fixes, at least one of which some of -you have been waiting for for quite a while. - -#### REMEMBER WHEN I SAID "REMEMBER WHEN I SAID THAT THING ABOUT PERMISSIONS?"? - -`npm@2.12.0` has a change that introduces a fix for a permissions problem -whereby the `_locks` directory in the cache directory can up being owned by -root. The fix in 2.12.0 takes care of that problem, but introduces a new -problem for Windows users where npm tries to call `process.getuid()`, which -doesn't exist on Windows. It was easy enough to fix (but more or less -impossible to test, thanks to all the external dependencies involved with -permissions and platforms and whatnot), but as a result, Windows users might -want to skip `npm@2.12.0` and go straight to `npm@2.12.1`. Sorry about that! - -* [`7e5da23`](https://github.com/npm/npm/commit/7e5da238ee869201fdb9027c27b79b0f76b440a8) - When using the new, "fixed" cache directory creator, be extra-careful to not - call `process.getuid()` on platforms that lack it. - ([@othiym23](https://github.com/othiym23)) - -#### WHEW! ALL DONE FIXING GIT FOREVER! - -New npm CLI team hero [@zkat](https://github.com/zkat) has finally (FINALLY) -fixed the regression somebody (hi!) introduced a couple months ago whereby git -URLs of the format `git+ssh://user@githost.com:org/repo.git` suddenly stopped -working, and also started being saved (and cached) incorrectly. I am 100% sure -there are absolutely no more bugs in the git caching code at all ever. Mm hm. -Yep. Pretty sure. Maybe. Hmm... I hope. - -*Sighs audibly.* - -[Let us know](http://github.com/npm/npm/issues/new) if we broke something else -with this fix. - -* [`94ca4a7`](https://github.com/npm/npm/commit/94ca4a711619ba8e40ce3d20bc42b13cdb7611b7) - [#8031](https://github.com/npm/npm/issues/8031) Even though - `git+ssh://user@githost.com:org/repo.git` isn't a URL, treat it like one for - the purposes of npm. ([@zkat](https://github.com/zkat)) -* [`e7f56e5`](https://github.com/npm/npm/commit/e7f56e5a97fcf1c52d5c5bee71303b0126129815) - [#8031](https://github.com/npm/npm/issues/8031) `normalize-git-url@2.0.0`: - Handle git URLs (and URL-like remote refs) in a manner consistent with npm's - docs. ([@zkat](https://github.com/zkat)) - -#### YEP, THERE ARE STILL DEPENDENCY UPGRADES - -* [`679bf47`](https://github.com/npm/npm/commit/679bf4745ac2cfbb01c9ce273e189807fd04fa33) - [#40](http://github.com/npm/read-installed/issues/40) `read-installed@4.0.1`: - Handle prerelease versions in top-level dependencies not in `package.json` - without marking those packages as invalid. - ([@benjamn](https://github.com/benjamn)) -* [`3a67410`](https://github.com/npm/npm/commit/3a6741068c9119174c920496778aeee870ebdac0) - `tap@1.3.1` ([@isaacs](https://github.com/isaacs)) -* [`151904a`](https://github.com/npm/npm/commit/151904af39dc24567f8c98529a2a64a4dbcc960a) - `nopt@3.0.3` ([@isaacs](https://github.com/isaacs)) - -### v2.12.0 (2015-06-18): - -#### REMEMBER WHEN I SAID THAT THING ABOUT PERMISSIONS? - -About [a million people](https://github.com/npm/npm/issues?utf8=%E2%9C%93&q=is%3Aissue+EACCES+_locks) -have filed issues related to having a tough time using npm after they've run -npm once or twice with sudo. "Don't worry about it!" I said. "We've fixed all -those permissions problems ages ago! Use this one weird trick and you'll never -have to deal with this again!" - -Well, uh, if you run npm with root the first time you run npm on a machine, it -turns out that the directory npm uses to store lockfiles ends up being owned by -the wrong user (almost always root), and that can, well, it can cause problems -sometimes. By which I mean every time you run npm without being root it'll barf -with `EACCES` errors. Whoops! - -This is an obnoxious regression, and to prevent it from recurring, we've made -it so that the cache, cached git remotes, and the lockfile directories are all -created and maintained using the same utilty module, which not only creates the -relevant paths with the correct permissions, but will fix the permissions on -those directories (if it can) when it notices that they're broken. An `npm -install` run as root ought to be sufficient to fix things up (and if that -doesn't work, first tell us about it, and then run `sudo chown -R $(whoami) -$HOME/.npm`) - -Also, I apologize for inadvertently gaslighting any of you by claiming this bug -wasn't actually a bug. I do think we've got this permanently dealt with now, -but I'll be paying extra-close attention to permissions issues related to the -cache for a while. - -* [`85d1a53`](https://github.com/npm/npm/commit/85d1a53d7b5e0fc04823187e522ae3711ede61fa) - Set permissions on lock directory to the owner of the process. - ([@othiym23](https://github.com/othiym23)) - -#### I WENT TO NODECONF AND ALL I GOT WAS THIS LOUSY SPDX T-SHIRT - -That's not literally true. We spent very little time discussing SPDX, -[@kemitchell](https://github.com/kemitchell) is a champ, and I had a lot of fun -playing drum & bass to a mostly empty Boogie Barn and only ended up with one -moderately severe cold for my pains. Another winner of a NodeConf! (I would -probably wear a SPDX T-shirt if somebody gave me one, though.) - -A bunch of us did have a spirited discussion of the basics of open-source -intellectual property, and the convergence of me, -[@kemitchell](https://github.com/kemitchell), and -[@jandrieu](https://github.com/jandrieu) in one place allowed us to hammmer out -a small but significant issue that had been bedeviling early adopters of the -new SPDX expression syntax in `package.json` license fields: how to deal with -packages that are left without a license on purpose. - -Refer to [the docs](https://github.com/npm/npm/blob/16a3dd545b10f8a2464e2037506ce39124739b41/doc/files/package.json.md#license) -for the specifics, but the short version is that instead of using -`LicenseRef-LICENSE` for proprietary licenses, you can now use either -`UNLICENSED` if you want to make it clear that you don't _want_ your software -to be licensed (and want npm to stop warning you about this), or `SEE LICENSE -IN <filename>` if there's a license with custom text you want to use. At some -point in the near term, we'll be updating npm to verify that the mentioned -file actually exists, but for now you're all on the honor system. - -* [`4827fc7`](https://github.com/npm/npm/commit/4827fc784117c17f35dd9b51b21d1eff6094f661) - [#8557](https://github.com/npm/npm/issues/8557) - `normalize-package-data@2.2.1`: Allow `UNLICENSED` and `SEE LICENSE IN - <filename>` in "license" field of `package.json`. - ([@kemitchell](https://github.com/kemitchell)) -* [`16a3dd5`](https://github.com/npm/npm/commit/16a3dd545b10f8a2464e2037506ce39124739b41) - [#8557](https://github.com/npm/npm/issues/8557) Document the new accepted - values for the "license" field. - ([@kemitchell](https://github.com/kemitchell)) -* [`8155311`](https://github.com/npm/npm/commit/81553119350deaf199e79e38e35b52a5c8ad206c) - [#8557](https://github.com/npm/npm/issues/8557) `init-package-json@1.7.0`: - Support new "license" field values at init time. - ([@kemitchell](https://github.com/kemitchell)) - -#### SMALLISH BUG FIXES - -* [`9d8cac9`](https://github.com/npm/npm/commit/9d8cac94a258db648a2b1069b1c8c6529c79d013) - [#8548](https://github.com/npm/npm/issues/8548) Remove extraneous newline - from `npm view` output, making it easier to use in shell scripts. - ([@eush77](https://github.com/eush77)) -* [`765fd4b`](https://github.com/npm/npm/commit/765fd4bfca8ea3e2a4a399765b17eec40a3d893d) - [#8521](https://github.com/npm/npm/issues/8521) When checking for outdated - packages, or updating packages, raise an error when the registry is - unreachable instead of silently "succeeding". - ([@ryantemple](https://github.com/ryantemple)) - -#### SMALLERISH DOCUMENTATION TWEAKS - -* [`5018335`](https://github.com/npm/npm/commit/5018335ce1754a9f771954ecbc1a93acde9b8c0a) - [#8365](https://github.com/npm/npm/issues/8365) Add details about which git - environment variables are whitelisted by npm. - ([@nmalaguti](https://github.com/nmalaguti)) -* [`bed9edd`](https://github.com/npm/npm/commit/bed9edddfdcc6d22a80feab33b53e4ef9172ec72) - [#8554](https://github.com/npm/npm/issues/8554) Fix typo in version docs. - ([@rainyday](https://github.com/rainyday)) - -#### WELL, I GUESS THERE ARE MORE DEPENDENCY UPGRADES - -* [`7ce2f06`](https://github.com/npm/npm/commit/7ce2f06f6f34d469b1d2e248084d4f3fef10c05e) - `request@2.58.0`: Refactor tunneling logic, and use `extend` instead of - abusing `util._extend`. ([@simov](https://github.com/simov)) -* [`e6c6195`](https://github.com/npm/npm/commit/e6c61954aad42e20eec49745615c7640b2026a6c) - `nock@2.6.0`: Refined interception behavior. - ([@pgte](https://github.com/pgte)) -* [`9583cc3`](https://github.com/npm/npm/commit/9583cc3cb192c2fced006927cfba7cd37b588605) - `fstream-npm@1.0.3`: Ensure that `main` entry in `package.json` is always - included in the bundled package tarball. - ([@coderhaoxin](https://github.com/coderhaoxin)) -* [`df89493`](https://github.com/npm/npm/commit/df894930f2716adac28740b29b2e863170919990) - `fstream@1.0.7` ([@isaacs](https://github.com/isaacs)) -* [`9744049`](https://github.com/npm/npm/commit/974404934758124aa8ae5b54f7d5257c3bd6b588) - `dezalgo@1.0.3`: `dezalgo` should be usable in the browser, and can be now - that `asap` has been upgraded to be browserifiable. - ([@mvayngrib](https://github.com/mvayngrib)) - -### v2.11.3 (2015-06-11): - -This was a very quiet week. This release was done by -[@iarna](https://github.com/iarna), while the rest of the team hangs out at -NodeConf Adventure! - -#### TESTS IN 0.8 FAIL LESS - -* [`5b3b3c2`](https://github.com/npm/npm/commit/5b3b3c2) - [#8491](//github.com/npm/npm/pull/8491) - Updates a test to use only 0.8 compatible features - ([@watilde](https://github.com/watilde)) - -#### THE TREADMILL OF UPDATES NEVER CEASES - -* [`9f439da`](https://github.com/npm/npm/commit/9f439da) - `spdx@0.4.1`: License range updates - ([@kemitchell](https://github.com/kemitchell)) -* [`2dd055b`](https://github.com/npm/npm/commit/2dd055b) - `normalize-package-data@2.2.1`: Fixes a crashing bug when the package.json - `scripts` property is not an object. - ([@iarna](https://github.com/iarna)) -* [`e02e85d`](https://github.com/npm/npm/commit/e02e85d) - `osenv@0.1.2`: Switches to using the `os-tmpdir` module instead of - `os.tmpdir()` for greater consistency in behavior between node versions. - ([@iarna](https://github.com/iarna)) -* [`a6f0265`](https://github.com/npm/npm/commit/a6f0265) - `ini@1.3.4` ([@isaacs](https://github.com/isaacs)) -* [`7395977`](https://github.com/npm/npm/commit/7395977) - `rimraf@2.4.0` ([@isaacs](https://github.com/isaacs)) - -### v2.11.2 (2015-06-04): - -Another small release this week, brought to you by the latest addition to the -CLI team, [@zkat](https://github.com/zkat) (Hi, all!) - -Mostly small documentation tweaks and version updates. Oh! And `npm outdated` -is actually sorted now. Rejoice! - -It's gonna be a while before we get another palindromic version number. Enjoy it -while it lasts. :3 - -#### QUALITY OF LIFE HAS NEVER BEEN BETTER - -* [`31aada4`](https://github.com/npm/npm/commit/31aada4ccc369c0903ff7f233f464955d12c6fe2) - [#8401](https://github.com/npm/npm/issues/8401) `npm outdated` output is just - that much nicer to consume now, due to sorting by name. - ([@watilde](https://github.com/watilde)) -* [`458a919`](https://github.com/npm/npm/commit/458a91925d8b20c5e672ba71a86745aad654abaf) - [#8469](https://github.com/npm/npm/pull/8469) Explicitly set `cwd` for - `preversion`, `version`, and `postversion` scripts. This makes the scripts - findable relative to the root dir. - ([@alexkwolfe](https://github.com/alexkwolfe)) -* [`55d6d71`](https://github.com/npm/npm/commit/55d6d71562e979e745c9db88861cc39f99b9f3ec) - Ensure package name and version are included in display during `npm version` - lifecycle execution. Gets rid of those little `undefined`s in the console. - ([@othiym23](https://github.com/othiym23)) - -#### WORDS HAVE NEVER BEEN QUITE THIS READABLE - -* [`3901e49`](https://github.com/npm/npm/commit/3901e4974c800e7f9fba4a5b2ff88da1126d5ef8) - [#8462](https://github.com/npm/npm/pull/8462) English apparently requires - correspondence between indefinite articles and attached nouns. - ([@Enet4](https://github.com/Enet4)) -* [`5a744e4`](https://github.com/npm/npm/commit/5a744e4b143ef7b2f50c80a1d96fdae4204d452b) - [#8421](https://github.com/npm/npm/pull/8421) The effect of `npm prune`'s - `--production` flag and how to use it have been documented a bit better. - ([@foiseworth](https://github.com/foiseworth)) -* [`eada625`](https://github.com/npm/npm/commit/eada625993485f0a2c5324b06f02bfa0a95ce4bc) - We've updated our `.mailmap` and `AUTHORS` files to make sure credit is given - where credit is due. ([@othiym23](https://github.com/othiym23)) - -#### VERSION NUMBERS HAVE NEVER BEEN BIGGER - -* [`c929fd1`](https://github.com/npm/npm/commit/c929fd1d0604b5878ed05706447e078d3e41f5b3) - `readable-stream@1.1.13`: Manually deduped `v1.1.13` (streams3) to make - deduping more reliable on `npm@<3`. ([@othiym23](https://github.com/othiym23)) -* [`a9b4b78`](https://github.com/npm/npm/commit/a9b4b78dcc85571fd1cdd737903f7f37a5e6a755) - `request@2.57.0`: Replace dependency on IncomingMessage's `.client` with - `.socket` as the former was deprecated in io.js 2.2.0. - ([@othiym23](https://github.com/othiym23)) -* [`4b5e557`](https://github.com/npm/npm/commit/4b5e557a23cdefd521ad154111e3d4dcc81f1cdb) - `abbrev@1.0.7`: Better testing, with coverage. - ([@othiym23](https://github.com/othiym23)) -* [`561affe`](https://github.com/npm/npm/commit/561affee21df9bbea5a47298f2452f533be8f359) - `semver@4.3.6`: .npmignore added for less cruft, and better testing, with coverage. - ([@othiym23](https://github.com/othiym23)) -* [`60aef3c`](https://github.com/npm/npm/commit/60aef3cf5d84d757752db3eb8ede2cb385469e7b) - `graceful-fs@3.0.8`: io.js fixes. - ([@zkat](https://github.com/zkat)) -* [`f8bd453`](https://github.com/npm/npm/commit/f8bd453b1a1c46ba7666cb166595e8a011eae443) - `config-chain@1.1.9`: Added MIT license to package.json - ([@zkat](https://github.com/zkat)) - -### v2.11.1 (2015-05-28): - -This release brought to you from poolside at the Omni Amelia Island Resort and -JSConf 2015, which is why it's so tiny. - -#### CONFERENCE WIFI CAN'T STOP THESE BUG FIXES - -* [`cf109a6`](https://github.com/npm/npm/commit/cf109a682f38a059a994da953d5c1b4aaece5e2f) - [#8381](https://github.com/npm/npm/issues/8381) Documented a subtle gotcha - with `.npmrc`, which is that it needs to have its permissions set such that - only the owner can read or write the file. - ([@colakong](https://github.com/colakong)) -* [`180da67`](https://github.com/npm/npm/commit/180da67c9fa53103d625e2f031626c2453c7ebcd) - [#8365](https://github.com/npm/npm/issues/8365) Git 2.3 adds support for - `GIT_SSH_COMMAND`, which allows you to pass an explicit git command (with, - for example, a specific identity passed in on the command line). - ([@nmalaguti](https://github.com/nmalaguti)) - -#### MY (VIRGIN) PINA COLADA IS GETTING LOW, BETTER UPGRADE THESE DEPENDENCIES - -* [`b72de41`](https://github.com/npm/npm/commit/b72de41c5cc9f0c46d3fa8f062c75bd273641474) - `node-gyp@2.0.0`: Use a newer version of `gyp`, and generally improve support - for Visual Studios and Windows. - ([@TooTallNate](https://github.com/TooTallNate)) -* [`8edbe21`](https://github.com/npm/npm/commit/8edbe210af41e8f248f5bb92c72de92f54fda3b1) - `node-gyp@2.0.1`: Don't crash when Python's version doesn't parse as valid - semver. ([@TooTallNate](https://github.com/TooTallNate)) -* [`ba0e0a8`](https://github.com/npm/npm/commit/ba0e0a845a4f29717aba566b416a27d1a22f5d08) - `glob@5.0.10`: Add coverage to tests. ([@isaacs](https://github.com/isaacs)) -* [`7333701`](https://github.com/npm/npm/commit/7333701b5d4f01673f37d64992c63c4e15864d6d) - `request@2.56.0`: Bug fixes and dependency upgrades. - ([@simov](https://github.com/simov)) - -### v2.11.0 (2015-05-21): - -For the first time in a very long time, we've added new events to the life -cycle used by `npm run-script`. Since running `npm version (major|minor|patch)` -is typically the last thing many developers do before publishing their updated -packages, it makes sense to add life cycle hooks to run tests or otherwise -preflight the package before doing a full publish. Thanks, as always, to the -indefatigable [@watilde](https://github.com/watilde) for yet another great -usability improvement for npm! - -#### FEATURELETS - -* [`b07f7c7`](https://github.com/npm/npm/commit/b07f7c7c1e5021730b3c320f1b3a46e70f8a21ff) - [#7906](https://github.com/npm/npm/issues/7906) - Add new [`scripts`](https://github.com/npm/npm/blob/master/doc/misc/npm-scripts.md) to - allow you to run scripts before and after - the [`npm version`](https://github.com/npm/npm/blob/master/doc/cli/npm-version.md) - command has run. This makes it easy to, for instance, require that your - test suite passes before bumping the version by just adding `"preversion": - "npm test"` to the scripts section of your `package.json`. - ([@watilde](https://github.com/watilde)) -* [`8a46136`](https://github.com/npm/npm/commit/8a46136f42e416cbadb533bcf89d73d681ed421d) - [#8185](https://github.com/npm/npm/issues/8185) - When we get a "not found" error from the registry, we'll now check to see - if the package name you specified is invalid and if so, give you a better - error message. ([@thefourtheye](https://github.com/thefourtheye)) - -#### BUG FIXES - -* [`9bcf573`](https://github.com/npm/npm/commit/9bcf5730bd0316f210dafea898afe9103849cea9) - [#8324](https://github.com/npm/npm/pull/8324) On Windows, when you've configured a - custom `node-gyp`, run it with node itself instead of using the default open action (which - is almost never what you want). ([@bangbang93](https://github.com/bangbang93)) -* [`1da9b04`](https://github.com/npm/npm/commit/1da9b0411d3416c7fca17d08cbbcfca7ae86e92d) - [#7195](https://github.com/npm/npm/issues/7195) - [#7260](https://github.com/npm/npm/issues/7260) `npm-registry-client@6.4.0`: - (Re-)allow publication of existing mixed-case packages (part 1). - ([@smikes](https://github.com/smikes)) -* [`e926783`](https://github.com/npm/npm/commit/e9267830ab261c751f12723e84d2458ae9238646) - [#7195](https://github.com/npm/npm/issues/7195) - [#7260](https://github.com/npm/npm/issues/7260) - `normalize-package-data@2.2.0`: (Re-)allow publication of existing mixed-case - packages (part 2). ([@smikes](https://github.com/smikes)) - -#### DOCUMENTATION IMPROVEMENTS - -* [`f62ee05`](https://github.com/npm/npm/commit/f62ee05333b141539a8e851c620dd2e82ff06860) - [#8314](https://github.com/npm/npm/issues/8314) Update the README to warn - folks away from using the CLI's internal API. For the love of glob, just use a - child process to run the CLI! ([@claycarpenter](https://github.com/claycarpenter)) -* [`1093921`](https://github.com/npm/npm/commit/1093921c04db41ab46db24a170a634a4b2acd8d9) - [#8279](https://github.com/npm/npm/pull/8279) - Update the documentation to note that, yes, you can publish scoped packages to the - public registry now! ([@mantoni](https://github.com/mantoni)) -* [`f87cde5`](https://github.com/npm/npm/commit/f87cde5234a760d3e515ffdaacaed6f5b71dbf44) - [#8292](https://github.com/npm/npm/pull/8292) - Fix typo in an example and grammar in the description in - the [shrinkwrap documentation](https://github.com/npm/npm/blob/master/doc/cli/npm-shrinkwrap.md). - ([@vshih](https://github.com/vshih)) -* [`d3526ce`](https://github.com/npm/npm/commit/d3526ceb09a0c29fdb7d4124536ae09057d033e7) - Improve the formatting in - the [shrinkwrap documentation](https://github.com/npm/npm/blob/master/doc/cli/npm-shrinkwrap.md). - ([@othiym23](https://github.com/othiym23)) -* [`19fe6d2`](https://github.com/npm/npm/commit/19fe6d20883e28956ff916fe4dae42d73ee6195b) - [#8311](https://github.com/npm/npm/pull/8311) - Update [README.md](https://github.com/npm/npm#readme) to use syntax highlighting in - its code samples and bits of shell scripts. ([@SimenB](https://github.com/SimenB)) - -#### DEPENDENCY UPDATES! ALWAYS AND FOREVER! - -* [`fc52160`](https://github.com/npm/npm/commit/fc52160d0223226fffe4166f42fdfd3b899b3c1e) - [#4700](https://github.com/npm/npm/issues/4700) [#5044](https://github.com/npm/npm/issues/5044) - `init-package-json@1.6.0`: Make entering an invalid version while running `npm init` give - you an immediate error and prompt you to correct it. ([@watilde](https://github.com/watilde)) -* [`738853e`](https://github.com/npm/npm/commit/738853eb1f55636476a2a410c2c04732eec9d51e) - [#7763](https://github.com/npm/npm/issues/7763) `fs-write-stream-atomic@1.0.3`: Fix a bug - where errors would not propagate, making error messages unhelpful. - ([@iarna](https://github.com/iarna)) -* [`6d74a2d`](https://github.com/npm/npm/commit/6d74a2d2ac7f92750cf6a2cfafae1af23b569098) - `npm-package-arg@4.0.1`: Fix tests on windows ([@Bacra](https://github.com)) and with - more recent `hosted-git-info`. ([@iarna](https://github.com/iarna)) -* [`50f7178`](https://github.com/npm/npm/commit/50f717852fbf713ef6cbc4e0a9ab42657decbbbd) - `hosted-git-info@2.1.4`: Correct spelling in its documentation. - ([@iarna](https://github.com/iarna)) -* [`d7956ca`](https://github.com/npm/npm/commit/d7956ca17c057d5383ff0d3fc5cf6ac2940b034d) - `glob@5.0.7`: Fix a bug where unusual error conditions could make - further use of the module fail. ([@isaacs](https://github.com/isaacs)) -* [`44f7d74`](https://github.com/npm/npm/commit/44f7d74c5d3181d37da7ea7949c86b344153f8d9) - `tap@1.1.0`: Update to the most recent tap to get a whole host of bug - fixes and integration with [coveralls](https://coveralls.io/). - ([@isaacs](https://github.com/isaacs)) -* [`c21e8a8`](https://github.com/npm/npm/commit/c21e8a8d94bcf0ad79dc583ddc53f8366d4813b3) - `nock@2.2.0` ([@othiym23](https://github.com/othiym23)) - -#### LICENSE FILES FOR THE LICENSE GOD - -* Add missing ISC license file to package ([@kasicka](https://github.com/kasicka)): - * [`aa9908c`](https://github.com/npm/npm/commit/aa9908c20017729673b9d410b77f9a16b7aae8a4) `realize-package-specifier@3.0.1` - * [`23a3b1a`](https://github.com/npm/npm/commit/23a3b1a726b9176c70ce0ccf3cd9d25c54429bdf) `fs-vacuum@1.2.6` - * [`8e04bba`](https://github.com/npm/npm/commit/8e04bba830d4353d84751d21803cd127c96153a7) `dezalgo@1.0.2` - * [`50f7178`](https://github.com/npm/npm/commit/50f717852fbf713ef6cbc4e0a9ab42657decbbbd) `hosted-git-info@2.1.4` - * [`6a54917`](https://github.com/npm/npm/commit/6a54917fbd4df995495a95d4b548defd44b77c93) `write-file-atomic@1.1.2` - * [`971f92c`](https://github.com/npm/npm/commit/971f92c4a4e5514217d1e4db45d1ccf71a60ff19) `async-some@1.0.2` - * [`67b50b7`](https://github.com/npm/npm/commit/67b50b7667a42bb3340a660eb2e617e1a554d2d4) `normalize-git-url@1.0.1` - -#### SPDX LICENSE UPDATES - -* Switch license to - [BSD-2-Clause](http://spdx.org/licenses/BSD-2-Clause.html#licenseText) from - plain "BSD" ([@isaacs](https://github.com/isaacs)): - * [`efdb733`](https://github.com/npm/npm/commit/efdb73332eeedcad4c609796929070b62abb37ab) `npm-user-validate@0.1.2` - * [`e926783`](https://github.com/npm/npm/commit/e9267830ab261c751f12723e84d2458ae9238646) `normalize-package-data@2.2.0` -* Switch license to [ISC](http://spdx.org/licenses/ISC.html#licenseText) from - [BSD](http://spdx.org/licenses/BSD-2-Clause.html#licenseText) - ([@isaacs](https://github.com/isaacs)): - * [`c300956`](https://github.com/npm/npm/commit/c3009565a964f0ead4ac4ab234b1a458e2365f17) `block-stream@0.0.8` - * [`1de1253`](https://github.com/npm/npm/commit/1de125355765fecd31e682ed0ff9d2edbeac0bb0) `lockfile@1.0.1` - * [`0d5698a`](https://github.com/npm/npm/commit/0d5698ab132e376c7aec93ae357c274932116220) `osenv@0.1.1` - * [`2e84921`](https://github.com/npm/npm/commit/2e84921474e1ffb18de9fce4616e73171fa8046d) `abbrev@1.0.6` - * [`872fac9`](https://github.com/npm/npm/commit/872fac9d10c11607e4d0348c08a683b84e64d30b) `chmodr@0.1.1` - * [`01eb7f6`](https://github.com/npm/npm/commit/01eb7f60acba584346ad8aae846657899f3b6887) `chownr@0.0.2` - * [`294336f`](https://github.com/npm/npm/commit/294336f0f31c7b9fe31a50075ed750db6db134d1) `read@1.0.6` - * [`ebdf6a1`](https://github.com/npm/npm/commit/ebdf6a14d17962cdb7128402c53b452f91d44ca7) `graceful-fs@3.0.7` -* Switch license to [ISC](http://spdx.org/licenses/ISC.html#licenseText) from - [MIT](http://spdx.org/licenses/MIT.html#licenseText) - ([@isaacs](https://github.com/isaacs)): - * [`e5d237f`](https://github.com/npm/npm/commit/e5d237fc0f436dd2a89437ebf8a9632a2e35ccbe) `nopt@3.0.2` - * [`79fef14`](https://github.com/npm/npm/commit/79fef1421b78f044980f0d1bf0e97039b6992710) `rimraf@2.3.4` - * [`22527da`](https://github.com/npm/npm/commit/22527da4816e7c2746cdc0317c5fb4a85152d554) `minimatch@2.0.8` - * [`882ac87`](https://github.com/npm/npm/commit/882ac87a6c4123ca985d7ad4394ea5085e5b0ef5) `lru-cache@2.6.4` - * [`9d9d015`](https://github.com/npm/npm/commit/9d9d015a2e972f68664dda54fbb204db28b21ede) `npmlog@1.2.1` - -### v2.10.1 (2015-05-14): - -#### BUG FIXES & DOCUMENTATION TWEAKS - -* [`dc77520`](https://github.com/npm/npm/commit/dc7752013ffce13a3d3f13e518a0052c22fc1158) - When getting back a 404 from a request to a private registry that uses a - registry path that extends past the root - (`http://registry.enterprise.co/path/to/registry`), display the name of the - nonexistent package, rather than the first element in the registry API path. - Sorry, Artifactory users! ([@hayes](https://github.com/hayes)) -* [`f70dea9`](https://github.com/npm/npm/commit/f70dea9b4766f6eaa55012c3e8087e9cb04fd4ce) - Make clearer that `--registry` can be used on a per-publish basis to push a - package to a non-default registry. ([@mischkl](https://github.com/mischkl)) -* [`a3e26f5`](https://github.com/npm/npm/commit/a3e26f5b4465991a941a325468ab7725670d2a94) - Did you know that GitHub shortcuts can have commit-ishes included - (`org/repo#branch`)? They can! ([@iarna](https://github.com/iarna)) -* [`0e2c091`](https://github.com/npm/npm/commit/0e2c091a539b61fdc60423b6bbaaf30c24e4b1b8) - Some errors from `readPackage` were being swallowed, potentially leading to - invalid package trees on disk. ([@smikes](https://github.com/smikes)) - -#### DEPENDENCY UPDATES! STILL! MORE! AGAIN! - -* [`0b901ad`](https://github.com/npm/npm/commit/0b901ad0811d84dda6ca0755a9adc8d47825edd0) - `lru-cache@2.6.3`: Removed some cruft from the published package. - ([@isaacs](https://github.com/isaacs)) -* [`d713e0b`](https://github.com/npm/npm/commit/d713e0b14930c563e3fdb6ac6323bae2a8924652) - `mkdirp@0.5.1`: Made compliant with `standard`, dropped support for Node 0.6, - added (Travis) support for Node 0.12 and io.js. - ([@isaacs](https://github.com/isaacs)) -* [`a2d6578`](https://github.com/npm/npm/commit/a2d6578b6554c5c9d48fe2006751759f4da57520) - `glob@1.0.3`: Updated to use `tap@1`. ([@isaacs](https://github.com/isaacs)) -* [`64cd1a5`](https://github.com/npm/npm/commit/64cd1a570aaa5f24ccba190948ec9456297c97f5) - `fstream@ 1.0.6`: Made compliant with [`standard`](http://npm.im/standard) - (done by [@othiym23](https://github.com/othiym23), and then debugged and - fixed by [@iarna](https://github.com/iarna)), and license changed to ISC. - ([@othiym23](https://github.com/othiym23) / - [@iarna](https://github.com/iarna)) -* [`b527a7c`](https://github.com/npm/npm/commit/b527a7c2ba3c4002f443dd2c536ff4ff41a38b86) - `which@1.1.1`: Callers can pass in their own `PATH` instead of relying on - `process.env`. ([@isaacs](https://github.com/isaacs)) - -### v2.10.0 (2015-05-8): - -#### THE IMPLICATIONS ARE MORE PROFOUND THAN THEY APPEAR - -If you've done much development in The Enterprise®™, you know that keeping -track of software licenses is far more important than one might expect / hope / -fear. Tracking licenses is a hassle, and while many (if not most) of us have -(reluctantly) gotten around to setting a license to use by default with all our -new projects (even if it's just WTFPL), that's about as far as most of us think -about it. In big enterprise shops, ensuring that projects don't inadvertently -use software with unacceptably encumbered licenses is serious business, and -developers spend a surprising (and appalling) amount of time ensuring that -licensing is covered by writing automated checkers and other license auditing -tools. - -The Linux Foundation has been working on a machine-parseable syntax for license -expressions in the form of [SPDX](https://spdx.org/), an appropriately -enterprisey acronym. IP attorney and JavaScript culture hero [Kyle -Mitchell](http://kemitchell.com/) has put a considerable amount of effort into -bringing SPDX to JavaScript and Node. He's written -[`spdx.js`](https://github.com/kemitchell/spdx.js), a JavaScript SPDX -expression parser, and has integrated it into npm in a few different ways. - -For you as a user of npm, this means: - -* npm now has proper support for dual licensing in `package.json`, due to - SPDX's compound expression syntax. Run `npm help package.json` for details. -* npm will warn you if the `package.json` for your project is either missing a - `"license"` field, or if the value of that field isn't a valid SPDX - expression (pro tip: `"BSD"` becomes `"BSD-2-Clause"` in SPDX (unless you - really want one of its variants); `"MIT"` and `"ISC"` are fine as-is; the - [full list](https://github.com/shinnn/spdx-license-ids/blob/master/spdx-license-ids.json) - is its own package). -* `npm init` now demands that you use a valid SPDX expression when using it - interactively (pro tip: I mostly use `npm init -y`, having previously run - `npm config set init.license=MIT` / `npm config set init.author.email=foo` / - `npm config set init.author.name=me`). -* The documentation for `package.json` has been updated to tell you how to use - the `"license"` field properly with SPDX. - -In general, this shouldn't be a big deal for anybody other than people trying -to run their own automated license validators, but in the long run, if -everybody switches to this format, many people's lives will be made much -simpler. I think this is an important improvement for npm and am very thankful -to Kyle for taking the lead on this. Also, even if you think all of this is -completely stupid, just [choose a license](http://en.wikipedia.org/wiki/License-free_software) -anyway. Future you will thank past you someday, unless you are -[djb](http://cr.yp.to/), in which case you are djb, and more power to you. - -* [`8669f7d`](https://github.com/npm/npm/commit/8669f7d88c472ccdd60e140106ac43cca636a648) - [#8179](https://github.com/npm/npm/issues/8179) Document how to use SPDX in - `license` stanzas in `package.json`, including how to migrate from old busted - license declaration arrays to fancy new compound-license clauses. - ([@kemitchell](https://github.com/kemitchell)) -* [`98ad98c`](https://github.com/npm/npm/commit/98ad98cb11f3d3ba29a488ef1ab050b066d9c7f6) - [#8197](https://github.com/npm/npm/issues/8197) `init-package-json@1.5.0` - Ensure that packages bootstrapped with `npm init` use an SPDX-compliant - license expression. ([@kemitchell](https://github.com/kemitchell)) -* [`2ad3905`](https://github.com/npm/npm/commit/2ad3905e9139b0be2b22accf707b814469de813e) - [#8197](https://github.com/npm/npm/issues/8197) - `normalize-package-data@2.1.0`: Warn when a package is missing a license - declaration, or using a license expression that isn't valid SPDX. - ([@kemitchell](https://github.com/kemitchell)) -* [`127bb73`](https://github.com/npm/npm/commit/127bb73ccccc59a1267851c702d8ebd3f3a97e81) - [#8197](https://github.com/npm/npm/issues/8197) `tar@2.1.1`: Switch from - `BSD` to `ISC` for license, where the latter is valid SPDX. - ([@othiym23](https://github.com/othiym23)) -* [`e9a933a`](https://github.com/npm/npm/commit/e9a933a9148180d9d799f99f4154f5110ff2cace) - [#8197](https://github.com/npm/npm/issues/8197) `once@1.3.2`: Switch from - `BSD` to `ISC` for license, where the latter is valid SPDX. - ([@othiym23](https://github.com/othiym23)) -* [`412401f`](https://github.com/npm/npm/commit/412401fb6a19b18f3e02d97a24d4dafed650c186) - [#8197](https://github.com/npm/npm/issues/8197) `semver@4.3.4`: Switch from - `BSD` to `ISC` for license, where the latter is valid SPDX. - ([@othiym23](https://github.com/othiym23)) - -As a corollary to the previous changes, I've put some work into making `npm -install` spew out fewer pointless warnings about missing values in transitive -dependencies. From now on, npm will only warn you about missing READMEs, -license fields, and the like for top-level projects (including packages you -directly install into your application, but we may relax that eventually). - -Practically _nobody_ liked having those warnings displayed for child -dependencies, for the simple reason that there was very little that anybody -could _do_ about those warnings, unless they happened to be the maintainers of -those dependencies themselves. Since many, many projects don't have -SPDX-compliant licenses, the number of warnings reached a level where they ran -the risk of turning into a block of visual noise that developers (read: me, and -probably you) would ignore forever. - -So I fixed it. If you still want to see the messages about child dependencies, -they're still there, but have been pushed down a logging level to `info`. You -can display them by running `npm install -d` or `npm install --loglevel=info`. - -* [`eb18245`](https://github.com/npm/npm/commit/eb18245f55fb4cd62a36867744bcd1b7be0a33e2) - Only warn on normalization errors for top-level dependencies. Transitive - dependency validation warnings are logged at `info` level. - ([@othiym23](https://github.com/othiym23)) - -#### BUG FIXES - -* [`e40e809`](https://github.com/npm/npm/commit/e40e8095d2bc9fa4eb8f01aa22067e0068fa8a54) - `tap@1.0.1`: TAP: The Next Generation. Fix up many tests to they work - properly with the new major version of `node-tap`. Look at all the colors! - ([@isaacs](https://github.com/isaacs)) -* [`f9314e9`](https://github.com/npm/npm/commit/f9314e97d26532c0ef2b03e98f3ed300b7cd5026) - `nock@1.9.0`: Minor tweaks and bug fixes. ([@pgte](https://github.com/pgte)) -* [`45c2b1a`](https://github.com/npm/npm/commit/45c2b1aaa051733fa352074994ae6e569fd51e8b) - [#8187](https://github.com/npm/npm/issues/8187) `npm ls` wasn't properly - recognizing dependencies installed from GitHub repositories as git - dependencies, and so wasn't displaying them as such. - ([@zornme](https://github.com/zornme)) -* [`1ab57c3`](https://github.com/npm/npm/commit/1ab57c38116c0403965c92bf60121f0f251433e4) - In some cases, `npm help` was using something that looked like a regular - expression where a glob pattern should be used, and vice versa. - ([@isaacs](https://github.com/isaacs)) - -### v2.9.1 (2015-04-30): - -#### WOW! MORE GIT FIXES! YOU LOVE THOSE! - -The first item below is actually a pretty big deal, as it fixes (with a -one-word change and a much, much longer test case (thanks again, -[@iarna](https://github.com/iarna))) a regression that's been around for months -now. If you're depending on multiple branches of a single git dependency in a -single project, you probably want to check out `npm@2.9.1` and verify that -things (again?) work correctly in your project. - -* [`178a6ad`](https://github.com/npm/npm/commit/178a6ad540215820d16217465a5f220d8c95a313) - [#7202](https://github.com/npm/npm/issues/7202) When caching git - dependencies, do so by the whole URL, including the branch name, so that if a - single application depends on multiple branches from the same repository (in - practice, multiple version tags), every install is of the correct version, - instead of reusing whichever branch the caching process happened to check out - first. ([@iarna](https://github.com/iarna)) -* [`63b79cc`](https://github.com/npm/npm/commit/63b79ccde092a9cb3b1f34abe43e1d2ba69c0dbf) - [#8084](https://github.com/npm/npm/issues/8084) Ensure that Bitbucket, - GitHub, and Gitlab dependencies are installed the same way as non-hosted git - dependencies, fixing `npm install --link`. - ([@laiso](https://github.com/laiso)) - -#### DOCUMENTATION FIXES AND TWEAKS - -These changes may seem simple and small (except Lin's fix to the package name -restrictions, which was more an egregious oversight on our part), but cleaner -documentation makes npm significantly more pleasant to use. I really appreciate -all the typo fixes, clarifications, and formatting tweaks people send us, and -am delighted that we get so many of these pull requests. Thanks, everybody! - -* [`ca478dc`](https://github.com/npm/npm/commit/ca478dcaa29b8f07cd6fe515a3c4518166819291) - [#8137](https://github.com/npm/npm/issues/8137) Somehow, we had failed to - clearly document the full restrictions on package names. - [@linclark](https://github.com/linclark) has now fixed that, although we will - take with us to our graves the reasons why the maximum package name length is 214 - characters (well, OK, it was that that was the longest name in the registry - when we decided to put a cap on the name length). - ([@linclark](https://github.com/linclark)) -* [`b574076`](https://github.com/npm/npm/commit/b5740767c320c1eff3576a8d63952534a0fbb936) - [#8079](https://github.com/npm/npm/issues/8079) Make the `npm shrinkwrap` - documentation use code formatting for examples consistently. It would be - great to do this for more commands HINT HINT. - ([@RichardLitt](https://github.com/RichardLitt)) -* [`1ff636e`](https://github.com/npm/npm/commit/1ff636e2db3852a53e38c866fed7eafdacd307fc) - [#8105](https://github.com/npm/npm/issues/8105) Document that the global - `npmrc` goes in `$PREFIX/etc/npmrc`, instead of `$PREFIX/npmrc`. - ([@anttti](https://github.com/anttti)) -* [`c3f2f7c`](https://github.com/npm/npm/commit/c3f2f7c299342e1c1eccc55a976a63c607f51621) - [#8127](https://github.com/npm/npm/issues/8127) Document how to use `npm run - build` directly (hint: it's different from `npm build`!). - ([@mikemaccana](https://github.com/mikemaccana)) -* [`873e467`](https://github.com/npm/npm/commit/873e46757e1986761b15353f94580a071adcb383) - [#8069](https://github.com/npm/npm/issues/8069) Take the old, dead npm - mailing list address out of `package.json`. It seems that people don't have - much trouble figuring out how to report errors to npm. - ([@robertkowalski](https://github.com/robertkowalski)) - -#### ENROBUSTIFICATIONMENT - -* [`5abfc9c`](https://github.com/npm/npm/commit/5abfc9c9017da714e47a3aece750836b4f9af6a9) - [#7973](https://github.com/npm/npm/issues/7973) `npm run-script` completion - will only suggest run scripts, instead of including dependencies. If for some - reason you still wanted it to suggest dependencies, let us know. - ([@mantoni](https://github.com/mantoni)) -* [`4b564f0`](https://github.com/npm/npm/commit/4b564f0ce979dc74c09604f4d46fd25a2ee63804) - [#8081](https://github.com/npm/npm/issues/8081) Use `osenv` to parse the - environment's `PATH` in a platform-neutral way. - ([@watilde](https://github.com/watilde)) -* [`a4b6238`](https://github.com/npm/npm/commit/a4b62387b41848818973eeed056fd5c6570274f3) - [#8094](https://github.com/npm/npm/issues/8094) When we refactored the - configuration code to split out checking for IPv4 local addresses, we - inadvertently completely broke it by failing to return the values. In - addition, just the call to `os.getInterfaces()` could throw on systems where - querying the network configuration requires elevated privileges (e.g. Amazon - Lambda). Add the return, and trap errors so they don't cause npm to explode. - Thanks to [@mhart](https://github.com/mhart) for bringing this to our - attention! ([@othiym23](https://github.com/othiym23)) - -#### DEPENDENCY UPDATES WAIT FOR NO SOPHONT - -* [`000cd8b`](https://github.com/npm/npm/commit/000cd8b52104942ac3404f0ad0651d82f573da37) - `rimraf@2.3.3`: More informative assertions on argument validation failure. - ([@isaacs](https://github.com/isaacs)) -* [`530a2e3`](https://github.com/npm/npm/commit/530a2e369128270f3e098f0e9be061533003b0eb) - `lru-cache@2.6.2`: Revert to old key access-time behavior, as it was correct - all along. ([@isaacs](https://github.com/isaacs)) -* [`d88958c`](https://github.com/npm/npm/commit/d88958ca02ce81b027b9919aec539d0145875a59) - `minimatch@2.0.7`: Feature detection and test improvements. - ([@isaacs](https://github.com/isaacs)) -* [`3fa39e4`](https://github.com/npm/npm/commit/3fa39e4d492609d5d045033896dcd99f7b875329) - `nock@1.7.1` ([@pgte](https://github.com/pgte)) - -### v2.9.0 (2015-04-23): - -This week was kind of a breather to concentrate on fixing up the tests on the -`multi-stage` branch, and not mess with git issues for a little while. -Unfortunately, There are now enough severe git issues that we'll probably have -to spend another couple weeks tackling them. In the meantime, enjoy these two -small features. They're just enough to qualify for a semver-minor bump: - -#### NANOFEATURES - -* [`2799322`](https://github.com/npm/npm/commit/279932298ce5b589c5eea9439ac40b88b99c6a4a) - [#7426](https://github.com/npm/npm/issues/7426) Include local modules in `npm - outdated` and `npm update`. ([@ArnaudRinquin](https://github.com/ArnaudRinquin)) -* [`2114862`](https://github.com/npm/npm/commit/21148620fa03a582f4ec436bb16bd472664f2737) - [#8014](https://github.com/npm/npm/issues/8014) The prefix used before the - version on version tags is now configurable via `tag-version-prefix`. Be - careful with this one and read the docs before using it. - ([@kkragenbrink](https://github.com/kkragenbrink)) - -#### OTHER MINOR TWEAKS - -* [`18ce0ec`](https://github.com/npm/npm/commit/18ce0ecd2d94ad3af01e997f1396515892dd363c) - [#3032](https://github.com/npm/npm/issues/3032) `npm unpublish` will now use - the registry set in `package.json`, just like `npm publish`. This only - applies, for now, when unpublishing the entire package, as unpublishing a - single version requires the name be included on the command line and - therefore doesn't read from `package.json`. ([@watilde](https://github.com/watilde)) -* [`9ad2100`](https://github.com/npm/npm/commit/9ad210042242e51d52b2a8b633d8e59248f5faa4) - [#8008](https://github.com/npm/npm/issues/8008) Once again, when considering - what to install on `npm install`, include `devDependencies`. - ([@smikes](https://github.com/smikes)) -* [`5466260`](https://github.com/npm/npm/commit/546626059909dca1906454e820ca4e315c1795bd) - [#8003](https://github.com/npm/npm/issues/8003) Clarify the documentation - around scopes to make it easier to understand how they support private - packages. ([@smikes](https://github.com/smikes)) - -#### DEPENDENCIES WILL NOT STOP UNTIL YOU ARE VERY SLEEPY - -* [`faf65a7`](https://github.com/npm/npm/commit/faf65a7bbb2fad13216f64ed8f1243bafe743f97) - `init-package-json@1.4.2`: If there are multiple validation errors and - warnings, ensure they all get displayed (includes a rad new way of testing - `init-package-json` contributed by - [@michaelnisi](https://github.com/michaelnisi)). - ([@MisumiRize](https://github.com/MisumiRize)) -* [`7f10f38`](https://github.com/npm/npm/commit/7f10f38d29a8423d7cde8103fa7b64ac728da1e0) - `editor@1.0.0`: `1.0.0` is literally more than `0.1.0` (no change aside from - version number). ([@substack](https://github.com/substack)) -* [`4979af3`](https://github.com/npm/npm/commit/4979af3fcae5a3962383b7fdad3162381e62eefe) - [#6805](https://github.com/npm/npm/issues/6805) `npm-registry-client@6.3.3`: - Decode scoped package names sent by the registry so they look nicer. - ([@mmalecki](https://github.com/mmalecki)) - -### v2.8.4 (2015-04-16): - -This is the fourth release of npm this week, so it's mostly just landing a few -small outstanding PRs on dependencies and some tiny documentation tweaks. -`npm@2.8.3` is where the real action is. - -* [`ee2bd77`](https://github.com/npm/npm/commit/ee2bd77f3c64d38735d1d31028224a5c40422a9b) - [#7983](https://github.com/npm/npm/issues/7983) `tar@2.1.0`: Better error - reporting in corrupted tar files, and add support for the `fromBase` flag - (rescued from the dustbin of history by - [@deanmarano](https://github.com/deanmarano)). - ([@othiym23](https://github.com/othiym23)) -* [`d8eee6c`](https://github.com/npm/npm/commit/d8eee6cf9d2ff7aca68dfaed2de76824a3e0d9af) - `init-package-json@1.4.1`: Add support for a default author, and only add - scope to a package name once. ([@othiym23](https://github.com/othiym23)) -* [`4fc5d98`](https://github.com/npm/npm/commit/4fc5d98b785f601c60d4dc0a2c8674f0cccf6262) - `lru-cache@2.6.1`: Small tweaks to cache value aging and entry counting that - are irrelevant to npm. ([@isaacs](https://github.com/isaacs)) -* [`1fe5840`](https://github.com/npm/npm/commit/1fe584089f5bef133de5518aa26eaf6064be2bf7) - [#7946](https://github.com/npm/npm/issues/7946) Make `npm init` text - friendlier. ([@sandfox](https://github.com/sandfox)) - -### v2.8.3 (2015-04-15): - -#### TWO SMALL GIT TWEAKS - -This is the last of a set of releases intended to ensure npm's git support is -robust enough that we can stop working on it for a while. These fixes are -small, but prevent a common crasher and clear up one of the more confusing -error messages coming out of npm when working with repositories hosted on git. - -* [`387f889`](https://github.com/npm/npm/commit/387f889c0e8fb617d9cc9a42ed0a3ec49424ab5d) - [#7961](https://github.com/npm/npm/issues/7961) Ensure that hosted git SSH - URLs always have a valid protocol when stored in `resolved` fields in - `npm-shrinkwrap.json`. ([@othiym23](https://github.com/othiym23)) -* [`394c2f5`](https://github.com/npm/npm/commit/394c2f5a1227232c0baf42fbba1402aafe0d6ffb) - Switch the order in which hosted Git providers are checked to `git:`, - `git+https:`, then `git+ssh:` (from `git:`, `git+ssh:`, then `git+https:`) in - an effort to go from most to least likely to succeed, to make for less - confusing error message. ([@othiym23](https://github.com/othiym23)) - -### v2.8.2 (2015-04-14): - -#### PEACE IN OUR TIME - -npm has been having an issue with CouchDB's web server since the release -of io.js and Node.js 0.12.0 that has consumed a huge amount of my time -to little visible effect. Sam Mikes picked up the thread from me, and -after a [_lot_ of effort](https://github.com/npm/npm/issues/7699#issuecomment-93091111) -figured out that ultimately there are probably a couple problems with -the new HTTP Agent keep-alive handling in new versions of Node. In -addition, `npm-registry-client` was gratuitously sending a body along -with a GET request which was triggering the bugs. Sam removed about 10 bytes from -one file in `npm-registry-client`, and this problem, which has been bugging us for months, -completely went away. - -In conclusion, Sam Mikes is great, and anybody using a private registry -hosted on CouchDB should thank him for his hard work. Also, thanks to -the community at large for pitching in on this bug, which has been -around for months now. - -* [`431c3bf`](https://github.com/npm/npm/commit/431c3bf6cdec50f9f0c735f478cb2f3f337d3313) - [#7699](https://github.com/npm/npm/issues/7699) `npm-registry-client@6.3.2`: - Don't send body with HTTP GET requests when logging in. - ([@smikes](https://github.com/smikes)) - -### v2.8.1 (2015-04-12): - -#### CORRECTION: NPM'S GIT INTEGRATION IS DOING OKAY - -A [helpful bug report](https://github.com/npm/npm/issues/7872#issuecomment-91809553) -led to another round of changes to -[`hosted-git-info`](https://github.com/npm/hosted-git-info/commit/827163c74531b69985d1ede7abced4861e7b0cd4), -some additional test-writing, and a bunch of hands-on testing against actual -private repositories. While the complexity of npm's git dependency handling is -nearly fractal (because npm is very complex, and git is even more complex), -it's feeling way more solid than it has for a while. We think this is a -substantial improvement over what we had before, so give `npm@2.8.1` a shot if -you have particularly complex git use cases and -[let us know](https://github.com/npm/npm/issues/new) how it goes. - -(NOTE: These changes mostly affect cloning and saving references to packages -hosted in git repositories, and don't address some known issues with things -like lifecycle scripts not being run on npm dependencies. Work continues on -other issues that affect parity between git and npm registry packages.) - -* [`66377c6`](https://github.com/npm/npm/commit/66377c6ece2cf4d53d9a618b7d9824e1452bc293) - [#7872](https://github.com/npm/npm/issues/7872) `hosted-git-info@2.1.2`: Pass - through credentials embedded in SSH and HTTPs git URLs. - ([@othiym23](https://github.com/othiym23)) -* [`15efe12`](https://github.com/npm/npm/commit/15efe124753257728a0ddc64074fa5a4b9c2eb30) - [#7872](https://github.com/npm/npm/issues/7872) Use the new version of - `hosted-git-info` to pass along credentials embedded in git URLs. Test it. - Test it a lot. ([@othiym23](https://github.com/othiym23)) - -#### SCOPED DEPENDENCIES AND PEER DEPENDENCIES: NOT QUITE REESE'S - -Big thanks to [@ewie](https://github.com/ewie) for identifying an issue with -how npm was handling `peerDependencies` that were implicitly installed from the -`package.json` files of scoped dependencies. This -[will be a moot point](https://github.com/npm/npm/issues/6565#issuecomment-74971689) -with the release of `npm@3`, but until then, it's important that -`peerDependency` auto-installation work as expected. - -* [`b027319`](https://github.com/npm/npm/commit/b0273190c71eba14395ddfdd1d9f7ba625297523) - [#7920](https://github.com/npm/npm/issues/7920) Scoped packages with - `peerDependencies` were installing the `peerDependencies` into the wrong - directory. ([@ewie](https://github.com/ewie)) -* [`649e31a`](https://github.com/npm/npm/commit/649e31ae4fd02568bae5dc6b4ea783431ce3d63e) - [#7920](https://github.com/npm/npm/issues/7920) Test `peerDependency` - installs involving scoped packages using `npm-package-arg` instead of simple - path tests, for consistency. ([@othiym23](https://github.com/othiym23)) - -#### MAKING IT EASIER TO WRITE NPM TESTS, VERSION 0.0.1 - -[@iarna](https://github.com/iarna) and I -([@othiym23](https://github.com/othiym23)) have been discussing a -[candidate plan](https://github.com/npm/npm/wiki/rewriting-npm's-tests:-a-plan-maybe) -for improving npm's test suite, with the goal of making it easier for new -contributors to get involved with npm by reducing the learning curve -necessary to be able to write good tests for proposed changes. This is the -first substantial piece of that effort. Here's what the commit message for -[`ed7e249`](https://github.com/npm/npm/commit/ed7e249d50444312cd266942ce3b89e1ca049bdf) -had to say about this work: - -> It's too difficult for npm contributors to figure out what the conventional -> style is for tests. Part of the problem is that the documentation in -> CONTRIBUTING.md is inadequate, but another important factor is that the tests -> themselves are written in a variety of styles. One of the most notable -> examples of this is the fact that many tests use fixture directories to store -> precooked test scenarios and package.json files. -> -> This had some negative consequences: -> -> * tests weren't idempotent -> * subtle dependencies between tests existed -> * new tests get written in this deprecated style because it's not -> obvious that the style is out of favor -> * it's hard to figure out why a lot of those directories existed, -> because they served a variety of purposes, so it was difficult to -> tell when it was safe to remove them -> -> All in all, the fixture directories were a major source of technical debt, and -> cleaning them up, while time-consuming, makes the whole test suite much more -> approachable, and makes it more likely that new tests written by outside -> contributors will follow a conventional style. To support that, all of the -> tests touched by this changed were cleaned up to pass the `standard` style -> checker. - -And here's a little extra context from a comment I left on [#7929](https://github.com/npm/npm/issues/7929): - -> One of the other things that encouraged me was looking at this -> [presentation on technical debt](http://www.slideshare.net/nnja/pycon-2015-technical-debt-the-monster-in-your-closet) -> from Pycon 2015, especially slide 53, which I interpreted in terms of -> difficulty getting new contributors to submit patches to an OSS project like -> npm. npm has a long ways to go, but I feel good about this change. - -* [`ed7e249`](https://github.com/npm/npm/commit/ed7e249d50444312cd266942ce3b89e1ca049bdf) - [#7929](https://github.com/npm/npm/issues/7929) Eliminate fixture directories - from `test/tap`, leaving each test self-contained. - ([@othiym23](https://github.com/othiym23)) -* [`4928d30`](https://github.com/npm/npm/commit/4928d30140821c63e03fffed73f8d88ebdc43710) - [#7929](https://github.com/npm/npm/issues/7929) Move fixture files from - `test/tap/*` to `test/fixtures`. ([@othiym23](https://github.com/othiym23)) -* [`e925deb`](https://github.com/npm/npm/commit/e925debca91092a814c1a00933babc3a8cf975be) - [#7929](https://github.com/npm/npm/issues/7929) Tweak the run scripts to stop - slaughtering the CPU on doc rebuild. - ([@othiym23](https://github.com/othiym23)) -* [`65bf7cf`](https://github.com/npm/npm/commit/65bf7cffaf91c426b676c47529eee796f8b8b75c) - [#7923](https://github.com/npm/npm/issues/7923) Use an alias of scripts and - run-scripts in `npm run test-all` ([@watilde](https://github.com/watilde)) -* [`756a3fb`](https://github.com/npm/npm/commit/756a3fbb852a2469afe706635ed88d22c37743e5) - [#7923](https://github.com/npm/npm/issues/7923) Sync timeout time of `npm - run-script test-all` to be the same as `test` and `tap` scripts. - ([@watilde](https://github.com/watilde)) -* [`8299b5f`](https://github.com/npm/npm/commit/8299b5fb6373354a7fbaab6f333863758812ae90) - Set a timeout for tap tests for `npm run-script test-all`. - ([@othiym23](https://github.com/othiym23)) - -#### THE EVER-BEATING DRUM OF DEPENDENCY UPDATES - -* [`d90d0b9`](https://github.com/npm/npm/commit/d90d0b992acbf62fd5d68debf9d1dbd6cfa20804) - [#7924](https://github.com/npm/npm/issues/7924) Remove `child-process-close`, - as it was included for Node 0.6 compatibility, and npm no longer supports - 0.6. ([@robertkowalski](https://github.com/robertkowalski)) -* [`16427c1`](https://github.com/npm/npm/commit/16427c1f3ea3d71ee753c62eb4c2663c7b32b84f) - `lru-cache@2.5.2`: More accurate updating of expiry times when `maxAge` is - set. ([@isaacs](https://github.com/isaacs)) -* [`03cce83`](https://github.com/npm/npm/commit/03cce83b64344a9e0fe036dce214f4d68cfcc9e7) - `nock@1.6.0`: Mocked network error handling. - ([@pgte](https://github.com/pgte)) -* [`f93b1f0`](https://github.com/npm/npm/commit/f93b1f0b7eb5d1b8a7967e837bbd756db1091d00) - `glob@5.0.5`: Use `path-is-absolute` polyfill, allowing newer Node.js and - io.js versions to use `path.isAbsolute()`. - ([@sindresorhus](https://github.com/sindresorhus)) -* [`a70d694`](https://github.com/npm/npm/commit/a70d69495a6e96997e64855d9e749d943ee6d64f) - `request@2.55.0`: Bug fixes and simplification. - ([@simov](https://github.com/simov)) -* [`2aecc6f`](https://github.com/npm/npm/commit/2aecc6f4083526feeb14615b4e5484edc66175b5) - `columnify@1.5.1`: Switch to using babel from 6to5. - ([@timoxley](https://github.com/timoxley)) - -### v2.8.0 (2015-04-09): - -#### WE WILL NEVER BE DONE FIXING NPM'S GIT SUPPORT - -If you look at [the last release's release -notes](https://github.com/npm/npm/blob/master/CHANGELOG.md#git-mean-git-tuff-git-all-the-way-away-from-my-stuff), -you will note that they confidently assert that it's perfectly OK to force all -GitHub URLs through the same `git:` -> `git+ssh:` fallback flow for cloning. It -turns out that many users depend on `git+https:` URLs in their build -environments because they use GitHub auth tokens instead of SSH keys. Also, in -some cases you just want to be able to explicitly say how a given dependency -should be cloned from GitHub. - -Because of the way we resolved the inconsistency in GitHub shorthand handling -[before](https://github.com/npm/npm/blob/master/CHANGELOG.md#bug-fixes-1), this -turned out to be difficult to work around. So instead of hacking around it, we -completely redid how git is handled within npm and its attendant packages. -Again. This time, we changed things so that `normalize-package-data` and -`read-package-json` leave more of the git logic to npm itself, which makes -handling shorthand syntax consistently much easier, and also allows users to -resume using explicit, fully-qualified git URLs without npm messing with them. - -Here's a summary of what's changed: - -* Instead of converting the GitHub shorthand syntax to a `git+ssh:`, `git:`, or - `git+https:` URL and saving that, save the shorthand itself to - `package.json`. -* If presented with shortcuts, try cloning via the git protocol, SSH, and HTTPS - (in that order). -* No longer prompt for credentials -- it didn't work right with the spinner, - and wasn't guaranteed to work anyway. We may experiment with doing this a - better way in the future. Users can override this by setting `GIT_ASKPASS` in - their environment if they want to experiment with interactive cloning, but - should also set `--no-spin` on the npm command line (or run `npm config set - spin=false`). -* **EXPERIMENTAL FEATURE**: Add support for `github:`, `gist:`, `bitbucket:`, - and `gitlab:` shorthand prefixes. GitHub shortcuts will continue to be - normalized to `org/repo` instead of being saved as `github:org/repo`, but - `gitlab:`, `gist:`, and `bitbucket:` prefixes will be used on the command - line and from `package.json`. BE CAREFUL WITH THIS. `package.json` files - published with the new shorthand syntax can _only_ be read by `npm@2.8.0` and - later, and this feature is mostly meant for playing around with it. If you - want to save git dependencies in a form that older versions of npm can read, - use `--save-exact`, which will save the git URL and resolved commit hash of - the head of the branch in a manner similar to the way that `--save-exact` - pins versions for registry dependencies. This is documented (so check `npm - help install` for details), but we're not going to make a lot of noise about - it until it has a chance to bake in a little more. - -It is [@othiym23](https://github.com/othiym23)'s sincere hope that this will -resolve all of the inconsistencies users were seeing with GitHub and git-hosted -packages, but given the level of change here, that may just be a fond wish. -Extra testing of this change is requested. - -* [`6b0f588`](https://github.com/npm/npm/commit/6b0f58877f37df9904490ffbaaad33862bd36dce) - [#7867](https://github.com/npm/npm/issues/7867) Use git shorthand and git - URLs as presented by user. Support new `hosted-git-info` shortcut syntax. - Save shorthand in `package.json`. Try cloning via `git:`, `git+ssh:`, and - `git+https:`, in that order, when supported by the underlying hosting - provider. ([@othiym23](https://github.com/othiym23)) -* [`75d4267`](https://github.com/npm/npm/commit/75d426787869d54ca7400408f562f971b34649ef) - [#7867](https://github.com/npm/npm/issues/7867) Document new GitHub, GitHub - gist, Bitbucket, and GitLab shorthand syntax. - ([@othiym23](https://github.com/othiym23)) -* [`7d92c75`](https://github.com/npm/npm/commit/7d92c7592998d90ec883fa989ca74f04ec1b93de) - [#7867](https://github.com/npm/npm/issues/7867) When `--save-exact` is used - with git shorthand or URLs, save the fully-resolved URL, with branch name - resolved to the exact hash for the commit checked out. - ([@othiym23](https://github.com/othiym23)) -* [`9220e59`](https://github.com/npm/npm/commit/9220e59f8def8c82c6d331a39ba29ad4c44e3a9b) - [#7867](https://github.com/npm/npm/issues/7867) Ensure that non-prefixed and - non-normalized GitHub shortcuts are saved to `package.json`. - ([@othiym23](https://github.com/othiym23)) -* [`dd398e9`](https://github.com/npm/npm/commit/dd398e98a8eba27eeba84378200da3d078fdf980) - [#7867](https://github.com/npm/npm/issues/7867) `hosted-git-info@2.1.1`: - Ensure that `gist:` shorthand survives being round-tripped through - `package.json`. ([@othiym23](https://github.com/othiym23)) -* [`33d1420`](https://github.com/npm/npm/commit/33d1420bf2f629332fceb2ac7e174e63ac48f96a) - [#7867](https://github.com/npm/npm/issues/7867) `hosted-git-info@2.1.0`: Add - support for auth embedded directly in git URLs. - ([@othiym23](https://github.com/othiym23)) -* [`23a1d5a`](https://github.com/npm/npm/commit/23a1d5a540e8db27f5cd0245de7c3694e2bddad1) - [#7867](https://github.com/npm/npm/issues/7867) `hosted-git-info@2.0.2`: Make - it possible to determine in which form a hosted git URL was passed. - ([@iarna](https://github.com/iarna)) -* [`eaf75ac`](https://github.com/npm/npm/commit/eaf75acb718611ad5cfb360084ec86938d9c66c5) - [#7867](https://github.com/npm/npm/issues/7867) - `normalize-package-data@2.0.0`: Normalize GitHub specifiers so they pass - through shortcut syntax and preserve explicit URLs. - ([@iarna](https://github.com/iarna)) -* [`95e0535`](https://github.com/npm/npm/commit/95e0535e365e0aca49c634dd2061a0369b0475f1) - [#7867](https://github.com/npm/npm/issues/7867) `npm-package-arg@4.0.0`: Add - git URL and shortcut to hosted git spec and use `hosted-git-info@2.0.2`. - ([@iarna](https://github.com/iarna)) -* [`a808926`](https://github.com/npm/npm/commit/a8089268d5f3d57f42dbaba02ff6437da5121191) - [#7867](https://github.com/npm/npm/issues/7867) - `realize-package-specifier@3.0.0`: Use `npm-package-arg@4.0.0` and test - shortcut specifier behavior. ([@iarna](https://github.com/iarna)) -* [`6dd1e03`](https://github.com/npm/npm/commit/6dd1e039bddf8cf5383343f91d84bc5d78acd083) - [#7867](https://github.com/npm/npm/issues/7867) `init-package-json@1.4.0`: - Allow dependency on `read-package-json@2.0.0`. - ([@iarna](https://github.com/iarna)) -* [`63254bb`](https://github.com/npm/npm/commit/63254bb6358f66752aca6aa1a275271b3ae03f7c) - [#7867](https://github.com/npm/npm/issues/7867) `read-installed@4.0.0`: Use - `read-package-json@2.0.0`. ([@iarna](https://github.com/iarna)) -* [`254b887`](https://github.com/npm/npm/commit/254b8871f5a173bb464cc5b0ace460c7878b8097) - [#7867](https://github.com/npm/npm/issues/7867) `read-package-json@2.0.0`: - Use `normalize-package-data@2.0.0`. ([@iarna](https://github.com/iarna)) -* [`0b9f8be`](https://github.com/npm/npm/commit/0b9f8be62fe5252abe54d49e36a696f4816c2eca) - [#7867](https://github.com/npm/npm/issues/7867) `npm-registry-client@6.3.0`: - Mark compatibility with `normalize-package-data@2.0.0` and - `npm-package-arg@4.0.0`. ([@iarna](https://github.com/iarna)) -* [`f40ecaa`](https://github.com/npm/npm/commit/f40ecaad68f77abc50eb6f5b224e31dec3d250fc) - [#7867](https://github.com/npm/npm/issues/7867) Extract a common method to - use when cloning git repos for testing. - ([@othiym23](https://github.com/othiym23)) - -#### TEST FIXES FOR NODE 0.8 - -npm continues to [get closer](https://github.com/npm/npm/issues/7842) to being -completely green on Travis for Node 0.8. - -* [`26d36e9`](https://github.com/npm/npm/commit/26d36e9cf0eca69fe1863d2ea536c28555b9e8de) - [#7842](https://github.com/npm/npm/issues/7842) When spawning child - processes, map exit code 127 to ENOENT so Node 0.8 handles child process - failures the same as later versions. - ([@SonicHedgehog](https://github.com/SonicHedgehog)) -* [`54cd895`](https://github.com/npm/npm/commit/54cd8956ea783f96749e46597d8c2cb9397c5d5f) - [#7842](https://github.com/npm/npm/issues/7842) Node 0.8 requires -e with -p - when evaluating snippets; fix test. - ([@SonicHedgehog](https://github.com/SonicHedgehog)) - -#### SMALL FIX AND DOC TWEAK - -* [`20e9003`](https://github.com/npm/npm/commit/20e90031b847e9f7c7168f3dad8b1e526f9a2586) - `tar@2.0.1`: Fix regression where relative symbolic links within an - extraction root that pointed within an extraction root would get normalized - to absolute symbolic links. ([@isaacs](https://github.com/isaacs)) -* [`2ef8898`](https://github.com/npm/npm/commit/2ef88989c41bee1578570bb2172c90ede129dbd1) - [#7879](https://github.com/npm/npm/issues/7879) Better document that `npm - publish --tag=foo` will not set `latest` to that version. - ([@linclark](https://github.com/linclark)) - -### v2.7.6 (2015-04-02): - -#### GIT MEAN, GIT TUFF, GIT ALL THE WAY AWAY FROM MY STUFF - -Part of the reason that we're reluctant to take patches to how npm deals with -git dependencies is that every time we touch the git support, something breaks. -The last few releases are a case in point. `npm@2.7.4` completely broke -installing private modules from GitHub, and `npm@2.7.5` fixed them at the cost -of logging a misleading error message that caused many people to believe that -their dependencies hadn't been successfully installed when they actually had -been. - -This all started from a desire to ensure that GitHub shortcut syntax is being -handled correctly. The correct behavior is for npm to try to clone all -dependencies on GitHub (whether they're specified with the GitHub -`organization/repository` shortcut syntax or not) via the plain `git:` protocol -first, and to fall back to using `git+ssh:` if `git:` doesn't work. Previously, -sometimes npm would use `git:` and `git+ssh:` in some cases (most notably when -using GitHub shortcut syntax on the command line), and use `git+https:` in -others (when the GitHub shortcut syntax was present in `package.json`). This -led to subtle and hard-to-understand inconsistencies, and we're glad that as of -`npm@2.7.6`, we've finally gotten things to where they were before we started, -only slightly more consistent overall. - -We are now going to go back to our policy of being extremely reluctant to touch -the code that handles Git dependencies. - -* [`b747593`](https://github.com/npm/npm/commit/b7475936f473f029e6a027ba1b16277523747d0b) - [#7630](https://github.com/npm/npm/issues/7630) Don't automatically log all - git failures as errors. `maybeGithub` needs to be able to fail without - logging to support its fallback logic. - ([@othiym23](https://github.com/othiym23)) -* [`cd67a0d`](https://github.com/npm/npm/commit/cd67a0db07891d20871822696c26692c8a84866a) - [#7829](https://github.com/npm/npm/issues/7829) When fetching a git remote - URL, handle failures gracefully (without assuming standard output exists). - ([@othiym23](https://github.com/othiym23)) -* [`637c7d1`](https://github.com/npm/npm/commit/637c7d1411fe07f409cf91f2e65fd70685cb253c) - [#7829](https://github.com/npm/npm/issues/7829) When fetching a git remote - URL, handle failures gracefully (without assuming standard _error_ exists). - ([@othiym23](https://github.com/othiym23)) - -#### OTHER SIGNIFICANT FIXES - -* [`78005eb`](https://github.com/npm/npm/commit/78005ebb6f4103c20f077669c3929b7ea46a4c0d) - [#7743](https://github.com/npm/npm/issues/7743) Always quote arguments passed - to `npm run-script`. This allows build systems and the like to safely escape - glob patterns passed as arguments to `run-scripts` with `npm run-script - <script> -- <arguments>`. This is a tricky change to test, and may be - reverted or moved to `npm@3` if it turns out it breaks things for users. - ([@mantoni](https://github.com/mantoni)) -* [`da015ee`](https://github.com/npm/npm/commit/da015eee45f6daf384598151d06a9b57ffce136e) - [#7074](https://github.com/npm/npm/issues/7074) `read-package-json@1.3.3`: - `read-package-json` no longer caches `package.json` files, which trades a - very small performance loss for the elimination of a large class of really - annoying race conditions. See [#7074](https://github.com/npm/npm/issues/7074) - for the grisly details. ([@othiym23](https://github.com/othiym23)) -* [`dd20f57`](https://github.com/npm/npm/commit/dd20f5755291b9433f0d298ee0eead22cda6db36) - `init-package-json@1.3.2`: Only add the `@` to scoped package names if it's - not already there when reading from the filesystem - ([@watilde](https://github.com/watilde)), and support inline validation of - package names ([@michaelnisi](https://github.com/michaelnisi)). - -#### SMALL FIXES AND DEPENDENCY UPGRADES - -* [`1f380f6`](https://github.com/npm/npm/commit/1f380f66c1e944b8ffbf096fa94d09e931626e12) - [#7820](https://github.com/npm/npm/issues/7820) `are-we-there-yet@1.0.4`: Use - `readable-stream` instead of built-in `stream` module to better support - Node.js 0.8.x. ([@SonicHedgehog](https://github.com/SonicHedgehog)) -* [`d380188`](https://github.com/npm/npm/commit/d380188e161be31f5a4f53947de6bc28df4732d8) - `semver@4.3.3`: Don't throw on `semver.parse(null)`, and parse numeric - version strings more robustly. ([@isaacs](https://github.com/isaacs)) -* [`01d9964`](https://github.com/npm/npm/commit/01d99649265f921e1c61cf406613e7042bcea008) - `nock@1.4.0`: This change may need to be rolled back, or rolled forward, - because [nock depends on - `setImmediate`](https://github.com/npm/npm/issues/7842), which causes tests - to fail when run with Node.js 0.8. ([@othiym23](https://github.com/othiym23)) -* [`91f5cb1`](https://github.com/npm/npm/commit/91f5cb1fb91520fbe25a4da5b80848ed540b9ad3) - [#7791](https://github.com/npm/npm/issues/7791) Fix brackets in npmconf so - that `loaded` is set correctly. - ([@charmander](https://github.com/charmander)) -* [`1349e27`](https://github.com/npm/npm/commit/1349e27c936a8b0fc9f6440a6d6404ef3b19c587) - [#7818](https://github.com/npm/npm/issues/7818) Update `README.md` to point - out that the install script now lives on https://www.npmjs.com. - ([@weisjohn](https://github.com/weisjohn)) - -### v2.7.5 (2015-03-26): - -#### SECURITY FIXES - -* [`300834e`](https://github.com/npm/npm/commit/300834e91a4e2a95fb7fb59c309e7c3fc91d2312) - `tar@2.0.0`: Normalize symbolic links that point to targets outside the - extraction root. This prevents packages containing symbolic links from - overwriting targets outside the expected paths for a package. Thanks to [Tim - Cuthbertson](http://gfxmonk.net/) and the team at [Lift - Security](https://liftsecurity.io/) for working with the npm team to identify - this issue. ([@othiym23](https://github.com/othiym23)) -* [`0dc6875`](https://github.com/npm/npm/commit/0dc68757cffd5397c280bc71365d106523a5a052) - `semver@4.3.2`: Package versions can be no more than 256 characters long. - This prevents a situation in which parsing the version number can use - exponentially more time and memory to parse, leading to a potential denial of - service. Thanks to Adam Baldwin at Lift Security for bringing this to our - attention. ([@isaacs](https://github.com/isaacs)) - -#### BUG FIXES - -* [`5811468`](https://github.com/npm/npm/commit/5811468e104ccb6b26b8715dff390d68daa10066) - [#7713](https://github.com/npm/npm/issues/7713) Add a test for `npm link` and - `npm link <package>`. ([@watilde](https://github.com/watilde)) -* [`3cf3b0c`](https://github.com/npm/npm/commit/3cf3b0c8fddb6b66f969969feebea85fabd0360b) - [#7713](https://github.com/npm/npm/issues/7713) Only use absolute symbolic - links when `npm link`ing. ([@hokaccha](https://github.com/hokaccha)) -* [`f35aa93`](https://github.com/npm/npm/commit/f35aa933e136228a89e3fcfdebe8c7cc4f1e7c00) - [#7443](https://github.com/npm/npm/issues/7443) Keep relative URLs when - hitting search endpoint. ([@othiym23](https://github.com/othiym23)) -* [`eab6184`](https://github.com/npm/npm/commit/eab618425c51e3aa4416da28dcd8ca4ba63aec41) - [#7766](https://github.com/npm/npm/issues/7766) One last tweak to ensure that - GitHub shortcuts work with private repositories. - ([@iarna](https://github.com/iarna)) -* [`5d7f704`](https://github.com/npm/npm/commit/5d7f704823f5f92ddd7ff3e7dd2b8bcc66c73005) - [#7656](https://github.com/npm/npm/issues/7656) Don't try to load a deleted - CA file, allowing the `cafile` config to be changed. - ([@KenanY](https://github.com/KenanY)) -* [`a840a13`](https://github.com/npm/npm/commit/a840a13bbf0330157536381ea8e58d0bd93b4c05) - [#7746](https://github.com/npm/npm/issues/7746) Only fix up URL paths when - there are paths to fix up. ([@othiym23](https://github.com/othiym23)) - -#### DEPENDENCY UPDATES - -* [`94df809`](https://github.com/npm/npm/commit/94df8095985bf5ba9d8db99dc445d05dac136aaf) - `request@2.54.0`: Fixes for Node.js 0.12 and io.js. - ([@simov](https://github.com/simov)) -* [`98a13ea`](https://github.com/npm/npm/commit/98a13eafdf098b53069ad15297008fcab9c61653) - `opener@1.4.1`: Deal with `start` on Windows more conventionally. - ([@domenic](https://github.com/domenic)) -* [`c2417c7`](https://github.com/npm/npm/commit/c2417c7702459a446f07d43ca3c4e99bde7fe9d6) - `require-inject@1.2.0`: Add installGlobally to bypass cleanups. - ([@iarna](https://github.com/iarna)) - -#### DOCUMENTATION FIXES - -* [`f87c728`](https://github.com/npm/npm/commit/f87c728f8732c9e977c0dc2060c0610649e79155) - [#7696](https://github.com/npm/npm/issues/7696) Months and minutes were - swapped in doc-build.sh ([@MeddahJ](https://github.com/MeddahJ)) -* [`4e216b2`](https://github.com/npm/npm/commit/4e216b29b30463f06afe6e3c645e205da5f50922) - [#7752](https://github.com/npm/npm/issues/7752) Update string examples to be - properly quoted. ([@snuggs](https://github.com/snuggs)) -* [`402f52a`](https://github.com/npm/npm/commit/402f52ab201efa348feb87cad753fc4b91e8a3fb) - [#7635](https://github.com/npm/npm/issues/7635) Clarify Windows installation - instructions. ([@msikma](https://github.com/msikma)) -* [`c910399`](https://github.com/npm/npm/commit/c910399ecfd8db49fe4496dd26887765a8aed20f) - small typo fix to `CHANGELOG.md` ([@e-jigsaw](https://github.com/e-jigsaw)) - -### v2.7.4 (2015-03-20): - -#### BUG FIXES - -* [`fe1bc38`](https://github.com/npm/npm/commit/fe1bc387a14475e373557de669e03d9d006d3173) - [#7672](https://github.com/npm/npm/issues/7672) `npm-registry-client@3.1.2`: - Fix client-side certificate handling by correcting property name. - ([@atamon](https://github.com/atamon)) -* [`3ce3cc2`](https://github.com/npm/npm/commit/3ce3cc242fc345bca6820185a4f5a013c5bc1944) - [#7635](https://github.com/npm/npm/issues/7635) `fstream-npm@1.0.2`: Raise a - more descriptive error when `bundledDependencies` isn't an array. - ([@KenanY](https://github.com/KenanY)) -* [`3a12723`](https://github.com/npm/npm/commit/3a127235076a1f00bc8befba56c024c6d0e7f477) - [#7661](https://github.com/npm/npm/issues/7661) Allow setting `--registry` on - the command line to trump the mapped registry for `--scope`. - ([@othiym23](https://github.com/othiym23)) -* [`89ce829`](https://github.com/npm/npm/commit/89ce829a00b526d0518f5cd855c323bffe182af0) - [#7630](https://github.com/npm/npm/issues/7630) `hosted-git-info@1.5.3`: Part - 3 of ensuring that GitHub shorthand is handled consistently. - ([@othiym23](https://github.com/othiym23)) -* [`63313eb`](https://github.com/npm/npm/commit/63313eb0c37891c355546fd1093010c8a0c3cd81) - [#7630](https://github.com/npm/npm/issues/7630) - `realize-package-specifier@2.2.0`: Part 2 of ensuring that GitHub shorthand - is handled consistently. ([@othiym23](https://github.com/othiym23)) -* [`3ed41bf`](https://github.com/npm/npm/commit/3ed41bf64a1bb752bb3155c74dd6ffbbd28c89c9) - [#7630](https://github.com/npm/npm/issues/7630) `npm-package-arg@3.1.1`: Part - 1 of ensuring that GitHub shorthand is handled consistently. - ([@othiym23](https://github.com/othiym23)) - -#### DEPENDENCY UPDATES - -* [`6a498c6`](https://github.com/npm/npm/commit/6a498c6aaa00611a0a1ea405255900c327103f8b) - `npm-registry-couchapp@2.6.7`: Ensure that npm continues to work with new - registry architecture. ([@bcoe](https://github.com/bcoe)) -* [`bd72c47`](https://github.com/npm/npm/commit/bd72c47ce8c58e287d496902c11845c8fea420d6) - `glob@5.0.3`: Updated to latest version. - ([@isaacs](https://github.com/isaacs)) -* [`4bfbaa2`](https://github.com/npm/npm/commit/4bfbaa2d8b9dc7067d999de8f55676db3a4f4196) - `npmlog@1.2.0`: Getting up to date with latest version (but not using any of - the new features). ([@othiym23](https://github.com/othiym23)) - -#### A NEW REGRESSION TEST - -* [`3703b0b`](https://github.com/npm/npm/commit/3703b0b87c127a64649bdbfc3bc697ebccc4aa24) - Add regression test for `npm version` to ensure `message` property in config - continues to be honored. ([@dannyfritz](https://github.com/dannyfritz)) - -### v2.7.3 (2015-03-16): - -#### HAHA WHOOPS LIL SHINKWRAP ISSUE THERE LOL - -* [`1549106`](https://github.com/npm/npm/commit/1549106f518000633915686f5f1ccc6afcf77f8f) - [#7641](https://github.com/npm/npm/issues/7641) Due to 448efd0, running `npm - shrinkwrap --dev` caused production dependencies to no longer be included in - `npm-shrinkwrap.json`. Whoopsie! ([@othiym23](https://github.com/othiym23)) - -### v2.7.2 (2015-03-12): - -#### NPM GASTROENTEROLOGY - -* [`fb0ac26`](https://github.com/npm/npm/commit/fb0ac26eecdd76f6eaa4a96a865b7c6f52ce5aa5) - [#7579](https://github.com/npm/npm/issues/7579) Only block removing files and - links when we're sure npm isn't responsible for them. This change is hard to - summarize, because if things are working correctly you should never see it, - but if you want more context, just [go read the commit - message](https://github.com/npm/npm/commit/fb0ac26eecdd76f6eaa4a96a865b7c6f52ce5aa5), - which lays it all out. ([@othiym23](https://github.com/othiym23)) -* [`051c473`](https://github.com/npm/npm/commit/051c4738486a826300f205b71590781ce7744f01) - [#7552](https://github.com/npm/npm/issues/7552) `bundledDependencies` are now - properly included in the installation context. This is another fantastically - hard-to-summarize bug, and once again, I encourage you to [read the commit - message](https://github.com/npm/npm/commit/051c4738486a826300f205b71590781ce7744f01) - if you're curious about the details. The snappy takeaway is that this - unbreaks many use cases for `ember-cli`. ([@othiym23](https://github.com/othiym23)) - -#### LESS DRAMATIC CHANGES - -* [`fcd9247`](https://github.com/npm/npm/commit/fcd92476f3a9092f6f8c83a19a24fe63b206edcd) - [#7597](https://github.com/npm/npm/issues/7597) Awk varies pretty - dramatically from platform to platform, so use Perl to generate the AUTHORS - list instead. ([@KenanY](https://github.com/KenanY)) -* [`721b17a`](https://github.com/npm/npm/commit/721b17a31690bec074eb8763d823d6de63406005) - [#7598](https://github.com/npm/npm/issues/7598) `npm install --save` really - isn't experimental anymore. ([@RichardLitt](https://github.com/RichardLitt)) - -#### DEPENDENCY REFRESH - -* [`a91f2c7`](https://github.com/npm/npm/commit/a91f2c7c9a5183d9cde7aae040ebd9ccdf104be7) - [#7559](https://github.com/npm/npm/issues/7559) `node-gyp@1.0.3` Switch - `node-gyp` to use `stdio` instead of `customFds` so it stops printing a - deprecation warning every time you build a native dependency. - ([@jeffbski](https://github.com/jeffbski)) -* [`0c85db7`](https://github.com/npm/npm/commit/0c85db7f0dde41762411e40a029153e6a65ef483) - `rimraf@2.3.2`: Globbing now deals with paths containing valid glob - metacharacters better. ([@isaacs](https://github.com/isaacs)) -* [`d14588e`](https://github.com/npm/npm/commit/d14588ed09b032c4c770e34b4c0f2436f5fccf6e) - `minimatch@2.0.4`: Bug fixes. ([@isaacs](https://github.com/isaacs)) -* [`aa9952e`](https://github.com/npm/npm/commit/aa9952e8270a6c1b7f97e579875dd6e3aa22abfd) - `graceful-fs@3.0.6`: Bug fixes. ([@isaacs](https://github.com/isaacs)) - -### v2.7.1 (2015-03-05): - -#### GITSANITY - -* [`6823807`](https://github.com/npm/npm/commit/6823807bba6c00228a724e1205ae90d67df0adad) - [#7121](https://github.com/npm/npm/issues/7121) `npm install --save` for Git - dependencies saves the URL passed in, instead of the temporary directory used - to clone the remote repo. Fixes using Git dependencies when shrinkwrapping. - In the process, rewrote the Git dependency caching code. Again. No more - single-letter variable names, and a much clearer workflow. - ([@othiym23](https://github.com/othiym23)) -* [`c8258f3`](https://github.com/npm/npm/commit/c8258f31365b045e5fcf15b865a363abbc3be616) - [#7486](https://github.com/npm/npm/issues/7486) When installing Git remotes, - the caching code was passing in the function `gitEnv` instead of the results - of invoking it. ([@functino](https://github.com/functino)) -* [`c618eed`](https://github.com/npm/npm/commit/c618eeda3e321fd454d77c476b53a0330f2344cc) - [#2556](https://github.com/npm/npm/issues/2556) Make it possible to install - Git dependencies when using `--link` by not linking just the Git - dependencies. ([@smikes](https://github.com/smikes)) - -#### WHY DID THIS TAKE SO LONG. - -* [`abdd040`](https://github.com/npm/npm/commit/abdd040da90932535472f593d5433a67ee074801) - `read-package-json@1.3.2`: Provide more helpful error messages when JSON - parse errors are encountered by using a more forgiving JSON parser than - JSON.parse. ([@smikes](https://github.com/smikes)) - -#### BUGS & TWEAKS - -* [`c56cfcd`](https://github.com/npm/npm/commit/c56cfcd79cd8ab4ccd06d2c03d7e04030d576683) - [#7525](https://github.com/npm/npm/issues/7525) `npm dedupe` handles scoped - packages. ([@KidkArolis](https://github.com/KidkArolis)) -* [`1b8ba74`](https://github.com/npm/npm/commit/1b8ba7426393cbae2c76ad2c35953782d4401871) - [#7531](https://github.com/npm/npm/issues/7531) `npm stars` and `npm whoami` - will no longer send the registry the error text saying you need to log in as - your username. ([@othiym23](https://github.com/othiym23)) -* [`6de1e91`](https://github.com/npm/npm/commit/6de1e91116a5105dfa75126532b9083d8672e034) - [#6441](https://github.com/npm/npm/issues/6441) Prevent needless reinstalls - by only updating packages when the current version isn't the same as the - version returned as `wanted` by `npm outdated`. - ([@othiym23](https://github.com/othiym23)) -* [`2abc3ee`](https://github.com/npm/npm/commit/2abc3ee08f0cabc4e7bfd7b973c0b59dc44715ff) - Add `npm upgrade` as an alias for `npm update`. - ([@othiym23](https://github.com/othiym23)) -* [`bcd4722`](https://github.com/npm/npm/commit/bcd47224e18884191a5d0057c2b2fff83ac8206e) - [#7508](https://github.com/npm/npm/issues/7508) FreeBSD uses `EAI_FAIL` - instead of `ENOTFOUND`. ([@othiym23](https://github.com/othiym23)) -* [`21c1ac4`](https://github.com/npm/npm/commit/21c1ac41280f0716a208cde14025a2ad5ef61fed) - [#7507](https://github.com/npm/npm/issues/7507) Update support URL in generic - error handler to `https:` from `http:`. - ([@watilde](https://github.com/watilde)) -* [`b6bd99a`](https://github.com/npm/npm/commit/b6bd99a73f575545fbbaef95c12237c47dd32561) - [#7492](https://github.com/npm/npm/issues/7492) On install, the - `package.json` `engineStrict` deprecation only warns for the current package. - ([@othiym23](https://github.com/othiym23)) -* [`4ef1412`](https://github.com/npm/npm/commit/4ef1412d0061239da2b1c4460ed6db37cc9ded27) - [#7075](https://github.com/npm/npm/issues/7075) If you try to tag a release - as a valid semver range, `npm publish` and `npm tag` will error early instead - of proceeding. ([@smikes](https://github.com/smikes)) -* [`ad53d0f`](https://github.com/npm/npm/commit/ad53d0f666125d9f50d661b54901c6e5bab4d603) - Use `rimraf` in npm build script because Windows doesn't know what rm is. - ([@othiym23](https://github.com/othiym23)) -* [`8885c4d`](https://github.com/npm/npm/commit/8885c4dfb618f2838930b5c5149abea300a762d6) - `rimraf@2.3.1`: Better Windows support. - ([@isaacs](https://github.com/isaacs)) -* [`8885c4d`](https://github.com/npm/npm/commit/8885c4dfb618f2838930b5c5149abea300a762d6) - `glob@4.4.2`: Handle bad symlinks properly. - ([@isaacs](https://github.com/isaacs)) - -###E TYPSO & CLARFIICATIONS - -dId yuo know that submiting fxies for doc tpyos is an exclelent way to get -strated contriburting to a new open-saurce porject? - -* [`42c605c`](https://github.com/npm/npm/commit/42c605c7b401f603c32ea70427e1a7666adeafd9) - Fix typo in `CHANGELOG.md` ([@adrianblynch](https://github.com/adrianblynch)) -* [`c9bd58d`](https://github.com/npm/npm/commit/c9bd58dd637b9c41441023584a13e3818d5db336) - Add note about `node_modules/.bin` being added to the path in `npm - run-script`. ([@quarterto](https://github.com/quarterto)) -* [`903bdd1`](https://github.com/npm/npm/commit/903bdd105b205d6e45d3a2ab83eea8e4071e9aeb) - Matt Ranney confused the world when he renamed `node-redis` to `redis`. "The - world" includes npm's documentation. - ([@RichardLitt](https://github.com/RichardLitt)) -* [`dea9bb2`](https://github.com/npm/npm/commit/dea9bb2319183fe54bf4d173d8533d46d2c6611c) - Fix typo in contributor link. ([@watilde](https://github.com/watilde)) -* [`1226ca9`](https://github.com/npm/npm/commit/1226ca98d4d7650cc3ba16bf7ac62e44820f3bfa) - Properly close code block in npm-install.md. - ([@olizilla](https://github.com/olizilla)) - -### v2.7.0 (2015-02-26): - -#### SOMETIMES SEMVER MEANS "SUBJECTIVE-EMPATHETIC VERSIONING" - -For a very long time (maybe forever?), the documentation for `npm run-script` -has said that `npm restart` will only call `npm stop` and `npm start` when -there is no command defined as `npm restart` in `package.json`. The problem -with this documentation is that `npm run-script` was apparently never wired up -to actually work this way. - -Until now. - -If the patch below were landed on its own, free of context, it would be a -breaking change. But, since the "new" behavior is how the documentation claims -this feature has always worked, I'm classifying it as a patch-level bug fix. I -apologize in advance if this breaks anybody's deployment scripts, and if it -turns out to be a significant regression in practice, we can revert this change -and move it to `npm@3`, which is allowed to make breaking changes due to being -a new major version of semver. - -* [`2f6a1df`](https://github.com/npm/npm/commit/2f6a1df3e1e3e0a3bc4abb69e40f59a64204e7aa) - [#1999](https://github.com/npm/npm/issues/1999) Only run `stop` and `start` - scripts (plus their pre- and post- scripts) when there's no `restart` script - defined. This makes it easier to support graceful restarts of services - managed by npm. ([@watilde](https://github.com/watilde) / - [@scien](https://github.com/scien)) - -#### A SMALL FEATURE WITH BIG IMPLICATIONS - -* [`145af65`](https://github.com/npm/npm/commit/145af6587f45de135cc876be2027ed818ed4ca6a) - [#4887](https://github.com/npm/npm/issues/4887) Replace calls to the - `node-gyp` script bundled with npm by passing the - `--node-gyp=/path/to/node-gyp` option to npm. Swap in `pangyp` or a version - of `node-gyp` modified to work better with io.js without having to touch - npm's code! ([@ackalker](https://github.com/ackalker)) - -#### [@WATILDE'S](https://github.com/watilde) NPM USABILITY CORNER - -Following `npm@2.6.1`'s unexpected fix of many of the issues with `npm update --g` simply by making `--depth=0` the default for `npm outdated`, friend of npm -[@watilde](https://github.com/watilde) has made several modest changes to npm's -behavior that together justify bumping npm's minor version, as well as making -npm significantly more pleasant to use: - -* [`448efd0`](https://github.com/npm/npm/commit/448efd0eaa6f97af0889bf47efc543a1ea2f8d7e) - [#2853](https://github.com/npm/npm/issues/2853) Add support for `--dev` and - `--prod` to `npm ls`, so that you can list only the trees of production or - development dependencies, as desired. - ([@watilde](https://github.com/watilde)) -* [`a0a8777`](https://github.com/npm/npm/commit/a0a87777af8bee180e4e9321699f050c29ed5ac4) - [#7463](https://github.com/npm/npm/issues/7463) Split the list printed by - `npm run-script` into lifecycle scripts and scripts directly invoked via `npm - run-script`. ([@watilde](https://github.com/watilde)) -* [`a5edc17`](https://github.com/npm/npm/commit/a5edc17d5ef1435b468a445156a4a109df80f92b) - [#6749](https://github.com/npm/npm/issues/6749) `init-package-json@1.3.1`: - Support for passing scopes to `npm init` so packages are initialized as part - of that scope / organization / team. ([@watilde](https://github.com/watilde)) - -#### SMALLER FEATURES AND FIXES - -It turns out that quite a few pull requests had piled up on npm's issue -tracker, and they included some nice small features and fixes: - -* [`f33e8b8`](https://github.com/npm/npm/commit/f33e8b8ff2de094071c5976be95e35110cf2ab1a) - [#7354](https://github.com/npm/npm/issues/7354) Add `--if-present` flag to - allow e.g. CI systems to call (semi-) standard build tasks defined in - `package.json`, but don't raise an error if no such script is defined. - ([@jussi-kalliokoski](https://github.com/jussi-kalliokoski)) -* [`7bf85cc`](https://github.com/npm/npm/commit/7bf85cc372ab5698593b01e139c383fa62c92516) - [#4005](https://github.com/npm/npm/issues/4005) - [#6248](https://github.com/npm/npm/issues/6248) Globally unlink a package - when `npm rm` / `npm unlink` is called with no arguments. - ([@isaacs](https://github.com/isaacs)) -* [`a2e04bd`](https://github.com/npm/npm/commit/a2e04bd921feab8f9e40a27e180ca9308eb709d7) - [#7294](https://github.com/npm/npm/issues/7294) Ensure that when depending on - `git+<proto>` URLs, npm doesn't keep tacking additional `git+` prefixes onto - the front. ([@twhid](https://github.com/twhid)) -* [`0f87f5e`](https://github.com/npm/npm/commit/0f87f5ed28960d962f34977953561d22983da4f9) - [#6422](https://github.com/npm/npm/issues/6422) When depending on GitHub - private repositories, make sure we construct the Git URLS correctly. - ([@othiym23](https://github.com/othiym23)) -* [`50f461d`](https://github.com/npm/npm/commit/50f461d248c4d22e881a9535dccc1d57d994dbc7) - [#4595](https://github.com/npm/npm/issues/4595) Support finding compressed - manpages. It's still up to the system to figure out how to display them, - though. ([@pshevtsov](https://github.com/pshevtsov)) -* [`44da664`](https://github.com/npm/npm/commit/44da66456b530c049ff50953f78368460df87461) - [#7465](https://github.com/npm/npm/issues/7465) When calling git, log the - **full** command, with all arguments, on error. - ([@thriqon](https://github.com/thriqon)) -* [`9748d5c`](https://github.com/npm/npm/commit/9748d5cd195d0269b32caf45129a93d29359a796) - Add parent to error on `ETARGET` error. - ([@davglass](https://github.com/davglass)) -* [`37038d7`](https://github.com/npm/npm/commit/37038d7db47a986001f77ac17b3e164000fc8ff3) - [#4663](https://github.com/npm/npm/issues/4663) Remove hackaround for Linux - tests, as it's evidently no longer necessary. - ([@mmalecki](https://github.com/mmalecki)) -* [`d7b7853`](https://github.com/npm/npm/commit/d7b785393dffce93bb70317fbc039a6428ca37c5) - [#2612](https://github.com/npm/npm/issues/2612) Add support for path - completion on `npm install`, which narrows completion to only directories - containing `package.json` files. ([@deestan](https://github.com/deestan)) -* [`628fcdb`](https://github.com/npm/npm/commit/628fcdb0be4e14c0312085a50dc2ae01dc713fa6) - Remove all command completion calls to `-/short`, because it's been removed - from the primary registry for quite some time, and is generally a poor idea - on any registry with more than a few hundred packages. - ([@othiym23](https://github.com/othiym23)) -* [`3f6061d`](https://github.com/npm/npm/commit/3f6061d75650441ee690472d1fa9c8dd7a7b1b28) - [#6659](https://github.com/npm/npm/issues/6659) Instead of removing zsh - completion global, make it a local instead. - ([@othiym23](https://github.com/othiym23)) - -#### DOCUMENTATION TWEAKS - -* [`5bc70e6`](https://github.com/npm/npm/commit/5bc70e6cfb3598da433806c6f447fc94c8e1d35d) - [#7417](https://github.com/npm/npm/issues/7417) Provide concrete examples of - how the new `npm update` defaults work in practice, tied to actual test - cases. Everyone interested in using `npm update -g` now that it's been fixed - should read these documents, as should anyone interested in writing - documentation for npm. ([@smikes](https://github.com/smikes)) -* [`8ac6f21`](https://github.com/npm/npm/commit/8ac6f2123a6af13dc9447fad96ec9cb583c45a71) - [#6543](https://github.com/npm/npm/issues/6543) Clarify `npm-scripts` - warnings to de-emphasize dangers of using `install` scripts. - ([@zeke](https://github.com/zeke)) -* [`ebe3b37`](https://github.com/npm/npm/commit/ebe3b37098efdada41dcc4c52a291e29296ea242) - [#6711](https://github.com/npm/npm/issues/6711) Note that git tagging of - versions can be disabled via `--no-git-tag-verson`. - ([@smikes](https://github.com/smikes)) -* [`2ef5771`](https://github.com/npm/npm/commit/2ef5771632006e6cee8cf17f836c0f98ab494bd1) - [#6711](https://github.com/npm/npm/issues/6711) Document `git-tag-version` - configuration option. ([@KenanY](https://github.com/KenanY)) -* [`95e59b2`](https://github.com/npm/npm/commit/95e59b287c9517780318e145371a859e8ebb2d20) - Document that `NODE_ENV=production` behaves analogously to `--production` on - `npm install`. ([@stefaneg](https://github.com/stefaneg)) -* [`687117a`](https://github.com/npm/npm/commit/687117a5bcd6a838cd1532ea7020ec6fcf0c33c0) - [#7463](https://github.com/npm/npm/issues/7463) Document the new script - grouping behavior in the man page for `npm run-script`. - ([@othiym23](https://github.com/othiym23)) -* [`536b2b6`](https://github.com/npm/npm/commit/536b2b6f55c349247b3e79b5d11b4c033ef5a3df) - Rescue one of the the disabled tests and make it work properly. - ([@smikes](https://github.com/smikes)) - -#### DEPENDENCY UPDATES - -* [`89fc6a4`](https://github.com/npm/npm/commit/89fc6a4e7ff8c524675fcc14493ca0a1e3a76d38) - `which@1.0.9`: Test for being run as root, as well as the current user. - ([@isaacs](https://github.com/isaacs)) -* [`5d0612f`](https://github.com/npm/npm/commit/5d0612f31e226cba32a05351c47b055c0ab6c557) - `glob@4.4.1`: Better error message to explain why calling sync glob with a - callback results in an error. ([@isaacs](https://github.com/isaacs)) -* [`64b07f6`](https://github.com/npm/npm/commit/64b07f6caf6cb07e4102f1e4e5f2ff2b944e452e) - `tap@0.7.1`: More accurate counts of pending & skipped tests. - ([@rmg](https://github.com/rmg)) -* [`8fda451`](https://github.com/npm/npm/commit/8fda45195dae1d6f792be556abe87f7763fab09b) - `semver@4.3.1`: Make official the fact that `node-semver` has moved from - [@isaacs](https://github.com/isaacs)'s organization to - [@npm](https://github.com/npm)'s. ([@isaacs](https://github.com/isaacs)) - -### v2.6.1 (2015-02-19): - -* [`8b98f0e`](https://github.com/npm/npm/commit/8b98f0e709d77a8616c944aebd48ab726f726f76) - [#4471](https://github.com/npm/npm/issues/4471) `npm outdated` (and only `npm - outdated`) now defaults to `--depth=0`. See the [docs for - `--depth`](https://github.com/npm/npm/blob/82f484672adb1a3caf526a8a48832789495bb43d/doc/misc/npm-config.md#depth) - for the mildly confusing details. ([@smikes](https://github.com/smikes)) -* [`aa79194`](https://github.com/npm/npm/commit/aa791942a9f3c8af6a650edec72a675deb7a7c6e) - [#6565](https://github.com/npm/npm/issues/6565) Tweak `peerDependency` - deprecation warning to include which peer dependency on which package is - going to need to change. ([@othiym23](https://github.com/othiym23)) -* [`5fa067f`](https://github.com/npm/npm/commit/5fa067fd47682ac3cdb12a2b009d8ca59b05f992) - [#7171](https://github.com/npm/npm/issues/7171) Tweak `engineStrict` - deprecation warning to include which `package.json` is using it. - ([@othiym23](https://github.com/othiym23)) -* [`0fe0caa`](https://github.com/npm/npm/commit/0fe0caa7eddb7acdacbe5ee81ceabaca27175c78) - `glob@4.4.0`: Glob patterns can now ignore matches. - ([@isaacs](https://github.com/isaacs)) - -### v2.6.0 (2015-02-12): - -#### A LONG-AWAITED GUEST - -* [`38c4825`](https://github.com/npm/npm/commit/38c48254d3d217b4babf5027cb39492be4052fc2) - [#5068](https://github.com/npm/npm/issues/5068) Add new logout command, and - make it do something useful on both bearer-based and basic-based authed - clients. ([@othiym23](https://github.com/othiym23)) -* [`4bf0f5d`](https://github.com/npm/npm/commit/4bf0f5d56c33649124b486e016ba4a620c105c1c) - `npm-registry-client@6.1.1`: Support new `logout` endpoint to invalidate - token for sessions. ([@othiym23](https://github.com/othiym23)) - -#### DEPRECATIONS - -* [`c8e08e6`](https://github.com/npm/npm/commit/c8e08e6d91f4016c80f572aac5a2080df0f78098) - [#6565](https://github.com/npm/npm/issues/6565) Warn that `peerDependency` - behavior is changing and add a note to the docs. - ([@othiym23](https://github.com/othiym23)) -* [`7c81a5f`](https://github.com/npm/npm/commit/7c81a5f5f058941f635a92f22641ea68e79b60db) - [#7171](https://github.com/npm/npm/issues/7171) Warn that `engineStrict` in - `package.json` will be going away in the next major version of npm (coming - soon!) ([@othiym23](https://github.com/othiym23)) - -#### BUG FIXES & TWEAKS - -* [`add5890`](https://github.com/npm/npm/commit/add5890ce447dabf120b907a85f715df1e065f44) - [#4668](https://github.com/npm/npm/issues/4668) `read-package-json@1.3.1`: - Warn when a `bin` symbolic link is a dangling reference. - ([@nicks](https://github.com/nicks)) -* [`4b42071`](https://github.com/npm/npm/commit/4b420714dfb84338d85def78c30bd665e32d72c1) - `semver@4.3.0`: Add functions to extract parts of the version triple, fix a - typo. ([@isaacs](https://github.com/isaacs)) -* [`a9aff38`](https://github.com/npm/npm/commit/a9aff38719918486fc381d67ad3371c475632ff7) - Use full path for man pages as the symbolic link source, instead of just the - file name. ([@bengl](https://github.com/bengl)) -* [`6fd0fbd`](https://github.com/npm/npm/commit/6fd0fbd8a0347fd47cb7ee0064e0902a2f8a087c) - [#7233](https://github.com/npm/npm/issues/7233) Ensure `globalconfig` path - exists before trying to edit it. ([@ljharb](https://github.com/ljharb)) -* [`a0a2620`](https://github.com/npm/npm/commit/a0a262047647d9e2690cebe5a89e6a0dd33202bb) - `ini@1.3.3`: Allow embedded, quoted equals signs in ini field names. - ([@isaacs](https://github.com/isaacs)) - -Also typos and other documentation issues were addressed by -[@rutsky](https://github.com/rutsky), [@imurchie](https://github.com/imurchie), -[@marcin-wosinek](https://github.com/marcin-wosinek), -[@marr](https://github.com/marr), [@amZotti](https://github.com/amZotti), and -[@karlhorky](https://github.com/karlhorky). Thank you, everyone! - -### v2.5.1 (2015-02-06): - -This release doesn't look like much, but considerable effort went into ensuring -that npm's tests will pass on io.js 1.1.0 and Node 0.11.16 / 0.12.0 on both OS -X and Linux. - -**NOTE:** there are no actual changes to npm's code in `npm@2.5.1`. Only test -code (and the upgrade of `request` to the latest version) has changed. - -#### `npm-registry-mock@1.0.0`: - -* [`0e8d473`](https://github.com/npm/npm/commit/0e8d4736a1cbdda41ae8eba8a02c7ff7ce80c2ff) - [#7281](https://github.com/npm/npm/issues/7281) `npm-registry-mock@1.0.0`: - Clean up API, set `connection: close`. - ([@robertkowalski](https://github.com/robertkowalski)) -* [`4707bba`](https://github.com/npm/npm/commit/4707bba7d44dfab85cc45c2ecafa9c1601ba2e9a) - Further update tests to work with `npm-registry-mock@1.0.0`. - ([@othiym23](https://github.com/othiym23)) -* [`41a0f89`](https://github.com/npm/npm/commit/41a0f8959d4e02af9661588afa7d2b4543cc21b6) - Got rid of completely gratuitous global config manipulation in tests. - ([@othiym23](https://github.com/othiym23)) - -#### MINOR DEPENDENCY TWEAK - -* [`a4c7af9`](https://github.com/npm/npm/commit/a4c7af9c692f250c0fd017397ed9514fc263b752) - `request@2.53.0`: Tweaks to tunneling proxy behavior. - ([@nylen](https://github.com/nylen)) - -### v2.5.0 (2015-01-29): - -#### SMALL FEATURE I HAVE ALREADY USED TO MAINTAIN NPM ITSELF - -* [`9d61e96`](https://github.com/npm/npm/commit/9d61e96fb1f48687a85c211e4e0cd44c7f95a38e) - `npm outdated --long` now includes a column showing the type of dependency. - ([@watilde](https://github.com/watilde)) - -#### BUG FIXES & TWEAKS - -* [`fec4c96`](https://github.com/npm/npm/commit/fec4c967ee235030bf31393e8605e9e2811f4a39) - Allow `--no-proxy` to override `HTTP_PROXY` setting in environment. - ([@othiym23](https://github.com/othiym23)) -* [`589acb9`](https://github.com/npm/npm/commit/589acb9714f395c2ad0d98cb0ac4236f1842d2cc) - Only set `access` when publshing when it's explicitly set. - ([@othiym23](https://github.com/othiym23)) -* [`1027087`](https://github.com/npm/npm/commit/102708704c8c4f0ea99775d38f8d1efecf584940) - Add script and `Makefile` stanza to update AUTHORS. - ([@KenanY](https://github.com/KenanY)) -* [`eeff04d`](https://github.com/npm/npm/commit/eeff04da7979a0181becd36b8777d607e7aa1787) - Add `NPMOPTS` to top-level install in `Makefile` to override `userconfig`. - ([@aredridel](https://github.com/aredridel)) -* [`0d17328`](https://github.com/npm/npm/commit/0d173287336650606d4c91818bb7bcfb0c5d57a1) - `fstream@1.0.4`: Run chown only when necessary. - ([@silkentrance](https://github.com/silkentrance)) -* [`9aa4622`](https://github.com/npm/npm/commit/9aa46226ee63b9e183fd49fc72d9bdb0fae9605e) - `columnify@1.4.1`: ES6ified! ([@timoxley](https://github.com/timoxley)) -* [`51b2fd1`](https://github.com/npm/npm/commit/51b2fd1974e38b825ac5ca4a852ab3c4142624cc) - Update default version in `docs/npm-config.md`. - ([@lucthev](https://github.com/lucthev)) - -#### `npm-registry-client@6.0.7`: - -* [`f9313a0`](https://github.com/npm/npm/commit/f9313a066c9889a0ee898d8a35676e40b8101e7f) - [#7226](https://github.com/npm/npm/issues/7226) Ensure that all request - settings are copied onto the agent. - ([@othiym23](https://github.com/othiym23)) -* [`e186f6e`](https://github.com/npm/npm/commit/e186f6e7cfeb4db9c94d7375638f0b2f0d472947) - Only set `access` on publish when it differs from the norm. - ([@othiym23](https://github.com/othiym23)) -* [`f9313a0`](https://github.com/npm/npm/commit/f9313a066c9889a0ee898d8a35676e40b8101e7f) - Allow overriding request's environment-based proxy handling. - ([@othiym23](https://github.com/othiym23)) -* [`f9313a0`](https://github.com/npm/npm/commit/f9313a066c9889a0ee898d8a35676e40b8101e7f) - Properly handle retry failures on fetch. - ([@othiym23](https://github.com/othiym23)) - -### v2.4.1 (2015-01-23): - - - -Let's accentuate the positive: the `dist-tag` endpoints for `npm dist-tag -{add,rm,ls}` are now live on the public npm registry. - -* [`f70272b`](https://github.com/npm/npm/commit/f70272bed7d77032d1e21553371dd5662fef32f2) - `npm-registry-client@6.0.3`: Properly escape JSON tag version strings and - filter `_etag` from CouchDB docs. ([@othiym23](https://github.com/othiym23)) - -### v2.4.0 (2015-01-22): - -#### REGISTRY 2: ACCESS AND DIST-TAGS - -NOTE: This week's registry-2 commands are leading the implementation on -registry.npmjs.org a little bit, so some of the following may not work for -another week or so. Also note that `npm access` has documentation and -subcommands that are not yet finished, because they depend on incompletely -specified registry API endpoints. Things are coming together very quickly, -though, so expect the missing pieces to be filled in the coming weeks. - -* [`c963eb2`](https://github.com/npm/npm/commit/c963eb295cf766921b1680f4a71fd0ed3e1bcad8) - [#7181](https://github.com/npm/npm/issues/7181) NEW `npm access public` and - `npm access restricted`: Toggle visibility of scoped packages. - ([@othiym23](https://github.com/othiym23)) -* [`dc51810`](https://github.com/npm/npm/commit/dc51810e08c0f104259146c9c035d255de4f7d1d) - [#6243](https://github.com/npm/npm/issues/6243) / - [#6854](https://github.com/npm/npm/issues/6854) NEW `npm dist-tags`: Directly - manage `dist-tags` on packages. Most notably, `dist-tags` can now be deleted. - ([@othiym23](https://github.com/othiym23)) -* [`4c7c132`](https://github.com/npm/npm/commit/4c7c132a6b8305dca2974943226c39c0cdc64ff9) - [#7181](https://github.com/npm/npm/issues/7181) / - [#6854](https://github.com/npm/npm/issues/6854) `npm-registry-client@6.0.1`: - Add new `access` and `dist-tags` endpoints - ([@othiym23](https://github.com/othiym23)) - -#### NOT EXACTLY SELF-DEPRECATING - -* [`10d5c77`](https://github.com/npm/npm/commit/10d5c77653487f15759ac7de262a97e9c655240c) - [#6274](https://github.com/npm/npm/issues/6274) Deprecate `npm tag` in favor - of `npm dist-tag`. ([@othiym23](https://github.com/othiym23)) - -#### BUG FIX AND TINY FEATURE - -* [`29a6ef3`](https://github.com/npm/npm/commit/29a6ef38ef86ac318c5d9ea4bee28ce614672fa6) - [#6850](https://github.com/npm/npm/issues/6850) Be smarter about determining - base of file deletion when unbuilding. ([@phated](https://github.com/phated)) -* [`4ad01ea`](https://github.com/npm/npm/commit/4ad01ea2930a7a1cf88be121cc5ce9eba40c6807) - `init-package-json@1.2.0`: Support `--save-exact` in `npm init`. - ([@gustavnikolaj](https://github.com/gustavnikolaj)) - -### v2.3.0 (2015-01-15): - -#### REGISTRY 2: OH MY STARS! WHO AM I? - -* [`e662a60`](https://github.com/npm/npm/commit/e662a60e2f9a542effd8e72279d4622fe514415e) - The new `whoami` endpoint might not return a value. - ([@othiym23](https://github.com/othiym23)) -* [`c2cccd4`](https://github.com/npm/npm/commit/c2cccd4bbc65885239ed646eb510155f7b8af13d) - `npm-registry-client@5.0.0`: Includes the following fine changes - ([@othiym23](https://github.com/othiym23)): - * [`ba6b73e`](https://github.com/npm/npm-registry-client/commit/ba6b73e351027246c228622014e4441412409bad) - [#92](https://github.com/npm/npm-registry-client/issues/92) BREAKING CHANGE: - Move `/whoami` endpoint out of the package namespace (to `/-/whoami`). - ([@othiym23](https://github.com/othiym23)) - * [`3b174b7`](https://github.com/npm/npm-registry-client/commit/3b174b75c0c9ea77e298e6bb664fb499824ecc7c) - [#93](https://github.com/npm/npm-registry-client/issues/93) Registries based - on token-based auth can now offer starring. - ([@bcoe](https://github.com/bcoe)) - * [`4701a29`](https://github.com/npm/npm-registry-client/commit/4701a29bcda41bc14aa91f361dd0d576e24677d7) - Fix HTTP[S] connection keep-alive on Node 0.11 / io.js 1.0. - ([@fengmk2](https://github.com/fengmk2)) - -#### BETTER REGISTRY METADATA CACHING - -* [`98e1e10`](https://github.com/npm/npm/commit/98e1e1080df1f2cab16ed68035603950ea3d2d48) - [#6791](https://github.com/npm/npm/issues/6791) Add caching based on - Last-Modified / If-Modified-Since headers. Includes this - `npm-registry-client@5.0.0` change ([@lxe](https://github.com/lxe)): - * [`07bc335`](https://github.com/npm/npm-registry-client/commit/07bc33502b93554cd7539bfcce37d6e2d5404cd0) - [#86](https://github.com/npm/npm-registry-client/issues/86) Add Last-Modified - / If-Modified-Since cache header handling. ([@lxe](https://github.com/lxe)) - -#### HOW MUCH IS THAT WINDOWS IN THE DOGGY? - -* [`706d49a`](https://github.com/npm/npm/commit/706d49ab45521360fce1a68779b8de899015d8c2) - [#7107](https://github.com/npm/npm/issues/7107) `getCacheStat` passes a stub - stat on Windows. ([@rmg](https://github.com/rmg)) -* [`5fce278`](https://github.com/npm/npm/commit/5fce278a688a1cb79183e012bde40b089c2e97a4) - [#5267](https://github.com/npm/npm/issues/5267) Use `%COMSPEC%` when set on - Windows. ([@edmorley](https://github.com/edmorley)) -* [`cc2e099`](https://github.com/npm/npm/commit/cc2e09912ce2f91567c485422e4e797c4deb9842) - [#7083](https://github.com/npm/npm/issues/7083) Ensure Git cache prefix - exists before repo clone on Windows. - ([@othiym23](https://github.com/othiym23)) - -#### THRILLING BUG FIXES - -* [`c6fb430`](https://github.com/npm/npm/commit/c6fb430e55672b3caf87d25cbd2aeeebc449e2f2) - [#4197](https://github.com/npm/npm/issues/4197) Report `umask` as a 0-padded - octal literal. ([@smikes](https://github.com/smikes)) -* [`209713e`](https://github.com/npm/npm/commit/209713ebd4b77da11ce27d90c3346f78d760ba52) - [#4197](https://github.com/npm/npm/issues/4197) `umask@1.1.0`: Properly - handle `umask`s (i.e. not decimal numbers). - ([@smikes](https://github.com/smikes)) -* [`9eac0a1`](https://github.com/npm/npm/commit/9eac0a14488c5979ebde4c17881c8cd74f395069) - Make the example for bin links non-destructive. - ([@KevinSheedy](https://github.com/KevinSheedy)) -* [`6338bcf`](https://github.com/npm/npm/commit/6338bcfcd9cd1b0cc48b051dae764dc436ab5332) - `glob@4.3.5`: " -> ', for some reason. ([@isaacs](https://github.com/isaacs)) - -### v2.2.0 (2015-01-08): - -* [`88c531d`](https://github.com/npm/npm/commit/88c531d1c0b3aced8f2a09632db01b5635e7226a) - [#7056](https://github.com/npm/npm/issues/7056) version doesn't need a - package.json. ([@othiym23](https://github.com/othiym23)) -* [`2656c19`](https://github.com/npm/npm/commit/2656c19f6b915c3173acc3b6f184cc321563da5f) - [#7095](https://github.com/npm/npm/issues/7095) Link to npm website instead - of registry. ([@konklone](https://github.com/konklone)) -* [`c76b801`](https://github.com/npm/npm/commit/c76b8013bf1758587565822626171b76cb465c9e) - [#7067](https://github.com/npm/npm/issues/7067) Obfuscate secrets, including - nerfed URLs. ([@smikes](https://github.com/smikes)) -* [`17f66ce`](https://github.com/npm/npm/commit/17f66ceb1bd421084e4ae82a6b66634a6e272929) - [#6849](https://github.com/npm/npm/issues/6849) Explain the tag workflow more - clearly. ([@smikes](https://github.com/smikes)) -* [`e309df6`](https://github.com/npm/npm/commit/e309df642de33d10d6dffadaa8a5d214a924d0dc) - [#7096](https://github.com/npm/npm/issues/7096) Really, `npm update -g` is - almost always a terrible idea. ([@smikes](https://github.com/smikes)) -* [`acf287d`](https://github.com/npm/npm/commit/acf287d2547c8a0a8871652c164019261b666d55) - [#6999](https://github.com/npm/npm/issues/6999) `npm run-script env`: add a - new default script that will print out environment values. - ([@gcb](https://github.com/gcb)) -* [`560c009`](https://github.com/npm/npm/commit/560c00945d4dec926cd29193e336f137c7f3f951) - [#6745](https://github.com/npm/npm/issues/6745) Document `npm update --dev`. - ([@smikes](https://github.com/smikes)) -* [`226a677`](https://github.com/npm/npm/commit/226a6776a1a9e28570485623b8adc2ec4b041335) - [#7046](https://github.com/npm/npm/issues/7046) We have never been the Node - package manager. ([@linclark](https://github.com/linclark)) -* [`38eef22`](https://github.com/npm/npm/commit/38eef2248f03bb8ab04cae1833e2a228fb887f3c) - `npm-install-checks@1.0.5`: Compatibility with npmlog@^1. - ([@iarna](https://github.com/iarna)) - -### v2.1.18 (2015-01-01): - -* [`bf8640b`](https://github.com/npm/npm/commit/bf8640b0395b5dff71260a0cede7efc699a7bcf5) - [#7044](https://github.com/npm/npm/issues/7044) Document `.npmignore` syntax. - ([@zeke](https://github.com/zeke)) - -### v2.1.17 (2014-12-25): - -merry npm xmas - -Working with [@phated](https://github.com/phated), I discovered that npm still -had some lingering race conditions around how it handles Git dependencies. The -following changes were intended to remedy to these issues. Thanks to -[@phated](https://github.com/phated) for all his help getting to the bottom of -these. - -* [`bdf1c84`](https://github.com/npm/npm/commit/bdf1c8483f5c4ad79b712db12d73276e15883923) - [#7006](https://github.com/npm/npm/issues/7006) Only `chown` template and - top-level Git cache directories. ([@othiym23](https://github.com/othiym23)) -* [`581a72d`](https://github.com/npm/npm/commit/581a72da18f35ec87edef6255adf4ef4714a478c) - [#7006](https://github.com/npm/npm/issues/7006) Map Git remote inflighting to - clone paths rather than Git URLs. ([@othiym23](https://github.com/othiym23)) -* [`1c48d08`](https://github.com/npm/npm/commit/1c48d08dea31a11ac11a285cac598a482481cade) - [#7009](https://github.com/npm/npm/issues/7009) `normalize-git-url@1.0.0`: - Normalize Git URLs while caching. ([@othiym23](https://github.com/othiym23)) -* [`5423cf0`](https://github.com/npm/npm/commit/5423cf0be8ff2b76bfff7c8e780e5f261235a86a) - [#7009](https://github.com/npm/npm/issues/7009) Pack tarballs to their final - locations atomically. ([@othiym23](https://github.com/othiym23)) -* [`7f6557f`](https://github.com/npm/npm/commit/7f6557ff317469ee4a87c542ff9a991e74ce9f38) - [#7009](https://github.com/npm/npm/issues/7009) Inflight local directory - packing, just to be safe. ([@othiym23](https://github.com/othiym23)) - -Other changes: - -* [`1c491e6`](https://github.com/npm/npm/commit/1c491e65d70af013e8d5ac008d6d9762d6d91793) - [#6991](https://github.com/npm/npm/issues/6991) `npm version`: fix regression - in dirty-checking behavior ([@rlidwka](https://github.com/rlidwka)) -* [`55ceb2b`](https://github.com/npm/npm/commit/55ceb2b08ff8a0f56b94cc972ca15d7862e8733c) - [#1991](https://github.com/npm/npm/issues/1991) modify docs to reflect actual - `npm restart` behavior ([@smikes](https://github.com/smikes)) -* [`fb8e31b`](https://github.com/npm/npm/commit/fb8e31b95476a50bda35a665a99eec8a5d25a4db) - [#6982](https://github.com/npm/npm/issues/6982) when doing registry - operations, ensure registry URL always ends with `/` - ([@othiym23](https://github.com/othiym23)) -* [`5bcba65`](https://github.com/npm/npm/commit/5bcba65bed2678ffe80fb596f72abe9871d131c8) - pull whitelisted Git environment variables out into a named constant - ([@othiym23](https://github.com/othiym23)) -* [`be04bbd`](https://github.com/npm/npm/commit/be04bbdc52ebfc820cd939df2f7d79fe87067747) - [#7000](https://github.com/npm/npm/issues/7000) No longer install badly-named - manpage files, and log an error when trying to uninstall them. - ([@othiym23](https://github.com/othiym23)) -* [`6b7c5ec`](https://github.com/npm/npm/commit/6b7c5eca6b65e1247d0e51f6400cf2637ac880ce) - [#7011](https://github.com/npm/npm/issues/7011) Send auth for tarball fetches - for packages in `npm-shrinkwrap.json` from private registries. - ([@othiym23](https://github.com/othiym23)) -* [`9b9de06`](https://github.com/npm/npm/commit/9b9de06a99893b40aa23f0335726dec6df7979db) - `glob@4.3.2`: Better handling of trailing slashes. - ([@isaacs](https://github.com/isaacs)) -* [`030f3c7`](https://github.com/npm/npm/commit/030f3c7450b8ce124a19073bfbae0948a0a1a02c) - `semver@4.2.0`: Diffing between version strings. - ([@isaacs](https://github.com/isaacs)) - -### v2.1.16 (2014-12-22): - -* [`a4e4e33`](https://github.com/npm/npm/commit/a4e4e33edb35c68813f04bf42bdf933a6f727bcd) - [#6987](https://github.com/npm/npm/issues/6987) `read-installed@3.1.5`: fixed - a regression where a new / empty package would cause read-installed to throw. - ([@othiym23](https://github.com/othiym23) / - [@pgilad](https://github.com/pgilad)) - -### v2.1.15 (2014-12-18): - -* [`e5a2dee`](https://github.com/npm/npm/commit/e5a2dee47c74f26c56fee5998545b97497e830c8) - [#6951](https://github.com/npm/npm/issues/6951) `fs-vacuum@1.2.5`: Use - `path-is-inside` for better Windows normalization. - ([@othiym23](https://github.com/othiym23)) -* [`ac6167c`](https://github.com/npm/npm/commit/ac6167c2b9432939c57296f7ddd11ad5f8f918b2) - [#6955](https://github.com/npm/npm/issues/6955) Call `path.normalize` in - `lib/utils/gently-rm.js` for better Windows normalization. - ([@ben-page](https://github.com/ben-page)) -* [`c625d71`](https://github.com/npm/npm/commit/c625d714795e3b5badd847945e2401adfad5a196) - [#6964](https://github.com/npm/npm/issues/6964) Clarify CA configuration - docs. ([@jeffjo](https://github.com/jeffjo)) -* [`58b8cb5`](https://github.com/npm/npm/commit/58b8cb5cdf26a854358b7c2ab636572dba9bac16) - [#6950](https://github.com/npm/npm/issues/6950) Fix documentation typos. - ([@martinvd](https://github.com/martinvd)) -* [`7c1299d`](https://github.com/npm/npm/commit/7c1299d00538ea998684a1903a4091eafc63b7f1) - [#6909](https://github.com/npm/npm/issues/6909) Remove confusing mention of - rubygems `~>` semver operator. ([@mjtko](https://github.com/mjtko)) -* [`7dfdcc6`](https://github.com/npm/npm/commit/7dfdcc6debd8ef1fc52a2b508997d15887aad824) - [#6909](https://github.com/npm/npm/issues/6909) `semver@4.1.1`: Synchronize - documentation with PR [#6909](https://github.com/npm/npm/issues/6909) - ([@othiym23](https://github.com/othiym23)) -* [`adfddf3`](https://github.com/npm/npm/commit/adfddf3b682e0ae08e4b59d87c1b380dd651c572) - [#6925](https://github.com/npm/npm/issues/6925) Correct typo in - `doc/api/npm-ls.md` ([@oddurs](https://github.com/oddurs)) -* [`f5c534b`](https://github.com/npm/npm/commit/f5c534b711ab173129baf366c4f08d68f6117333) - [#6920](https://github.com/npm/npm/issues/6920) Remove recommendation to run - as root from `README.md`. - ([@robertkowalski](https://github.com/robertkowalski)) -* [`3ef4459`](https://github.com/npm/npm/commit/3ef445922cd39f25b992d91bd22c4d367882ea22) - [#6920](https://github.com/npm/npm/issues/6920) `npm-@googlegroups.com` has - gone the way of all things. That means it's gone. - ([@robertkowalski](https://github.com/robertkowalski)) - -### v2.1.14 (2014-12-13): - -* [`cf7aeae`](https://github.com/npm/npm/commit/cf7aeae3c3a24e48d3de4006fa082f0c6040922a) - [#6923](https://github.com/npm/npm/issues/6923) Overaggressive link update - for new website broke node-gyp. ([@othiym23](https://github.com/othiym23)) - -### v2.1.13 (2014-12-11): - -* [`cbb890e`](https://github.com/npm/npm/commit/cbb890eeacc0501ba1b8c6955f1c829c8af9f486) - [#6897](https://github.com/npm/npm/issues/6897) npm is a nice package manager - that runs server-side JavaScript. ([@othiym23](https://github.com/othiym23)) -* [`d9043c3`](https://github.com/npm/npm/commit/d9043c3b8d7450c3cb9ca795028c0e1c05377820) - [#6893](https://github.com/npm/npm/issues/6893) Remove erroneous docs about - preupdate / update / postupdate lifecycle scripts, which have never existed. - ([@devTristan](https://github.com/devTristan)) -* [`c5df4d0`](https://github.com/npm/npm/commit/c5df4d0d683cd3506808d1cd1acebff02a8b82db) - [#6884](https://github.com/npm/npm/issues/6884) Update npmjs.org to npmjs.com - in docs. ([@linclark](https://github.com/linclark)) -* [`cb6ff8d`](https://github.com/npm/npm/commit/cb6ff8dace1b439851701d4784d2d719c22ca7a7) - [#6879](https://github.com/npm/npm/issues/6879) npm version: Update - shrinkwrap post-check. ([@othiym23](https://github.com/othiym23)) -* [`2a340bd`](https://github.com/npm/npm/commit/2a340bdd548c6449468281e1444a032812bff677) - [#6868](https://github.com/npm/npm/issues/6868) Use magic numbers instead of - regexps to distinguish tarballs from other things. - ([@daxxog](https://github.com/daxxog)) -* [`f1c8bdb`](https://github.com/npm/npm/commit/f1c8bdb3f6b753d0600597e12346bdc3a34cb9c1) - [#6861](https://github.com/npm/npm/issues/6861) `npm-registry-client@4.0.5`: - Distinguish between error properties that are part of the response and error - strings that should be returned to the user. - ([@disrvptor](https://github.com/disrvptor)) -* [`d3a1b63`](https://github.com/npm/npm/commit/d3a1b6397fddef04b5198ca89d36d720aeb05eb6) - [#6762](https://github.com/npm/npm/issues/6762) Make `npm outdated` ignore - private packages. ([@KenanY](https://github.com/KenanY)) -* [`16d8542`](https://github.com/npm/npm/commit/16d854283ca5bcdb0cb2812fc5745d841652b952) - install.sh: Drop support for node < 0.8, remove engines bits. - ([@isaacs](https://github.com/isaacs)) -* [`b9c6046`](https://github.com/npm/npm/commit/b9c60466d5b713b1dc2947da14a5dfe42352e029) - `init-package-json@1.1.3`: ([@terinstock](https://github.com/terinstock)) - noticed that `init.license` configuration doesn't stick. Make sure that - dashed defaults don't trump dotted parameters. - ([@othiym23](https://github.com/othiym23)) -* [`b6d6acf`](https://github.com/npm/npm/commit/b6d6acfc02c8887f78067931babab8f7c5180fed) - `which@1.0.8`: No longer use graceful-fs for some reason. - ([@isaacs](https://github.com/isaacs)) -* [`d39f673`](https://github.com/npm/npm/commit/d39f673caf08a90fb2bb001d79c98062d2cd05f4) - `request@2.51.0`: Incorporate bug fixes. ([@nylen](https://github.com/nylen)) -* [`c7ad727`](https://github.com/npm/npm/commit/c7ad7279cc879930ec58ccc62fa642e621ecb65c) - `columnify@1.3.2`: Incorporate bug fixes. - ([@timoxley](https://github.com/timoxley)) - -### v2.1.12 (2014-12-04): - -* [`e5b1e44`](https://github.com/npm/npm/commit/e5b1e448bb4a9d6eae4ba0f67b1d3c2cea8ed383) - add alias verison=version ([@isaacs](https://github.com/isaacs)) -* [`5eed7bd`](https://github.com/npm/npm/commit/5eed7bddbd7bb92a44c4193c93e8529500c558e6) - `request@2.49.0` ([@nylen](https://github.com/nylen)) -* [`e72f81d`](https://github.com/npm/npm/commit/e72f81d8412540ae7d1e0edcc37c11bcb8169051) - `glob@4.3.1` / `minimatch@2.0.1` ([@isaacs](https://github.com/isaacs)) -* [`b8dcc36`](https://github.com/npm/npm/commit/b8dcc3637b5b71933b97162b7aff1b1a622c13e2) - `graceful-fs@3.0.5` ([@isaacs](https://github.com/isaacs)) - -### v2.1.11 (2014-11-27): - -* [`4861d28`](https://github.com/npm/npm/commit/4861d28ad0ebd959fe6bc15b9c9a50fcabe57f55) - `which@1.0.7`: License update. ([@isaacs](https://github.com/isaacs)) -* [`30a2ea8`](https://github.com/npm/npm/commit/30a2ea80c891d384b31a1cf28665bba4271915bd) - `ini@1.3.2`: License update. ([@isaacs](https://github.com/isaacs)) -* [`6a4ea05`](https://github.com/npm/npm/commit/6a4ea054f6ddf52fc58842ba2046564b04c5c0e2) - `fstream@1.0.3`: Propagate error events to downstream streams. - ([@gfxmonk](https://github.com/gfxmonk)) -* [`a558695`](https://github.com/npm/npm/commit/a5586954f1c18df7c96137e0a79f41a69e7a884e) - `tar@1.0.3`: Don't extract broken files, propagate `drain` event. - ([@gfxmonk](https://github.com/gfxmonk)) -* [`989624e`](https://github.com/npm/npm/commit/989624e8321f87734c1b1272fc2f646e7af1f81c) - [#6767](https://github.com/npm/npm/issues/6767) Actually pass parameters when - adding git repo to cache under Windows. - ([@othiym23](https://github.com/othiym23)) -* [`657af73`](https://github.com/npm/npm/commit/657af7308f7d6cd2f81389fcf0d762252acaf1ce) - [#6774](https://github.com/npm/npm/issues/6774) When verifying paths on - unbuild, resolve both source and target as symlinks. - ([@hokaccha](https://github.com/hokaccha)) -* [`fd19c40`](https://github.com/npm/npm/commit/fd19c4046414494f9647a6991c00f8406a939929) - [#6713](https://github.com/npm/npm/issues/6713) - `realize-package-specifier@1.3.0`: Make it so that `npm install foo@1` work - when a file named `1` exists. ([@iarna](https://github.com/iarna)) -* [`c8ac37a`](https://github.com/npm/npm/commit/c8ac37a470491b2ed28514536e2e198494638c79) - `npm-registry-client@4.0.4`: Fix regression in failed fetch retries. - ([@othiym23](https://github.com/othiym23)) - -### v2.1.10 (2014-11-20): - -* [`756f3d4`](https://github.com/npm/npm/commit/756f3d40fe18bc02bc93afe17016dfcc266c4b6b) - [#6735](https://github.com/npm/npm/issues/6735) Log "already built" messages - at info, not error. ([@smikes](https://github.com/smikes)) -* [`1b7330d`](https://github.com/npm/npm/commit/1b7330dafba3bbba171f74f1e58b261cb1b9301e) - [#6729](https://github.com/npm/npm/issues/6729) `npm-registry-client@4.0.3`: - GitHub won't redirect you through an HTML page to a compressed tarball if you - don't tell it you accept JSON responses. - ([@KenanY](https://github.com/KenanY)) -* [`d9c7857`](https://github.com/npm/npm/commit/d9c7857be02dacd274e55bf6d430d90d91509d53) - [#6506](https://github.com/npm/npm/issues/6506) - `readdir-scoped-modules@1.0.1`: Use `graceful-fs` so the whole dependency - tree gets read, even in case of `EMFILE`. - ([@sakana](https://github.com/sakana)) -* [`3a085be`](https://github.com/npm/npm/commit/3a085be158ace8f1e4395e69f8c102d3dea00c5f) - Grammar fix in docs. ([@icylace](https://github.com/icylace)) -* [`3f8e2ff`](https://github.com/npm/npm/commit/3f8e2ff8342d327d6f1375437ecf4bd945dc360f) - Did you know that npm has a Code of Conduct? Add a link to it to - CONTRIBUTING.md. ([@isaacs](https://github.com/isaacs)) -* [`319ccf6`](https://github.com/npm/npm/commit/319ccf633289e06e57a80d74c39706899348674c) - `glob@4.2.1`: Performance tuning. ([@isaacs](https://github.com/isaacs)) -* [`835f046`](https://github.com/npm/npm/commit/835f046e7568c33e81a0b48c84cff965024d8b8a) - `readable-stream@1.0.33`: Bug fixes. ([@rvagg](https://github.com/rvagg)) -* [`a34c38d`](https://github.com/npm/npm/commit/a34c38d0732fb246d11f2a776d2ad0d8db654338) - `request@2.48.0`: Bug fixes. ([@nylen](https://github.com/nylen)) - -### v2.1.9 (2014-11-13): - -* [`eed9f61`](https://github.com/npm/npm/commit/eed9f6101963364acffc59d7194fc1655180e80c) - [#6542](https://github.com/npm/npm/issues/6542) `npm owner add / remove` now - works properly with scoped packages - ([@othiym23](https://github.com/othiym23)) -* [`cd25973`](https://github.com/npm/npm/commit/cd25973825aa5315b7ebf26227bd32bd6be5533f) - [#6548](https://github.com/npm/npm/issues/6548) using sudo won't leave the - cache's git directories with bad permissions - ([@othiym23](https://github.com/othiym23)) -* [`56930ab`](https://github.com/npm/npm/commit/56930abcae6a6ea41f1b75e23765c61259cef2dd) - fixed irregular `npm cache ls` output (yes, that's a thing) - ([@othiym23](https://github.com/othiym23)) -* [`740f483`](https://github.com/npm/npm/commit/740f483db6ec872b453065842da080a646c3600a) - legacy tests no longer poison user's own cache - ([@othiym23](https://github.com/othiym23)) -* [`ce37f14`](https://github.com/npm/npm/commit/ce37f142a487023747a9086335618638ebca4372) - [#6169](https://github.com/npm/npm/issues/6169) add terse output similar to - `npm publish / unpublish` for `npm owner add / remove` - ([@KenanY](https://github.com/KenanY)) -* [`bf2b8a6`](https://github.com/npm/npm/commit/bf2b8a66d7188900bf1e957c052b893948b67e0e) - [#6680](https://github.com/npm/npm/issues/6680) pass auth credentials to - registry when downloading search index - ([@terinjokes](https://github.com/terinjokes)) -* [`00ecb61`](https://github.com/npm/npm/commit/00ecb6101422984696929f602e14da186f9f669c) - [#6400](https://github.com/npm/npm/issues/6400) `.npmignore` is respected for - git repos on cache / pack / publish - ([@othiym23](https://github.com/othiym23)) -* [`d1b3a9e`](https://github.com/npm/npm/commit/d1b3a9ec5e2b6d52765ba5da5afb08dba41c49c1) - [#6311](https://github.com/npm/npm/issues/6311) `npm ls -l --depth=0` no - longer prints phantom duplicate children - ([@othiym23](https://github.com/othiym23)) -* [`07c5f34`](https://github.com/npm/npm/commit/07c5f34e45c9b18c348ed53b5763b1c5d4325740) - [#6690](https://github.com/npm/npm/issues/6690) `uid-number@0.0.6`: clarify - confusing names in error-handling code ([@isaacs](https://github.com/isaacs)) -* [`1ac9be9`](https://github.com/npm/npm/commit/1ac9be9f3bab816211d72d13cb05b5587878a586) - [#6684](https://github.com/npm/npm/issues/6684) `npm init`: don't report - write if canceled ([@smikes](https://github.com/smikes)) -* [`7bb207d`](https://github.com/npm/npm/commit/7bb207d1d6592a9cffc986871e4b671575363c2f) - [#5754](https://github.com/npm/npm/issues/5754) never remove app directories - on failed install ([@othiym23](https://github.com/othiym23)) -* [`705ce60`](https://github.com/npm/npm/commit/705ce601e7b9c5428353e02ebb30cb76c1991fdd) - [#5754](https://github.com/npm/npm/issues/5754) `fs-vacuum@1.2.2`: don't - throw when another fs task writes to a directory being vacuumed - ([@othiym23](https://github.com/othiym23)) -* [`1b650f4`](https://github.com/npm/npm/commit/1b650f4f217c413a2ffb96e1701beb5aa67a0de2) - [#6255](https://github.com/npm/npm/issues/6255) ensure that order credentials - are used from `.npmrc` doesn't regress - ([@othiym23](https://github.com/othiym23)) -* [`9bb2c34`](https://github.com/npm/npm/commit/9bb2c3435cedef40b45d3e9bd7a8edfb8cbe7209) - [#6644](https://github.com/npm/npm/issues/6644) `warn` rather than `info` on - fetch failure ([@othiym23](https://github.com/othiym23)) -* [`e34a7b6`](https://github.com/npm/npm/commit/e34a7b6b7371b1893a062f627ae8e168546d7264) - [#6524](https://github.com/npm/npm/issues/6524) `npm-registry-client@4.0.2`: - proxy via `request` more transparently - ([@othiym23](https://github.com/othiym23)) -* [`40afd6a`](https://github.com/npm/npm/commit/40afd6aaf34c11a10e80ec87b115fb2bb907e3bd) - [#6524](https://github.com/npm/npm/issues/6524) push proxy settings into - `request` ([@tauren](https://github.com/tauren)) - -### v2.1.8 (2014-11-06): - -* [`063d843`](https://github.com/npm/npm/commit/063d843965f9f0bfa5732d7c2d6f5aa37a8260a2) - npm version now updates version in npm-shrinkwrap.json - ([@faiq](https://github.com/faiq)) -* [`3f53cd7`](https://github.com/npm/npm/commit/3f53cd795f8a600e904a97f215ba5b5a9989d9dd) - [#6559](https://github.com/npm/npm/issues/6559) save local dependencies in - npm-shrinkwrap.json ([@Torsph](https://github.com/Torsph)) -* [`e249262`](https://github.com/npm/npm/commit/e24926268b2d2220910bc81cce6d3b2e08d94eb1) - npm-faq.md: mention scoped pkgs in namespace Q - ([@smikes](https://github.com/smikes)) -* [`6b06ec4`](https://github.com/npm/npm/commit/6b06ec4ef5da490bdca1512fa7f12490245c192b) - [#6642](https://github.com/npm/npm/issues/6642) `init-package-json@1.1.2`: - Handle both `init-author-name` and `init.author.name`. - ([@othiym23](https://github.com/othiym23)) -* [`9cb334c`](https://github.com/npm/npm/commit/9cb334c8a895a55461aac18791babae779309a0e) - [#6409](https://github.com/npm/npm/issues/6409) document commit-ish with - GitHub URLs ([@smikes](https://github.com/smikes)) -* [`0aefae9`](https://github.com/npm/npm/commit/0aefae9bc2598a4b7a3ee7bb2306b42e3e12bb28) - [#2959](https://github.com/npm/npm/issues/2959) npm run no longer fails - silently ([@flipside](https://github.com/flipside)) -* [`e007a2c`](https://github.com/npm/npm/commit/e007a2c1e4fac1759fa61ac6e78c6b83b2417d11) - [#3908](https://github.com/npm/npm/issues/3908) include command in spawn - errors ([@smikes](https://github.com/smikes)) - -### v2.1.7 (2014-10-30): - -* [`6750b05`](https://github.com/npm/npm/commit/6750b05dcba20d8990a672957ec56c48f97e241a) - [#6398](https://github.com/npm/npm/issues/6398) `npm-registry-client@4.0.0`: - consistent API, handle relative registry paths, use auth more consistently - ([@othiym23](https://github.com/othiym23)) -* [`7719cfd`](https://github.com/npm/npm/commit/7719cfdd8b204dfeccc41289707ea58b4d608905) - [#6560](https://github.com/npm/npm/issues/6560) use new npm-registry-client - API ([@othiym23](https://github.com/othiym23)) -* [`ed61971`](https://github.com/npm/npm/commit/ed619714c93718b6c1922b8c286f4b6cd2b97c80) - move caching of search metadata from `npm-registry-client` to npm itself - ([@othiym23](https://github.com/othiym23)) -* [`3457041`](https://github.com/npm/npm/commit/34570414cd528debeb22943873440594d7f47abf) - handle caching of metadata independently from `npm-registry-client` - ([@othiym23](https://github.com/othiym23)) -* [`20a331c`](https://github.com/npm/npm/commit/20a331ced6a52faac6ec242e3ffdf28bcd447c40) - [#6538](https://github.com/npm/npm/issues/6538) map registry URLs to - credentials more safely ([@indexzero](https://github.com/indexzero)) -* [`4072e97`](https://github.com/npm/npm/commit/4072e97856bf1e7affb38333d080c172767eea27) - [#6589](https://github.com/npm/npm/issues/6589) `npm-registry-client@4.0.1`: - allow publishing of packages with names identical to built-in Node modules - ([@feross](https://github.com/feross)) -* [`254f0e4`](https://github.com/npm/npm/commit/254f0e4adaf2c56e9df25c7343c43b0b0804a3b5) - `tar@1.0.2`: better error-handling ([@runk](https://github.com/runk)) -* [`73ee2aa`](https://github.com/npm/npm/commit/73ee2aa4f1a47e43fe7cf4317a5446875f7521fa) - `request@2.47.0` ([@mikeal](https://github.com/mikeal)) - -### v2.1.6 (2014-10-23): - -* [`681b398`](https://github.com/npm/npm/commit/681b3987a18e7aba0aaf78c91a23c7cc0ab82ce8) - [#6523](https://github.com/npm/npm/issues/6523) fix default `logelevel` doc - ([@KenanY](https://github.com/KenanY)) -* [`80b368f`](https://github.com/npm/npm/commit/80b368ffd786d4d008734b56c4a6fe12d2cb2926) - [#6528](https://github.com/npm/npm/issues/6528) `npm version` should work in - a git directory without git ([@terinjokes](https://github.com/terinjokes)) -* [`5f5f9e4`](https://github.com/npm/npm/commit/5f5f9e4ddf544c2da6adf3f8c885238b0e745076) - [#6483](https://github.com/npm/npm/issues/6483) `init-package-json@1.1.1`: - Properly pick up default values from environment variables. - ([@othiym23](https://github.com/othiym23)) -* [`a114870`](https://github.com/npm/npm/commit/a1148702f53f82d49606b2e4dac7581261fff442) - perl 5.18.x doesn't like -pi without filenames - ([@othiym23](https://github.com/othiym23)) -* [`de5ba00`](https://github.com/npm/npm/commit/de5ba007a48db876eb5bfb6156435f3512d58977) - `request@2.46.0`: Tests and cleanup. - ([@othiym23](https://github.com/othiym23)) -* [`76933f1`](https://github.com/npm/npm/commit/76933f169f17b5273b32e924a7b392d5729931a7) - `fstream-npm@1.0.1`: Always include `LICENSE[.*]`, `LICENCE[.*]`, - `CHANGES[.*]`, `CHANGELOG[.*]`, and `HISTORY[.*]`. - ([@jonathanong](https://github.com/jonathanong)) - -### v2.1.5 (2014-10-16): - -* [`6a14b23`](https://github.com/npm/npm/commit/6a14b232a0e34158bd95bb25c607167be995c204) - [#6397](https://github.com/npm/npm/issues/6397) Defactor npmconf back into - npm. ([@othiym23](https://github.com/othiym23)) -* [`4000e33`](https://github.com/npm/npm/commit/4000e3333a76ca4844681efa8737cfac24b7c2c8) - [#6323](https://github.com/npm/npm/issues/6323) Install `peerDependencies` - from top. ([@othiym23](https://github.com/othiym23)) -* [`5d119ae`](https://github.com/npm/npm/commit/5d119ae246f27353b14ff063559d1ba8c616bb89) - [#6498](https://github.com/npm/npm/issues/6498) Better error messages on - malformed `.npmrc` properties. ([@nicks](https://github.com/nicks)) -* [`ae18efb`](https://github.com/npm/npm/commit/ae18efb65fed427b1ef18e4862885bf60b87b92e) - [#6093](https://github.com/npm/npm/issues/6093) Replace instances of 'hash' - with 'object' in documentation. ([@zeke](https://github.com/zeke)) -* [`53108b2`](https://github.com/npm/npm/commit/53108b276fec5f97a38250933a2768d58b6928da) - [#1558](https://github.com/npm/npm/issues/1558) Clarify how local paths - should be used. ([@KenanY](https://github.com/KenanY)) -* [`344fa1a`](https://github.com/npm/npm/commit/344fa1a219ac8867022df3dc58a47636dde8a242) - [#6488](https://github.com/npm/npm/issues/6488) Work around bug in marked. - ([@othiym23](https://github.com/othiym23)) - -OUTDATED DEPENDENCY CLEANUP JAMBOREE - -* [`60c2942`](https://github.com/npm/npm/commit/60c2942e13655d9ecdf6e0f1f97f10cb71a75255) - `realize-package-specifier@1.2.0`: Handle names and rawSpecs more - consistently. ([@iarna](https://github.com/iarna)) -* [`1b5c95f`](https://github.com/npm/npm/commit/1b5c95fbda77b87342bd48c5ecac5b1fd571ccfe) - `sha@1.3.0`: Change line endings? - ([@ForbesLindesay](https://github.com/ForbesLindesay)) -* [`d7dee3f`](https://github.com/npm/npm/commit/d7dee3f3f7d9e7c2061a4ecb4dd93e3e4bfe4f2e) - `request@2.45.0`: Dependency updates, better proxy support, better compressed - response handling, lots of 'use strict'. - ([@mikeal](https://github.com/mikeal)) -* [`3d75180`](https://github.com/npm/npm/commit/3d75180c2cc79fa3adfa0e4cb783a27192189a65) - `opener@1.4.0`: Added gratuitous return. - ([@Domenic](https://github.com/Domenic)) -* [`8e2703f`](https://github.com/npm/npm/commit/8e2703f78d280d1edeb749e257dda1f288bad6e3) - `retry@0.6.1` / `npm-registry-client@3.2.4`: Change of ownership. - ([@tim-kos](https://github.com/tim-kos)) -* [`c87b00f`](https://github.com/npm/npm/commit/c87b00f82f92434ee77831915012c77a6c244c39) - `once@1.3.1`: Wrap once with wrappy. ([@isaacs](https://github.com/isaacs)) -* [`01ec790`](https://github.com/npm/npm/commit/01ec790fd47def56eda6abb3b8d809093e8f493f) - `npm-user-validate@0.1.1`: Correct repository URL. - ([@robertkowalski](https://github.com/robertkowalski)) -* [`389e52c`](https://github.com/npm/npm/commit/389e52c2d94c818ca8935ccdcf392994fec564a2) - `glob@4.0.6`: Now absolutely requires `graceful-fs`. - ([@isaacs](https://github.com/isaacs)) -* [`e15ab15`](https://github.com/npm/npm/commit/e15ab15a27a8f14cf0d9dc6f11dee452080378a0) - `ini@1.3.0`: Tighten up whitespace handling. - ([@isaacs](https://github.com/isaacs)) -* [`7610f3e`](https://github.com/npm/npm/commit/7610f3e62e699292ece081bfd33084d436e3246d) - `archy@1.0.0` ([@substack](https://github.com/substack)) -* [`9c13149`](https://github.com/npm/npm/commit/9c1314985e513e20ffa3ea0ca333ba2ab78299c9) - `semver@4.1.0`: Add support for prerelease identifiers. - ([@bromanko](https://github.com/bromanko)) -* [`f096c25`](https://github.com/npm/npm/commit/f096c250441b031d758f03afbe8d2321f94c7703) - `graceful-fs@3.0.4`: Add a bunch of additional tests, skip the unfortunate - complications of `graceful-fs@3.0.3`. ([@isaacs](https://github.com/isaacs)) - -### v2.1.4 (2014-10-09): - -* [`3aeb440`](https://github.com/npm/npm/commit/3aeb4401444fad83cc7a8d11bf2507658afa5248) - [#6442](https://github.com/npm/npm/issues/6442) proxying git needs `GIT_SSL_CAINFO` - ([@wmertens](https://github.com/wmertens)) -* [`a8da8d6`](https://github.com/npm/npm/commit/a8da8d6e0cd56d97728c0b76b51604ee06ef6264) - [#6413](https://github.com/npm/npm/issues/6413) write builtin config on any - global npm install ([@isaacs](https://github.com/isaacs)) -* [`9e4d632`](https://github.com/npm/npm/commit/9e4d632c0142ba55df07d624667738b8727336fc) - [#6343](https://github.com/npm/npm/issues/6343) don't pass run arguments to - pre & post scripts ([@TheLudd](https://github.com/TheLudd)) -* [`d831b1f`](https://github.com/npm/npm/commit/d831b1f7ca1a9921ea5b394e39b7130ecbc6d7b4) - [#6399](https://github.com/npm/npm/issues/6399) race condition: inflight - installs, prevent `peerDependency` problems - ([@othiym23](https://github.com/othiym23)) -* [`82b775d`](https://github.com/npm/npm/commit/82b775d6ff34c4beb6c70b2344d491a9f2026577) - [#6384](https://github.com/npm/npm/issues/6384) race condition: inflight - caching by URL rather than semver range - ([@othiym23](https://github.com/othiym23)) -* [`7bee042`](https://github.com/npm/npm/commit/7bee0429066fedcc9e6e962c043eb740b3792809) - `inflight@1.0.4`: callback can take arbitrary number of parameters - ([@othiym23](https://github.com/othiym23)) -* [`3bff494`](https://github.com/npm/npm/commit/3bff494f4abf17d6d7e0e4a3a76cf7421ecec35a) - [#5195](https://github.com/npm/npm/issues/5195) fixed regex color regression - for `npm search` ([@chrismeyersfsu](https://github.com/chrismeyersfsu)) -* [`33ba2d5`](https://github.com/npm/npm/commit/33ba2d585160a0a2a322cb76c4cd989acadcc984) - [#6387](https://github.com/npm/npm/issues/6387) allow `npm view global` if - package is specified ([@evanlucas](https://github.com/evanlucas)) -* [`99c4cfc`](https://github.com/npm/npm/commit/99c4cfceed413396d952cf05f4e3c710f9682c23) - [#6388](https://github.com/npm/npm/issues/6388) npm-publish → - npm-developers(7) ([@kennydude](https://github.com/kennydude)) - -TEST CLEANUP EXTRAVAGANZA: - -* [`8d6bfcb`](https://github.com/npm/npm/commit/8d6bfcb88408f5885a2a67409854c43e5c3a23f6) - tap tests run with no system-wide side effects - ([@chrismeyersfsu](https://github.com/chrismeyersfsu)) -* [`7a1472f`](https://github.com/npm/npm/commit/7a1472fbdbe99956ad19f629e7eb1cc07ba026ef) - added npm cache cleanup script - ([@chrismeyersfsu](https://github.com/chrismeyersfsu)) -* [`0ce6a37`](https://github.com/npm/npm/commit/0ce6a3752fa9119298df15671254db6bc1d8e64c) - stripped out dead test code (othiym23) -* replace spawn with common.npm (@chrismeyersfsu): - * [`0dcd614`](https://github.com/npm/npm/commit/0dcd61446335eaf541bf5f2d5186ec1419f86a42) - test/tap/cache-shasum-fork.js - * [`97f861c`](https://github.com/npm/npm/commit/97f861c967606a7e51e3d5047cf805d9d1adea5a) - test/tap/false_name.js - * [`d01b3de`](https://github.com/npm/npm/commit/d01b3de6ce03f25bbf3db97bfcd3cc85830d6801) - test/tap/git-cache-locking.js - * [`7b63016`](https://github.com/npm/npm/commit/7b63016778124c6728d6bd89a045c841ae3900b6) - test/tap/pack-scoped.js - * [`c877553`](https://github.com/npm/npm/commit/c877553265c39673e03f0a97972f692af81a595d) - test/tap/scripts-whitespace-windows.js - * [`df98525`](https://github.com/npm/npm/commit/df98525331e964131299d457173c697cfb3d95b9) - test/tap/prepublish.js - * [`99c4cfc`](https://github.com/npm/npm/commit/99c4cfceed413396d952cf05f4e3c710f9682c23) - test/tap/prune.js - -### v2.1.3 (2014-10-02): - -BREAKING CHANGE FOR THE SQRT(i) PEOPLE ACTUALLY USING `npm submodule`: - -* [`1e64473`](https://github.com/npm/npm/commit/1e6447360207f45ad6188e5780fdf4517de6e23d) - `rm -rf npm submodule` command, which has been broken since the Carter - Administration ([@isaacs](https://github.com/isaacs)) - -BREAKING CHANGE IF YOU ARE FOR SOME REASON STILL USING NODE 0.6 AND YOU SHOULD -NOT BE DOING THAT CAN YOU NOT: - -* [`3e431f9`](https://github.com/npm/npm/commit/3e431f9d6884acb4cde8bcb8a0b122a76b33ee1d) - [joyent/node#8492](https://github.com/joyent/node/issues/8492) bye bye - customFds, hello stdio ([@othiym23](https://github.com/othiym23)) - -Other changes: - -* [`ea607a8`](https://github.com/npm/npm/commit/ea607a8a20e891ad38eed11b5ce2c3c0a65484b9) - [#6372](https://github.com/npm/npm/issues/6372) noisily error (without - aborting) on multi-{install,build} ([@othiym23](https://github.com/othiym23)) -* [`3ee2799`](https://github.com/npm/npm/commit/3ee2799b629fd079d2db21d7e8f25fa7fa1660d0) - [#6372](https://github.com/npm/npm/issues/6372) only make cache creation - requests in flight ([@othiym23](https://github.com/othiym23)) -* [`1a90ec2`](https://github.com/npm/npm/commit/1a90ec2f2cfbefc8becc6ef0c480e5edacc8a4cb) - [#6372](https://github.com/npm/npm/issues/6372) wait to put Git URLs in - flight until normalized ([@othiym23](https://github.com/othiym23)) -* [`664795b`](https://github.com/npm/npm/commit/664795bb7d8da7142417b3f4ef5986db3a394071) - [#6372](https://github.com/npm/npm/issues/6372) log what is and isn't in - flight ([@othiym23](https://github.com/othiym23)) -* [`00ef580`](https://github.com/npm/npm/commit/00ef58025a1f52dfabf2c4dc3898621d16a6e062) - `inflight@1.0.3`: fix largely theoretical race condition, because we really - really hate race conditions ([@isaacs](https://github.com/isaacs)) -* [`1cde465`](https://github.com/npm/npm/commit/1cde4658d897ae0f93ff1d65b258e1571b391182) - [#6363](https://github.com/npm/npm/issues/6363) - `realize-package-specifier@1.1.0`: handle local dependencies better - ([@iarna](https://github.com/iarna)) -* [`86f084c`](https://github.com/npm/npm/commit/86f084c6c6d7935cd85d72d9d94b8784c914d51e) - `realize-package-specifier@1.0.2`: dependency realization! in its own module! - ([@iarna](https://github.com/iarna)) -* [`553d830`](https://github.com/npm/npm/commit/553d830334552b83606b6bebefd821c9ea71e964) - `npm-package-arg@2.1.3`: simplified semver, better tests - ([@iarna](https://github.com/iarna)) -* [`bec9b61`](https://github.com/npm/npm/commit/bec9b61a316c19f5240657594f0905a92a474352) - `readable-stream@1.0.32`: for some reason - ([@rvagg](https://github.com/rvagg)) -* [`ff08ec5`](https://github.com/npm/npm/commit/ff08ec5f6d717bdbd559de0b2ede769306a9a763) - `dezalgo@1.0.1`: use wrappy for instrumentability - ([@isaacs](https://github.com/isaacs)) - -### v2.1.2 (2014-09-29): - -* [`a1aa20e`](https://github.com/npm/npm/commit/a1aa20e44bb8285c6be1e7fa63b9da920e3a70ed) - [#6282](https://github.com/npm/npm/issues/6282) - `normalize-package-data@1.0.3`: don't prune bundledDependencies - ([@isaacs](https://github.com/isaacs)) -* [`a1f5fe1`](https://github.com/npm/npm/commit/a1f5fe1005043ce20a06e8b17a3e201aa3215357) - move locks back into cache, now path-aware - ([@othiym23](https://github.com/othiym23)) -* [`a432c4b`](https://github.com/npm/npm/commit/a432c4b48c881294d6d79b5f41c2e1c16ad15a8a) - convert lib/utils/tar.js to use atomic streams - ([@othiym23](https://github.com/othiym23)) -* [`b8c3c74`](https://github.com/npm/npm/commit/b8c3c74a3c963564233204161cc263e0912c930b) - `fs-write-stream-atomic@1.0.2`: Now works with streams1 fs.WriteStreams. - ([@isaacs](https://github.com/isaacs)) -* [`c7ab76f`](https://github.com/npm/npm/commit/c7ab76f44cce5f42add5e3ba879bd10e7e00c3e6) - logging cleanup ([@othiym23](https://github.com/othiym23)) -* [`4b2d95d`](https://github.com/npm/npm/commit/4b2d95d0641435b09d047ae5cb2226f292bf38f0) - [#6329](https://github.com/npm/npm/issues/6329) efficiently validate tmp - tarballs safely ([@othiym23](https://github.com/othiym23)) - -### v2.1.1 (2014-09-26): - -* [`563225d`](https://github.com/npm/npm/commit/563225d813ea4c12f46d4f7821ac7f76ba8ee2d6) - [#6318](https://github.com/npm/npm/issues/6318) clean up locking; prefix - lockfile with "." ([@othiym23](https://github.com/othiym23)) -* [`c7f30e4`](https://github.com/npm/npm/commit/c7f30e4550fea882d31fcd4a55b681cd30713c44) - [#6318](https://github.com/npm/npm/issues/6318) remove locking code around - tarball packing and unpacking ([@othiym23](https://github.com/othiym23)) - -### v2.1.0 (2014-09-25): - -NEW FEATURE: - -* [`3635601`](https://github.com/npm/npm/commit/36356011b6f2e6a5a81490e85a0a44eb27199dd7) - [#5520](https://github.com/npm/npm/issues/5520) Add `'npm view .'`. - ([@evanlucas](https://github.com/evanlucas)) - -Other changes: - -* [`f24b552`](https://github.com/npm/npm/commit/f24b552b596d0627549cdd7c2d68fcf9006ea50a) - [#6294](https://github.com/npm/npm/issues/6294) Lock cache → lock cache - target. ([@othiym23](https://github.com/othiym23)) -* [`ad54450`](https://github.com/npm/npm/commit/ad54450104f94c82c501138b4eee488ce3a4555e) - [#6296](https://github.com/npm/npm/issues/6296) Ensure that npm-debug.log - file is created when rollbacks are done. - ([@isaacs](https://github.com/isaacs)) -* [`6810071`](https://github.com/npm/npm/commit/681007155a40ac9d165293bd6ec5d8a1423ccfca) - docs: Default loglevel "http" → "warn". - ([@othiym23](https://github.com/othiym23)) -* [`35ac89a`](https://github.com/npm/npm/commit/35ac89a940f23db875e882ce2888208395130336) - Skip installation of installed scoped packages. - ([@timoxley](https://github.com/timoxley)) -* [`e468527`](https://github.com/npm/npm/commit/e468527256ec599892b9b88d61205e061d1ab735) - Ensure cleanup executes for scripts-whitespace-windows test. - ([@timoxley](https://github.com/timoxley)) -* [`ef9101b`](https://github.com/npm/npm/commit/ef9101b7f346797749415086956a0394528a12c4) - Ensure cleanup executes for packed-scope test. - ([@timoxley](https://github.com/timoxley)) -* [`69b4d18`](https://github.com/npm/npm/commit/69b4d18cdbc2ae04c9afaffbd273b436a394f398) - `fs-write-stream-atomic@1.0.1`: Fix a race condition in our race-condition - fixer. ([@isaacs](https://github.com/isaacs)) -* [`26b17ff`](https://github.com/npm/npm/commit/26b17ff2e3b21ee26c6fdbecc8273520cff45718) - [#6272](https://github.com/npm/npm/issues/6272) `npmconf` decides what the - default prefix is. ([@othiym23](https://github.com/othiym23)) -* [`846faca`](https://github.com/npm/npm/commit/846facacc6427dafcf5756dcd36d9036539938de) - Fix development dependency is preferred over dependency. - ([@andersjanmyr](https://github.com/andersjanmyr)) -* [`9d1a9db`](https://github.com/npm/npm/commit/9d1a9db3af5adc48a7158a5a053eeb89ee41a0e7) - [#3265](https://github.com/npm/npm/issues/3265) Re-apply a71615a. Fixes - [#3265](https://github.com/npm/npm/issues/3265) again, with a test! - ([@glasser](https://github.com/glasser)) -* [`1d41db0`](https://github.com/npm/npm/commit/1d41db0b2744a7bd50971c35cc060ea0600fb4bf) - `marked-man@0.1.4`: Fixes formatting of synopsis blocks in man docs. - ([@kapouer](https://github.com/kapouer)) -* [`a623da0`](https://github.com/npm/npm/commit/a623da01bea1b2d3f3a18b9117cfd2d8e3cbdd77) - [#5867](https://github.com/npm/npm/issues/5867) Specify dummy git template - dir when cloning to prevent copying hooks. - ([@boneskull](https://github.com/boneskull)) - -### v2.0.2 (2014-09-19): - -* [`42c872b`](https://github.com/npm/npm/commit/42c872b32cadc0e555638fc78eab3a38a04401d8) - [#5920](https://github.com/npm/npm/issues/5920) - `fs-write-stream-atomic@1.0.0` ([@isaacs](https://github.com/isaacs)) -* [`6784767`](https://github.com/npm/npm/commit/6784767fe15e28b44c81a1d4bb1738c642a65d78) - [#5920](https://github.com/npm/npm/issues/5920) make all write streams atomic - ([@isaacs](https://github.com/isaacs)) -* [`f6fac00`](https://github.com/npm/npm/commit/f6fac000dd98ebdd5ea1d5921175735d463d328b) - [#5920](https://github.com/npm/npm/issues/5920) barf on 0-length cached - tarballs ([@isaacs](https://github.com/isaacs)) -* [`3b37592`](https://github.com/npm/npm/commit/3b37592a92ea98336505189ae8ca29248b0589f4) - `write-file-atomic@1.1.0`: use graceful-fs - ([@iarna](https://github.com/iarna)) - -### v2.0.1 (2014-09-18): - -* [`74c5ab0`](https://github.com/npm/npm/commit/74c5ab0a676793c6dc19a3fd5fe149f85fecb261) - [#6201](https://github.com/npm/npm/issues/6201) `npmconf@2.1.0`: scope - always-auth to registry URI ([@othiym23](https://github.com/othiym23)) -* [`774b127`](https://github.com/npm/npm/commit/774b127da1dd6fefe2f1299e73505d9146f00294) - [#6201](https://github.com/npm/npm/issues/6201) `npm-registry-client@3.2.2`: - use scoped always-auth settings ([@othiym23](https://github.com/othiym23)) -* [`f2d2190`](https://github.com/npm/npm/commit/f2d2190aa365d22378d03afab0da13f95614a583) - [#6201](https://github.com/npm/npm/issues/6201) support saving - `--always-auth` when logging in ([@othiym23](https://github.com/othiym23)) -* [`17c941a`](https://github.com/npm/npm/commit/17c941a2d583210fe97ed47e2968d94ce9f774ba) - [#6163](https://github.com/npm/npm/issues/6163) use `write-file-atomic` - instead of `fs.writeFile()` ([@fiws](https://github.com/fiws)) -* [`fb5724f`](https://github.com/npm/npm/commit/fb5724fd98e1509c939693568df83d11417ea337) - [#5925](https://github.com/npm/npm/issues/5925) `npm init -f`: allow `npm - init` to run without prompting - ([@michaelnisi](https://github.com/michaelnisi)) -* [`b706d63`](https://github.com/npm/npm/commit/b706d637d5965dbf8f7ce07dc5c4bc80887f30d8) - [#3059](https://github.com/npm/npm/issues/3059) disable prepublish when - running `npm install --production` - ([@jussi-kalliokoski](https://github.com/jussi-kalliokoski)) -* [`119f068`](https://github.com/npm/npm/commit/119f068eae2a36fa8b9c9ca557c70377792243a4) - attach the node version used when publishing a package to its registry - metadata ([@othiym23](https://github.com/othiym23)) -* [`8fe0081`](https://github.com/npm/npm/commit/8fe008181665519c2ac201ee432a3ece9798c31f) - seriously, don't use `npm -g update npm` - ([@thomblake](https://github.com/thomblake)) -* [`ea5b3d4`](https://github.com/npm/npm/commit/ea5b3d446b86dcabb0dbc6dba374d3039342ecb3) - `request@2.44.0` ([@othiym23](https://github.com/othiym23)) - -### v2.0.0 (2014-09-12): - -BREAKING CHANGES: - -* [`4378a17`](https://github.com/npm/npm/commit/4378a17db340404a725ffe2eb75c9936f1612670) - `semver@4.0.0`: prerelease versions no longer show up in ranges; `^0.x.y` - behaves the way it did in `semver@2` rather than `semver@3`; docs have been - reorganized for comprehensibility ([@isaacs](https://github.com/isaacs)) -* [`c6ddb64`](https://github.com/npm/npm/commit/c6ddb6462fe32bf3a27b2c4a62a032a92e982429) - npm now assumes that node is newer than 0.6 - ([@isaacs](https://github.com/isaacs)) - -Other changes: - -* [`ea515c3`](https://github.com/npm/npm/commit/ea515c3b858bf493a7b87fa4cdc2110a0d9cef7f) - [#6043](https://github.com/npm/npm/issues/6043) `slide@1.1.6`: wait until all - callbacks have finished before proceeding - ([@othiym23](https://github.com/othiym23)) -* [`0b0a59d`](https://github.com/npm/npm/commit/0b0a59d504f20f424294b1590ace73a7464f0378) - [#6043](https://github.com/npm/npm/issues/6043) defer rollbacks until just - before the CLI exits ([@isaacs](https://github.com/isaacs)) -* [`a11c88b`](https://github.com/npm/npm/commit/a11c88bdb1488b87d8dcac69df9a55a7a91184b6) - [#6175](https://github.com/npm/npm/issues/6175) pack scoped packages - correctly ([@othiym23](https://github.com/othiym23)) -* [`e4e48e0`](https://github.com/npm/npm/commit/e4e48e037d4e95fdb6acec80b04c5c6eaee59970) - [#6121](https://github.com/npm/npm/issues/6121) `read-installed@3.1.2`: don't - mark linked dev dependencies as extraneous - ([@isaacs](https://github.com/isaacs)) -* [`d673e41`](https://github.com/npm/npm/commit/d673e4185d43362c2b2a91acbca8c057e7303c7b) - `cmd-shim@2.0.1`: depend on `graceful-fs` directly - ([@ForbesLindesay](https://github.com/ForbesLindesay)) -* [`9d54d45`](https://github.com/npm/npm/commit/9d54d45e602d595bdab7eae09b9fa1dc46370147) - `npm-registry-couchapp@2.5.3`: make tests more reliable on Travis - ([@iarna](https://github.com/iarna)) -* [`673d738`](https://github.com/npm/npm/commit/673d738c6142c3d043dcee0b7aa02c9831a2e0ca) - ensure permissions are set correctly in cache when running as root - ([@isaacs](https://github.com/isaacs)) -* [`6e6a5fb`](https://github.com/npm/npm/commit/6e6a5fb74af10fd345411df4e121e554e2e3f33e) - prepare for upgrade to `node-semver@4.0.0` - ([@isaacs](https://github.com/isaacs)) -* [`ab8dd87`](https://github.com/npm/npm/commit/ab8dd87b943262f5996744e8d4cc30cc9358b7d7) - swap out `ronn` for `marked-man@0.1.3` ([@isaacs](https://github.com/isaacs)) -* [`803da54`](https://github.com/npm/npm/commit/803da5404d5a0b7c9defa3fe7fa0f2d16a2b19d3) - `npm-registry-client@3.2.0`: prepare for `node-semver@4.0.0` and include more - error information ([@isaacs](https://github.com/isaacs)) -* [`4af0e71`](https://github.com/npm/npm/commit/4af0e7134f5757c3d456d83e8349224a4ba12660) - make default error display less scary ([@isaacs](https://github.com/isaacs)) -* [`4fd9e79`](https://github.com/npm/npm/commit/4fd9e7901a15abff7a3dd478d99ce239b9580bca) - `npm-registry-client@3.2.1`: handle errors returned by the registry much, - much better ([@othiym23](https://github.com/othiym23)) -* [`ca791e2`](https://github.com/npm/npm/commit/ca791e27e97e51c1dd491bff6622ac90b54c3e23) - restore a long (always?) missing pass for deduping - ([@othiym23](https://github.com/othiym23)) -* [`ca0ef0e`](https://github.com/npm/npm/commit/ca0ef0e99bbdeccf28d550d0296baa4cb5e7ece2) - correctly interpret relative paths for local dependencies - ([@othiym23](https://github.com/othiym23)) -* [`5eb8db2`](https://github.com/npm/npm/commit/5eb8db2c370eeb4cd34f6e8dc6a935e4ea325621) - `npm-package-arg@2.1.2`: support git+file:// URLs for local bare repos - ([@othiym23](https://github.com/othiym23)) -* [`860a185`](https://github.com/npm/npm/commit/860a185c43646aca84cb93d1c05e2266045c316b) - tweak docs to no longer advocate checking in `node_modules` - ([@hunterloftis](https://github.com/hunterloftis)) -* [`80e9033`](https://github.com/npm/npm/commit/80e9033c40e373775e35c674faa6c1948661782b) - add links to nodejs.org downloads to docs - ([@meetar](https://github.com/meetar)) - -### v2.0.0-beta.3 (2014-09-04): - -* [`fa79413`](https://github.com/npm/npm/commit/fa794138bec8edb7b88639db25ee9c010d2f4c2b) - [#6119](https://github.com/npm/npm/issues/6119) fall back to registry installs - if package.json is missing in a local directory ([@iarna](https://github.com/iarna)) -* [`16073e2`](https://github.com/npm/npm/commit/16073e2d8ae035961c4c189b602d4aacc6d6b387) - `npm-package-arg@2.1.0`: support file URIs as local specs - ([@othiym23](https://github.com/othiym23)) -* [`9164acb`](https://github.com/npm/npm/commit/9164acbdee28956fa816ce5e473c559395ae4ec2) - `github-url-from-username-repo@1.0.2`: don't match strings that are already - URIs ([@othiym23](https://github.com/othiym23)) -* [`4067d6b`](https://github.com/npm/npm/commit/4067d6bf303a69be13f3af4b19cf4fee1b0d3e12) - [#5629](https://github.com/npm/npm/issues/5629) support saving of local packages - in `package.json` ([@dylang](https://github.com/dylang)) -* [`1b2ffdf`](https://github.com/npm/npm/commit/1b2ffdf359a8c897a78f91fc5a5d535c97aaec97) - [#6097](https://github.com/npm/npm/issues/6097) document scoped packages - ([@seldo](https://github.com/seldo)) -* [`0a67d53`](https://github.com/npm/npm/commit/0a67d536067c4808a594d81288d34c0f7e97e105) - [#6007](https://github.com/npm/npm/issues/6007) `request@2.42.0`: properly - set headers on proxy requests ([@isaacs](https://github.com/isaacs)) -* [`9bac6b8`](https://github.com/npm/npm/commit/9bac6b860b674d24251bb7b8ba412fdb26cbc836) - `npmconf@2.0.8`: disallow semver ranges in tag configuration - ([@isaacs](https://github.com/isaacs)) -* [`d2d4d7c`](https://github.com/npm/npm/commit/d2d4d7cd3c32f91a87ffa11fe464d524029011c3) - [#6082](https://github.com/npm/npm/issues/6082) don't allow tagging with a - semver range as the tag name ([@isaacs](https://github.com/isaacs)) - -### v2.0.0-beta.2 (2014-08-29): - -SPECIAL LABOR DAY WEEKEND RELEASE PARTY WOOO - -* [`ed207e8`](https://github.com/npm/npm/commit/ed207e88019de3150037048df6267024566e1093) - `npm-registry-client@3.1.7`: Clean up auth logic and improve logging around - auth decisions. Also error on trying to change a user document without - writing to it. ([@othiym23](https://github.com/othiym23)) -* [`66c7423`](https://github.com/npm/npm/commit/66c7423b7fb07a326b83c83727879410d43c439f) - `npmconf@2.0.7`: support -C as an alias for --prefix - ([@isaacs](https://github.com/isaacs)) -* [`0dc6a07`](https://github.com/npm/npm/commit/0dc6a07c778071c94c2251429c7d107e88a45095) - [#6059](https://github.com/npm/npm/issues/6059) run commands in prefix, not - cwd ([@isaacs](https://github.com/isaacs)) -* [`65d2179`](https://github.com/npm/npm/commit/65d2179af96737eb9038eaa24a293a62184aaa13) - `github-url-from-username-repo@1.0.1`: part 3 handle slashes in branch names - ([@robertkowalski](https://github.com/robertkowalski)) -* [`e8d75d0`](https://github.com/npm/npm/commit/e8d75d0d9f148ce2b3e8f7671fa281945bac363d) - [#6057](https://github.com/npm/npm/issues/6057) `read-installed@3.1.1`: - properly handle extraneous dev dependencies of required dependencies - ([@othiym23](https://github.com/othiym23)) -* [`0602f70`](https://github.com/npm/npm/commit/0602f708f070d524ad41573afd4c57171cab21ad) - [#6064](https://github.com/npm/npm/issues/6064) ls: do not show deps of - extraneous deps ([@isaacs](https://github.com/isaacs)) - -### v2.0.0-beta.1 (2014-08-28): - -* [`78a1fc1`](https://github.com/npm/npm/commit/78a1fc12307a0cbdbc944775ed831b876ee65855) - `github-url-from-git@1.4.0`: add support for git+https and git+ssh - ([@stefanbuck](https://github.com/stefanbuck)) -* [`bf247ed`](https://github.com/npm/npm/commit/bf247edf5429c6b3ec4d4cb798fa0eb0a9c19fc1) - `columnify@1.2.1` ([@othiym23](https://github.com/othiym23)) -* [`4bbe682`](https://github.com/npm/npm/commit/4bbe682a6d4eabcd23f892932308c9f228bf4de3) - `cmd-shim@2.0.0`: upgrade to graceful-fs 3 - ([@ForbesLindesay](https://github.com/ForbesLindesay)) -* [`ae1d590`](https://github.com/npm/npm/commit/ae1d590bdfc2476a4ed446e760fea88686e3ae05) - `npm-package-arg@2.0.4`: accept slashes in branch names - ([@thealphanerd](https://github.com/thealphanerd)) -* [`b2f51ae`](https://github.com/npm/npm/commit/b2f51aecadf585711e145b6516f99e7c05f53614) - `semver@3.0.1`: semver.clean() is cleaner - ([@isaacs](https://github.com/isaacs)) -* [`1d041a8`](https://github.com/npm/npm/commit/1d041a8a5ebd5bf6cecafab2072d4ec07823adab) - `github-url-from-username-repo@1.0.0`: accept slashes in branch names - ([@robertkowalski](https://github.com/robertkowalski)) -* [`02c85d5`](https://github.com/npm/npm/commit/02c85d592c4058e5d9eafb0be36b6743ae631998) - `async-some@1.0.1` ([@othiym23](https://github.com/othiym23)) -* [`5af493e`](https://github.com/npm/npm/commit/5af493efa8a463cd1acc4a9a394699e2c0793b9c) - ensure lifecycle spawn errors caught properly - ([@isaacs](https://github.com/isaacs)) -* [`60fe012`](https://github.com/npm/npm/commit/60fe012fac9570d6c72554cdf34a6fa95bf0f0a6) - `npmconf@2.0.6`: init.version defaults to 1.0.0 - ([@isaacs](https://github.com/isaacs)) -* [`b4c717b`](https://github.com/npm/npm/commit/b4c717bbf58fb6a0d64ad229036c79a184297ee2) - `npm-registry-client@3.1.4`: properly encode % in passwords - ([@isaacs](https://github.com/isaacs)) -* [`7b55f44`](https://github.com/npm/npm/commit/7b55f44420252baeb3f30da437d22956315c31c9) - doc: Fix 'npm help index' ([@isaacs](https://github.com/isaacs)) - -### v2.0.0-beta.0 (2014-08-21): - -* [`685f8be`](https://github.com/npm/npm/commit/685f8be1f2770cc75fd0e519a8d7aac72735a270) - `npm-registry-client@3.1.3`: Print the notification header returned by the - registry, and make sure status codes are printed without gratuitous quotes - around them. ([@isaacs](https://github.com/isaacs) / - [@othiym23](https://github.com/othiym23)) -* [`a8cb676`](https://github.com/npm/npm/commit/a8cb676aef0561eaf04487d2719672b097392c85) - [#5900](https://github.com/npm/npm/issues/5900) remove `npm` from its own - `engines` field in `package.json`. None of us remember why it was there. - ([@timoxley](https://github.com/timoxley)) -* [`6c47201`](https://github.com/npm/npm/commit/6c47201a7d071e8bf091b36933daf4199cc98e80) - [#5752](https://github.com/npm/npm/issues/5752), - [#6013](https://github.com/npm/npm/issues/6013) save git URLs correctly in - `_resolved` fields ([@isaacs](https://github.com/isaacs)) -* [`e4e1223`](https://github.com/npm/npm/commit/e4e1223a91c37688ba3378e1fc9d5ae045654d00) - [#5936](https://github.com/npm/npm/issues/5936) document the use of tags in - `package.json` ([@KenanY](https://github.com/KenanY)) -* [`c92b8d4`](https://github.com/npm/npm/commit/c92b8d4db7bde2a501da5b7d612684de1d629a42) - [#6004](https://github.com/npm/npm/issues/6004) manually installed scoped - packages are tracked correctly ([@dead](https://github.com/dead)-horse) -* [`21ca0aa`](https://github.com/npm/npm/commit/21ca0aaacbcfe2b89b0a439d914da0cae62de550) - [#5945](https://github.com/npm/npm/issues/5945) link scoped packages - correctly ([@dead](https://github.com/dead)-horse) -* [`16bead7`](https://github.com/npm/npm/commit/16bead7f2c82aec35b83ff0ec04df051ba456764) - [#5958](https://github.com/npm/npm/issues/5958) ensure that file streams work - in all versions of node ([@dead](https://github.com/dead)-horse) -* [`dbf0cab`](https://github.com/npm/npm/commit/dbf0cab29d0db43ac95e4b5a1fbdea1e0af75f10) - you can now pass quoted args to `npm run-script` - ([@bcoe](https://github.com/bcoe)) -* [`0583874`](https://github.com/npm/npm/commit/05838743f01ccb8d2432b3858d66847002fb62df) - `tar@1.0.1`: Add test for removing an extract target immediately after - unpacking. - ([@isaacs](https://github.com/isaacs)) -* [`cdf3b04`](https://github.com/npm/npm/commit/cdf3b0428bc0b0183fb41dcde9e34e8f42c5e3a7) - `lockfile@1.0.0`: Fix incorrect interaction between `wait`, `stale`, and - `retries` options. Part 2 of race condition leading to `ENOENT` - ([@isaacs](https://github.com/isaacs)) - errors. -* [`22d72a8`](https://github.com/npm/npm/commit/22d72a87a9e1a9ab56d9585397f63551887d9125) - `fstream@1.0.2`: Fix a double-finish call which can result in excess FS - operations after the `close` event. Part 1 of race condition leading to - `ENOENT` errors. - ([@isaacs](https://github.com/isaacs)) - -### v2.0.0-alpha.7 (2014-08-14): - -* [`f23f1d8`](https://github.com/npm/npm/commit/f23f1d8e8f86ec1b7ab8dad68250bccaa67d61b1) - doc: update version doc to include `pre-*` increment args - ([@isaacs](https://github.com/isaacs)) -* [`b6bb746`](https://github.com/npm/npm/commit/b6bb7461824d4dc1c0936f46bd7929b5cd597986) - build: add 'make tag' to tag current release as latest - ([@isaacs](https://github.com/isaacs)) -* [`27c4bb6`](https://github.com/npm/npm/commit/27c4bb606e46e5eaf604b19fe8477bc6567f8b2e) - build: publish with `--tag=v1.4-next` ([@isaacs](https://github.com/isaacs)) -* [`cff66c3`](https://github.com/npm/npm/commit/cff66c3bf2850880058ebe2a26655dafd002495e) - build: add script to output `v1.4-next` publish tag - ([@isaacs](https://github.com/isaacs)) -* [`22abec8`](https://github.com/npm/npm/commit/22abec8833474879ac49b9604c103bc845dad779) - build: remove outdated `docpublish` make target - ([@isaacs](https://github.com/isaacs)) -* [`1be4de5`](https://github.com/npm/npm/commit/1be4de51c3976db8564f72b00d50384c921f0917) - build: remove `unpublish` step from `make publish` - ([@isaacs](https://github.com/isaacs)) -* [`e429e20`](https://github.com/npm/npm/commit/e429e2011f4d78e398f2461bca3e5a9a146fbd0c) - doc: add new changelog ([@othiym23](https://github.com/othiym23)) -* [`9243d20`](https://github.com/npm/npm/commit/9243d207896ea307082256604c10817f7c318d68) - lifecycle: test lifecycle path modification - ([@isaacs](https://github.com/isaacs)) -* [`021770b`](https://github.com/npm/npm/commit/021770b9cb07451509f0a44afff6c106311d8cf6) - lifecycle: BREAKING CHANGE do not add the directory containing node executable - ([@chulkilee](https://github.com/chulkilee)) -* [`1d5c41d`](https://github.com/npm/npm/commit/1d5c41dd0d757bce8b87f10c4135f04ece55aeb9) - install: rename .gitignore when unpacking foreign tarballs - ([@isaacs](https://github.com/isaacs)) -* [`9aac267`](https://github.com/npm/npm/commit/9aac2670a73423544d92b27cc301990a16a9563b) - cache: detect non-gzipped tar files more reliably - ([@isaacs](https://github.com/isaacs)) -* [`3f24755`](https://github.com/npm/npm/commit/3f24755c8fce3c7ab11ed1dc632cc40d7ef42f62) - `readdir-scoped-modules@1.0.0` ([@isaacs](https://github.com/isaacs)) -* [`151cd2f`](https://github.com/npm/npm/commit/151cd2ff87b8ac2fc9ea366bc9b7f766dc5b9684) - `read-installed@3.1.0` ([@isaacs](https://github.com/isaacs)) -* [`f5a9434`](https://github.com/npm/npm/commit/f5a94343a8ebe4a8cd987320b55137aef53fb3fd) - test: fix Travis timeouts ([@dylang](https://github.com/dylang)) -* [`126cafc`](https://github.com/npm/npm/commit/126cafcc6706814c88af3042f2ffff408747bff4) - `npm-registry-couchapp@2.5.0` ([@othiym23](https://github.com/othiym23)) - -### v2.0.0-alpha.6 (2014-08-07): - -BREAKING CHANGE: - -* [`ea547e2`](https://github.com/npm/npm/commit/ea547e2) Bump semver to - version 3: `^0.x.y` is now functionally the same as `=0.x.y`. - ([@isaacs](https://github.com/isaacs)) - -Other changes: - -* [`d987707`](https://github.com/npm/npm/commit/d987707) move fetch into - npm-registry-client ([@othiym23](https://github.com/othiym23)) -* [`9b318e2`](https://github.com/npm/npm/commit/9b318e2) `read-installed@3.0.0` - ([@isaacs](https://github.com/isaacs)) -* [`9d73de7`](https://github.com/npm/npm/commit/9d73de7) remove unnecessary - mkdirps ([@isaacs](https://github.com/isaacs)) -* [`33ccd13`](https://github.com/npm/npm/commit/33ccd13) Don't squash execute - perms in `_git-remotes/` dir ([@adammeadows](https://github.com/adammeadows)) -* [`48fd233`](https://github.com/npm/npm/commit/48fd233) `npm-package-arg@2.0.1` - ([@isaacs](https://github.com/isaacs)) - -### v2.0.0-alpha-5 (2014-07-22): - -This release bumps up to 2.0 because of this breaking change, which could -potentially affect how your package's scripts are run: - -* [`df4b0e7`](https://github.com/npm/npm/commit/df4b0e7fc1abd9a54f98db75ec9e4d03d37d125b) - [#5518](https://github.com/npm/npm/issues/5518) BREAKING CHANGE: support - passing arguments to `run` scripts ([@bcoe](https://github.com/bcoe)) - -Other changes: - -* [`cd422c9`](https://github.com/npm/npm/commit/cd422c9de510766797c65720d70f085000f50543) - [#5748](https://github.com/npm/npm/issues/5748) link binaries for scoped - packages ([@othiym23](https://github.com/othiym23)) -* [`4c3c778`](https://github.com/npm/npm/commit/4c3c77839920e830991e0c229c3c6a855c914d67) - [#5758](https://github.com/npm/npm/issues/5758) `npm link` includes scope - when linking scoped package ([@fengmk2](https://github.com/fengmk2)) -* [`f9f58dd`](https://github.com/npm/npm/commit/f9f58dd0f5b715d4efa6619f13901916d8f99c47) - [#5707](https://github.com/npm/npm/issues/5707) document generic pre- / - post-commands ([@sudodoki](https://github.com/sudodoki)) -* [`ac7a480`](https://github.com/npm/npm/commit/ac7a4801d80361b41dce4a18f22bcdf75e396000) - [#5406](https://github.com/npm/npm/issues/5406) `npm cache` displays usage - when called without arguments - ([@michaelnisi](https://github.com/michaelnisi)) -* [`f4554e9`](https://github.com/npm/npm/commit/f4554e99d34f77a8a02884493748f7d49a9a9d8b) - Test fixes for Windows ([@isaacs](https://github.com/isaacs)) -* update dependencies ([@othiym23](https://github.com/othiym23)) diff --git a/deps/node/deps/npm/changelogs/CHANGELOG-3.md b/deps/node/deps/npm/changelogs/CHANGELOG-3.md deleted file mode 100644 index a652eb37..00000000 --- a/deps/node/deps/npm/changelogs/CHANGELOG-3.md +++ /dev/null @@ -1,5245 +0,0 @@ -### v3.10.10 (2016-11-04) - -See the discussion on [#14042](https://github.com/npm/npm/issues/14042) for -more context on this release, which is intended to address a serious regression -in shrinkwrap behavior in the version of the CLI currently bundled with Node.js -6 LTS "Boron". You should never install this version directly; instead update -to `npm@4`, which has everything in this release and more. - -#### REGRESSION FIX - -* [`9aebe98`](https://github.com/npm/npm/commit/9aebe982114ea2107f46baa1dcb11713b4aaad04) - [#14117](https://github.com/npm/npm/pull/14117) - Fixes a bug where installing a shrinkwrapped package would fail if the - platform failed to install an optional dependency included in the shrinkwrap. - ([@watilde](https://github.com/watilde)) - -#### UPDATE SUPPORT MATRIX - -With the advent of the second official Node.js LTS release, Node 6.x -'Boron', the Node.js project has now officially dropped versions 0.10 -and 0.12 out of the maintenance phase of LTS. (Also, Node 5 was never -part of LTS, and will see no further support now that Node 7 has been -released.) As a small team with limited resources, the npm CLI team is -following suit and dropping those versions of Node from its CI test -matrix. - -* [`c82ecfd`](https://github.com/npm/npm/commit/c82ecfdbe0b5f318a175714a8753efe4dfd3e4b3) - [#14503](https://github.com/npm/npm/pull/14503) - Node 6 is LTS; 5.x, 0.10, and 0.12 are unsupported. - ([@othiym23](https://github.com/othiym23)) - -### v3.10.9 (2016-10-06) - -Hi everyone! This is the last of our monthly releases. We're going to give -an every-two-weeks schedule a try starting with our next release. We'll -reevaluate in a quarter, but we suspect that will be what we'll stick with. -You might be wondering _why_ we've been fiddling with the release cadence? Well, -we've been trying to tune it to to minimize the overhead for our little team. - -This is ALSO the ULTIMATE release of `npm` version 3. That's right, in -just two weeks' time (October 20th for you fans of calendar time), our dear -`npm` will be hitting the big 4.0. - -**DON'T PANIC** - -This is gonna be a much, MUCH smaller major version than 3.x was. Maybe even -smaller than 2.x was. I can't tell you everything that'll be in there just -yet, but at the very least it's going to have what's in our -[4.x milestone](https://github.com/npm/npm/pulls?q=is%3Aopen+is%3Apr+milestone%3A4.x), -PLUS, the first steps in -[making `prepublish` work](https://github.com/npm/npm/issues/10074) the way -people expect it to. - -**NOW ABOUT THIS RELEASE** - -This release sees a whole slew of bug fixes. Notably a bunch of lifecycle -fixes and a really important shrinkwrap fix. - -#### LIFECYCLE FIXES - -* [`d388f90`](https://github.com/npm/npm/commit/d388f90732981633b3cdb4fc7fb0fababd4e64ab) - [#13942](https://github.com/npm/npm/pull/13942) - Fix current working directory while running shrinkwrap lifecycle scripts. - Previously if you ran a shrinkwrap from another lifecycle script AND - `node_modules` existed (and if you're running `npm shrinkwrap` it probably - should) then `npm` would run the shrinkwrap lifecycle from the - `node_modules` folder instead of the package folder. - ([@evocateur](https://github.com/evocateur)) - ([@iarna](https://github.com/iarna)) -* [`c3b6cdf`](https://github.com/npm/npm/commit/c3b6cdfedcdb4d9e7712be5245d9b274828d88d1) - [#13964](https://github.com/npm/npm/pull/13964) - Fix bug where the `uninstall` lifecycles weren't being run when you - reinstalled/updated an existing module. - ([@iarna](https://github.com/iarna)) -* [`72bb89c`](https://github.com/npm/npm/commit/72bb89c1aa9811a18cbd766f3da73da76eb920c6) - [#13344](https://github.com/npm/npm/pull/13344) - When running lifecycles use `TMPDIR` if it's writable and fall back to the - current working directory if not. Previously we just assumed `TMPDIR` - wouldn't be writable (as we might have been running as `nobody` and - `nobody` on some systems can't write to `TMPDIR`). - ([@aaronjensen](https://github.com/aaronjensen)) - -#### SHRINKWRAP GIT & TAGGED DEPENDENCY FIX - -* [`3b5eee0`](https://github.com/npm/npm/commit/3b5eee0d31737d1c2518ed95dcc7aaaaa93c253c) - [#13941](https://github.com/npm/npm/pull/13941) - Fix git and tagged dependency matching with shrinkwraps. Previously git - and tag (ie `foo@latest`) dependencies installed from a shrinkwrap would - always be flagged as invalid. - ([@iarna](https://github.com/iarna)) - -#### BUG FIXES - -* [`bf3bd1e`](https://github.com/npm/npm/commit/bf3bd1e4347ee2c5de08d23558c4444749178c8b) - [#14143](https://github.com/npm/npm/pull/14143) - Fix bug in `npm version` where `npm-shrinkwrap.json` wouldn't be updated - if you ran `npm version` from outside of your project root. - ([@lholmquist](https://github.com/lholmquist)) -* [`1089878`](https://github.com/npm/npm/commit/1089878f58977559414c8a9addfc69a9c68905b0) - [#13613](https://github.com/npm/npm/pull/13613) - Log 'skipping action' as 'verbose' instead of 'warn'. This removes a lot of - clutter when there are links in your `node_modules`. The long term plan is - to entirely blind `npm` to what's inside links, which will make this code - go away entirely. - ([@timoxley](https://github.com/timoxley)) -* [`952f1e1`](https://github.com/npm/npm/commit/952f1e109a070ab4066179f6104ba9394300e342) - [#13999](https://github.com/npm/npm/pull/13999) - Fix a bug where setting `bin` to `null` in your `package.json` would result - in `npm` crashing. - ([@IonicaBizau](https://github.com/IonicaBizau)) -* [`fcf8b11`](https://github.com/npm/npm/commit/fcf8b11fb7fcf8902f6a887c3d5f0aef2897dde0) - [#14032](https://github.com/npm/npm/pull/14032) - When using `npm view`, if you specified a version that didn't exist it - would previously print `undefined` (even if you asked for JSON output). It - now prints nothing in this situation. This brings `npm@3`'s behavior in - line with `npm@2`. - ([@roblg](https://github.com/roblg)) -* [`93c689f`](https://github.com/npm/npm/commit/93c689ff44c6042a2dcde7fe0d74d2264237d666) - [#14032](https://github.com/npm/npm/pull/14032) - When using `npm view --json` with a version range that matches multiple - versions we now return a list of all of the metadata for all of those - versions. Previously we picked one and only returned that. This brings - `npm@3`'s behavior in line with `npm@2`. - ([@roblg](https://github.com/roblg)) -* [`2411728`](https://github.com/npm/npm/commit/24117289e09c373b845150c45e4793d98fe7cf4b) - [#14045](https://github.com/npm/npm/pull/14045) - Fix a Windows-only bug in the `git` tests. The tests had rather particular - ideas about what arguments would be passed to `git` and on Windows they - got this wrong. - ([@watilde](https://github.com/watilde)) - -#### DOCUMENTATION & MISC - -* [`30772cc`](https://github.com/npm/npm/commit/30772cc5f80923bf21c003fbe53e5fed9d3a5d97) - [#13904](https://github.com/npm/npm/pull/13904) - Update `package.json` example to include GitHub branches. - ([@stevokk](https://github.com/stevokk)) -* [`f66876f`](https://github.com/npm/npm/commit/f66876f75c204fb78028cf2ff7979f80355bd06c) - [#14010](https://github.com/npm/npm/pull/14010) - Update the GitHub issue template to reflect Apple's change in name of its - desktop operating system. - ([@AlexChesters](https://github.com/AlexChesters)) - -#### DEPENDENCY UPDATES - -* [`b3f9bf1`](https://github.com/npm/npm/commit/b3f9bf1ada3f93e6775f5c232350030db6635d0c) - [#13918](https://github.com/npm/npm/issues/13918) - `graceful-fs@4.1.9`: - Fix the _uid must be an unsigned int_ bug that's been around forever but that - `npm` started tickling in v3.10.8. - ([@addaleax](https://github.com/addaleax)) - Also fixes wrapper to `fs.readdir` to actually pass through (rather than - drop) optional arguments. - ([@isaacs](https://github.com/isaacs)) -* [`9402ead`](https://github.com/npm/npm/commit/9402ead67e3be9b431ade637fbfac86204ee96fe) - [isaacs/node-glob#293](https://github.com/isaacs/node-glob/pull/293) - `glob@7.1.0`: - Add `absolute` option for `match` event. - ([@phated](https://github.com/phated)) -* [`58b83db`](https://github.com/npm/npm/commit/58b83db327dd87bf7cb5a7d503303537718f2f30) - `asap@2.0.5` - ([@kriskowal](https://github.com/kriskowal)) -* [`5707e6e`](https://github.com/npm/npm/commit/5707e6e55b220439c3f83e77daf4c70d72eb46f0) - `sorted-object@2.0.1` - ([@domenic](https://github.com/domenic)) -* [`9d20910`](https://github.com/npm/npm/commit/9d209107ce49a7424c50459284280cd2e6e215d1) - `request@2.75.0` - ([@simov](https://github.com/simov)) -* [`dea4848`](https://github.com/npm/npm/commit/dea48487a9d03492edc68670d05776d32d9ee8cf) - `path-is-inside@1.0.2` - ([@domenic](https://github.com/domenic)) -* [`b3f3db5`](https://github.com/npm/npm/commit/b3f3db52e864d607b6d9b18920e2f58acc4b1616) - `opener@1.4.2` - ([@dominic](https://github.com/dominic)) -* [`6bb5f95`](https://github.com/npm/npm/commit/6bb5f953888bbaaeeb624d623c2a9746d1c243a0) - `lockfile@1.0.2` - ([@isaacs](https://github.com/isaacs)) -* [`13f7c0a`](https://github.com/npm/npm/commit/13f7c0a73212284b53a2d96882fc298afbf9609c) - `config-chain@1.1.11` - ([@dominictarr](https://github.com/dominictarr)) - -### v3.10.8 (2016-09-08) - -Monthly releases are so big! Just look at all this stuff! - -Our quarter of monthly releases is almost over. The next one, in October, might -very well be our last one as we move to trying something different and learning -lessons from our little experiment. - -You may also want to keep an eye our for `npm@4` next month, since we're -planning on finally releasing it then and including a (small) number of breaking -changes we've been meaning to do for a long time. Don't worry, though: `npm@3` -will still be around for a bit and will keep getting better and better, and is -most likely going to be the version that `node@6` uses once it goes to LTS. - -As some of us have mentioned before, npm is likely to start doing more regular -semver-major bumps, while keeping those bumps significantly smaller than the -huge effort that was `npm@3` -- we're not very likely to do a world-shaking -thing like that for a while, if ever. - -All that said, let's move on to the patches included in v3.10.8! - -#### SHRINKWRAP LEVEL UP - -The most notable part of this release is a series of commits meant to make `npm -shrinkwrap` more consistent. By itself, shrinkwrap seems like a fairly -straightforward thing to implement, but things get complicated when it starts -interacting with `devDependencies`, `optionalDependencies`, and -`bundledDependencies`. These commits address some corner cases related to these. - -* [`a7eca32`](https://github.com/npm/npm/commit/a7eca3246fbbcbb05434cb6677f65d14c945d74f) - [#10073](https://github.com/npm/npm/pull/10073) - Record if a dependency is only used as a devDependency and exclude it from the - shrinkwrap file. - ([@bengl](https://github.com/bengl)) -* [`1eabcd1`](https://github.com/npm/npm/commit/1eabcd16bf2590364ca20831096350073539bf3a) - [#10073](https://github.com/npm/npm/pull/10073) - Record if a dependency is optional to shrinkwrap. - ([@bengl](https://github.com/bengl)) -* [`03efc89`](https://github.com/npm/npm/commit/03efc89522c99ee0fa37d8f4a99bc3b44255ef98) - [#13692](https://github.com/npm/npm/pull/13692/) - We were doing a weird thing where we used a `package.json` field `installable` - to check to see if we'd checked for platform compatibility, and if not did - so. But this was the only place that was ever done so there was no reason to - implement it in such an obfuscated manner. - Instead it now just directly checks and then records that its done so on the - node object with `knownInstallable`. This is useful to know because modules - expanded via shrinkwrap don't go through this– `inflateShrinkwrap` does not - currently have any rollback semantics and so checking this sort of thing there - is unhelpful. - ([@iarna](https://github.com/iarna)) -* [`ff87938`](https://github.com/npm/npm/commit/ff879382fda21dac7216a5f666287b3a7e74a947) - [#11735](https://github.com/npm/npm/issues/11735) - Running `npm install --save-dev` will now update shrinkwrap file, but only - if there already are devDependencies in it. - ([@szimek](https://github.com/szimek)) -* [`c00ca3a`](https://github.com/npm/npm/commit/c00ca3aef836709eeaeade91c5305bc2fbda2e8a) - [#13394](https://github.com/npm/npm/issues/13394) - Check installability of modules from shrinkwrap, since modules that came into - the tree vie shrinkwrap won't already have this information recorded in - advance. - ([@iarna](https://github.com/iarna)) - -#### INSTALLER ERROR REPORTING LEVEL UP - -As part of the shrinkwrap push, there were also a lot of error-reporting -improvements. Some to add more detail to error objects, others to fix bugs and -inconsistencies. - -* [`2cdd713`](https://github.com/npm/npm/commit/2cdd7132abddcc7f826a355c14348ce9a5897ffe) - Consistently set code on `ETARGET` when fetching package metadata if no - compatible version is found. - ([@iarna](https://github.com/iarna)) -* [`cabcd17`](https://github.com/npm/npm/commit/cabcd173f2923cb5b77e7be0e42eea2339a24727) - [#13692](https://github.com/npm/npm/pull/13692/) - Include installer warning details at the `verbose` log level. - ([@iarna](https://github.com/iarna)) -* [`95a4044`](https://github.com/npm/npm/commit/95a4044cbae93d19d0da0f3cd04ea8fa620295d9) - [`dbb14c2`](https://github.com/npm/npm/commit/dbb14c241d982596f1cdaee251658f5716989fd2) - [`9994383`](https://github.com/npm/npm/commit/9994383959798f80749093301ec43a8403566bb6) - [`7417000`](https://github.com/npm/npm/commit/74170003db0c53def9b798cb6fe3fe7fc3e06482) - [`f45f85d`](https://github.com/npm/npm/commit/f45f85dac800372d63dfa8653afccbf5bcae7295) - [`e79cc1b`](https://github.com/npm/npm/commit/e79cc1b11440f0d122c4744d5eff98def9553f4a) - [`146ee39`](https://github.com/npm/npm/commit/146ee394b1f7a33cf409a30b835a85d939acb438) - [#13692](https://github.com/npm/npm/pull/13692/) - Improve various bits of error reporting, adding more error information and - some related refactoring. - ([@iarna](https://github.com/iarna)) - -#### MISCELLANEOUS BUGS LEVEL UP - -* [`116b6c6`](https://github.com/npm/npm/commit/116b6c60a174ea0cc49e4d62717e4e26175b6534) - [#13456](https://github.com/npm/npm/issues/13456) - In lifecycle scripts, any `node_modules/.bin` existing in the hierarchy - should be turned into an entry in the PATH environment variable. - However, prior to this commit, it was splitting based on the string - `node_modules`, rather than restricting it to only path portions like - `/node_modules/` or `\node_modules\`. So, a path containing an entry - like `my_node_modules` would be improperly split. - ([@isaacs](https://github.com/isaacs)) -* [`0a28dd0`](https://github.com/npm/npm/commit/0a28dd0104e5b4a8cc0cb038bd213e6a50827fe8) - [npm/fstream-npm#23](https://github.com/npm/fstream-npm/pull/23) - `fstream-npm@1.2.0`: - Always ignore `*.orig` files, which are generated by git when using `git - mergetool`, by default. - ([@zkat](https://github.com/zkat)) -* [`a3a2fb9`](https://github.com/npm/npm/commit/a3a2fb97adc87c2aa9b2b8957861b30efafc7ad0) - [#13708](https://github.com/npm/npm/pull/13708) - Always ignore `*.orig` files, which are generated by git when using `git - mergetool`, by default. - ([@boneskull](https://github.com/boneskull)) - -#### TOOLING LEVEL UP - -* [`e1d7e6c`](https://github.com/npm/npm/commit/e1d7e6ce551cbc42026cdcadcb37ea515059c972) - Add helper for generating test skeletons. - ([@iarna](https://github.com/iarna)) -* [`4400b35`](https://github.com/npm/npm/commit/4400b356bca9175935edad1469c608c909bc01bf) - Fix fixture creation and cleanup in `maketest`. - ([@iarna](https://github.com/iarna)) - -#### DOCUMENTATION LEVEL UP - -* [`8eb9460`](https://github.com/npm/npm/commit/8eb94601fe895b97cbcf8c6134e6b371c5371a1e) - [#13717](https://github.com/npm/npm/pull/13717) - Document that `npm link` will link the files specified in the `bin` field of - `package.json` to `{prefix}/bin/{name}`. - ([@legodude17](https://github.com/legodude17)) -* [`a66e5e9`](https://github.com/npm/npm/commit/a66e5e9c388878fe03fb29014c3b95d28bedd3c1) - [#13682](https://github.com/npm/npm/pull/13682) - Minor grammar fix in documentation for `npm scripts`. - ([@Ajedi32](https://github.com/Ajedi32)) -* [`74b8043`](https://github.com/npm/npm/commit/74b80437ffdfcf8172f6ed4f39bfb021608dd9dd) - [#13655](https://github.com/npm/npm/pull/13655) - Document line comment syntax for `.npmrc`. - ([@mdjasper](https://github.com/mdjasper)) -* [`b352a84`](https://github.com/npm/npm/commit/b352a84c2c7ad15e9c669af75f65cdaa964f86c0) - [#12438](https://github.com/npm/npm/issues/12438) - Remind folks to use `#!/usr/bin/env node` in their `bin` scripts to make files - executable directly. - ([@mxstbr](https://github.com/mxstbr)) -* [`b82fd83`](https://github.com/npm/npm/commit/b82fd838edbfff5d2833a62f6d8ae8ea2df5a1f2) - [#13493](https://github.com/npm/npm/pull/13493) - Document that the user config file can itself be configured either through the - `$NPM_CONFIG_USERCONFIG` environment variable, or `--userconfig` command line - flag. - ([@jasonkarns](https://github.com/jasonkarns)) -* [`8a02699`](https://github.com/npm/npm/commit/8a026992a03d90e563a97c70e90926862120693b) - [#13911](https://github.com/npm/npm/pull/13911) - Minor documentation reword and cleanup. - ([@othiym23](https://github.com/othiym23)) - -#### DEPENDENCY LEVEL UP - -* [`2818fb0`](https://github.com/npm/npm/commit/2818fb0f6081d68a91f0905945ad102f26c6cf85) - `glob@7.0.6` - ([@isaacs](https://github.com/isaacs)) -* [`d88ec81`](https://github.com/npm/npm/commit/d88ec81ad33eb2268fcd517d35346a561bc59aff) - `graceful-fs@4.1.6` - ([@francescoinfante](https://github.com/francescoinfante)) -* [`4727f86`](https://github.com/npm/npm/commit/4727f8646daca7b3e3c1c95860e02acf583b9dae) - `lodash.clonedeep@4.5.0` - ([@jdalton](https://github.com/jdalton)) -* [`c347678`](https://github.com/npm/npm/commit/c3476780ef4483425e4ae1d095a5884b46b8db86) - `lodash.union@4.6.0` - ([@jdalton](https://github.com/jdalton)) -* [`530bd4d`](https://github.com/npm/npm/commit/530bd4d2ae6f704f624e4f7bf64f911f37e2b7f8) - `lodash.uniq@4.5.0` - ([@jdalton](https://github.com/jdalton)) -* [`483d56a`](https://github.com/npm/npm/commit/483d56ae8137eca0c0f7acd5d1c88ca6d5118a6a) - `lodash.without@4.4.0` - ([@jdalton](https://github.com/jdalton)) -* [`6c934df`](https://github.com/npm/npm/commit/6c934df6e74bacd0ed40767b319936837a43b586) - `inherits@2.0.3` - ([@isaacs](https://github.com/isaacs)) -* [`a65ed7c`](https://github.com/npm/npm/commit/a65ed7cbd3c950383a14461a4b2c87b67ef773b9) - `npm-registry-client@7.2.1`: - * [npm/npm-registry-client#142](https://github.com/npm/npm-registry-client/pull/142) Fix `EventEmitter` warning spam from error handlers on socket. ([@addaleax](https://github.com/addaleax)) - * [npm/npm-registry-client#131](https://github.com/npm/npm-registry-client/pull/131) Adds support for streaming request bodies. ([@aredridel](https://github.com/aredridel)) - * Fixes [#13656](https://github.com/npm/npm/issues/13656). - * Dependency updates. - * Documentation improvements. - ([@othiym23](https://github.com/othiym23)) -* [`2b88d62`](https://github.com/npm/npm/commit/2b88d62e6a730716b27052c0911c094d01830a60) - [npm/npmlog#34](https://github.com/npm/npmlog/pull/34) - `npmlog@4.0.0`: - Allows creating log levels that are empty strings or 0 - ([@rwaldron](https://github.com/rwaldron)) -* [`242babb`](https://github.com/npm/npm/commit/242babbd02274ee2d212ae143992c20f47ef0066) - `once@1.4.0` - ([@zkochan](https://github.com/zkochan)) -* [`6d8ba2b`](https://github.com/npm/npm/commit/6d8ba2b4918e2295211130af68ee8a67099139e0) - `readable-stream@2.1.5` - ([@calvinmetcalf](https://github.com/calvinmetcalf)) -* [`855c099`](https://github.com/npm/npm/commit/855c099482a8d93b7f0646bd7bcf8a31f81868e0) - `retry@0.10.0` - ([@tim-kos](https://github.com/tim-kos)) -* [`80540c5`](https://github.com/npm/npm/commit/80540c52b252615ae8a6271b3df870eabfea935e) - `semver@5.3.0`: - * Add `minSatisfying` - * Add `prerelease(v)` - ([@isaacs](https://github.com/isaacs)) -* [`8aaac52`](https://github.com/npm/npm/commit/8aaac52ffae8e689fae265712913b1e2a36b1aa6) - `which@1.2.1` - ([@isaacs](https://github.com/isaacs)) -* [`85108a2`](https://github.com/npm/npm/commit/85108a29108ab0a57997572dc14f87eb706890ba) - `write-file-atomic@1.2.0`: - Preserve chmod and chown from the overwritten file - ([@iarna](https://github.com/iarna)) -* [`291a377`](https://github.com/npm/npm/commit/291a377f32f5073102a8ede61a27e6a9b37154c2) - Update npm documentation to reflect documentation for `semver@5.3.0`. - ([@zkat](https://github.com/zkat)) - -### v3.10.7 (2016-08-11) - -Hi all, today's our first release coming out of the new monthly release -cadence. See below for details. We're all recovered from conferences now -and raring to go! We've got some pretty keen bug fixes and a bunch of -documentation and dependency updates. It's hard to narrow it down to just a -few, but of note are scoped packages in bundled dependencies, the -`preinstall` lifecycle fix, the shrinkwrap and Git dependencies fix and the -fix to a crasher involving cycles in development dependencies. - -#### NEW RELEASE CADENCE - -Releasing npm has been, for the most part, a very prominent part of our -weekly process process. As part of our efforts to find the most effective -ways to allocate our team's resources, we decided last month that we would -try and slow our releases down to a monthly cadence, and see if we found -ourselves with as much extra time and attention as we expected to have. -Process experiments are useful for finding more effective ways to do our -work, and we're at least going to keep doing this for a whole quarter, and -then measure how well it worked out. It's entirely likely that we'll switch -back to a more frequent cadence, specially if we find that the value that -weekly cadence was providing the community is not worth sacrificing for a -bit of extra time. Does this affect you significantly? Let us know! - -#### SCOPED PACKAGES IN BUNDLED DEPENDENCIES - -Prior to this release and -[v2.15.10](https://github.com/npm/npm/releases/v2.15.10), npm had ignored -scoped modules found in `bundleDependencies`. - -* [`29cf56d`](https://github.com/npm/npm/commit/29cf56dbae8e3dd16c24876f998051623842116a) - [#8614](https://github.com/npm/npm/issues/8614) - Include scoped packages in bundled dependencies. - ([@forivall](https://github.com/forivall)) - -#### `preinstall` LIFECYCLE IN CURRENT PROJECT - -* [`b7f13bc`](https://github.com/npm/npm/commit/b7f13bc80b89b025be0c53d81b90ec8f2cebfab7) - [#13259](https://github.com/npm/npm/pull/13259) - Run top level preinstall before installing dependencies - ([@palmerj3](https://github.com/palmerj3)) - -#### BETTER SHRINKWRAP WITH GIT DEPENDENCIES - -* [`0f7e319`](https://github.com/npm/npm/commit/0f7e3197bcec7a328b603efdffd3681bbc40f585) - [#12718](https://github.com/npm/npm/issues/12718.) - Update outdated git dependencies found in shrinkwraps. Previously, if the - module version was the same then no update would be completed even if the - committish had changed. - ([@kossnocorp](https://github.com/kossnocorp)) - - -#### CYCLES IN DEVELOPMENT DEPENDENCIES NO LONGER CRASH - -* [`1691de6`](https://github.com/npm/npm/commit/1691de668d34cd92ab3de08bf3a06085388f2f07) - [#13327](https://github.com/npm/npm/issues/13327) - Fix bug where cycles found in development dependencies could result in - infinite recursion that resulted in crashes. - ([@iarna](https://github.com/iarna)) - -#### IMPROVE "NOT UPDATING LINKED MODULE" WARNINGS - -* [`1619871`](https://github.com/npm/npm/commit/1619871ac0cc8839dc9962c78e736095976c1eb4) - [#12893](https://github.com/npm/npm/pull/12893) - Only warn about symlink update if version number differs - The update-linked action outputs a warning that it needs to update the - linked package, but can't, There is no need for the package to be updated if - it is already at the correct version. This change does a check before - logging the warning. - ([@DaveEmmerson](https://github.com/DaveEmmerson)) - -#### MORE BUG FIXES - -* [`8f8d1b3`](https://github.com/npm/npm/commit/8f8d1b33a78c79aff9de73df362abaa7f05751d2) - [#11398](https://github.com/npm/npm/issues/11398) - Fix bug where `package.json` files that contained a `type` property could - cause crashes. `type` is not a `package.json` property that npm makes use - of and having it should be (and now is) harmless. - ([@zkat](https://github.com/zkat)) -* [`e7fa6c6`](https://github.com/npm/npm/commit/e7fa6c6a2c1de2a214479daa8c6901eebb350381) - [#13353](https://github.com/npm/npm/issues/13353) - Add GIT_EXEC_PATH to Git environment whitelist. - ([@mhart](https://github.com/mhart)) -* [`c23af21`](https://github.com/npm/npm/commit/c23af21d4cedd7fedcb4168672044db76ad054a8) - [#13626](https://github.com/npm/npm/pull/13626) - Use HTTPS issues URL in the error message for type validation errors. - ([@watilde](https://github.com/watilde)) - -#### INCLUDE `npm login` IN COMMAND SUMMARY - -* [`ab0c4b1`](https://github.com/npm/npm/commit/ab0c4b137b05762e75e0913038b606f087b58aa0) - [#13581](https://github.com/npm/npm/issues/13581) - The `login` command has long been an alias for `adduser`. - At the same time, there is an expectation not just of that - particular word being something to look for, but of there being - clear symmetry with `logout`. - So it was a bit confusing when `login` didn't show up in - `npm help` on a technicality. This seems like an acceptable - exception to the rule that says "no aliases in `npm help`". - ([@zkat](https://github.com/zkat)) - -#### DOCUMENTATION - -* [`e2d7e78`](https://github.com/npm/npm/commit/e2d7e7820a7875ed96e0382dc1e91b8df4e83746) - [#13319](https://github.com/npm/npm/pull/13319) - As Node.js 0.8 is no longer supported, remove mention of it from the README. - ([@watilde](https://github.com/watilde)) -* [`c565d89`](https://github.com/npm/npm/commit/c565d893a38efb6006e841450503329c9e58f100) - [#13349](https://github.com/npm/npm/pull/13349) - Updated the scripts documentation to explain the different between `version` and `preversion`. - ([@christophehurpeau](https://github.com/christophehurpeau)) -* [`fa8f87f`](https://github.com/npm/npm/commit/fa8f87f1ec92e543dd975156c4b184eb3e0b80cb) - [#10167](https://github.com/npm/npm/pull/10167) - Clarify in scope documentation that npm@2 is required for scoped packages. - ([@danpaz](https://github.com/danpaz)) - -#### DEPENDENCIES - -* [`124427e`](https://github.com/npm/npm/commit/124427eabbfd200aa145114e389e19692559ff1e) - [#8614](https://github.com/npm/npm/issues/8614) - `fstream-npm@1.1.1`: - Fixes bug with inclusion of scoped bundled dependencies. - ([@forivall](https://github.com/forivall)) -* [`7e0cdff`](https://github.com/npm/npm/commit/7e0cdff04714709f6dc056b19422d3f937502f1c) - [#13497](https://github.com/npm/npm/pull/13497) - `graceful-fs@4.1.5`: - `graceful-fs` had a [bug fix](https://github.com/isaacs/node-graceful-fs/pull/71) which - fixes a problem ([nodejs/node#7846](https://github.com/nodejs/node/pull/7846)) exposed - by recent changes to Node.js. - ([@thefourtheye](https://github.com/thefourtheye)) -* [`9b88cb8`](https://github.com/npm/npm/commit/9b88cb89f138443f324094685f4de073f33ecef0) - [#9984](https://github.com/npm/npm/issues/9984) - `request@2.74.0`: - Update request library to at least 2.73 to fix a bug where `npm install` would crash with - _Cannot read property 'emit' of null._ - - Update `request` dependency `tough-cookie` to `2.3.0` to - to address [https://nodesecurity.io/advisories/130](https://nodesecurity.io/advisories/130). - Versions 0.9.7 through 2.2.2 contain a vulnerable regular expression that, - under certain conditions involving long strings of semicolons in the - "Set-Cookie" header, causes the event loop to block for excessive amounts of - time. - ([@zarenner](https://github.com/zarenner)) - ([@stash-sfdc](https://github.com/stash-sfdc)) -* [`bf78ce5`](https://github.com/npm/npm/commit/bf78ce5ef5d2d6e95177193cca5362dd27bff968) - [#13387](https://github.com/npm/npm/issues/13387) - `minimatch@3.0.3`: - Handle extremely long and terrible patterns more gracefully. - There were some magic numbers that assumed that every extglob pattern starts - and ends with a specific number of characters in the regular expression. - Since !(||) patterns are a little bit more complicated, this led to creating - an invalid regular expression and throwing. - ([@isaacs](https://github.com/isaacs)) -* [`803e538`](https://github.com/npm/npm/commit/803e538efaae4b56a764029742adcf6761e8398b) - [isaacs/rimraf#111](https://github.com/isaacs/rimraf/issues/111) - `rimraf@2.5.4`: Clarify assertions: cb is required, options are not. - ([@isaacs](https://github.com/isaacs)) -* [`a9f84ef`](https://github.com/npm/npm/commit/a9f84ef61b4c719b646bf9cda00577ef16e3a113) - `lodash.without@4.2.0` - ([@jdalton](https://github.com/jdalton)) -* [`f59ff1c`](https://github.com/npm/npm/commit/f59ff1c2701f1bfd21bfdb97b4571823b614f694) - `lodash.uniq@4.4.0` - ([@jdalton](https://github.com/jdalton)) -* [`8cc027e`](https://github.com/npm/npm/commit/8cc027e5e81623260a49b31fe406ce483258b203) - `lodash.union@4.5.0` - ([@jdalton](https://github.com/jdalton)) -* [`0a6c1e4`](https://github.com/npm/npm/commit/0a6c1e4302a153fb055f495043ed33afd8324193) - `lodash.without@4.3.0` - ([@jdalton](https://github.com/jdalton)) -* [`4ab0181`](https://github.com/npm/npm/commit/4ab0181fca2eda18888b865ef691b83d30fb0c33) - `lodash.clonedeep@4.4.1` - ([@jdalton](https://github.com/jdalton)) - -### v3.10.6 (2016-07-07) - -This week we have a bunch of bug fixes for ya! A shrinkwrap regression -introduced in 3.10.0, better lifecycle `PATH` behavior, improvements when -working with registries other than `registry.npmjs.org` and a fix for -hopefully the last _don't print a progress bar over my interactive thingy_ -bug. - -#### SHRINKWRAP AND DEV DEPENDENCIES - -The rewrite in 3.10.0 triggered a bug where dependencies of devDependencies -would be included in your shrinkwrap even if you didn't request -devDependencies. - -* [`2484529`](https://github.com/npm/npm/commit/2484529ab56a42e5d6f13c48006f39a596d9e327) - [#13308](https://github.com/npm/npm/pull/13308) - Fix bug where deps of devDependencies would be incorrectly included in - shrinkwraps. - ([@iarna](https://github.com/iarna)) - -#### BETTER PATH LIFECYCLE BEHAVIOR - -We've been around the details on this one a few times in recent months and -hopefully this will bring is to where we want to be. - -* [`81051a9`](https://github.com/npm/npm/commit/81051a90eee66a843f76eb8cccedbb1d0a5c1f47) - [#12968](https://github.com/npm/npm/pull/12968) - When running lifecycle scripts, only prepend directory containing the node - binary to PATH if not already in PATH. - ([@segrey](https://github.com/segrey)) - -#### BETTER INTERACTIONS WITH THIRD PARTY REGISTRIES - -* [`071193c`](https://github.com/npm/npm/commit/071193c8e193767dd1656cb27556cb3751d77a3b) - [#10869](https://github.com/npm/npm/pull/10869) - If the registry returns a list of versions some of which are invalid, skip - those when picking a version to install. This can't happen with - registry.npmjs.org as it will normalize versions published with it, but it - can happen with other registries. - ([@gregersrygg](https://github.com/gregersrygg)) - -#### ONE LAST TOO-MUCH-PROGRESS CORNER - -* [`1244cc1`](https://github.com/npm/npm/commit/1244cc16dc5a0536acf26816a1deeb8e221d67eb) - [#13305](https://github.com/npm/npm/pull/13305) - Disable progress bar in `npm edit` and `npm config edit`. - ([@watilde](https://github.com/watilde)) - -#### HTML DOCS IMPROVEMENTS - -* [`58da923`](https://github.com/npm/npm/commit/58da9234ae72a5474b997f890a1155ee9785e6f1) - [#13225](https://github.com/npm/npm/issues/13225) - Fix HTML character set declaration in generated HTML documentation. - ([@KenanY](https://github.com/KenanY)) -* [`d1f0bf4`](https://github.com/npm/npm/commit/d1f0bf4303566f8690502034f82bbb449850958d) - [#13250](https://github.com/npm/npm/pull/13250) - Optimize png images using zopflipng. - ([@PeterDaveHello](https://github.com/PeterDaveHello)) - -#### DEPENDENCY UPDATES (THAT MATTER) - -* [`c7567e5`](https://github.com/npm/npm/commit/c7567e58618b63f97884afa104d2f560c9272dd5) - [npm/npm-user-validate#9](https://github.com/npm/npm-user-validate/pull/9) - `npm-user-validate@0.1.5`: - Lower the username length limits to 214 from 576 to match `registry.npmjs.org`'s limits. - ([@aredridel](https://github.com/aredridel)) -* [`22802c9`](https://github.com/npm/npm/commit/22802c9db3cf990c905e8f61304db9b5571d7964) - [#isaacs/rimraf](https://github.com/npm/npm/issues/isaacs/rimraf) - `rimraf@2.5.3`: - Fixes EPERM errors when running `lstat` on read-only directories. - ([@isaacs](https://github.com/isaacs)) -* [`ce6406f`](https://github.com/npm/npm/commit/ce6406f4b6c4dffbb5cd8a3c049f6663a5665522) - `glob@7.0.5`: - Forces the use of `minimatch` to 3.0.2, which improved handling of long and - complicated patterns. - ([@isaacs](https://github.com/isaacs)) - - -### v3.10.5 (2016-07-05) - -This is a fix to this week's testing release to correct the update of -`node-gyp` which somehow got mangled. - -* [`ca97ce2`](https://github.com/npm/npm/commit/ca97ce2e8d8ba44c445b39ffa40daf397d5601b3) - [#13256](https://github.com/npm/npm/issues/13256) - Fresh reinstall of `node-gyp@3.4.0`. - ([@zkat](https://github.com/zkat)) - -### v3.10.4 (2016-06-30) - -Hey y'all! This release includes a bunch of fixes we've been working on as we -continue on our `big-bug` push. There's still [a lot of it left to -do](https://github.com/npm/npm/labels/big-bug), but once this is done, things -should just generally be more stable, installs should be more reliable and -correct, and we'll be able to move on to more future work. We'll keep doing our -best! 🙌 - -#### RACES AS WACKY AS [REDLINE](https://en.wikipedia.org/wiki/Redline_\(2009_film\)) - -Races are notoriously hard to squash, and tend to be some of the more common -recurring bugs we see on the CLI. [@julianduque](https://github.com/julianduque) -did some pretty awesome [sleuthing -work](https://github.com/npm/npm/issues/12669) to track down a cache race and -helpfully submitted a patch. There were some related races in the same area that -also got fixed at around the same time, mostly affecting Windows users. - -* [`2a37c97`](https://github.com/npm/npm/commit/2a37c97121483db2b6f817fe85c2a5a77b76080e) - [#12669](https://github.com/npm/npm/issues/12669) - [#13023](https://github.com/npm/npm/pull/13023) - The CLI is pretty aggressive about correcting permissions across the cache - whenever it writes to it. This aggressiveness caused a couple of races where - temporary cache files would get picked up by `fs.readdir`, and removed before - `chownr` was called on them, causing `ENOENT` errors. While the solution might - seem a bit hamfisted, it's actually perfectly safe and appropriate in this - case to just ignore those resulting `ENOENT` errors. - ([@julianduque](https://github.com/julianduque)) -* [`ea018b9`](https://github.com/npm/npm/commit/ea018b9e3856d1798d199ae3ebce4ed07eea511b) - [#13023](https://github.com/npm/npm/pull/13023) - If a user were to have SUDO_UID and SUDO_GID, they'd be able to get into a - pretty weird state. This fixes that corner case. - ([@zkat](https://github.com/zkat)) -* [`703ca3a`](https://github.com/npm/npm/commit/703ca3abbf4f1cb4dff08be32acd2142d5493482) - [#13023](https://github.com/npm/npm/pull/13023) - A missing `return` was causing `chownr` to be called on Windows, even though - that's literally pointless, and causing crashes in the process, instead of - short-circuiting. This was entirely dependent on which callback happened to be - called first, and in some cases, the failing one would win the race. This - should prevent this from happening in the future. - ([@zkat](https://github.com/zkat)) -* [`69267f4`](https://github.com/npm/npm/commit/69267f4fbd1467ce576f173909ced361f8fe2a9d) - [#13023](https://github.com/npm/npm/pull/13023) - Added tests to verify `correct-mkdir` race patch. - ([@zkat](https://github.com/zkat)) -* [`e5f50ea`](https://github.com/npm/npm/commit/e5f50ea9f84fe8cac6978d18f7efdf43834928e7) - [#13023](https://github.com/npm/npm/pull/13023) - Added tests to verify `addLocal` race patch. - ([@zkat](https://github.com/zkat)) - -#### SHRINKWRAP IS COMPLICATED BUT IT'S BETTER NOW - -[@iarna](https://github.com/iarna) did some heroic hacking to refactor a bunch -of `shrinkwrap`-related bits and fixed some resolution and pathing issues that -were biting users. The code around that stuff got more readable/maintainable in -the process, too! - -* [`346bba1`](https://github.com/npm/npm/commit/346bba1e1fee9cc814b07c56f598a73be5c21686) - [#13214](https://github.com/npm/npm/pull/13214) - Resolve local dependencies in `npm-shrinkwrap.json` relative to the top of the - tree. - ([@iarna](https://github.com/iarna)) -* [`4a67fdb`](https://github.com/npm/npm/commit/4a67fdbd0f160deb6644a9c4c5b587357db04d2d) - [#13213](https://github.com/npm/npm/pull/13213) - If you run `npm install modulename` it should, if a `npm-shrinkwrap.json` is - present, use the version found there. If not, it'll use the version found in - your `package.json`, and failing *that*, use `latest`. - This fixes a case where the first check was being bypassed because version - resolution was being done prior to loading the shrinkwrap, and so checks to - match the shrinkwrap version couldn't succeed. - ([@iarna](https://github.com/iarna)) -* [`afa2133`](https://github.com/npm/npm/commit/afa2133a5d8ac4f6f44cdc6083d89ad7f946f5bb) - [#13214](https://github.com/npm/npm/pull/13214) - Refactor shrinkwrap specifier lookup into shared function. - ([@iarna](https://github.com/iarna)) -* [`2820b56`](https://github.com/npm/npm/commit/2820b56a43e1cc1e12079a4c886f6c14fe8c4f10) - [#13214](https://github.com/npm/npm/pull/13214) - Refactor operations in `inflate-shrinkwrap.js` into separate functions for - added clarity. - ([@iarna](https://github.com/iarna)) -* [`ee5bfb3`](https://github.com/npm/npm/commit/ee5bfb3e56ee7ae582bec9f741f32b224c279947) - Fix Windows path issue in a shrinkwrap test. - ([@zkat](https://github.com/zkat)) - -#### OTHER BUGFIXES - -* [`a11a7b2`](https://github.com/npm/npm/commit/a11a7b2e7df9478ac9101b06eead4a74c41a648d) - [#13212](https://github.com/npm/npm/pull/13212) - Resolve local paths passed in through the command line relative to current - directory, instead of relative to the `package.json`. - ([@iarna](https://github.com/iarna)) - -#### DEPENDENCY UPDATES - -* [`900a5b7`](https://github.com/npm/npm/commit/900a5b7f18b277786397faac05853c030263feb8) - [#13199](https://github.com/npm/npm/pull/13199) - [`node-gyp@3.4.0`](https://github.com/nodejs/node-gyp/blob/master/CHANGELOG.md): - AIX, Visual Studio 2015, and logging improvements. Oh my~! - ([@rvagg](https://github.com/rvagg)) - -#### DOCUMENTATION FIXES - -* [`c6942a7`](https://github.com/npm/npm/commit/c6942a7d6acb2b8c73206353bbec03380a056af4) - [#13134](https://github.com/npm/npm/pull/13134) - Fixed a few typos in `CHANGELOG.md`. - ([@watilde](https://github.com/watilde)) -* [`e63d913`](https://github.com/npm/npm/commit/e63d913127731ece56dcd69c7c0182af21be58f8) - [#13156](https://github.com/npm/npm/pull/13156) - Fix old reference to `doc/install` in a source comment. - ([@sheerun](https://github.com/sheerun)) -* [`099d23c`](https://github.com/npm/npm/commit/099d23cc8f38b524dc19a25857b2ebeca13c49d6) - [#13113](https://github.com/npm/npm/issues/13113) - [#13189](https://github.com/npm/npm/pull/13189) - Fixes a link to `npm-tag(3)` that was breaking to instead point to - `npm-dist-tag(1)`, as reported by [@SimenB](https://github.com/SimenB) - ([@macdonst](https://github.com/macdonst)) - -### v3.10.3 (2016-06-23) - -Given that we had not one, but two updates to our RC this past week, it -should come as no surprise that this week's full release is a bit -lighter. We have some documentation patches and a couple of bug fixes via -dependency updates. - -If you haven't yet checked out last week's release, -[v3.10.0](https://github.com/npm/npm/releases/tag/v3.10.0) -and the two follow up releases -[v3.10.1](https://github.com/npm/npm/releases/tag/v3.10.1) -and -[v3.10.2](https://github.com/npm/npm/releases/tag/v3.10.2), -you really should do so. They're the most important releases we've had in -quite a while, fixing a bunch of critical bugs (including an issue -impacting publishing with Node.js 6.x) and of course, bringing in the new -and improved progress bar. - -#### BUM SYMLINKS BURN NO MORE - -There's been a bug lurking where broken symlinks in your `node_modules` -folder could cause all manner of mischief, from crashes to empty `npm ls` -results. The intrepid [@watilde](https://github.com/watilde) tracked this -down for us. - -This addresses the root cause of the outdated crasher we protected -against earlier this week in -[#13115](https://github.com/npm/npm/issues/13115). - -This also fixes [#9564](https://github.com/npm/npm/issues/9564), the -problem where a bad symlink in your global modules would result in an -empty result when you ran `npm ls -g`. - -This ALSO likely fixes numerous "Missing argument #1" errors. (But surely -not all of them as that's actually just a generic arity and -type-validation failure.) - -* [`ca92ac4`](https://github.com/npm/npm/commit/ca92ac455b841a708dd89262ff88d503b125d717) - [npm/read-package-tree#6](https://github.com/npm/read-package-tree/pull/6) - `read-package-tree@5.1.5`: - Make bad symlinks be non-fatal errors when reading the tree off disk. - ([@watilde](https://github.com/watilde)) - -#### BETTER UNICODE DETECTION - -* [`6c3f7f0`](https://github.com/npm/npm/commit/6c3f7f043f09fc2aa19ffd3f956787635fa6f4d0) - `has-unicode@2.0.1`: - Fix unicode detection on a number of Linux distributions. - ([@Darkhogg](https://github.com/Darkhogg)) ([@gagern](https://github.com/gagern)) - - -#### DOCUMENTATION FIXES - -* [`b9243ee`](https://github.com/npm/npm/commit/b9243ee60a3d60505c2502dc8633811b42c8aaea) - [#13127](https://github.com/npm/npm/pull/13127) - Remove extra backtick from `npm ls` documentation. - ([@shvaikalesh](https://github.com/shvaikalesh)) -* [`e05c0c2`](https://github.com/npm/npm/commit/e05c0c243cc702f9c392c001f668a90b57eaeb0e) - [iarna/has-unicode#3](https://github.com/iarna/has-unicode/pull/3) - [iarna/has-unicode#4](https://github.com/iarna/has-unicode/pull/4) - [#13084](https://github.com/npm/npm/pull/13084) - Correct changelog entry for shrinkwrap lifecycle order. - ([@SimenB](https://github.com/SimenB)) -* [`823994f`](https://github.com/npm/npm/commit/823994f100a0e59e1dd109e312811f971968ec75) - [#13080](https://github.com/npm/npm/pull/13080) - Describe using `npm pack` to see a dry run of publication results in - the `npm publish` documentation. - ([@laughinghan](https://github.com/laughinghan)) - -#### DEPENDENCY UPDATES - -* [`e44d2db`](https://github.com/npm/npm/commit/e44d2db1ad0d860ca08e99c81135bd399fb733b1) - `aproba@1.0.4`: Documentation updates and minor refactoring. - ([@iarna](https://github.com/iarna)) - -### v3.10.2 (2016-06-17): - -This is a quick hotfix release with two small bug fixes. First, there was -an issue where the new progress bar would overwrite interactive prompts, -that is, those found in `npm login` and `npm init`. Second, if the -directory you were running `npm outdated` on was a bad link or otherwise had -unrecoverable errors then npm would crash instead of printing the error. - -* [`fbefb86`](https://github.com/npm/npm/commit/fbefb8675b26320b295f481b4872ce99f0180807) - [`7779e9f`](https://github.com/npm/npm/commit/7779e9fb9430f6547532c67f2471864d62bbd5bc) - [#13105](https://github.com/npm/npm/issues/13105) - Disable progress bar in `adduser` and `init`. -* [`6a33b2c`](https://github.com/npm/npm/commit/6a33b2c13f637a41e25cd0339925bc430b50358a) - [#13115](https://github.com/npm/npm/issues/13115) - Ensure that errors reading the package tree for `outdated` does not result - in crashes. - ([@iarna](https://github.com/iarna)) - -### v3.10.1 (2016-06-17): - -There are two very important bug fixes and one long-awaited (and significant!) -deprecation in this hotfix release. [Hold on.](http://butt.holdings/) - -#### *WHOA* - -When Node.js 6.0.0 was released, the CLI team noticed an alarming upsurge in -bugs related to important files (like `README.md`) not being included in -published packages. The new bugs looked much like -[#5082](https://github.com/npm/npm/issues/5082), which had been around in one -form or another since April, 2014. #5082 used to be a very rare (and obnoxious) -bug that the CLI team hadn't had much luck reproducing, and we'd basically -marked it down as a race condition that arose on machines using slow and / or -rotating-media-based hard drives. - -Under 6.0.0, the behavior was reliable enough to be nearly deterministic, and -made it very difficult for publishers using `.npmignore` files in combination -with `"files"` stanzas in `package.json` to get their packages onto the -registry without one or more files missing from the packed tarball. The entire -saga is contained within [the issue](https://github.com/npm/npm/issues/5082), -but the summary is that an improvement to the performance of -[`fs.realpath()`](https://nodejs.org/api/fs.html#fs_fs_realpath_path_options_callback) -made it much more likely that the packing code would lose the race. - -Fixing this has proven to be very difficult, in part because the code used by -npm to produce package tarballs is more complicated than, strictly speaking, it -needs to be. [**@evanlucas**](https://github.com/evanlucas) contributed [a -patch](https://github.com/npm/fstream/pull/50) that passed the tests in a -[special test suite](https://github.com/othiym23/eliminate-5082) that I -([**@othiym23**](https://github.com/othiym23)) created (with help from -[**@addaleax**](https://github.com/addaleax)), but only _after_ we'd released -the fixed version of that package did we learn that it actually made the -problem _worse_ in other situations in npm proper. Eventually, -[**@rvagg**](https://github.com/rvagg) put together a more durable fix that -appears to completely address the errant behavior under Node.js 6.0.0. That's -the patch included in this release. Everybody should chip in for redback -insurance for Rod and his family; he's done the community a huge favor. - -Does this mean the long (2+ year) saga of #5082 is now over? At this point, I'm -going to quote from my latest summary on the issue: - -> The CLI team (mostly me, with input from the rest of the team) has decided that -> the overall complexity of the interaction between `fstream`, `fstream-ignore`, -> `fstream-npm`, and `node-tar` has grown more convoluted than the team is -> comfortable (maybe even capable of) supporting. -> -> - While I believe that @rvagg's (very targeted) fix addresses _this_ issue, I -> would be shocked if there aren't other race conditions in npm's packing -> logic. I've already identified a couple other places in the code that are -> most likely race conditions, even if they're harder to trigger than the -> current one. -> - The way that dependency bundling is integrated leads to a situation in -> which a bunch of logic is duplicated between `fstream-npm` and -> `lib/utils/tar.js` in npm itself, and the way `fstream`'s extension -> mechanism works makes this difficult to clean up. This caused a nasty -> regression ([#13088](https://github.com/npm/fstream/pull/50), see below) as -> of ~`npm@3.8.7` where the dependencies of `bundledDependencies` were no -> longer being included in the built package tarballs. -> - The interaction between `.npmignore`, `.gitignore`, and `files` is hopelessly -> complicated, scattered in many places throughout the code. We've been -> discussing [making the ignores and includes logic clearer and more -> predictable](https://github.com/npm/npm/wiki/Files-and-Ignores), and the -> current code fights our efforts to clean that up. -> -> So, our intention is still to replace `fstream`, `fstream-ignore`, and -> `fstream-npm` with something much simpler and purpose-built. There's no real -> reason to have a stream abstraction here when a simple recursive-descent -> filesystem visitor and a synchronous function that can answer whether a given -> path should be included in the packed tarball would do the job adequately. -> -> What's not yet clear is whether we'll need to replace `node-tar` in the -> process. `node-tar` is a very robust implementation of tar (it handles, like, -> everything), and it also includes some very important tweaks to prevent several -> classes of security exploits involving maliciously crafted packages. However, -> its packing API involves passing in an `fstream` instance, so we'd either need -> to produce something that follows enough of `fstream`'s contract for `node-tar` -> to keep working, or swap `node-tar` out for something like `tar-stream` (and -> then ensuring that our use of `tar-stream` is secure, which could involve -> security patches for either npm or `tar-stream`). - -The testing and review of `fstream@1.0.10` that the team has done leads us to -believe that this bug is fixed, but I'm feeling more than a little paranoid -about fstream now, so it's important that people keep a close eye on their -publishes for a while and let us know immediately if they notice any -irregularities. - -* [`8802f6c`](https://github.com/npm/npm/commit/8802f6c152ea35cb9e5269c077c3a2f9df411afc) - [#5082](https://github.com/npm/npm/issues/5082) `fstream@1.0.10`: Ensure that - entries are collected after a paused stream resumes. - ([@rvagg](https://github.com/rvagg)) -* [`c189723`](https://github.com/npm/npm/commit/c189723110497a17dac3b0596f2916deeed93ee7) - [#5082](https://github.com/npm/npm/issues/5082) Remove the warning introduced - in `npm@3.10.0`, because it should no longer be necessary. - ([@othiym23](https://github.com/othiym23)) - -#### *ERK* - -Because the interaction between `fstream`, `fstream-ignore`, `fsream-npm`, and -`node-tar` is so complex, it's proven difficult to add support for npm features -like `bundledDependencies` without duplicating some logic within npm's code -base. While [fixing a completely unrelated -bug](https://github.com/npm/npm/issues/9642), we "cleaned up" some of this -seemingly duplicated code, and in the process removed the code that ensured -that the dependencies of `bundledDependencies` are themselves bundled. We've -brought that code back into the code base (without reopening #9642), and added -a test to ensure that this regression can't recur. - -* [`1b6ceca`](https://github.com/npm/npm/commit/1b6ceca32fc81ca7cc7ac2eb7d11f687e6f87f26) - [#13088](https://github.com/npm/npm/issues/13088) Partially restore npm's own - version of the `fstream-npm` function `applyIgnores` to ensure that the - dependencies of `bundledDependencies` are included in published packages. - ([@iarna](https://github.com/iarna)) - -#### GOODBYE, FAITHFUL FRIEND - -At NodeConf Adventure 2016 (RIP in peace, Mikeal Rogers's NodeConf!), the CLI -team had an opportunity to talk to representatives from some of the larger -companies that we knew were still using Node.js 0.8 in production. After asking -them whether they were still using 0.8, we got back blank stares and questions -like, "0.8? You mean, from four years ago?" After establishing that being able -to run npm in their legacy environments was no longer necessary, the CLI team -made the decision to drop support for 0.8. (Faithful observers of our [team -meetings](https://github.com/npm/npm/issues?utf8=%E2%9C%93&q=is%3Aissue+npm+cli+team+meeting+) -will have known this was the plan for NodeConf since the beginning of 2016.) - -In practice, this means only what's in the commit below: we've removed 0.8 from -our continuous integration test matrix below, and will no longer be habitually -testing changes under Node 0.8. We may also give ourselves permission to use -`setImmediate()` in test code. However, since the project still supports -Node.js 0.10 and 0.12, it's unlikely that patches that rely on ES 2015 -functionality will land anytime soon. - -Looking forward, the team's current plan is to drop support for Node.js 0.10 -when its LTS maintenance window expires in October, 2016, and 0.12 when its -maintenance / LTS window ends at the end of 2016. We will also drop support for -Node.js 5.x when Node.js 6 becomes LTS and Node.js 7 is released, also in the -October-December 2016 timeframe. - -(Confused about Node.js's LTS policy? [Don't -be!](https://github.com/nodejs/LTS) If you look at [this -diagram](https://github.com/nodejs/LTS/blob/ce364a94b0e0619eba570cd57be396573e1ef889/schedule.png), -it should make all of the preceding clear.) - -If, in practice, this doesn't work with distribution packagers or other -community stakeholders responsible for packaging and distributing Node.js and -npm, please reach out to us. Aligning the npm CLI's LTS policy with Node's -helps everybody minimize the amount of work they need to do, and since all of -our teams are small and very busy, this is somewhere between a necessity and -non-negotiable. - -* [`d6afd5f`](https://github.com/npm/npm/commit/d6afd5ffb1b19e5d94aeee666afcb8adaced58db) - Remove 0.8 from the Node.js testing matrix, and reorder to match real-world - priority, with comments. ([@othiym23](https://github.com/othiym23)) - -### v3.10.0 (2016-06-16): - -Do we have a release for you! We have our first new lifecycle since -`version`, a new progress bar and a bunch of bug fixes. -[I'm](https://github.com/iarna) really excited about this release, let me -tell you!! - -#### DANGER: PUBLISHING ON NODE 6.0.0 - -Publishing and packing are buggy under Node versions greater than 6.0.0. -Please use Node.js LTS (4.4.x) to publish packages. See -[#5082](https://github.com/npm/npm/issues/5082) for details and current -status. - -* [`4e52cef`](https://github.com/npm/npm/commit/4e52cef3d4170c8abab98149666ec599f8363233) - [#13077](https://github.com/npm/npm/pull/13077) - Warn when using Node 6+. - ([@othiym23](https://github.com/othiym23)) - -#### NEW LIFECYCLE SCRIPT: `shrinkwrap` - -* [`e8c80f2`](https://github.com/npm/npm/commit/e8c80f20bfd5d1618e85dbab41660d6f3e5ce405) - [#10744](https://github.com/npm/npm/issues/10744) - You can now add `preshrinkwrap`, `shrinkwrap` and `postshrinkwrap` to your `package.json` - scripts section. They are run when you run `npm shrinkwrap` or `npm install --save` with - an `npm-shrinkwrap.json` present in your module directory. - - `preshrinkwrap` and `shrinkwrap` is run prior to generating the new `npm-shrinkwrap.json` - and `postshrinkwrap` is run after. - ([@SimenB](https://github.com/SimenB)) - -#### NEW PROGRESS BAR - - - -We have a new progress bar and a bunch of related improvements! - -##### BLOCKING BLOCKING - -**!!WARNING!!** As a part of this change we now explicitly set -`process.stdout` and `process.stderr` to be _blocking_ if they are ttys, -using [set-blocking](https://www.npmjs.com/package/set-blocking). This is -necessary to ensure that we can fully erase the progress bar before we start -writing other things out to the console. - -Prior to Node.js 6.0.0, they were already blocking on Windows, and MacOS. -Meanwhile, on Linux they were always non-blocking but had large (64kb) -buffers, which largely made this a non-issue there. Starting with Node.js -6.0.0 they became non-blocking on MacOS and that caused some unexpected -issues (see [nodejs/node#6456](https://github.com/nodejs/node/issues/6456)). - -If you are a Linux user, it's plausible that this might have a performance -impact if your terminal can't keep up with output rate. If you experience -this, we want to know! Please [file an -issue](https://github.com/npm/npm/issues/new) at our issue tracker. - -##### BETTER LAYOUT - -Let's start by talking about what goes into the new progress bar: - -``` -⸨░░░░░░░░░░⠂⠂⠂⠂⠂⠂⠂⠂⸩ ⠹ loadExtraneous: verb afterAdd /Users/rebecca/.npm/null/0.0.0/package/package.json written - ↑‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾ ↑ ‾‾‾‾‾‾‾‾‾↑‾‾‾‾ ‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾↑‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾ - percent complete spinner current thing we're doing most recent log line -``` - -The _spinner_ is intended as an activity indicator–it moves whenever -npm sends something to its logs. It also spins at a constant speed while -waiting on the network. - -The _current thing we're doing_ relates to how we track how much work has -been done. It's the name of the unit of work we most recently started or -completed some of. Sometimes these names are more obvious than others and -that's something we'll look at improving over time. - -And finally, the _most recent log line_ is exactly that, it's the most -recent line that you would have seen if you were running with -`--loglevel=silly` or were watching the `npm-debug.log`. These are written -to be useful to the npm developers above all else, so they may sometimes be -a little cryptic. - -* [`6789978`](https://github.com/npm/npm/commit/6789978ab0713f67928177a9109fed43953ccbda) - [#13075](https://github.com/npm/npm/pull/13075) - `npmlog@3.1.2`: Update to the latest npmlog, which includes the new and - improved progress bar layout. - ([@iarna](https://github.com/iarna)) - -##### MORE PERFORMANT - -The underlying code for the progress bar was rewritten, in part with -performance in mind. Previously whenever you updated the progress bar it -would check an internal variable for how long it had been since the last -update and if it had been long enough, it would print out what you gave it. -With the new progress bar we do updates at a fixed interval (with -`setInterval`) and "updating" the progress bar just updates some variables -that will be used when the next tick of the progress bar happens. Currently -progress bar updates happen every 50ms, although that's open to tuning. - -##### WIDE(R) COMPATIBILITY - -I spent a lot of time working our Unicode support. There were a few issues -that plagued us: - -Previously one of the characters we used was _ambiguous width_ which means -that it was possible to configure your terminal to display it as _full -width_. If you did this, the output would be broken because we assumed it -was a _half width_ character. We no longer use any of these characters. - -Previously, we defaulted to using Unicode on Windows. This isn't a safe -assumption, however, as folks in non-US locales often use other code pages -for their terminals. Windows doesn't provide* any facility available to -Node.js for determining the current code page, so we no longer try to use -Unicode on Windows. - -_\* The facilities it does provide are a command line tool and a windows -system call. The former isn't satisfactory for speed reasons and the latter -can't be accessed from a JS-only Node.js program._ - -##### FOR THE FUTURE: THEMES - -The new version of the progress bar library supports plugable themes. Adding -support to npm shouldn't be too difficult. The built in themes are: - -* `ASCII` – The fallback theme which is always available. -* `colorASCII` – Inverts the color of the completed portion of the progress - bar. The default on Windows and usually on Linux. (Color support is - determined by looking at the `TERM` environment variable.) -* `brailleSpinner` – A braille based spinner and other unicode enhancements. MacOS only. -* `colorBrailleSpinner` – The default on MacOS, a combination of the above two. - -##### LESS GARBLED OUTPUT - -As a part of landing this I've also taken the opportunity to more -systematically disable the progress bar prior to printing to `stdout` or -running external commands (in particular: git). This should ensure that the -progress bar doesn't get left on screen after something else prints -something. We also are now much more zealous about erasing the progress bar -on exit, so if you `Ctrl-C` out of an install we'll still cleanup the -progress bar. - -* [`63f153c`](https://github.com/npm/npm/commit/63f153c743f9354376bfb9dad42bd028a320fd1f) - [#13075](https://github.com/npm/npm/pull/13075) - Consistently make sure that the progress bar is hidden before we try to - write to stdout. - ([@iarna](https://github.com/iarna)) -* [`8da79fa`](https://github.com/npm/npm/commit/8da79fa60de4972dca406887623d4e430d1609a1) - [#13075](https://github.com/npm/npm/pull/13075) - Be more methodical about disabling progress bars before running external - commands. - ([@iarna](https://github.com/iarna)) - -#### REPLACE `process.nextTick` WITH `asap` ASAP - -* [`5873b56`](https://github.com/npm/npm/commit/5873b56cb315437dfe97e747811c0b9c297bfd38) - [`254ad7e`](https://github.com/npm/npm/commit/254ad7e38f978b81046d242297fe8b122bfb5852) - [#12754](https://github.com/npm/npm/issues/12754) - Use `asap` in preference over `process.nextTick` to avoid recursion warnings. - Under the hood `asap` uses `setImmediate` when available and falls back to - `process.nextTick` when it's not. Versions of node that don't support - `setImmediate` have a version of `process.nextTick` that actually behaves - like the current `setImmediate`. - ([@lxe](https://github.com/lxe)) - -#### FIXES AND REFACTORING - -Sometimes the installer would get it into its head that it could move or -remove things that it really shouldn't have. While the reproducers for this were -often a bit complicated (the core reproducer involved five symlinks(!)), it turns -out this is an easy scenario to end up in if your project has a bunch of small -modules and you're linking them while developing them. - -Fixing this ended up involving doing an important and overdue rewrite of how -the installer keeps track of (and interrogates) the relationships between -modules. This likely fixes other related bugs, and in the coming weeks -we'll verify and close them as we find them. There are a whole slew of -commits related to this rewrite, and if you'd like to learn more check -out the PR where I describe what I did in detail: [#12775](https://github.com/npm/npm/pull/12775) - -* [`8f3e111`](https://github.com/npm/npm/commit/8f3e111fdd2ce7824864f77b04e5206bdaf961a1) - [`c0b0ed1`](https://github.com/npm/npm/commit/c0b0ed1e9945c01b2e68bf22af3fe4005aa4bcd4) - [#10800](https://github.com/npm/npm/issues/10800) - Remove install pruning stage–this was obsoleted by making the installer keep - itself up to date as it goes along. This is NOT related to `npm prune`. - ([@iarna](https://github.com/iarna)) - -#### MAKE OUTDATED MORE WIDELY LEGIBLE - -* [`21c60e9`](https://github.com/npm/npm/commit/21c60e9bb56d47da17b79681f2142b3dcf4c804b) - [#12843](https://github.com/npm/npm/pull/12843) - In `npm outdated, stop coloring the _Location_ and _Package Type_ columns. - Previously they were colored dark gray, which was hard to read for some - users. - ([@tribou](https://github.com/tribou)) - -#### DOCUMENTATION UPDATE - -* [`eb0a72e`](https://github.com/npm/npm/commit/eb0a72eb95862c1d0d41a259d138ab601d538793) - [#12983](https://github.com/npm/npm/pull/12983) - Describe how to run the lifecycle scripts of dependencies. How you do - this changed with `npm` v2. - ([@Tapppi](https://github.com/Tapppi)) - -### DEPENDENCY UPDATES - -* [`da743dc`](https://github.com/npm/npm/commit/da743dc2153fed8baca3dada611b188f53ab5931) - `which@1.2.10`: - Fix bug where unnecessary special case path handling for Windows could - produce unexpected results on Unix systems. - ([@isaacs](https://github.com/isaacs)) -* [`4533bd5`](https://github.com/npm/npm/commit/4533bd501d54aeedfec3884f4fd54e8c2edd6020) - `npm-user-validate@0.1.4`: - Validate the length of usernames. - ([@aredridel](https://github.com/aredridel)) -* [`4a18922`](https://github.com/npm/npm/commit/4a18922e56f9dc902fbb4daa8f5fafa4a1b89376) - `glob@7.0.4`: - Fixes issues with Node 6 and "long or excessively symlink-looping paths". - ([@isaacs](https://github.com/isaacs)) -* [`257fe11`](https://github.com/npm/npm/commit/257fe11052987e5cfec2abdf52392dd95a6c6ef3) - `npm-package-arg@4.2.0`: - Add `escapedName` to the result. It is suitable for passing through to a - registry without further processing. - ([@nexdrew](https://github.com/nexdrew)) -* [`dda3ca7`](https://github.com/npm/npm/commit/dda3ca70f74879106589ef29e167c8b91ef5aa4c) - `wrappy@1.0.2` - ([@zkat](https://github.com/zkat)) -* [`25f1db5`](https://github.com/npm/npm/commit/25f1db504d0fd8c97211835f0027027fe95e0ef3) - `readable-stream@2.1.4` - ([@calvinmetcalf](https://github.com/calvinmetcalf)) -* [`9d64fe6`](https://github.com/npm/npm/commit/9d64fe676ebc6949c687ffb85bd93eca3137fc0d) - `abbrev@1.0.9` - ([@isaacs](https://github.com/isaacs)) - -### v3.9.6 (2016-06-02): - -#### SMALL OUTPUT TWEAK - -* [`0bdc9d1`](https://github.com/npm/npm/commit/0bdc9d13b73df07e63a58470ea001fda490e5869) - [#12879](https://github.com/npm/npm/pull/12879) - The usage output for npm commands was somehow under the impression that - the singular form of `aliases` is `aliase`. This has been corrected to show - `alias` instead. - ([@intelliot](https://github.com/intelliot)) - -#### DOC UPDATES - -* [`f771b49`](https://github.com/npm/npm/commit/f771b49f5d65bbef540c231fbfcca71cacdce4db) - [#12933](https://github.com/npm/npm/pull/12933) - Add `config.gypi` to list of files that are always ignored in the - `package.json` manpage. - ([@Jokero](https://github.com/Jokero)) - -#### DEPENDENCY UPDATES - -* [`61c1d9c`](https://github.com/npm/npm/commit/61c1d9cd4b2296bd41d55a5c58e35ca5f028b9bc) - [#12926](https://github.com/npm/npm/pull/12926) - Removed unused dependency `lodash.isarray`. - ([@mmalecki](https://github.com/mmalecki)) -* [`168ed28`](https://github.com/npm/npm/commit/168ed2834b2c6db8bb39f81baadc0bf275807328) - [#12926](https://github.com/npm/npm/pull/12926) - Removed unused dependency `lodash.keys`. - ([@mmalecki](https://github.com/mmalecki)) - -### v3.9.5 (2016-05-27): - -Just a quick point release. We had an issue where I (Kat) included the -`.nyc_output/` directory in `npm@3.9.3` and `npm@3.9.4`. The issue got reported -right after that second release -([`#12873`](https://github.com/npm/npm/issues/12873)), and now there's this -small point release that's there to fix the issue sooner. - -* [`f96aea0`](https://github.com/npm/npm/commit/f96aea085be981cdb59bd09f16da40717426f981) - [#12878](https://github.com/npm/npm/pull/12878) - Ignore `.nyc_output` to avoid an accidental publish or commit filled with - code coverage data. - ([@TheAlphaNerd](https://github.com/TheAlphaNerd)) - -### v3.9.4 (2016-05-26): - -Hey all! It's that time again! - -This week continues our current `big-bug` squashing push, although there's none -that are ready to release quite yet -- we're working on it! - -It's also worth noting that we're entering the main part of conference season, -so you can probably expect a bit of a dev slowdown as a lot of us wombats attend -or speak at the various conferences. Remember [npm.camp](npm.camp) is happening -in 2 months and the lineup is looking pretty great! Tickets are still on sale. -Come hang out with us! WOO FUN! 🎉😸 - -#### BUGFIX - -* [`cac0038`](https://github.com/npm/npm/commit/cac0038868b18295f9f299e762e20034f32a3e11) - [#12845](https://github.com/npm/npm/pull/12845) - Progress bar during tarball packing now prints `pack:packagename` instead of - `pack:[object Object]`. - ([@iarna](https://github.com/iarna)) - -#### DOC UPDATES - -* [`0b81622`](https://github.com/npm/npm/commit/0b816225c743c9203db5d92fb4dd3a9293833298) - [#12840](https://github.com/npm/npm/pull/12840) - Remove sexualized language from comment in code. - ([@geek](https://github.com/geek)) -* [`d6dff24`](https://github.com/npm/npm/commit/d6dff2481cb587c392f22afb893ac3136371a64c) - [#12802](https://github.com/npm/npm/pull/12802) - Small grammar fix in `cli/npm.md`. - ([@andresilveira](https://github.com/andresilveira)) -* [`cb38e0f`](https://github.com/npm/npm/commit/cb38e0fff82a6c1c110026b95b07a8c32e27ec01) - [#12782](https://github.com/npm/npm/pull/12782) - Documents that `NOTICE` files started getting included after - [npm/fstream-npm#17](https://github.com/npm/fstream-npm/pull/17). - ([@SimenB](https://github.com/SimenB)) -* [`70a3ae4`](https://github.com/npm/npm/commit/70a3ae4d4ec76b3ec51f00bf5261f1147829f9fe) - [#12776](https://github.com/npm/npm/pull/12776) - `npm run-script` used to have a `<pkg>` argument that allowed you to target - specific packages' scripts. This was removed as one of the breaking changes - for `npm@2`. - This patch removes a mention of that argument, which really doesn't exist - anymore. - ([@fibo](https://github.com/fibo)) - -#### DEP UPDATES - -* [`4a4470d`](https://github.com/npm/npm/commit/4a4470ddd1d9b0b62cb94f3bff5ab6b8e6db527a) - `aproba@1.0.3` - ([@iarna](https://github.com/iarna)) - -#### TEST IMPROVEMENTS - -So it turns out, `t.comment` in `tap` is actually pretty nice! -There's also a couple other test improvements by Rebecca landing here. - -* [`9fd04dd`](https://github.com/npm/npm/commit/9fd04dd6be493465d7ac5f14dd9328e66069c1bf) - [#12851](https://github.com/npm/npm/pull/12851) - Rewrite `shrinkwrap-prod-dependency-also` test to use `common.npm` - ([@iarna](https://github.com/iarna)) -* [`3bc4a8e`](https://github.com/npm/npm/commit/3bc4a8ee58cb0e0adc84b4f135330f2b1e20d992) - [#12851](https://github.com/npm/npm/pull/12851) - Clean up `rm-linked` test. - ([@iarna](https://github.com/iarna)) -* [`bf7f7f2`](https://github.com/npm/npm/commit/bf7f7f273a794f7573bbbc84b1c216fdcd9e0ef9) - [#12851](https://github.com/npm/npm/pull/12851) - Clean up `outdated-symlink` test. - ([@iarna](https://github.com/iarna)) -* [`ca0baa4`](https://github.com/npm/npm/commit/ca0baa4dac85b1df4e26ef0c73d39314ca6858ca) - [#12851](https://github.com/npm/npm/pull/12851) - Improve diagnostics for `shrinkwrap-scoped-auth` test. - ([@iarna](https://github.com/iarna)) -* [`fbec9fd`](https://github.com/npm/npm/commit/fbec9fd5bb0abce589120d14c1f2b03b58cecce1) - [#12851](https://github.com/npm/npm/pull/12851) - Rewrite `shrinkwrap-dev-dependency` test to use `common.npm`. - ([@iarna](https://github.com/iarna)) - -### v3.9.3 (2016-05-19): - -This week continues our `big-bug` squashing adventure! Things are churning along -nicely, and we've gotten a lot of fantastic contributions from the community. -Please keep it up! - -A quick note on last week's release: We had a small `npm shrinkwrap`-related -crasher in `npm@3.9.1`, so once this release goes out, `v3.9.2` is going to be -`npm@latest`. Please update if you ended up in with that previous version! - -Remember we have a weekly team meeting, and you can [suggest agenda items in the -GitHub issue](https://github.com/npm/npm/issues/12761). Keep an eye out for the -`#npmweekly` tag on Twitter, too, and join the conversation! We'll do our best -to address questions y'all send us. ✌ - -#### FIXES - -* [`42d71be`](https://github.com/npm/npm/commit/42d71be2cec674dd9e860ad414f53184f667620d) - [#12685](https://github.com/npm/npm/pull/12685) - When using `npm ls <pkg>` without a semver specifier, `npm ls` would skip - any packages in your tree that matched by name, but had a prerelease version - in their `package.json`. This patch fixes it so `npm ls` does a simple name - match unless you use the `npm ls <pkg>@<version>` format. - ([@zkat](https://github.com/zkat)) -* [`c698ae6`](https://github.com/npm/npm/commit/c698ae666afc92fbc0fcba3c082cfa9b34a4420d) - [#12685](https://github.com/npm/npm/pull/12685) - Added some tests for more basic `npm ls` functionality. - ([@zkat](https://github.com/zkat)) - -### NOTABLE DEPENDENCY UPDATES - -* [`3a6fe23`](https://github.com/npm/npm/commit/3a6fe2373c45e80a1f28aaf176d552f6f97cf131) - [npm/fstream-npm#17](https://github.com/npm/fstream-npm/pull/17) - `fstream-npm@1.1.0`: - `fstream-npm` always includes NOTICE files now. - ([@kemitchell](https://github.com/kemitchell)) -* [`df04e05`](https://github.com/npm/npm/commit/df04e05af1f257a1903372e1baf334c0969fbdbd) - [#10013](https://github.com/npm/npm/issues/10013) - `read-package-tree@5.1.4`: - Fixes an issue where `npm install` would fail if your `node_modules` was - symlinked. - ([@iarna](https://github.com/iarna)) -* [`584676f`](https://github.com/npm/npm/commit/584676f85eaebcb9d6c4d70d2ad320be8a8d6a74) - [npm/init-package-json#62](https://github.com/npm/init-package-json/pull/62) - `init-package-json@1.9.4`: - Stop using `package` for a variable, which defeats some bundlers and linters. - ([@adius](https://github.com/adius)) -* [`935a7e3`](https://github.com/npm/npm/commit/935a7e359535e13924934811b77924cbad82619a) - `readable-stream@2.1.3`: - Node 6 build and buffer-related updates. - ([@calvinmetcalf](https://github.com/calvinmetcalf)) - -#### OTHER DEPENDENCY UPDATES - -* [`4c4609e`](https://github.com/npm/npm/commit/4c4609ea49e77303f9d72af6757620e6b3a9a6a9) - `inflight@1.0.5` - ([@zkat](https://github.com/zkat)) -* [`7a3030d`](https://github.com/npm/npm/commit/7a3030d3d44ea2136425f72950ba22e6efd441d9) - `hosted-git-info@2.1.5` - ([@zkat](https://github.com/zkat)) -* [`5ed4b58`](https://github.com/npm/npm/commit/5ed4b58409eeb134bca1c96252682fd7600d9906) - `which@1.2.9` - ([@isaacs](https://github.com/isaacs)) - -### v3.9.2 (2016-05-17) - -This is a quick patch release. The previous release, 3.9.1, introduced a -bug where npm would crash given a combination of specific package tree on -disk and a shrinkwrap. - -* [`cde367f`](https://github.com/npm/npm/commit/cde367fbb6eebc5db68a44b12a5c7bea158d70db) - [#12724](https://github.com/npm/npm/issues/12724) - Fix crasher when inflating shrinkwraps with packages on disk that were - installed by older npm versions. - ([@iarna](https://github.com/iarna)) - -### v3.9.1 (2016-05-12) - -HI all! We have bug fixes to a couple of the hairy corners of `npm`, in the -form of shrinkwraps and bundled dependencies. Plus some documentation improvements -and our lodash deps bot a bump. - -This is our first week really focused on getting the -[big bugs](https://github.com/npm/npm/issues?q=is%3Aopen+is%3Aissue+label:big-bug) -list down. Our work from this week will be landing next week, and I can't -wait to tell you about that! (It's about symlinks!) - -#### SHRINKWRAP FIX - -* [`b894413`](https://github.com/npm/npm/commit/b8944139a935680c4a267468bb2d3c3082b5609f) - [#12372](https://github.com/npm/npm/issues/12372) - Changing a nested dependency in an `npm-shrinkwrap.json` and then running `npm install` - would not get up the updated package. This corrects that. - ([@misterbyrne](https://github.com/misterbyrne)) - -#### BUNDLED DEPENDENCIES FIX - -* [`d0c6d19`](https://github.com/npm/npm/commit/d0c6d194471be8ce3e7b41b744b24f63dd1a3f6f) - [#12476](https://github.com/npm/npm/pull/12476) - Protects against a crasher when a bundled dep is missing a package.json. - ([@dflupu](https://github.com/dflupu)) - -#### DOCS IMPROVEMENTS - -* [`6699aa5`](https://github.com/npm/npm/commit/6699aa53c0a729cfc921ac1d8107c320e5a5ac95) - [#12585](https://github.com/npm/npm/pull/12585) - Document that engineStrict is quite gone. Not "deprecated" so much as "extirpated". - ([@othiym23](https://github.com/othiym23)) -* [`7a41a84`](https://github.com/npm/npm/commit/7a41a84b655be3204d2e80848278a510e42c80e7) - [#12636](https://github.com/npm/npm/pull/12636) - Improve `npm-scripts` documentation regarding when `node-gyp` is used. - ([@reconbot](https://github.com/reconbot)) -* [`4c4b4ba`](https://github.com/npm/npm/commit/4c4b4badf09b9b50cdca85314429a0111bb35cb1) - [#12586](https://github.com/npm/npm/pull/12586) - Correct `package.json` documentation as to when `node-gyp rebuild` called. - This now matches https://docs.npmjs.com/misc/scripts#default-values - ([@reconbot](https://github.com/reconbot)) - -#### DEPENDENCY UPDATES - -* [`cfa797f`](https://github.com/npm/npm/commit/cfa797fedd34696d45b61e3ae0398407afece880) - `lodash._baseuniq@4.6.0` - ([@jdalton](https://github.com/jdalton)) -* [`ab6f180`](https://github.com/npm/npm/commit/ab6f1801971b513f9294b4b8902034ab402af02d) - `lodash.keys@4.0.7` - ([@jdalton](https://github.com/jdalton)) -* [`4b8d8b6`](https://github.com/npm/npm/commit/4b8d8b63e760a8aa03e8bffa974495dfafbfcb06) - `lodash.union@4.4.0` - ([@jdalton](https://github.com/jdalton)) -* [`46099d3`](https://github.com/npm/npm/commit/46099d34542760098e5d13c7468a405a724ca407) - `lodash.uniq@4.3.0` - ([@jdalton](https://github.com/jdalton)) -* [`fff89c6`](https://github.com/npm/npm/commit/fff89c6826c86e9e789adcc9c398385539306042) - `lodash.without@4.2.0` - ([@jdalton](https://github.com/jdalton)) - -### v3.9.0 (2016-05-05) - -Wow! This is a big release week! We've completed the fixes that let the -test suite pass on Windows, plus more general bug fixes we found while -fixing things on Windows. Plus a warning to help folks work around a common -footgun. PLUS an improvement to how npm works with long cache timeouts. - -#### INFINITE CACHE A LITTLE BETTER - -* [`111ae3e`](https://github.com/npm/npm/commit/111ae3ec366ece7ebcf5988f5bc2a7cd70737dfe) - [#8581](https://github.com/npm/npm/issues/8581) - When a package is fetched from the cache which cannot satisfy the version - requirements, an attempt to fetch it from the network is made. This is - helpful for folks using high values for `--cache-min` who are willing to - accept possibly not-the-most-recent modules in return for less network - traffic. - ([@Zirak](https://github.com/Zirak)) - -#### WARNING: FOOTGUN - -* [`60b9a05`](https://github.com/npm/npm/commit/60b9a051aa46b8892fe63b3681839a6fd6642bfd) - [#12475](https://github.com/npm/npm/pull/12475) - Options can only start with ASCII dashes. Ordinarily this isn't a problem - but many web documentation tools "helpfully" convert `--` into an emdash - (–), or `-` into an endash (–). If you copy and paste from this documentation - your commands won't work the way you expect. This adds a warning that tries - to be a little more descriptive about why your command is failing. - ([@iarna](https://github.com/iarna)) - -#### WINDOWS CI - -We have [Windows CI](https://ci.appveyor.com/project/npm/npm) setup now! We still have to -tweak it a little bit around paths to the git binaries, but it's otherwise ready! - -* [`bb5d6cb`](https://github.com/npm/npm/commit/bb5d6cbf46b2609243d3b384caadd196e665a797) - [#11444](https://github.com/npm/npm/pull/11444) - Add AppVeyor to CI matrix. - ([@othiym23](https://github.com/othiym23)) - -#### COVERAGE DATA - -Not only do our tests produce coverage reports after they run now, we also -automatically [update Coveralls](https://coveralls.io/github/npm/npm) with -results from [Travis CI](travis-ci.org/npm/npm) runs. - -* [`044cbab`](https://github.com/npm/npm/commit/044cbab0d49adeeb0d9310c64fee6c9759cc7428) - [#11444](https://github.com/npm/npm/pull/11444) - Enable coverage reporting for every test run. - ([@othiym23](https://github.com/othiym23)) - -#### EVERYONE BUGS - -* [`37c6a51`](https://github.com/npm/npm/commit/37c6a51c71b0feec8f639b3199a8a9172e58deec) - [#12150](https://github.com/npm/npm/pull/12150) - Ensure that 'npm cache ls' outputs real filenames. Previously it would - sometimes double up the package name in the path it printed. - ([@isaacs](https://github.com/isaacs)) -* [`d3ce0b2`](https://github.com/npm/npm/commit/d3ce0b253eb519375071aee29db4ee129dbcdf5c) - [#11444](https://github.com/npm/npm/pull/11444) - Fix unbuilding bins for scoped modules. - ([@iarna](https://github.com/iarna)) -* [`e928a30`](https://github.com/npm/npm/commit/e928a30947477a09245f54e9381f46b97bee32d5) - [#11444](https://github.com/npm/npm/pull/11444) - Make handling of local modules (eg `npm install /path/to/my/module`) more - consistent when saved to a `package.json`. There were bugs previously where - it wouldn't consistently resolve relative paths in the same way. - ([@iarna](https://github.com/iarna)) -* [`b820ed4`](https://github.com/npm/npm/commit/b820ed4fc04e21577fa66f7c9482b5ab002e7985) - [#11444](https://github.com/npm/npm/pull/11444) - Under certain circumstances the paths produced for linking, either - relative or absolute, would end up basing off the wrong virtual cwd. - This resulted in failures for `npm link` in this situations. - ([@iarna](https://github.com/iarna)) - -#### WINDOWS BUGS - -* [`7380425`](https://github.com/npm/npm/commit/7380425d810fb8bfc69405a9cbbdec19978a7bee) - [#11444](https://github.com/npm/npm/pull/11444) - Scoped module names were not being correctly inferred from the path on Windows. - ([@zkat](https://github.com/zkat)) -* [`91fc24f`](https://github.com/npm/npm/commit/91fc24f2763c2e0591093099ffc866c735f27fde) - [#11444](https://github.com/npm/npm/pull/11444) - Explore with a command to run didn't work properly in Windows– it would pop open a new - cmd window and leave it there. - ([@iarna](https://github.com/iarna)) - -#### WINDOWS REFACTORING - -* [`f07e643`](https://github.com/npm/npm/commit/f07e6430d4ca02f811138f6140a8bad927607a1f) - [#11444](https://github.com/npm/npm/pull/11444) - Move exec path escaping out to its own function. This turns out to be - tricky to get right because how you escape commands to run on Windows via - cmd is different then how you escape them at other times. Specifically, - you HAVE to quote each directory segment that has a quote in it, that is: - `C:\"Program Files"\MyApp\MyApp.exe` By contrast, if that were an argument - to a command being run, you CAN'T DO quote it that way, instead you have - to wrap the entire path in quotes, like so: `"C:\Program - Files\MyApp\MyApp.exe"`. - ([@iarna](https://github.com/iarna)) -* [`2e01d29`](https://github.com/npm/npm/commit/2e01d299f8244134b1aa040cab1b59c72c9df4da) - [#11444](https://github.com/npm/npm/pull/11444) - Create a single function for detecting if we're running on Windows (and - using a Windows shell like cmd) and use this instead of doing it one-off - all over the place. - ([@iarna](https://github.com/iarna)) - -#### FIX WINDOWS TESTS - -As I said before, our tests are passing on Windows! 🎉 - -* [`ef0dd74`](https://github.com/npm/npm/commit/ef0dd74583be25c72343ed07d1127e4d0cc02df9) - [#11444](https://github.com/npm/npm/pull/11444) - The fruits of many weeks of labor, fix our tests to pass on Windows. - ([@zkat](https://github.com/zkat)) - ([@iarna](https://github.com/iarna)) - -#### DEPENDENCY UPDATES - -* [`8fccda8`](https://github.com/npm/npm/commit/8fccda8587209659c469ab55c608b0e2d7533530) - [#11444](https://github.com/npm/npm/pull/11444) - `normalize-git-url@3.0.2`: - Fix file URLs on Windows. - ([@zkat](https://github.com/zkat)) -* [`f53a154`](https://github.com/npm/npm/commit/f53a154df8e0696623e6a71f33e0a7c11a7555aa) - `readable-stream@2.1.2`: - When readable-stream is disabled, reuse result of `require('stream')` - instead of calling it every time. - ([@calvinmetcalf](https://github.com/calvinmetcalf)) -* [`02841cf`](https://github.com/npm/npm/commit/02841cfb81d6ba86f691ab43d9bbdac29aec27e7) - [#11444](https://github.com/npm/npm/pull/11444) - `realize-package-specifier@3.0.2`: - Resolve local package paths relative to package root, not cwd. - ([@zkat](https://github.com/zkat)) - ([@iarna](https://github.com/iarna)) -* [`247c1c5`](https://github.com/npm/npm/commit/247c1c5ae08c882c9232ca605731039168bae6ed) - [#11444](https://github.com/npm/npm/pull/11444) - `npm-package-arg@4.1.1`: - Fix Windows file URIs with leading slashes. - ([@zkat](https://github.com/zkat)) -* [`365c72b`](https://github.com/npm/npm/commit/365c72bc3ecd9e45f9649725dd635d5625219d8c) - `which@1.2.8` - ([@isaacs](https://github.com/isaacs)) -* [`e568caa`](https://github.com/npm/npm/commit/e568caabb8390a924ce1cfa51fc914ee6c1637a2) - `graceful-fs@4.1.4` - ([@isaacs](https://github.com/isaacs)) -* [`304b974`](https://github.com/npm/npm/commit/304b97434959a58f84383bcccc0357c51a4eb39a) - [#11444](https://github.com/npm/npm/pull/11444) - `standard@6.0.8` - ([@feross](https://github.com/feross)) - -### v3.8.9 (2016-04-28) - -Our biggest news this week is that we got the -[Windows test suite passing](https://github.com/npm/npm/pull/11444)! -It'll take a little longer to get it passing in our -[Windows CI](https://ci.appveyor.com/project/npm/npm/) but that's coming -soon too. - -That means we'll be shifting gears away from tests to fixing -[Big Bugs™](https://github.com/npm/npm/issues?q=is%3Aopen+is%3Aissue+label%3Abig-bug) again. -Join us at our [team meeting](https://github.com/npm/npm/issues/12517) next -Tuesday to learn more about that. - -#### BUG FIXES AND REFACTORING - -* [`60da618`](https://github.com/npm/npm/commit/60da61862885fa904afba7d121860b4282a5b0df) - [#12347](https://github.com/npm/npm/issues/12347) - Fix a bug that could result in shrinkwraps missing the `resolved` field, which is - necessary in producing a fully reproducible build. - ([@sminnee](https://github.com/sminnee)) -* [`8597ba4`](https://github.com/npm/npm/commit/8597ba432e91245a1000953b612eb01308178bad) - [#12009](https://github.com/npm/npm/issues/12009) - Fix a bug in `npm view <packagename> versions` that resulted in bad output if you - didn't also pass in `--json`. - ([@watilde](https://github.com/watilde)) -* [`20125f1`](https://github.com/npm/npm/commit/20125f19b96fd05af63f8c0bd243ffb25780279a) - [`a53feac`](https://github.com/npm/npm/commit/a53feac2647f7dc4245f1700dfbdd1aba8745672) - [`6cfbae4`](https://github.com/npm/npm/commit/6cfbae403abc3cf690565b09569f71cdd41a8372) - [#12485](https://github.com/npm/npm/pull/12485) - Refactor how the help summaries for commands are produced, such that we only have - one list of command aliases. - ([@watilde](https://github.com/watilde)) -* [`2ae210c`](https://github.com/npm/npm/commit/2ae210c76ab6fd15fcf15dc1808b01ca0b94fc9e) - `read-package-json@2.0.4`: - Fix a crash we discovered while fixing up the Windows test suite where if - you had a file in your `node_modules` it would cause a crash on Windows - (but not MacOS/Linux). - - This makes the error code you get on Windows match that from MacOS/Linux - if you try to read a `package.json` from a path that includes a file, not - a folder. - ([@zkat](https://github.com/zkat)) - -### v3.8.8 (2016-04-21) - -Hi all! Long time no see! We've been heads-down working through getting -[our test suite passing on Windows](https://github.com/npm/npm/pull/11444). -Did you know that we have -[Windows CI](https://ci.appveyor.com/project/npm/npm) now running over at -Appveyor? In the meantime, we've got a bunch of dependency updates, some -nice documentation improvements and error messages when your `package.json` -contains invalid JSON. (Yeah, I thought we did that last one before too!) - -#### BAD JSON IS BAD - -* [`769e620`](https://github.com/npm/npm/commit/769e6200722d8060b6769e47354032c51cfa85a1) - [#12406](https://github.com/npm/npm/pull/12406) - Failing to parse the top level `package.json` should be an error. - ([@watilde](https://github.com/watilde)) - -#### DOCUMENTATION - -* [`7d64301`](https://github.com/npm/npm/commit/7d643018af5051c920cc73f17bfe32b7ff86e108) - [#12415](https://github.com/npm/npm/pull/12415) - Clarify that when configuring client-side certificates for authenticating - to non-npm registries that `cert` and `key` are not filesystem paths and should - actually include the certificate and key data. - ([@rvedotrc](https://github.com/rvedotrc)) -* [`f8539b8`](https://github.com/npm/npm/commit/f8539b8c986e81771ccc8ced7e716718423d3187) - [#12324](https://github.com/npm/npm/pull/12324) - Describe how `npm run` sets `NODE` and `PATH` in more detail. - Note that `npm run` changes `PATH` to include the current node - interpreter’s directory. - ([@addaleax](https://github.com/addaleax)) -* [`2b57606`](https://github.com/npm/npm/commit/2b57606852a2c2a03e4c4b7dcda85b807619c2cf) - [#11461](https://github.com/npm/npm/pull/11461) - Clarify the documentation for the package.json homepage field. - ([@stevemao](https://github.com/stevemao)) - -#### TESTS - -* [`b5a0fbb`](https://github.com/npm/npm/commit/b5a0fbb9e1a2c4fb003dd748264571aa6e3c9e70) - [#12329](https://github.com/npm/npm/pull/12329) - Fix progress config testing to ignore local user configs. - Previously, _any_ local setting would cause the tests to fail as - they were trying to test what the default values for the progress - bar would be in different environments and any explicit setting - overrides those defaults. - ([@iarna](https://github.com/iarna)) -* [`3d195bc`](https://github.com/npm/npm/commit/3d195bc0a72b40df02a5c56e4f3be44152e8222b) - The lifecycle-signal test could crash on v0.8 due to its use of `Number.parseInt`, which - isn't available in that version of node. Fortunately `global.parseInt` _is_, so - we just use that instead. - ([@iarna](https://github.com/iarna)) - -#### DEPENDENCY UPDATES - -* [`05a28e3`](https://github.com/npm/npm/commit/05a28e38586082ac4bbf26ee6f863cc8d07054d6) - `npm-package-arg@4.1.1`: - Under some circumstances `file://` URLs on Windows were not handled correctly. - - Also, stop converting local module/tarballs into full paths in this - module. We do already do that in `realize-package-specifier`, which is - more appropriate as it knows what package we're installing relative to. - ([@zkat](https://github.com/zkat)) -* [`ada2e93`](https://github.com/npm/npm/commit/ada2e93e8b276000150a9aa93fff69ec366e03d6) - `realize-package-specifier@3.0.3`: - Require the new `npm-package-arg`, plus fix a case where specifiers that were - maybe a tag, maybe a local filename were resolved differently than those that were - definitely a local filename. - ([@zkat](https://github.com/zkat)) ([@iarna](https://github.com/iarna)) -* [`adc515b`](https://github.com/npm/npm/commit/adc515b22775871386cd62390079fb4bf8e1714a) - `fs-vacuum@1.2.9`: - A fix for AIX where a non-empty directory can cause `fs.rmDir` to fail with `EEXIST` instead of `ENOTEMPTY` - and three new tests - ([@richardlau](https://github.com/richardlau)) - - Code cleanup, CI & dependency updates. - ([@othiym23](https://github.com/othiym23)) -* [`ef53a46`](https://github.com/npm/npm/commit/ef53a46906ce872a4541b605dd42a563cc26e614) - `tap@5.7.1` - ([@isaacs](https://github.com/isaacs)) -* [`df1f2e4`](https://github.com/npm/npm/commit/df1f2e4838b4d7ea2ea2321a95ae868c0ec0a520) - `request@2.72.0`: - Fix crashes when response headers indicate gzipped content but the body is - empty. - Add support for the deflate content encoding. - ([@simov](https://github.com/simov)) -* [`776c599`](https://github.com/npm/npm/commit/776c599b204632aca9d29fd92ea5c4f099fdea9f) - `readable-stream@2.1.0`: - Adds READABLE_STREAM env var that, if set to `disable`, will make - `readable-stream` use the local native node streams instead. - ([@calvinmetcalf](https://github.com/calvinmetcalf)) -* [`10d6d55`](https://github.com/npm/npm/commit/10d6d5547354fcf50e930c7932ba4d63c0b6009c) - `normalize-git-url@3.0.2`: - Add support `git+file://` type URLs. - ([@zkat](https://github.com/zkat)) -* [`75017ae`](https://github.com/npm/npm/commit/75017aeecec69a1efd546df908aa5befc4467f36) - `lodash.union@4.3.0` - ([@jdalton](https://github.com/jdalton)) - -### v3.8.7 (2016-04-07) - -#### IMPROVED DIAGNOSTICS - -* [`38cf79f`](https://github.com/npm/npm/commit/38cf79ffa564ef5cb6677b476e06d0e45351592a) - [#12083](https://github.com/npm/npm/pull/12083) - If you `ignore-scripts` to disable lifecycles, this makes npm report when it skips running - a script. - ([@bfred-it](https://github.com/bfred-it)) - -#### IMPROVE AUTO-INCLUDES - -* [`c615182`](https://github.com/npm/npm/commit/c615182c8b47e418338eb1317b99bb66987cda54) - [#11995](https://github.com/npm/npm/pull/11995) - There were bugs where modules whose names matched the special files that npm always - includes would be included, for example, the `history` package was always included. - - With `npm@3` such extraneously bundled modules would not be ordinarily - used, as things in `node_modules` in packages are ignored entirely if the - package isn't marked as bundling modules. - - Because of this `npm@3` behavior, the `files-and-ignores` test failed to catch this as - it was testing _install output_ not what got packed. That has also been fixed. - ([@glenjamin](https://github.com/glenjamin)) - -#### DOCUMENTATION UPDATES - -* [`823d9df`](https://github.com/npm/npm/commit/823d9dfa91d7086a26620f007aee4e3cd77b6153) - [#12107](https://github.com/npm/npm/pull/12107) - In the command summary for `adduser` mention that `login` is an alias. - ([@gnerkus](https://github.com/gnerkus)) -* [`7aaf47e`](https://github.com/npm/npm/commit/7aaf47e124c45dde72c961638b770ee535fb2776) - [#12244](https://github.com/npm/npm/pull/12244) - Update the README to suggest npm@3 for Windows users. Also add a reference to - [Microsoft's npm upgrade tool](https://github.com/felixrieseberg/npm-windows-upgrade). - ([@felixrieseberg](https://github.com/felixrieseberg)) - -#### DEPENDENCY UPDATES - -* [`486bbc0`](https://github.com/npm/npm/commit/486bbc0e1b101f847e890e6f1925dc8cb253cf3e) - `request@2.70.0` - ([@simov](https://github.com/simov)) -* [`b1aff34`](https://github.com/npm/npm/commit/b1aff346fc41f13e3306b437e1831942aacf2f54) - `lodash.keys@4.0.6` - ([@jdalton](https://github.com/jdalton)) - -### v3.8.6 (2016-03-31) - -Heeeeeey y'all. - -Kat here! Rebecca's been schmoozing with folks at [Microsoft -Build](https://build.microsoft.com/), so I'm doing the `npm@3` release this -week. - -Speaking of Build, it looks like Microsoft is doing some bash thing. This might -be really good news for our Windows users once it rolls around. We're keeping an -eye out and feeling hopeful. 🙆 - -As far as the release goes: We're really happy to be getting more and more -community contributions! Keep it up! We really appreciate folks trying to help -us, and we'll do our best to help point you in the right direction. Even things -like documentation are a huge help. And remember -- you get socks for it, too! - -#### FIXES - -* [`f8fb4d8`](https://github.com/npm/npm/commit/f8fb4d83923810eb78d075bd200a9376c64c3e3a) - [#12079](https://github.com/npm/npm/pull/12079) - Back in `npm@3.2.2` we included [a patch that made it so `npm install pkg` was - basically `npm install pkg@latest` instead of - `pkg@*`](https://github.com/npm/npm/pull/9170) - This is probably what most users expected, but it also ended up [breaking `npm - deprecate`](https://github.com/npm/npm/pull/9170) when no version was provided - for a package. In that case, we were using `*` to mean "deprecate all - versions" and relying on the `pkg` -> `pkg@*` conversion. - This patch fixes `npm deprecate pkg` to work as it used to by special casing - that particular command's behavior. - ([@polm](https://github.com/polm)) -* [`458f773`](https://github.com/npm/npm/commit/458f7734f3376aba0b6ff16d34a25892f7717e40) - [#12146](https://github.com/npm/npm/pull/12146) - Adds `make doc-clean` to `prepublish` script, to clear out previously built - docs before publishing a new npm version - ([@watilde](https://github.com/watilde)) -* [`f0d1521`](https://github.com/npm/npm/commit/f0d1521038e956b2197673f36c464684293ce99d) - [#12146](https://github.com/npm/npm/pull/12146) - Adds `doc-clean` phony target to `make publish`. - ([@watilde](https://github.com/watilde)) - -#### DOC UPDATES - -* [`ea92ffc`](https://github.com/npm/npm/commit/ea92ffc9dd2a063896353fc52c104e85ec061360) - [#12147](https://github.com/npm/npm/pull/12147) - Document that the current behavior of `engines` is just to warn if the node - platform is incompatible. - ([@reconbot](https://github.com/reconbot)) -* [`cd1ba44`](https://github.com/npm/npm/commit/cd1ba4423b3ca889c741141b95b0d9472b9f71ea) - [#12143](https://github.com/npm/npm/pull/12143) - Remove `npm faq` command, since the [FAQ was - removed](https://github.com/npm/npm/pull/10547). - ([@watilde](https://github.com/watilde)) -* [`50a12cb`](https://github.com/npm/npm/commit/50a12cb1f5f158af78d6962ad20ff0a98bc18f18) - [#12143](https://github.com/npm/npm/pull/12143) - Remove references to the FAQ from the docs, since [it was - removed](https://github.com/npm/npm/pull/10547). - ([@watilde](https://github.com/watilde)) -* [`60051c2`](https://github.com/npm/npm/commit/60051c25e2ab80c667137dfcd04b242eea25980e) - [#12093](https://github.com/npm/npm/pull/12093) - Update `bugs` url in `package.json` to use the `https` URL for Github. - ([@watilde](https://github.com/watilde)) -* [`af30c37`](https://github.com/npm/npm/commit/af30c374ef22ed1a1c71b14fced7c4b8350e4e82) - [#12075](https://github.com/npm/npm/pull/12075) - Add the `--ignore-scripts` flag to the `npm install` docs. - ([@paulirish](https://github.com/paulirish)) -* [`632b214`](https://github.com/npm/npm/commit/632b214b2f2450e844410792e5947e46844612ff) - [#12063](https://github.com/npm/npm/pull/12063) - Various minor fixes to the html docs homepage. - ([@watilde](https://github.com/watilde)) - -#### DEP BUMPS - -* [`3da0171`](https://github.com/npm/npm/commit/3da01716a0e41d6b5adee2b4fc70fcaf08c0eb24) - `lodash.without@4.1.2` - ([@jdalton](https://github.com/jdalton)) -* [`69ccf6d`](https://github.com/npm/npm/commit/69ccf6dd4caf95cd0628054307487cae1885acd0) - `lodash.uniq@4.2.1` - ([@jdalton](https://github.com/jdalton)) -* [`b50c41a`](https://github.com/npm/npm/commit/b50c41a9930dc5353a23c5ae2ff87bb99e11d482) - `lodash.union@4.2.1` - ([@jdalton](https://github.com/jdalton)) -* [`59c1ad7`](https://github.com/npm/npm/commit/59c1ad7b6f243d07618ed5703bd11d787732fc57) - `lodash.clonedeep@4.3.2` - ([@jdalton](https://github.com/jdalton)) -* [`2b4f797`](https://github.com/npm/npm/commit/2b4f797dba8e7a1376c8335b7223e82d02cd8243) - `lodash._baseuniq@4.5.1` - ([@jdalton](https://github.com/jdalton)) - -### v3.8.5 (2016-03-24) - -Like my esteemed colleague [@zkat](https://github.com/zkat) said in this -week's [LTS release notes](https://github.com/npm/npm/releases/tag/v2.15.2), -this week is another small release but we are continuing to work on our -[Windows efforts](https://github.com/npm/npm/pull/11444). - -You may also be interested in reading the [LTS process and -policy](https://github.com/npm/npm/wiki/LTS) that -[@othiym23](https://github.com/othiym23) put together recently. If you have any -feedback, we would love to hear. - -#### DOCTOR IT HURTS WHEN LINK TO MY LINK - -Well then, don't do that. - -* [`0d4a0b1`](https://github.com/npm/npm/commit/0d4a0b1) - [#11442](https://github.com/npm/npm/pull/11442) - Fail if the user asks us to make a link from a module back on to itself. - ([@antialias](https://github.com/antialias)) - -#### ERR MODULE LIST TOO LONG - -* [`b271ed2`](https://github.com/npm/npm/commit/b271ed2) - [#11983](https://github.com/npm/npm/issues/11983) - Exit early if no arguments were provided to search instead of trying to display all the modules, - running out of memory, and then crashing. - ([@SimenB](https://github.com/SimenB)) - -#### ELIMINATE UNUSED MODULE - -* [`b8c7cd7`](https://github.com/npm/npm/commit/b8c7cd7) - [#12000](https://github.com/npm/npm/pull/12000) - Stop depending on [`async-some`](https://npmjs.com/package/async-some) as it's no - longer used in npm. - ([@watilde](https://github.com/watilde)) - -#### DOCUMENTATION IMPROVEMENTS - -* [`fdd6b28`](https://github.com/npm/npm/commit/fdd6b28) - [#11884](https://github.com/npm/npm/pull/11884) - Include `node_modules` in the list of files and directories that npm won't - include in packages ordinarily. (Modules listed in `bundledDependencies` and things - that those modules rely on, ARE included of course.) - ([@Jameskmonger](https://github.com/Jameskmonger)) -* [`aac15eb`](https://github.com/npm/npm/commit/aac15eb) - [#12006](https://github.com/npm/npm/pull/12006) - Fix typo in npm-orgs documentation, where teams docs went to access docs and vice versa. - ([@yaelz](https://github.com/yaelz)) - -#### FEWER NETWORK TESTS - -* [`3e41360`](https://github.com/npm/npm/commit/3e41360) - [#11987](https://github.com/npm/npm/pull/11987) - Fix test that was inappropriately hitting the network - ([@yodeyer](https://github.com/yodeyer)) - -### v3.8.4 (2016-03-24) - -Was erroneously released with just a changelog typo correction and was -otherwise the same as 3.8.3. - -### v3.8.3 (2016-03-17): - -#### SECURITY ADVISORY: BEARER TOKEN DISCLOSURE - -This release includes [the fix for a -vulnerability](https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29) -that could cause the unintentional leakage of bearer tokens. - -Here are details on this vulnerability and how it affects you. - -##### DETAILS - -Since 2014, npm’s registry has used HTTP bearer tokens to authenticate requests -from the npm’s command-line interface. A design flaw meant that the CLI was -sending these bearer tokens with _every_ request made by logged-in users, -regardless of the destination of their request. (The bearers only should have -been included for requests made against a registry or registries used for the -current install.) - -An attacker could exploit this flaw by setting up an HTTP server that could -collect authentication information, then use this authentication information to -impersonate the users whose tokens they collected. This impersonation would -allow them to do anything the compromised users could do, including publishing -new versions of packages. - -With the fixes we’ve released, the CLI will only send bearer tokens with -requests made against a registry. - -##### THINK YOU'RE AT RISK? REGENERATE YOUR TOKENS - -If you believe that your bearer token may have been leaked, [invalidate your -current npm bearer tokens](https://www.npmjs.com/settings/tokens) and rerun -`npm login` to generate new tokens. Keep in mind that this may cause continuous -integration builds in services like Travis to break, in which case you’ll need -to update the tokens in your CI server’s configuration. - -##### WILL THIS BREAK MY CURRENT SETUP? - -Maybe. - -npm’s CLI team believes that the fix won’t break any existing registry setups. -Due to the large number of registry software suites out in the wild, though, -it’s possible our change will be breaking in some cases. - -If so, please [file an issue](https://github.com/npm/npm/issues/new) describing -the software you’re using and how it broke. Our team will work with you to -mitigate the breakage. - -##### CREDIT & THANKS - -Thanks to Mitar, Will White & the team at Mapbox, Max Motovilov, and James -Taylor for reporting this vulnerability to npm. - -#### PERFORMANCE IMPROVEMENTS - -The updated [`are-we-there-yet`](https://npmjs.com/package/are-we-there-yet) -changes how it tracks how complete things are to be much more efficient. -The summary is that `are-we-there-yet` was refactored to remove an expensive -tree walk. - -The result for you should be faster installs when working with very large trees. - -Previously `are-we-there-yet` computed this when you asked by passing the request down -its tree of progress indicators, totaling up the results. In doing so, it had to walk the -entire tree of progress indicators. - -By contrast, `are-we-there-yet` now updates a running total when a change -is made, bubbling that up the tree from whatever branch made progress. This -bubbling was already going on so there was nearly no cost associated with taking advantage of it. - -* [`32f2bd0`](https://github.com/npm/npm/commit/32f2bd0e26116db253e619d67c4feae1de3ad2c2) - `npmlog@2.0.3`: - Bring in substantial performance improvements from `are-we-there-yet`. - ([@iarna](https://github.com/iarna)) - -#### DUCT TAPE FOR BUGS - -* [`473d324`](https://github.com/npm/npm/commit/473d3244a8ddfd6b260d0aa0d395b119d595bf97) - [#11947](https://github.com/npm/npm/pull/11947) - Guard against bugs that could cause the installer to crash with errors like: - - ``` - TypeError: Cannot read property 'target' of null - ``` - - This doesn't fix the bugs, but it does at least make the installer less - likely to explode. - ([@thefourtheye](https://github.com/thefourtheye)) - -#### DOC FIXES - -* [`ffa428a`](https://github.com/npm/npm/commit/ffa428a4eee482aa620819bc8df994a76fad7b0c) - [#11880](https://github.com/npm/npm/pull/11880) - Fix typo in `npm install` documentation. - ([@watilde](https://github.com/watilde)) - -#### DEPENDENCY UPDATES - -* [`7537fe1`](https://github.com/npm/npm/commit/7537fe1748c27e6f1144b279b256cd3376d5c41c) - `sorted-object@2.0.0`: - Create objects with `{}` instead of `Object.create(null)` to make the results - strictly equal to what, say, parsed JSON would provide. - ([@domenic](https://github.com/domenic)) -* [`8defb0f`](https://github.com/npm/npm/commit/8defb0f7b3ebdbe15c9ef5036052c10eda7e3161) - `readable-stream@2.0.6`: - Fix sync write issue on 0.10. - ([@calvinmetcalf](https://github.com/calvinmetcalf)) - -#### TEST FIXES FOR THE SELF TESTS - -* [`c3edeab`](https://github.com/npm/npm/commit/c3edeabece4400308264e7cf4bc4448bd2729f55) - [#11912](https://github.com/npm/npm/pull/11912) - Change the self installation test to do its work in `/tmp`. - Previously this was installing into a temp subdir in `test/tap`, which - wouldn't catch the case where a module was installed in the local - `node_modules` folder but not in dependencies, as node would look up - the tree and use the copy from the version of npm being tested. - ([@iarna](https://github.com/iarna)) - -### v3.8.2 (2016-03-10): - -#### HAVING TROUBLE INSTALLING C MODULES ON ANDROID? - -This release includes an updated `node-gyp` with fixes for Android. - -* [`634ecba`](https://github.com/npm/npm/commit/634ecba320fb5a3287e8b7debfd8b931827b9e19) - `node-gyp@3.3.1`: - Fix bug in builds for Android. - ([@bnoordhuis](https://github.com/bnoordhuis)) - -#### NPM LOGOUT CLEANS UP BETTER - -* [`460ed21`](https://github.com/npm/npm/commit/460ed217876ac78d21477c288f1c06563fb770b4) - [#10529](https://github.com/npm/npm/issues/10529) - If you ran `npm logout` with a scope, while we did invalidate your auth - token, we weren't removing the auth token from your config file. This patch causes - the auth token to be removed. - ([@wyze](https://github.com/wyze)) - -#### HELP MORE HELPFUL - -* [`d1d0233`](https://github.com/npm/npm/commit/d1d02335d297da2734b538de44d8967bdcd354cf) - [#11003](https://github.com/npm/npm/issues/11003) - Update help to only show command names and their shortcuts. Previously - some typo corrections were shown, along with various alternate - spellings. - ([@watilde](https://github.com/watilde)) -* [`47928cd`](https://github.com/npm/npm/commit/47928cd6264e1d6d0ef67435b71c66d01bea664a) - [#11003](https://github.com/npm/npm/issues/11003) - Remove "version" typo from the help listing. - ([@doug-wade](https://github.com/doug-wade)) - -#### MORE COMPLETE CONFIG LISTINGS - -* [`cf5fd40`](https://github.com/npm/npm/commit/cf5fd401494d96325d74a8bb8c326aa0045a714c) - [#11472](https://github.com/npm/npm/issues/11472) - Make `npm config list` include the per-project `.npmrc` in the output. - ([@mjomble](https://github.com/mjomble)) - -#### DEPTH LIMITED PARSEABLE DEP LISTINGS - -* [`611070f`](https://github.com/npm/npm/commit/611070f0f7a1e185c75cadae46179194084b398f) - [#11495](https://github.com/npm/npm/issues/11495) - Made `npm ls --parseable` honor the `--depth=#` option. - ([@zacdoe](https://github.com/zacdoe)) - -#### PROGRESS FOR THE (NON) UNICODE REVOLUTION - -* [`ff90382`](https://github.com/npm/npm/commit/ff9038227a1976b5e936442716d9877f43c6c9b4) - [#11781](https://github.com/npm/npm/issues/11781) - Make the progress bars honor the unicode option. - ([@watilde](https://github.com/watilde)) - -#### `npm view --json`, NOW ACTUALLY JSON - -* [`24ab70a`](https://github.com/npm/npm/commit/24ab70a4ccfeaa005b80252da313bb589510668e) - [#11808](https://github.com/npm/npm/issues/11808) - Make `npm view` produce valid JSON when requested with `--json`. - Previously `npm view` produced some sort of weird hybrid output, with multiple - JSON docs. - ([@doug-wade](https://github.com/doug-wade)) - -#### DOCUMENTATION CHANGES - -* [`6fb0499`](https://github.com/npm/npm/commit/6fb0499bea868fdc637656d210c94f051481ecd4) - [#11726](https://github.com/npm/npm/issues/11726) - Previously we patched the `npm update` docs to suggest using `--depth - Infinity` instead of `--depth 9999`, but that was a mistake. We forgot - that `npm outdated` (on which `npm update` is built) has a special - case where it treats `Infinity` as `0`. This reverts that patch. - ([@GriffinSchneider](https://github.com/GriffinSchneider)) -* [`f0bf684`](https://github.com/npm/npm/commit/f0bf684a87ea5eea03432a17f38678fed4960d43) - [#11748](https://github.com/npm/npm/pull/11748) - Document all of the various aliases for commands in the documentation - for those commands. - ([@watilde](https://github.com/watilde)) -* [`fe04443`](https://github.com/npm/npm/commit/fe04443d8988e2e41bd4047078e06a26d05d380d) - [#10968](https://github.com/npm/npm/issues/10968) - The `npm-scope` document notes that scopes have been available on the - public registry for a while. This adds that you'll need `npm@2` or later - to use them. - ([@doug-wade](https://github.com/doug-wade)) -* [`3db37a5`](https://github.com/npm/npm/commit/3db37a52b2b2e3193ef250ad2cf96dfd2def2777) - [#11820](https://github.com/npm/npm/pull/11820) - The command `npm link` should be linking package from local folder to - global, and `npm link package-name` should be from global to local. The - description in the documentation was reversed and this fixes that. - ([@rhgb](https://github.com/rhgb)) - -#### GLOB FOR THE GLOB THRONE - -* [`be55882`](https://github.com/npm/npm/commit/be55882dc4ee5ce0777b4badc9141dab5bf5be4d) - `glob@7.0.3`: - Fix a race condition and some windows edge cases. - ([@isaacs](https://github.com/isaacs)) - -### v3.8.1 (2016-03-03): - -This week the install summary got better, killing your npm process now -also kills the scripts it was running and a rarely used search flag got -documented. - -Our improvements on the test suite on Windows are beginning to pick up -steam, you can follow along by -[watching the PR](https://github.com/npm/npm/pull/11444). - -#### BETTER INSTALL SUMMARIES - -* [`e40d457`](https://github.com/npm/npm/commit/e40d4572cc98db06757df5b8bb6b7dbd0546d3d7) - [#11699](https://github.com/npm/npm/issues/11699) - Ensure that flags like `--production` passed to install don't result in - the summary at the end being incorrectly filtered. That summary is - produced by the same code as `npm ls` and therefore responds to flags - the same way it does. This is undesirable when it's an install summary, - however, as we don't want it to filter anything. - - This fixes an issue where `npm install --production <module>` would - result in npm exiting with an error code. The `--production` flag would - make `npm ls` filter out `<module>` as it wasn't saved to the - `package.json` and thus wasn't a production dependency. The install - report is limited to show just the modules installed, so with that - filtered out nothing is available. With nothing available `npm ls` - would set `npm` to exit with an error code. - ([@ixalon](https://github.com/ixalon)) -* [`99337b4`](https://github.com/npm/npm/commit/99337b469163a4b211b9c6ff1aa9712ae0d601d2) - [#11600](https://github.com/npm/npm/pull/11600) - Make the report of installed modules really only show those modules - that were installed. Previously it selected which modules from your - tree to display based on `name@version` which worked great when your - tree was deduped but would list things it hadn't touched when there - were duplicates. - ([@iarna](https://github.com/iarna)) - -#### SCRIPTS BETTER FOLLOW THE LEADER - -* [`5454347`](https://github.com/npm/npm/commit/545434766eb3681d3f40b745f9f3187ed63f310a) - [#10868](https://github.com/npm/npm/pull/10868) - When running a lifecycle script, say through `npm start`, killing npm - wouldn't forward that on to the children. It does now. - ([@daniel-pedersen](https://github.com/daniel-pedersen)) - -#### SEARCHING SPECIFIC REGISTRIES - -* [`6020447`](https://github.com/npm/npm/commit/60204479f76458a9864aa530cda2b3333f95c2b0) - [#11490](https://github.com/npm/npm/pull/11490) - Add docs for using the `--registry` flag with search. - ([@plumlee](https://github.com/plumlee)) - -#### LODASH UPDATES - -* [`bb14204`](https://github.com/npm/npm/commit/bb14204183dad620a6650452a26cdc64111f8136) - `lodash.without@4.1.1` - ([@jdalton](https://github.com/jdalton)) -* [`0089059`](https://github.com/npm/npm/commit/0089059c562aee9ad0398e55d2c12c68a6150e79) - `lodash.keys@4.0.5` - ([@jdalton](https://github.com/jdalton)) -* [`6ee1de4`](https://github.com/npm/npm/commit/6ee1de4474d9683a1f7023067d440780eeb10311) - `lodash.clonedeep@4.3.1` - ([@jdalton](https://github.com/jdalton)) - -### v3.8.0 (2016-02-25): - -This week brings a quality of life improvement for some Windows users, and -an important knob to be tuned for folks experiencing network problems. - -#### LIMIT CONCURRENT REQUESTS - -We've long known that `npm`'s tendency to try to request all your -dependencies simultaneously upset some network hardware (particular, -consumer grade routers & proxies of all sorts). One of the reasons that we're -planning to write our own npm specific version of `request` is to be able to -more easily control this sort of thing. - -But fortunately, you don't have to wait for that. -[@misterbyrne](https://github.com/misterbyrne) took a look at our existing -code and realized it could be added painlessly TODAY. The new default -maximum is `50`, instead of `Infinity`. If you're having network issues you -can try setting that value down to something lower (if you do, please let us -know... the default is subject to tuning). - -* [`910f9ac`](https://github.com/npm/npm/commit/910f9accf398466b8497952bee9f566ab50ade8c) - [`f7be667`](https://github.com/npm/npm/commit/f7be667548a132ec190ac9d60a31885a7b4fe2b3) - Add a new config option, `maxsockets` and `npm-registry-client@7.1.0` to - take advantage of it. - ([@misterbyrne](https://github.com/misterbyrne)) - -#### WINDOWS GIT BASH - -We think it's pretty keen too, we were making it really hard to actually -upgrade if you were using it. NO MORE! - -* [`d60351c`](https://github.com/npm/npm/commit/d60351ccae87d71a5f5eac73e3085c6290b52a69) - [#11524](https://github.com/npm/npm/issues/11524) - Prefer locally installed npm in Git Bash -- previous behavior was to use - the global one. This was done previously for other shells, but not for Git - Bash. - ([@destroyerofbuilds](https://github.com/destroyerofbuilds)) - -#### DOCUMENTATION IMPROVEMENTS - -* [`b63de3c`](https://github.com/npm/npm/commit/b63de3c97c4c27078944249a4d5bbe1c502c23bc) - [#11636](https://github.com/npm/npm/issues/11636) - Document `--save-bundle` option in main install page. - ([@datyayu](https://github.com/datyayu)) -* [`3d26453`](https://github.com/npm/npm/commit/3d264532d6d9df60420e985334aebb53c668d32b) - [#11644](https://github.com/npm/npm/pull/11644) - Add `directories.test` to the `package.json` documentation. - ([@lewiscowper](https://github.com/lewiscowper)) -* [`b64d124`](https://github.com/npm/npm/commit/b64d12432fdad344199b678d700306340d3607eb) - [#11441](https://github.com/npm/npm/pull/11441) - Add a link in documentation to the contribution guidelines. - ([@watilde](https://github.com/watilde)) -* [`82fc548`](https://github.com/npm/npm/commit/82fc548b0e2abbdc4f7968c20b118c30cca79a24) - [#11441](https://github.com/npm/npm/pull/11441/commits) - Remove mentions of the long defunct Google group. - ([@watilde](https://github.com/watilde)) -* [`c6ad091`](https://github.com/npm/npm/commit/c6ad09131af2e2766d6034257a8fcaa294184121) - [#11474](https://github.com/npm/npm/pull/11474) - Correct invalid JSON in npm-update docs. - ([@robludwig](https://github.com/robludwig)) -* [`4906c90`](https://github.com/npm/npm/commit/4906c90ed2668adf59ebee759c7ebb811aa46e57) - Expand on the documentation for `bundlededDependencies`, explaining what they are - and when you might want to use them. - ([@gnerkus](https://github.com/gnerkus)) - -#### DEPENDENCY UPDATES - -* [`93cdc25`](https://github.com/npm/npm/commit/93cdc25432b71cbc9c25c54ae316770e18f4b01e) - `strip-ansi@3.0.1`: - Non-user visible tests & maintainer doc updates. - ([@jbnicolai](https://github.com/jbnicolai)) -* [`3b2ccef`](https://github.com/npm/npm/commit/3b2ccef30dc2038b99ba93cd1404a1d01dac8790) - `lodash.keys@4.0.4` - ([@jdalton](https://github.com/jdalton)) -* [`30e9eb9`](https://github.com/npm/npm/commit/30e9eb97397a8f85081d328ea9aa54c2a7852613) - `lodash._baseuniq@4.5.0` - ([@jdalton](https://github.com/jdalton)) - - -### v3.7.5 (2016-02-22): - -A quick fixup release because when I updated glob, I missed the subdep copies of itself -that it installed deeper in the tree. =/ - -This only effected people trying to update to `3.7.4` from `npm@2` or `npm@1`. Updates from -`npm@3` worked fine (as it fixes up the missing subdeps during installation). - -#### OH MY GLOB - -* [`63fa704`](https://github.com/npm/npm/commit/63fa7044569127e6e29510dc499a865189806076) - [#11633](https://github.com/npm/npm/issues/11633) - When updating the top level `npm` to `glob@7`, the subdeps that - still depended on `glob@6` got new versions installed but they - weren't added to the commit. This adds them back in. - ([@iarna](https://github.com/iarna)) - -### v3.7.4 (2016-02-18): - -I'm ([@iarna](https://github.com/iarna)) back from vacation in the frozen -wastes of Maine! This release sees a couple of bug fixes, some -documentation updates, a bunch of dependency updates and improvements to our -test suite. - -#### FIXES FOR `update`, FIXES FOR `ls` - -* [`53cdb96`](https://github.com/npm/npm/commit/53cdb96634fc329378b4ea4e767ba9987986a76e) - [#11362](https://github.com/npm/npm/issues/11362) - Make `npm update` stop trying to update linked packages. - ([@rhendric](https://github.com/rhendric)) -* [`8d90d25`](https://github.com/npm/npm/commit/8d90d25b3da086843ce43911329c9572bd109078) - [#11559](https://github.com/npm/npm/issues/11559) - Only list runtime dependencies when doing `npm ls --production`. - ([@yibn2008](https://github.com/yibn2008)) - -#### @wyze, DOCUMENTATION HERO OF THE PEOPLE, GETS THEIR OWN HEADER - -* [`b78b301`](https://github.com/npm/npm/commit/b78b30171038ab737eff0b070281277e35af25b4) - [#11416](https://github.com/npm/npm/pull/11416) - Logout docs were using a section copy-pasted from the adduser docs. - ([@wyze](https://github.com/wyze)) -* [`649e28f`](https://github.com/npm/npm/commit/649e28f50aa323e75202eeedb824434535a0a4a0) - [#11414](https://github.com/npm/npm/pull/11414) - Add colon for consistency. - ([@wyze](https://github.com/wyze)) - -#### WHITTLING AWAY AT PATH LENGTHS - -So for all of you who don't know -- Node.js does, in fact, support long Windows -paths. Unfortunately, depending on the tool and the Windows version, a lot of -external tooling does not. This means, for example, that some (all?) versions of -Windows Explorer *can literally never delete npm from their system entirely -because of deeply-nested npm dependencies*. Which is pretty gnarly. - -Incidentally, if you run into that in particularly, you can use -[rimraf](npm.im/rimraf) to remove such files 💁. - -The latest victim of this issue was the Node.js CI setup for testing on Windows, -which uses some tooling or another that croaks on the usual path length limit -for that OS: 255 characters. - -This isn't ordinarily an issue with `npm@3` as it produces mostly flat -trees, but you may be surprised to learn that `npm`'s own distribution isn't -flat, due to needing to be compatible with `npm@1.2`, which ships with -`node@0.8`! - -We've taken another baby step towards alleviating this in this release by -updating a couple of dependencies that were preventing `npmlog` from deduping, -and then doing a dedupe on that and `gauge`. Hopefully it helps. - -* [`f3c32bc`](https://github.com/npm/npm/commit/f3c32bc3127301741d2fa3a26be6f5f127a35908) - [#11528](https://github.com/npm/npm/pull/11528) - `node-gyp@3.3.0`: - Update to a more recent version that uses a version of npmlog compatible - with npm itself. Also adds: AIX support, new `gyp`, `--cafile` command - line option, and allows configuration of Node.js and io.js mirrors. - ([@rvagg](https://github.com/rvagg)) - -#### INTERNAL TEST IMPROVEMENTS - -The `npm` core team's time recently has been sunk into `npm`'s many years of -tech debt. Specifically, we've been working on improving the test suite. -This isn't user visible, but in future should mean a more stable, easier to -contribute to `npm`. Ordinarily we don't report these kinds of changes in -the change log, but I thought I might share this week as this chunk is -bigger than usual. - -* [`07f020a`](https://github.com/npm/npm/commit/07f020a09e94ae393c67526985444e128ef6f83c) - [#11292](https://github.com/npm/npm/pull/11292) - `tacks@1.0.9`: - Add a package that provides a tool to generate fixtures from folders and, relatedly, - a module that an create and tear down filesystem fixtures easily. - ([@iarna](https://github.com/iarna)) -* [`0837346`](https://github.com/npm/npm/commit/083734631f9b11b17c08bca8ba8cb736a7b1e3fb) - [#11292](https://github.com/npm/npm/pull/11292) - Remove all the relatively cryptic legacy tests and creates new tap tests - that check the same functionality. The *legacy* tests were tests that - were originally a shell script that was ported to javascript early in - `npm`'s history. - ([@iarna](https://github.com/iarna)) - ([@zkat](https://github.com/zkat)) -* [`5a701e7`](https://github.com/npm/npm/commit/5a701e71a0130787fb98450f9de92117b4ef88e1) - [#11292](https://github.com/npm/npm/pull/11292) - Test that we don't leak auth info into the environment. - ([@zkat](https://github.com/zkat)) -* [`502d7d0`](https://github.com/npm/npm/commit/502d7d0628f08b09d8d13538ebccc63de8b3edf5) - [#11292](https://github.com/npm/npm/pull/11292) - Test that env vars properly passed into scripts. - ([@zkat](https://github.com/zkat)) -* [`420f267`](https://github.com/npm/npm/commit/420f2672ee8c909f18bee10b1fc7d4ad91cf328b) - [#11292](https://github.com/npm/npm/pull/11292) - Test that npm's distribution binary is complete and can be installed and used. - ([@iarna](https://github.com/iarna)) -* [`b7e99be`](https://github.com/npm/npm/commit/b7e99be1b1086f2d6098c653c1e20791269c9177) - [#11292](https://github.com/npm/npm/pull/11292) - Test that the `package.json` `files` section and `.npmignore` do what - they're supposed to. - ([@zkat](https://github.com/zkat)) - -#### DEPENDENCY UPDATES - -* [`4611098`](https://github.com/npm/npm/commit/4611098fd8c65d61a0645deb05bf38c81300ffca) - `rimraf@2.5.2`: - Use `glob@7.0.0`. - ([@isaacs](https://github.com/isaacs)) -* [`41b2772`](https://github.com/npm/npm/commit/41b2772cb83627f3b5b926cf81e150e7148cb124) - `glob@7.0.0`: - Raise error if `options.cwd` is specified, and not a directory. - ([@isaacs](https://github.com/isaacs)) -* [`c14e74a`](https://github.com/npm/npm/commit/c14e74ab5d17c764f3aa37123a9632fa965f8760) - `gauge@1.2.7`: Update to newer lodash versions, for a smaller tree. - ([@iarna](https://github.com/iarna)) -* [`d629363`](https://github.com/npm/npm/commit/d6293630ddc25bfa26d19b6be4fd2685976d7358) - `lodash.without@4.1.0` - ([@jdalton](https://github.com/jdalton)) -* [`3ea4c80`](https://github.com/npm/npm/commit/3ea4c8049ca8df9f64426b1db8a29b9579950134) - `lodash.uniq@4.2.0` - ([@jdalton](https://github.com/jdalton)) -* [`8ddcc8d`](https://github.com/npm/npm/commit/8ddcc8deb554660a3f7f474fae9758c967d94552) - `lodash.union@4.2.0` - ([@jdalton](https://github.com/jdalton)) -* [`2b656a6`](https://github.com/npm/npm/commit/2b656a672d351f32ee2af24dcee528356dcd64f4) - `lodash.keys@4.0.3` - ([@jdalton](https://github.com/jdalton)) -* [`ac171f8`](https://github.com/npm/npm/commit/ac171f8f0318a7dd3c515f3b83502dfa9e87adb8) - `lodash.isarguments@3.0.7` - ([@jdalton](https://github.com/jdalton)) -* [`bcccd90`](https://github.com/npm/npm/commit/bcccd9057b75d800c799ab15f00924f700415d3e) - `lodash.clonedeep@4.3.0` - ([@jdalton](https://github.com/jdalton)) -* [`8165bca`](https://github.com/npm/npm/commit/8165bca537d86305a3d08f080f86223a26615aa8) - `lodash._baseuniq@4.4.0` - ([@jdalton](https://github.com/jdalton)) - -### v3.7.3 (2016-02-11): - -Hey all! We've got a pretty small release this week -- just documentation -updates and a couple of dependencies. This release also includes a particular -dependency upgrade that makes it so we're exclusively using the latest version -of `graceful-fs`, which'll make it so things keep working with future Node.js -releases. - -A certain internal Node.js API was deprecated and slated for future removal from -Node Core. This API was critical for versions of `graceful-fs@<4`, before a -different approach was used to achieve similar ends. By upgrading this library, -and making sure all our dependencies are also updated, we've ensured npm will -continue to work once the API is finally removed. Older versions of npm, on the -other hand, will simply not work on future versions of Node.js. - -#### DEPENDENCY UPGRADES - -* [`29536f4`](https://github.com/npm/npm/commit/29536f42da6c06091c9acbc8952f72daa8a9412c) - `cmd-shim@2.0.2`: - Final straggler using `graceful-fs@<4`. - ([@ForbesLindesay](https://github.com/ForbesLindesay)) -* [`5f59e74`](https://github.com/npm/npm/commit/5f59e748ef4c066756bb204a452cecd0543c7a2f) - `lodash.uniq@4.1.0` - ([@jdalton](https://github.com/jdalton)) -* [`987cabe`](https://github.com/npm/npm/commit/987cabe8a18abcb5a685685958bf74c7258a979c) - `lodash.union@4.1.0` - ([@jdalton](https://github.com/jdalton)) -* [`5c641f0`](https://github.com/npm/npm/commit/5c641f05fdc153c6bb06a89c46fe2a345ce413db) - `lodash.clonedeep@4.1.0` - ([@jdalton](https://github.com/jdalton)) - -#### EVERYONE GETTING SOCKS LIKE IT'S OPRAH'S SHOW - -* [`9ea5658`](https://github.com/npm/npm/commit/9ea56582ca4d0991dbed44f992c88f08a643cb4b) - [#11410](https://github.com/npm/npm/pull/11410) - Fixed a small spelling error in `npm-config.md`. - ([@pra85](https://github.com/pra85)) -* [`2a11e56`](https://github.com/npm/npm/commit/2a11e562a14bce18b6ddca6c20d17f97b6a8ec2f) - [#11403](https://github.com/npm/npm/pull/11403) - Removes `--depth Infinity` warning from documentation -- this operation should - actually be totally safe as of `npm@3`. (The warning remains for `npm@2`.) - ([@Aourin](https://github.com/Aourin)) -* [`42a4727`](https://github.com/npm/npm/commit/42a4727bfb1e21c890b8e2babda55e06ac2bda29) - [#11391](https://github.com/npm/npm/pull/11391) - Fixed versions of `shrinkwrap.json` in examples in documentation for `npm - shrinkwrap`, which did not quite match up. - ([@xcatliu](https://github.com/xcatliu)) - -### v3.7.2 (2016-02-04): - -This week, the CLI team has been busy working on rewriting tests to support -getting coverage reports going and running all of our tests on Windows. -Meanwhile, we've got a bunch of dependency updates and one or two other -things. - -#### TESTS WENT INTO HIDING - -Last week we took a patch from [@substack](https://github.com/substack) to -stop the installer from reordering arrays in an installed module's -`package.json`... but somehow I dropped the test when I was rebasing. - -* [`21b9271`](https://github.com/npm/npm/commit/21b927182514a0ff6d9f34480bfc39f72e3e9f8c) - [#10063](https://github.com/npm/npm/issues/10063) - Restore test that verifies that we don't re-order arrays in a module's - `package.json` on install. - ([@substack](https://github.com/substack)) - -#### DOCUMENTATION FIXES - -* [`c67521d`](https://github.com/npm/npm/commit/c67521dc6c1e41d39d02c74105e41442851d23bb) - [#11348](https://github.com/npm/npm/pull/11348) - Improve the documentation around which files are ALWAYS included in published packages - and which are ALWAYS excluded. - ([@jscissr](https://github.com/jscissr)) -* [`7ef6793`](https://github.com/npm/npm/commit/7ef6793cd191cc8d88340f7e1ce9c9e3d6f0b2f4) - [#11348](https://github.com/npm/npm/pull/11348) - The release date on the 3.7.0 changelog entry was wrong. I honestly don't - know how I keep doing this. =D - ([@rafek](https://github.com/rafek)) - -#### DEPENDENCY UPDATES - -* [`8a3c80c`](https://github.com/npm/npm/commit/8a3c80c4fd3d82fe937f30bc7cbd3dee51a8a893) - `graceful-fs@4.1.3`: - Fix a bug where close wasn't getting made graceful. - ([@isaacs](https://github.com/isaacs)) - -`lodash` saw updates across most of its modules this week with browser -campatibility fixes that don't really impact us. - -* [`2df342b`](https://github.com/npm/npm/commit/2df342bf30efa99b98016acc8a5dc03e00b58b9c) - `lodash.without@4.0.2` - ([@jdalton](https://github.com/jdalton)) -* [`86aa91d`](https://github.com/npm/npm/commit/86aa91dce60f6b6a92bb3ba2bf6e6be1f6afc750) - `lodash.uniq@4.0.2` - ([@jdalton](https://github.com/jdalton)) -* [`0a94bf6`](https://github.com/npm/npm/commit/0a94bf6af0ebd38d080f92257e0cd9bae40b31ff) - `lodash.union@4.0.2` - ([@jdalton](https://github.com/jdalton)) -* [`b4c9582`](https://github.com/npm/npm/commit/b4c9582b4ef5991f3d155e0c6142ed1c631860af) - `lodash.isarguments@3.0.6` - ([@jdalton](https://github.com/jdalton)) -* [`efe766c`](https://github.com/npm/npm/commit/efe766c63c0948a4ae4c0d12f2b834629ab86e92) - `lodash.keys@4.0.2`: Minor code cleanup and the above. - ([@jdalton](https://github.com/jdalton)) -* [`36abb24`](https://github.com/npm/npm/commit/36abb24ef31017adbf325e7f833d5d4b0f03f5d4) - `lodash.clonedeep@4.0.4`: - Add support for cloning prototype objects and the above. - ([@jdalton](https://github.com/jdalton)) - -### v3.7.1 (2016-02-01): - -Super quick Monday patch on last week's release. - -If you ever wondered why we release things to the `npm@next` tag for a week -before promoting them to `npm@latest`, this is it! - -#### RELEASE TRAIN VINDICATED (again) - -* [`adcaf04`](adcaf047811dcc475ab1984fc93fe34540fc03d7) - [#11349](https://github.com/npm/npm/issues/11349) - Revert last weeks change to use JSON clone instead of `lodash.cloneDeep`. - ([@iarna](https://github.com/iarna)) - -### v3.7.0 (2016-01-29): - -Hi all! This week brings us some important performance improvements, -support for git submodules(!) and a bunch of bug fixes. - -#### PERFORMANCE - -`gauge`, the module responsible for drawing `npm`'s progress bars, had an -embarrassing bug in its debounce implementation that resulted in it, on many -systems, actually being _slower_ than if it hadn't been debouncing. This was -due to it destroying and then creating a timer object any time it got an -update while waiting on its minimum update period to elapse. This only was -a measurable slowdown when sending thousands of updates a second, but -unfortunately parts of `npm`'s logging do exactly that. This has been patched -to eliminate that churn, and our testing shows the progress bar as being -eliminated as a source of slow down. - -Meanwhile, `are-we-there-yet` is the module that tracks just how complete -our big asynchronous install process is. [@STRML](https://github.com/STRML) -spent some time auditing its source and made a few smaller performance -improvements to it. Most impactful was eliminating a bizarre bit of code -that was both binding to AND closing over the current object. I don't have -any explanation for how that crept in. =D - -* [`c680fa9`](https://github.com/npm/npm/commit/c680fa9f8135759eb5512f4b86e47fa265733f79) - `npmlog@2.0.2`: New `are-we-there-yet` with performance patches from - [@STRML](https://github.com/STRML). New `gauge` with timer churn - performance patch. - ([@iarna](https://github.com/iarna)) - -We were also using `lodash`'s `cloneDeep` on `package.json` data which is -definitely overkill, seeing as `package.json` data has all the restrictions -of being `json`. The fix for this is just swapping that out for something -that does a pair of `JSON.stringify`/`JSON.parse`, which is distinctly more -speedy. - -* [`1d1ea7e`](https://github.com/npm/npm/commit/1d1ea7eeb958034878eb6573149aeecc686888d3) - [#11306](https://github.com/npm/npm/pull/11306) - Use JSON clone instead of `lodash.cloneDeep`. - ([@STRML](https://github.com/STRML)) - -#### NEW FEATURE: GIT SUBMODULE SUPPORT - -Long, long requested– the referenced issue is from 2011– we're finally -getting rudimentary git submodule support. - -* [`39dea9c`](https://github.com/npm/npm/commit/39dea9ca4216c6ea628f5ca47d2b34a4b251a1ed) - [#1876](https://github.com/npm/npm/issues/1876) - Add support for git submodules in git remotes. This is a fairly simple - approach, which does not leverage the git caching mechanism to cache - submodules. It also doesn't provide a means to disable automatic - initialization, e.g. via a setting in the `.gitmodules` file. - ([@gagern](https://github.com/gagern)) - -#### ROBUSTNESS - -* [`5dec02a`](https://github.com/npm/npm/commit/5dec02a3d0e82202c021e27aff9d006283fdc25a) - [#10347](https://github.com/npm/npm/issues/10347) - There is an obscure feature that lets you monkey-patch npm when it starts - up. If the module being required with this feature failed, it would - previously just make `npm` error out– this reduces that to a warning. - ([@evanlucas](https://github.com/evanlucas)) - -#### BUG FIXES - -* [`9ab8b8d`](https://github.com/npm/npm/commit/9ab8b8d047792612ae7f9a6079745d51d5283a53) - [#10820](https://github.com/npm/npm/issues/10820) - Fix a bug with `npm ls` where if you asked for ONLY production dependencies in output - it would exclude dependencies that were BOTH production AND development dependencies. - ([@davidvgalbraith](https://github.com/davidvgalbraith)) -* [`6803fed`](https://github.com/npm/npm/commit/6803fedadb8f9b36cd85f7338ecf75d1d183c833) - [#8982](https://github.com/npm/npm/issues/8982) - Fix a bug where, under some circumstances, if you had a path that - contained the name of a package being installed somewhere in it, `npm` - would incorrectly refuse to run lifecycle scripts. - ([@elvanja](https://github.com/elvanja)) -* [`3eae40b`](https://github.com/npm/npm/commit/3eae40b7a681aa067dfe4fea8c9a76da5b508b48) - [#9253](https://github.com/npm/npm/issues/9253) - Fix a bug where, when running lifecycle scripts, if the Node.js binary you ran - `npm` with wasn't in your `PATH`, `npm` wouldn't use it to run your scripts. - ([@segrey](https://github.com/segrey)) -* [`61daa6a`](https://github.com/npm/npm/commit/61daa6ae8cbc041d3a0d8a6f8f268b47dd8176eb) - [#11014](https://github.com/npm/npm/issues/11014) - Fix a bug where running `rimraf node_modules/<package>` followed by `npm - rm --save <package>` would fail. `npm` now correctly removes the module - from your `package.json` even though it doesn't exist on disk. - ([@davidvgalbraith](https://github.com/davidvgalbraith)) -* [`a605586`](https://github.com/npm/npm/commit/a605586df134ee97c95f89c4b4bd6bc73f7aa439) - [#9679](https://github.com/npm/npm/issues/9679) - Fix a bug where `npm install --save git+https://…` would save a `https://` - url to your `package.json` which was a problem because `npm` wouldn't then - know that it was a git repo. - ([@gagern](https://github.com/gagern)) -* [`bbdc700`](https://github.com/npm/npm/commit/bbdc70024467c365cc4e06b8410947c04b6f145b) - [#10063](https://github.com/npm/npm/issues/10063) - Fix a bug where `npm` would change the order of array properties in the - `package.json` files of dependencies. `npm` adds a bunch of stuff to - `package.json` files in your `node_modules` folder for debugging and - bookkeeping purposes. As a part of this process it sorts the object to - reduce file churn when it does updates. This fixes a bug where the arrays - in the object were also getting sorted. This wasn't a problem for - properties that `npm` itself maintains, but _is_ a problem for properties - used by other packages. - ([@substack](https://github.com/substack)) - -#### DOCS IMPROVEMENTS - -* [`2609a29`](https://github.com/npm/npm/commit/2609a2950704f577ac888668e81ba514568fab44) - [#11273](https://github.com/npm/npm/pull/11273) - Include an example of viewing package version history in the `npm view` documentation. - ([@vedatmahir](https://github.com/vedatmahir)) -* [`719ea9c`](https://github.com/npm/npm/commit/719ea9c45a5c3233f3afde043b89824aad2df0a7) - [#11272](https://github.com/npm/npm/pull/11272) - Fix typographical issue in `npm update` documentation. - ([@jonathanp](https://github.com/jonathanp)) -* [`cb9df5a`](https://github.com/npm/npm/commit/cb9df5a37091e06071d8704b629e7ebaa41c37fe) - [#11215](https://github.com/npm/npm/pull/11215) - Do not call `SEE LICENSE IN <filename>` an _SPDX expression_, as it's not. - ([@kemitchell](https://github.com/kemitchell)) -* [`f427934`](https://github.com/npm/npm/commit/f4279346c368da4bca09385f773e8eed1d389e5e) - [#11196](https://github.com/npm/npm/pull/11196) - Correct the `package.json` examples in the `npm update` documentation to actually be - valid JSON and not just JavaScript object literals. - ([@s100](https://github.com/s100)) - -#### DEPENDENCY UPDATES - -* [`a7b2407`](https://github.com/npm/npm/commit/a7b24074cb59a1ab17c0d8eff1498047e6a123e5) - `retry@0.9.0`: New features and interface agnostic refactoring. - ([@tim-kos](https://github.com/tim-kos)) -* [`220fc77`](https://github.com/npm/npm/commit/220fc7702ae3e5d601dfefd3e95c14e9b32327de) - `request@2.69.0`: - A bunch of small bug fixes and module updates. - ([@simov](https://github.com/simov)) -* [`9e5c84f`](https://github.com/npm/npm/commit/9e5c84f1903748897e54f8ff099729ff744eab0f) - `which@1.2.4`: - Update `isexe` and fix bug in `pathExt`, in which files without extensions - would sometimes be preferred to files with extensions on Windows, even though - those without extensions aren't executable. - `pathExt` is a list of extensions that are considered executable (exe, cmd, - bat, com on Windows). - ([@isaacs](https://github.com/isaacs)) -* [`375b9c4`](https://github.com/npm/npm/commit/375b9c42fe0c6de47ac2f92527354b2ea79b7968) - `rimraf@2.5.1`: Minor doc formatting fixes. - ([@isaacs](https://github.com/isaacs)) -* [`ef1971e`](https://github.com/npm/npm/commit/ef1971e6270c2bc72e6392b51a8b84f52708f7e7) - `lodash.clonedeep@4.0.2`: - Misc minor code cleanup. No functional changes. - ([@jdalton](https://github.com/jdalton)) - -### v3.6.0 (2016-01-20): - -Hi all! This is a bigger release, in part 'cause we didn't have one last -week. The most important thing you need to know is that when `npm@3.6.0` replaces -`npm@3.5.4` as `next`, `npm@3.5.4` WILL NOT be moved on to `latest`. This is due to -a packaging error that tickles bugs in some earlier releases and makes upgrades to it -from those versions break the install. - -#### NEW FEATURES‼ - -* [`ff504d4`](https://github.com/npm/npm/commit/ff504d449ea1fa996cbb02c8078964643c51e5f6) - [#8752](https://github.com/npm/npm/issues/8752) - In `npm outdated`, report symlinked packages as having a wanted & latest - version of `linked`. - ([@halhenke](https://github.com/halhenke)) -* [`f44d8c9`](https://github.com/npm/npm/commit/f44d8c9a3940f7041f8136f8754a54b13f1f9d60) - [#10775](https://github.com/npm/npm/issues/10775) - Add a success message to `adduser` / `login`. - ([@ekmartin](https://github.com/ekmartin)) -* [`3109303`](https://github.com/npm/npm/commit/310930395c9bf1577cf085b9742210bfc71bb019) - [#10043](https://github.com/npm/npm/pull/10043) - Warn if you try to use `npm run x` if you don't have a `node_modules` folder, since - whatever you're trying to do _probably_ won't work. - ([@timkrins](https://github.com/timkrins)) - -* [`9ed2849`](https://github.com/npm/npm/commit/9ed2849cd7e8cc97111dca42a940905284afe55d) - [`e9f1ad8`](https://github.com/npm/npm/commit/e9f1ad88ce58ecd111811e11afa52ac19fc8696e) - [`f10d300`](https://github.com/npm/npm/commit/f10d300e5effa7a5756c8d461eef284c283a41d1) - [`8b593d8`](https://github.com/npm/npm/commit/8b593d8d187d6ac85d2a59cbe647afb5516c1b94) - [#10717](https://github.com/npm/npm/pull/10717) - `npm version` can now take a `from-git` argument, which instructs `npm` to read the - version from git and update your `package.json` to what it finds. This is in contrast - to its normal use where `npm` _tells_ git about your new version. - ([@ekmartin](https://github.com/ekmartin)) - -#### 3.5.4 WAS NOT SO GREAT - -The `npm@3.5.4` package was missing some dependencies. Specifically, `glob` -and `has-unicode` had major release updates which meant that subdeps that -relied on older major versions couldn't use the npm supplied versions any -more, and so they needed their own copies. - -This went undetected because the actions necessary to run the tests (which -check for this sort of thing) resolved the missing modules. - -Further, it didn't have symptoms when upgrading from _most_ versions of npm. -Unfortunately, some versions had bugs that were tickled by this and resulted -in broken upgrades, most notably, `npm@3.3.12`, the version that's been in -Node.js 5. - -* [`1d3325c`](https://github.com/npm/npm/commit/1d3325c040621a4792db80fb232f4994b9d5c5f2) - [`02611c6`](https://github.com/npm/npm/commit/02611c673a4d2bbe8fcef8d48407768da31c90d2) - [`39d5fea`](https://github.com/npm/npm/commit/39d5feadefdde38d75a18f23343bc6ec37153638) - [`7d0e830`](https://github.com/npm/npm/commit/7d0e830f26c73b9d9277b29949227ba9cca27fd9) - [#11129](https://github.com/npm/npm/pull/11129) - Update the underlying dependencies to allow use for the new versions of - `glob` and `has-unicode`. - ([@iarna](https://github.com/iarna)) - -#### WHEN MISSING PATHS ARE OK - -* [`bb638fa`](https://github.com/npm/npm/commit/bb638fa4f48d24d2c9935861d5d751c5621eea49) - [#11212](https://github.com/npm/npm/pull/11212) - When trying to determine if a file was controlled by npm before going to - remove it, we check to see if it is inside any of a list of paths that npm - considers to be under its control. Not all of those paths always exist - (and that's ok!) Previously we were calling it a failure to match if ANY - of them didn't exist. We now only do so if NONE of them exist. If some - do, then we do our usual checks on them. - - This showed up as an error where you would see something like: - ``` - npm warn gentlyRm not removing /path/to/thing as it wasn't installed by /path/to/other/thing - ``` - But it totally was installed by it. - ([@iarna](https://github.com/iarna)) - -#### BETTER NODE PRE-RELEASE SUPPORT - -Historically, if you used a pre-release version of Node.js, you would get -dozens and dozens of warnings when EVERY engine check failed across all of -your modules, because `>= 0.10.0` doesn't match prereleases. - -You might find this stream of redundent warnings undesirable. I do. - -We've moved this into a SINGLE warning you'll get about using a pre-release -version of Node.js and now suppress those other warnings. - -* [`6952f79`](https://github.com/npm/npm/commit/6952f7981e451a2d599a4f513573af208bdfe103) - [#11212](https://github.com/npm/npm/pull/11212) - Engine check warnings are now issued along with any other warnings about - your tree, instead of emitting in the middle of your install (and then - disappearing behind the giant tree of stuff installed). - ([@iarna](https://github.com/iarna)) -* [`ee2ebe9`](https://github.com/npm/npm/commit/ee2ebe96fb3d105787835b72085bbd2eee66a629) - [#11212](https://github.com/npm/npm/pull/11212) - Suppress engine verification warnings about pre-release versions of Node.js. - ([@iarna](https://github.com/iarna)) -* [`135b7e0`](https://github.com/npm/npm/commit/135b7e078311e8b4e2c8e2b662eed9ba6c2e2537) - [#11212](https://github.com/npm/npm/pull/11212) - Explicitly warn, in only one place, if you are using a pre-release version - of Node.js. - ([@iarna](https://github.com/iarna)) - -#### BUG FIXES - -* [`ea331c8`](https://github.com/npm/npm/commit/ea331c82157c65f7643cd4b49fd24031c84bf601) - [#10938](https://github.com/npm/npm/issues/10938) - When removing a package, sometimes the `node_modules/.bin` wouldn't be - cleaned up entirely. This would result in package folders that contained - only a `node_modules/.bin` directory. In turn, this would result in `npm - ls` and other tools complaining about these broken directories. - To fix this, the `unbuild` step now explicitly deletes the - `node_modules/.bin` folder as its final step. - ([@chrisirhc](https://github.com/chrisirhc)) -* [`00720db`](https://github.com/npm/npm/commit/00720db2c326cf8f968c662444a4575ae8c3020a) - [#11158](https://github.com/npm/npm/pull/11158) - On Windows, the `node-gyp` wrapper would fail if your path to `node-gyp` - contained spaces. This fixes that problem by quoting use of that path. - ([@orangemocha](https://github.com/orangemocha)) -* [`69ac933`](https://github.com/npm/npm/commit/69ac9333506752bf2e5af70b3b3e03c6181de3e7) - [#11142](https://github.com/npm/npm/pull/11142) - Fix a race condition when making directories in the cache, which could - lead to `ENOENT` failures. - ([@Jimbly](https://github.com/Jimbly)) -* [`e982858`](https://github.com/npm/npm/commit/e982858d9bed65cede9cbb12df9216a4bb9e6fc9) - [#9696](https://github.com/npm/npm/issues/9696) - When replacing the `package.json` in the cache you sometimes see `EPERM` errors on - Windows that you wouldn't on Unix-like operating systems. This ignores those errors - and allows Windows to continue. Longer term, we'll be adding something to retry - these errors, but ultimately fail if there really is an ongoing permissions issue. - ([@orangemocha](https://github.com/orangemocha)) - -#### DOC CHANGES - -* [`3666081`](https://github.com/npm/npm/commit/3666081abd02184ba97a7cdb6ae238085d640b4b) - [#11188](https://github.com/npm/npm/pull/11188) - Add brief description to publish documentation of what's included in - published tarballs. - ([@beaugunderson](https://github.com/beaugunderson)) -* [`b463e34`](https://github.com/npm/npm/commit/b463e3424b296cfc4bd384fc8bfe0e2329649164) - [#11150](https://github.com/npm/npm/pull/11150) - In npm update docs, advise use of `--depth Infinity` instead of `--depth - 9999`. - ([@halhenke](https://github.com/halhenke)) -* [`382e71a`](https://github.com/npm/npm/commit/382e71a7ee5d1ca3dba55c1e753d529eb8ae6895) - [#11128](https://github.com/npm/npm/pull/11128) - In the `package.json` docs, make the reference to the "Local Paths" section - a link to it as well. - ([@orangejulius](https://github.com/orangejulius)) -* [`5277e7f`](https://github.com/npm/npm/commit/5277e7f236e8cb40d7f4a1054506f2d3d159716e) - [#11090](https://github.com/npm/npm/pull/11090) - Fix the 3.5.4 release date in CHANGELOG.md. - ([@ashleygwilliams](https://github.com/ashleygwilliams)) -* [`e6d238a`](https://github.com/npm/npm/commit/e6d238a3d90beeb0af23fa75a9b5e50671d6e4c5) - [#11130](https://github.com/npm/npm/pull/11130) - Eliminate the "using npm programmatically" section from the README. The - documentation for this was removed a while ago and is unsupported. - ([@ljharb](https://github.com/ljharb)) - -#### DEPENDENCY UPDATES - -* [`b0dde5c`](https://github.com/npm/npm/commit/b0dde5c3407b58d78969d3da01af2629fcba1c73) - `config-chain@1.1.10`: Update tests for most recent version of `ini`. - ([@dominictarr](https://github.com/dominictarr)) -* [`c62f414`](https://github.com/npm/npm/commit/c62f414534971761a48ce3cbc3e25214fb09e494) - `glob@6.0.4`: Eliminated use of `util._extend`. - ([@isaacs](https://github.com/isaacs)) -* [`98a6779`](https://github.com/npm/npm/commit/98a67797978ed7ce534e16b705d3a2a9ca0e6cc1) - `lodash.clonedeep@4.0.1`: Bug fixes, including the non-linear performance - that was biting npm a while back. - ([@jdalton](https://github.com/jdalton)) -* [`0e8c4ce`](https://github.com/npm/npm/commit/0e8c4cebddaefbf5eca0abaad512db266c6722c9) - `lodash.without@4.0.1` - ([@jdalton](https://github.com/jdalton)) -* [`1fd19f5`](https://github.com/npm/npm/commit/1fd19f57a3551d7d30a6b8a9ce967ef50e0ff0ba) - `lodash.uniq@4.0.1` - ([@jdalton](https://github.com/jdalton)) -* [`b7486c5`](https://github.com/npm/npm/commit/b7486c550f3391f733d1e1907652be95fddf4368) - `lodash.union@4.0.1` - ([@jdalton](https://github.com/jdalton)) -* [`54bb591`](https://github.com/npm/npm/commit/54bb5911e18f8fb86eb94159f34b13f0c0aa2e30) - `lodash.keys@4.0.0` - ([@jdalton](https://github.com/jdalton)) -* [`26f7a7a`](https://github.com/npm/npm/commit/26f7a7aaae0575a85deba2241ee69b433dd1ba98) - `lodash.isarray@4.0.0` - ([@jdalton](https://github.com/jdalton)) -* [`ed38bd3`](https://github.com/npm/npm/commit/ed38bd3baf544dfc0630fd321d279f137700bd4d) - `lodash.isarguments@3.0.5` - ([@jdalton](https://github.com/jdalton)) - -### v3.5.4 (2016-01-07): - -I hope you all had fantastic winter holidays, if it's winter where you are -and if there are holidays‼ We went a few weeks without releases because -staff was taking time away from work here and there. A new year has come -and we're back now, and refreshed and ready to dig in! - -This week brings us a bunch of documentation improvements and some module -updates. The core team's focus continues to be on improving tests, -particularly with Windows, so there's not too much to call out here. - -#### DOCUMENTATION IMPROVEMENTS - -* [`6b0031e`](https://github.com/npm/npm/commit/6b0031e28c0b10fb2622fdadde41f5cd294348e8) - [#11044](https://github.com/npm/npm/pull/11044) - Correct documentation regarding the defaults for the `color` config option. - ([@scottaddie](https://github.com/scottaddie)) -* [`c6ce69e`](https://github.com/npm/npm/commit/c6ce69eaed7f17b5f1876ac13ecfae3d14a72f24) - [#10990](https://github.com/npm/npm/pull/10990) - Drop mentions in documentation of `process.installPrefix`, as it hasn't - been a thing since Node.js 0.6 and we don't support that. - ([@jeffmcmahan](https://github.com/jeffmcmahan)) -* [`dee92d1`](https://github.com/npm/npm/commit/dee92d1f78608a10becf57aae86d5d495f2272bd) - [#11037](https://github.com/npm/npm/pull/11037) - Clarify the documentation on the max length of the `name` property in - `package.json` files. - ([@scottaddie](https://github.com/scottaddie)) -* [`4b9d7bb`](https://github.com/npm/npm/commit/4b9d7bb1a4fc3f1edcf563379abfd2273af10881) - [#10787](https://github.com/npm/npm/pull/10787) - Make the formatting in the documentation for `npm dist-tag` more - consistent with other docs. - ([@cvrebert](https://github.com/cvrebert)) -* [`7f77a80`](https://github.com/npm/npm/commit/7f77a80d561ee4b2b8c0aba1226fe89dfe339bcd) - [#10787](https://github.com/npm/npm/pull/10787) - Add documentation to the `npm dist-tag` docs that explains in greater - detail how `latest` is different than other tags. Further, improve the - documentation with better examples. Add a discussion of common practice - for using dist tags to manage alpha's and beta's. - ([@cvrebert](https://github.com/cvrebert)) -* [`6db58dd`](https://github.com/npm/npm/commit/6db58dd0d7719c4675a239d43164edc066842b14) - [`2ee6371`](https://github.com/npm/npm/commit/2ee6371911bd3a4d566c5d7bc8734facc60cb27c) - [#10788](https://github.com/npm/npm/pull/10788) - [#10789](https://github.com/npm/npm/pull/10789) - Improve documentation cross referencing. - ([@cvrebert](https://github.com/cvrebert)) -* [`7ba629a`](https://github.com/npm/npm/commit/7ba629a2ad3eaf736529e053b533cabe3a0d7123) - [#10790](https://github.com/npm/npm/pull/10790) - Document more clearly that `npm install foo` means `npm install - foo@latest`. - ([@cvrebert](https://github.com/cvrebert)) - -#### A FEW MODULE UPDATES - -* [`fc2e8d5`](https://github.com/npm/npm/commit/fc2e8d58a91728cb06936eea686efaa4fdec3f06) - `glob@6.0.3`: Remove deprecated features and fix a bunch of bugs. - ([@isaacs](https://github.com/isaacs)) -* [`5b820c4`](https://github.com/npm/npm/commit/5b820c4e17c907fa8c23771c0cd8e74dd5fdaa51) - `has-unicode@2.0.0`: Change the default on Windows to be false, as - international Windows installs often install to non-unicode codepages and - there's no way to detect this short of a system call or a call to a - command line program. - ([@iarna](https://github.com/iarna)) -* [`238fe84`](https://github.com/npm/npm/commit/238fe84ac61297f1d71701d80368afaa40463305) - `which@1.2.1`: Fixed bugs with uid/gid checks and with quoted Windows PATH - parts. - ([@isaacs](https://github.com/isaacs)) -* [`5e510e1`](https://github.com/npm/npm/commit/5e510e13d022a22d58742b126482d3b38a14cc83) - `rimraf@2.5.0`: Add ability to disable glob support / pass in options. - ([@isaacs](https://github.com/isaacs)) -* [`7558215`](https://github.com/npm/npm/commit/755821569466b7be0883f4b0573eeb83c24109eb) - `readable-stream@2.0.5`: Minor performance improvements. - ([@calvinmetcalf](https://github.com/calvinmetcalf)) -* [`64e8499`](https://github.com/npm/npm/commit/64e84992c812a73d590be443c09a6977d0ae9040) - `fs-write-stream-atomic@1.0.8`: Rewrite to use modern streams even on 0.8 - plus a bunch of tests. - ([@iarna](https://github.com/iarna)) -* [`74d92a0`](https://github.com/npm/npm/commit/74d92a08d72ce3603244de4bb3e3706d2b928cef) - `columnify@1.5.4`: Some bug fixes around large inputs. - ([@timoxley](https://github.com/timoxley)) - -#### FIX NPM'S TESTS ON 0.8 - -This doesn't impact you as a user of npm, and ordinarily that means we -wouldn't call it out here, but if you've ever wanted to contribute, having -that green travis badge makes it a lot easier to do so with confidence! - -* [`b14cdbb`](https://github.com/npm/npm/commit/b14cdbb6002b04bfbefaff70cc45810c20d5a366) - [#10872](https://github.com/npm/npm/pull/10872) - Rewrite tests using nock to use other alternatives. - ([@zkat](https://github.com/zkat)) -* [`59ed01a`](https://github.com/npm/npm/commit/59ed01a8ea7960b1467aed52164fc36a03c77770) - [#10872](https://github.com/npm/npm/pull/10872) - Work around Node.js 0.8 http back-pressure bug. - - 0.8 http streams have a bug, where if they're paused with data in their - buffers when the socket closes, they call `end` before emptying those - buffers, which results in the entire pipeline ending and thus the point - that applied backpressure never being able to trigger a `resume`. - - We work around this by piping into a pass through stream that has - unlimited buffering. The pass through stream is from readable-stream and - is thus a current streams3 implementation that is free of these bugs even - on 0.8. - ([@iarna](https://github.com/iarna)) - -### v3.5.3 (2015-12-10): - -Did you know that Bob Ross reached the rank of master sergeant in the US Air -Force before becoming perhaps the most soothing painter of all time? - -#### TWO HAPPY LITTLE BUG FIXES - -* [`71c9590`](https://github.com/npm/npm/commit/71c9590be61b6a7b7fa8b6dc19baa588cda26a27) - [#10505](https://github.com/npm/npm/issues/10505) `npm ls --json --depth=0` - now respects the depth parameter, when it is zero and when it is not zero. - ([@MarkReeder](https://github.com/MarkReeder)) -* [`954fa67`](https://github.com/npm/npm/commit/954fa67f1ca3739992abd244e217a0aaf8465660) - [#9099](https://github.com/npm/npm/issues/9099) I had always thought you - could run `npm version` from subdirectories in your project, which is great, - because now you can. I guess I was just ahead of my time. - ([@ekmartin](https://github.com/ekmartin)) - -#### NOW PAINT IN SOME NICE DOCS CHANGES - -* [`b88c37c`](https://github.com/npm/npm/commit/b88c37c1cced40e9e41402cc54a5efc3c33cd13e) - [#10546](https://github.com/npm/npm/issues/10546) Goodbye, FAQ! You were - cheeky and fun until you weren't! Don't worry: npm still loves everyone, - especially you! ([@ashleygwilliams](https://github.com/ashleygwilliams)) -* [`2d3afe9`](https://github.com/npm/npm/commit/2d3afe9644ba69681a36721e79c45d27def71939) - [#10570](https://github.com/npm/npm/issues/10570) Update documentation URLs - to be HTTPS everywhere sensible. No HTTP shall be spared! - ([@rsp](https://github.com/rsp)) -* [`6abd0e0`](https://github.com/npm/npm/commit/6abd0e0626d0f642ce0dae0e128ced80433f15a1) - [#10650](https://github.com/npm/npm/issues/10650) Correctly note that there - are two lifecycle scripts run by an install phase in an example, instead of - three. ([@eymengunay](https://github.com/eymengunay)) -* [`a5e8df5`](https://github.com/npm/npm/commit/a5e8df53b8d6d75398cb6a55a44dcf374b0f1661) - [#10687](https://github.com/npm/npm/issues/10687) `npm outdated`'s output can - be a little puzzling sometimes. I've attempted to make it clearer, with some - examples, of what's going on with "wanted" and "latest" in more cases. - ([@othiym23](https://github.com/othiym23)) -* [`8f52833`](https://github.com/npm/npm/commit/8f52833f5d15c4f94467234607d40e75198af1aa) - [#10700](https://github.com/npm/npm/issues/10700) Hey, do you remember when - `search.npmjs.org` was a thing? I think I do? The last time I used it was in - like 2012, and it's gone now, so remove it from the docs. - ([@gagern](https://github.com/gagern)) -* [`b6a53b8`](https://github.com/npm/npm/commit/b6a53b889c948053dcbf6d7aab9ad1cd4226dc32) - [npm/docs#477](https://github.com/npm/docs/issues/477) Continue to airbrush - the CLI API docs out of history. ([@verpixelt](https://github.com/verpixelt)) -* [`b835b72`](https://github.com/npm/npm/commit/b835b72d1dd23b0a17321a85d8d395322d18005d) - `semver@5.1.0`: Include BNF for SemVer expression grammar (which is also now - included in `npm help semver`). ([@isaacs](https://github.com/isaacs)) - -#### LAND YOUR DEPENDENCY UPGRADES IN PAIRS SO EVERYONE HAS A FRIEND - -* [`95e99fa`](https://github.com/npm/npm/commit/95e99faadcdc85a16210dd79c0e7d83add1b9f3e) - `request@2.67.0` ([@simov](https://github.com/simov)) -* [`b49199a`](https://github.com/npm/npm/commit/b49199ac96dfb1afe5719286621a318576dd69ae) - [isaacs/rimraf#89](https://github.com/isaacs/rimraf/pull/89) `rimraf@2.4.4` - ([@zerok](https://github.com/zerok)) -* [`6632418`](https://github.com/npm/npm/commit/66324189a734a1665e1b78a06ba44089d9c3a11c) - [npm/nopt#51](https://github.com/npm/nopt/pull/51) `nopt@3.0.6` - ([@wbecker](https://github.com/wbecker)) -* [`f0a3b3e`](https://github.com/npm/npm/commit/f0a3b3e0dbbdaf11ec55dccd59cc21bfa05f9240) - [isaacs/once#7](https://github.com/isaacs/once/pull/7) `once@1.3.3` - ([@floatdrop](https://github.com/floatdrop)) - -### v3.5.2 (2015-12-03): - -Weeeelcome to another npm release! The short version is that we fixed -some `ENOENT` and some modules that resulted in modules going missing. We -also eliminated the use of MD5 in our code base to help folks using -Node.js in FIPS mode. And we fixed a bad URL in our license file. - -#### FIX URL IN LICENSE - -The license incorrectly identified the registry URL as -`registry.npmjs.com` and this has been corrected to `registry.npmjs.org`. - -* [`cb6d81b`](https://github.com/npm/npm/commit/cb6d81bd611f68c6126a90127a9dfe5604d46c8c) - [#10685](https://github.com/npm/npm/pull/10685) - Fix npm public registry URL in notices. - ([@kemitchell](https://github.com/kemitchell)) - -#### ENOENT? MORE LIKE ENOMOREBUGS - -The headliner this week was uncovered by the fixes to bundled dependency -handling over the past few releases. What had been a frustratingly -intermittent and hard to reproduce bug became something that happened -every time in Travis. This fixes another whole bunch of errors where you -would, while running an install have it crash with an `ENOENT` on -`rename`, or the install would finish but some modules would be -mysteriously missing and you'd have to install a second time. - -What's going on was a bit involved, so bear with me: - -`npm@3` generates a list of actions to take against the tree on disk. -With the exception of lifecycle scripts, it expects these all to be able -to act independently without interfering with each other. - -This means, for instance, that one should be able to upgrade `b` in -`a→b→c` without having npm reinstall `c`. - -That works fine by the way. - -But it also means that the move action should be able to move `b` in -`a→b→c@1.0.1` to `a→d→b→c@1.0.2` without moving or removing `c@1.0.1` and -while leaving `c@1.0.2` in place if it was already installed. - -That is, the `move` action moves an individual node, replacing itself -with an empty spot if it had children. This is not, as it might first -appear, something where you move an entire branch to another location on -the tree. - -When moving `b` we already took care to leave `c@1.0.1` in place so that -other moves (or removes) could handle it, but we were stomping on the -destination and so `c@1.0.2` was being removed. - -* [`f4385d8`](https://github.com/npm/npm/commit/f4385d8e7678349e75c80fae8a1f8f366f197937) - [#10655](https://github.com/npm/npm/pull/10655) - Preserve destination `node_modules` when moving. - ([@iarna](https://github.com/iarna)) - -There was also a bug with `remove` where it was pruning the entire tree -at the remove point, prior to running moves and adds. - -This was fine most of the time, but if we were moving one of the deps out -from inside it, kaboom. - -* [`19c626d`](https://github.com/npm/npm/commit/19c626d69888f0cdc6e960254b3fdf523ec4b52c) - [#10655](https://github.com/npm/npm/pull/10655) - Get rid of the remove commit phase– we could have it prune _just_ the - module being removed, but that isn't gaining us anything. - ([@iarna](https://github.com/iarna)) - -After all that, we shouldn't be upgrading the `add` of a bundled package -to a `move`. Moves save us from having to extract the package, but with a -bundled dependency it's included in another package already so that -doesn't gain us anything. - -* [`641a93b`](https://github.com/npm/npm/commit/641a93bd66a6aa4edf2d6167344b50d1a2afb593) - [#10655](https://github.com/npm/npm/pull/10655) - Don't convert adds to moves with bundled deps. - ([@iarna](https://github.com/iarna)) - -While I was in there, I also took some time to improve diagnostics to -make this sort of thing easier to track down in the future: - -* [`a04ec04`](https://github.com/npm/npm/commit/a04ec04804e562b511cd31afe89c8ba94aa37ff2) - [#10655](https://github.com/npm/ npm/pull/10655) - Wrap rename so errors have stack traces. - ([@iarna](https://github.com/iarna)) -* [`8ea142f`](https://github.com/npm/npm/commit/8ea142f896a2764290ca5472442b27b047ab7a1a) - [#10655](https://github.com/npm/npm/pull/10655) - Add silly logging so function is debuggable - ([@iarna](https://github.com/iarna)) - -#### NO MORE MD5 - -We updated modules that had been using MD5 for non-security purposes. -While this is perfectly safe, if you compile Node in FIPS-compliance mode -it will explode if you try to use MD5. We've replaced MD5 with Murmur, -which conveys our intent better and is faster to boot. - -* [`f068b26`](https://github.com/npm/npm/commit/f068b2661a8d0269c184867e003cd08cb6c56cf2) - [#10629](https://github.com/npm/npm/issues/10629) - `unique-filename@1.1.0` - ([@iarna](https://github.com/iarna)) -* [`dba1b24`](https://github.com/npm/npm/commit/dba1b2402aaa2beceec798d3bd22d00650e01069) - [#10629](https://github.com/npm/npm/issues/10629) - `write-file-atomic@1.1.4` - ([@othiym23](https://github.com/othiym23)) -* [`8347a30`](https://github.com/npm/npm/commit/8347a308ef0d2cf0f58f96bba3635af642ec611f) - [#10629](https://github.com/npm/npm/issues/10629) - `fs-write-stream-atomic@1.0.5` - ([@othiym23](https://github.com/othiym23)) - -#### DEPENDENCY UPDATES - -* [`9e2a2bb`](https://github.com/npm/npm/commit/9e2a2bb5bc71a0ab3b3637e8eec212aa22d5c99f) - [nodejs/node-gyp#831](https://github.com/nodejs/node-gyp/pull/831) - `node-gyp@3.2.1`: - Improved \*BSD support. - ([@bnoordhuis](https://github.com/bnoordhuis)) - -### v3.5.1 (2015-11-25): - -#### THE npm CLI !== THE npm REGISTRY !== npm, INC. - -npm-the-CLI is licensed under the terms of the [Artistic License -2.0](https://github.com/npm/npm/blob/8d79c1a39dae908f27eaa37ff6b23515d505ef29/LICENSE), -which is a liberal open-source license that allows you to take this code and do -pretty much whatever you like with it (that is, of course, not legal language, -and if you're doing anything with npm that leaves you in doubt about your legal -rights, please seek the review of qualified counsel, which is to say, not -members of the CLI team, none of whom have passed the bar, to my knowledge). At -the same time the primary registry the CLI uses when looking up and downloading -packages is a commercial service run by npm, Inc., and it has its own [Terms of -Use](https://www.npmjs.com/policies/terms). - -Aside from clarifying the terms of use (and trying to make sure they're more -widely known), the only recent changes to npm's licenses have been making the -split between the CLI and registry clearer. You are still free to do whatever -you like with the CLI's source, and you are free to view, download, and publish -packages to and from `registry.npmjs.org`, but now the existing terms under -which you can do so are more clearly documented. Aside from the two commits -below, see also [the release notes for -`npm@3.4.1`](https://github.com/npm/npm/releases/tag/v3.4.1), which is where -the split between the CLI's code and the terms of use for the registry was -first made more clear. - -* [`35a5dd5`](https://github.com/npm/npm/commit/35a5dd5abbfeec4f98a2b4534ec4ef5d16760581) - [#10532](https://github.com/npm/npm/issues/10532) Clarify that - `registry.npmjs.org` is the default, but that you're free to use the npm CLI - with whatever registry you wish. ([@kemitchell](https://github.com/kemitchell)) -* [`fa6b013`](https://github.com/npm/npm/commit/fa6b0136a0e4a19d8979b2013622e5ff3f0446f8) - [#10532](https://github.com/npm/npm/issues/10532) Having semi-duplicate - release information in `README.md` was confusing and potentially inaccurate, - so remove it. ([@kemitchell](https://github.com/kemitchell)) - -#### EASE UP ON WINDOWS BASH USERS - -It turns out that a fair number of us use bash on Windows (through MINGW or -bundled with Git, plz – Cygwin is still a bridge too far, for both npm and -Node.js). [@jakub-g](https://github.com/jakub-g) did us all a favor and relaxed -the check for npm completion to support MINGW bash. Thanks, Jakub! - -* [`09498e4`](https://github.com/npm/npm/commit/09498e45c5c9e683f092ab1372670f81db4762b6) - [#10156](https://github.com/npm/npm/issues/10156) completion: enable on - Windows in git bash ([@jakub-g](https://github.com/jakub-g)) - -#### THE ONGOING SAGA OF BUNDLED DEPENDENCIES - -`npm@3.5.0` fixed up a serious issue with how `npm@3.4.1` (and potentially -`npm@3.4.0` and `npm@3.3.12`) handled the case in which dependencies bundled -into a package tarball are handled improperly when one or more of their own -dependencies are older than what's latest on the registry. Unfortunately, in -fixing that (quite severe) regression (see [`npm@3.5.0`'s release notes' for -details](https://github.com/npm/npm/releases/tag/v3.5.0)), we introduced a new -(small, and fortunately cosmetic) issue where npm superfluously warns you about -bundled dependencies being stale. We have now fixed that, and hope that we -haven't introduced any _other_ regressions in the process. :D - -* [`20824a7`](https://github.com/npm/npm/commit/20824a75bf7639fb0951a588e3c017a370ae6ec2) - [#10501](https://github.com/npm/npm/issues/10501) Only warn about replacing - bundled dependencies when actually doing so. ([@iarna](https://github.com/iarna)) - -#### MAKE NODE-GYP A LITTLE BLUER - -* [`1d14d88`](https://github.com/npm/npm/commit/1d14d882c3b5af0a7fee46e8e0e343d07e4c38cb) - `node-gyp@3.2.0`: Support AIX, use `which` to find Python, updated to a newer - version of `gyp`, and more! ([@bnoordhuis](https://github.com/bnoordhuis)) - -#### A BOUNTEOUS THANKSGIVING CORNUCOPIA OF DOC TWEAKS - -These are great! Keep them coming! Sorry for letting them pile up so deep, -everybody. Also, a belated Thanksgiving to our Canadian friends, and a happy -Thanksgiving to all our friends in the USA. - -* [`4659f1c`](https://github.com/npm/npm/commit/4659f1c5ad617c46a5e89b48abf0b1c4e6f04307) - [#10244](https://github.com/npm/npm/issues/10244) In `npm@3`, `npm dedupe` - doesn't take any arguments, so update documentation to reflect that. - ([@bengotow](https://github.com/bengotow)) -* [`625a7ee`](https://github.com/npm/npm/commit/625a7ee6b4391e90cb28a95f20a73fd794e1eebe) - [#10250](https://github.com/npm/npm/issues/10250) Correct order of `org:team` - in `npm team` documentation. ([@louislarry](https://github.com/louislarry)) -* [`bea7f87`](https://github.com/npm/npm/commit/bea7f87399d784e3a6d3393afcca658a61a40d77) - [#10371](https://github.com/npm/npm/issues/10371) Remove broken / duplicate - link to tag. ([@WickyNilliams](https://github.com/WickyNilliams)) -* [`0a25e29`](https://github.com/npm/npm/commit/0a25e2956e9ddd4065d6bd929559321afc512fde) - [#10419](https://github.com/npm/npm/issues/10419) Remove references to - nonexistent `npm-rm(1)` documentation. ([@KenanY](https://github.com/KenanY)) -* [`19b94e1`](https://github.com/npm/npm/commit/19b94e1e6781fe2f98ada0a3f49a1bda25e3e32d) - [#10474](https://github.com/npm/npm/issues/10474) Clarify that install finds - dependencies in `package.json`. ([@sleekweasel](https://github.com/sleekweasel)) -* [`b25efc8`](https://github.com/npm/npm/commit/b25efc88067c843ffdda86ea0f50f95d136a638e) - [#9948](https://github.com/npm/npm/issues/9948) Encourage users to file an - issue, rather than emailing authors. ([@trodrigues](https://github.com/trodrigues)) -* [`24f4ced`](https://github.com/npm/npm/commit/24f4cedc83b10061f26362bf2f005ab935e0cbfe) - [#10497](https://github.com/npm/npm/issues/10497) Clarify what a package is - slightly. ([@aredridel](https://github.com/aredridel)) -* [`e8168d4`](https://github.com/npm/npm/commit/e8168d40caae00b2914ea09dbe4bd1b09ba3dcd5) - [#10539](https://github.com/npm/npm/issues/10539) Remove an extra, spuriously - capitalized letter. ([@alexlukin-softgrad](https://github.com/alexlukin-softgrad)) - -### v3.5.0 (2015-11-19): - -#### TEEN ORCS AT THE GATES - -This week heralds the general release of the primary npm registry's [new -support for private packages for -organizations](http://blog.npmjs.org/post/133542170540/private-packages-for-organizations). -For many potential users, it's the missing piece needed to make it easy for you -to move your organization's private work onto npm. And now it's here! The -functionality to support it has been in place in the CLI for a while now, -thanks to [@zkat](https://github.com/zkat)'s hard work. - -During our final testing before the release, our ace support team member -[@snopeks](https://github.com/snopeks) noticed that there had been some drift -between the CLI team's implementation and what npm was actually preparing to -ship. In the interests of everyone having a smooth experience with this -_extremely useful_ new feature, we quickly made a few changes to square up the -CLI and the web site experiences. - -* [`d7fb92d`](https://github.com/npm/npm/commit/d7fb92d1c53ba5196ad6dd2101a06792a4c0412b) - [#9327](https://github.com/npm/npm/issues/9327) `npm access` no longer has - problems when run in a directory that doesn't contain a `package.json`. - ([@othiym23](https://github.com/othiym23)) -* [`17df3b5`](https://github.com/npm/npm/commit/17df3b5d5dffb2e9c223b9cfa2d5fd78c39492a4) - [npm/npm-registry-client#126](https://github.com/npm/npm-registry-client/issues/126) - `npm-registry-client@7.0.8`: Allow the CLI to grant, revoke, and list - permissions on unscoped (public) packages on the primary registry. - ([@othiym23](https://github.com/othiym23)) - -#### NON-OPTIONAL INSTALLS, DEFINITELY NON-OPTIONAL - -* [`180263b`](https://github.com/npm/npm/commit/180263b) - [#10465](https://github.com/npm/npm/pull/10465) - When a non-optional dep fails, we check to see if it's only required by - ONLY optional dependencies. If it is, we make it fail all the deps in - that chain (and roll them back). If it isn't then we give an error. - - We do this by walking up through all of our ancestors until we either hit an - optional dependency or the top of the tree. If we hit the top, we know to - give the error. - - If you installed a module by hand but didn't `--save` it, your module - won't have the top of the tree as an anscestor and so this code was - failing to abort the install with an error - - This updates the logic so that hitting the top OR a module that was - requested by the user will trigger the error message. - ([@iarna](https://github.com/iarna)) - -* [`b726a0e`](https://github.com/npm/npm/commit/b726a0e) - [#9204](https://github.com/npm/npm/issues/9204) - Ideally we would like warnings about your install to come AFTER the - output from your compile steps or the giant tree of installed modules. - - To that end, we've moved warnings about failed optional deps to the show - after your install completes. - ([@iarna](https://github.com/iarna)) - -#### OVERRIDING BUNDLING - -* [`aed71fb`](https://github.com/npm/npm/commit/aed71fb) - [#10482](https://github.com/npm/npm/issues/10482) - We've been in our bundled modules code a lot lately, and our last go at - this introduced a new bug, where if you had a module `a` that bundled - a module `b`, which in turn required `c`, and the version of `c` that - got bundled wasn't compatible with `b`'s `package.json`, we would then - install a compatible version of `c`, but also erase `b` at the same time. - - This fixes that. It also reworks our bundled module support to be much - closer to being in line with how we handle non-bundled modules and we're - hopeful this will reduce any future errors around them. The new structure - is hopefully much easier to reason about anyway. - ([@iarna](https://github.com/iarna)) - -#### A BRIEF NOTE ON NPM'S BACKWARDS COMPATIBILITY - -We don't often have much to say about the changes we make to our internal -testing and tooling, but I'm going to take this opportunity to reiterate that -npm tries hard to maintain compatibility with a wide variety of Node versions. -As this change shows, we want to ensure that npm works the same across: - -* Node.js 0.8 -* Node.js 0.10 -* Node.js 0.12 -* the latest io.js release -* Node.js 4 LTS -* Node.js 5 - -Contributors who send us pull requests often notice that it's very rare that -our tests pass across all of those versions (ironically, almost entirely due to -the packages we use for testing instead of any issues within npm itself). We're -currently beginning an effort, lasting the rest of 2015, to clean up our test -suite, and not only get it passing on all of the above versions of Node.js, but -working solidly on Windows as well. This is a compounding form of technical -debt that we're finally paying down, and our hope is that cleaning up the tests -will produce a more robust CLI that's a lot easier to write patches for. - -* [`791ec6b`](https://github.com/npm/npm/commit/791ec6b1bac0d1df59f5ebb4ccd16a29a5dc73f0) - [#10233](https://github.com/npm/npm/issues/10233) Update Node.js versions - that Travis uses to test npm. ([@iarna](https://github.com/iarna)) - -#### 0.8 + npm <1.4 COMPATIBLE? SURE WHY NOT - -Hey, you found the feature we added! - -* [`231c58a`](https://github.com/npm/npm/commit/231c58a) - [#10337](https://github.com/npm/npm/pull/10337) - Add two new flags, first `--legacy-bundling` which installs your - dependencies such that if you bundle those dependencies, npm versions - prior to `1.4` can still install them. This eliminates all automatic - deduping. - - Second, `--global-style` which will install modules in your `node_modules` - folder with the same layout as global modules. Only your direct - dependencies will show in `node_modules` and everything they depend on - will be flattened in their `node_modules` folders. This obviously will - eliminate some deduping. - ([@iarna](https://github.com/iarna)) - -#### TYPOS IN THE LICENSE, OH MY - -* [`8d79c1a`](https://github.com/npm/npm/commit/8d79c1a39dae908f27eaa37ff6b23515d505ef29) - [#10478](https://github.com/npm/npm/issues/10478) Correct two typos in npm's - LICENSE. ([@jorrit](https://github.com/jorrit)) - -### v3.4.1 (2015-11-12): - -#### ASK FOR NOTHING, GET LATEST - -When you run `npm install foo`, you probably expect that you'll get the -`latest` version of `foo`, whatever that is. And good news! That's what -this change makes it do. - -We _think_ this is what everyone wants, but if this causes problems for -you, we want to know! If it proves problematic for people we will consider -reverting it (preferably before this becomes `npm@latest`). - -Previously, when you ran `npm install foo` we would act as if you typed -`npm install foo@*`. Now, like any range-type specifier, in addition to -matching the range, it would also have to be `<=` the value of the -`latest` dist-tag. Further, it would exclude prerelease versions from the -list of versions considered for a match. - -This worked as expected most of the time, unless your `latest` was a -prerelease version, in which case that version wouldn't be used, to -everyone's surprise. Worse, if all your versions were prerelease versions -it would just refuse to install anything. (We fixed that in -[`npm@3.2.2`](https://github.com/npm/npm/releases/tag/v3.2.2) with -[`e4a38080`](https://github.com/npm/npm/commit/e4a38080).) - -* [`1e834c2`](https://github.com/npm/npm/commit/1e834c2) - [#10189](https://github.com/npm/npm/issues/10189) - `npm-package-arg@4.1.0` Change the default version from `*` to `latest`. - ([@zkat](https://github.com/zkat)) - -#### BUGS - -* [`bec4a84`](https://github.com/npm/npm/commit/bec4a84) - [#10338](https://github.com/npm/npm/pull/10338) - Failed installs could result in more rollback (removal of just installed - packages) than we intended. This bug was first introduced by - [`83975520`](https://github.com/npm/npm/commit/83975520). - ([@iarna](https://github.com/iarna)) -* [`06c732f`](https://github.com/npm/npm/commit/06c732f) - [#10338](https://github.com/npm/npm/pull/10338) - Updating a module could result in the module stealing some of its - dependencies from the top level, potentially breaking other modules or - resulting in many redundent installations. This bug was first introduced - by [`971fd47a`](https://github.com/npm/npm/commit/971fd47a). - ([@iarna](https://github.com/iarna)) -* [`5653366`](https://github.com/npm/npm/commit/5653366) - [#9980](https://github.com/npm/npm/issues/9980) - npm, when removing a module, would refuse to remove the symlinked - binaries if the module itself was symlinked as well. npm goes to some - effort to ensure that it doesn't remove things that aren't is, and this - code was being too conservative. This code has been rewritten to be - easier to follow and to be unit-testable. - ([@iarna](https://github.com/iarna)) - -#### LICENSE CLARIFICATION - -* [`80acf20`](https://github.com/npm/npm/commit/80acf20) - [#10326](https://github.com/npm/npm/pull/10326) - Update npm's licensing to more completely cover all of the various - things that are npm. - ([@kemitchell](https://github.com/kemitchell)) - -#### CLOSER TO GREEN TRAVIS - -* [`fc12da9`](https://github.com/npm/npm/commit/fc12da9) - [#10232](https://github.com/npm/npm/pull/10232) - `nock@1.9.0` - Downgrade nock to a version that doesn't depend on streams2 in core so - that more of our tests can pass in 0.8. - ([@iarna](https://github.com/iarna)) - -### v3.4.0 (2015-11-05): - -#### A NEW FEATURE - -This was a group effort, with [@isaacs](https://github.com/isaacs) -dropping the implementation in back in August. Then, a few days ago, -[@ashleygwilliams](https://github.com/ashleygwilliams) wrote up docs and -just today [@othiym23](https://github.com/othiym23) wrote a test. - -It's a handy shortcut to update a dependency and then make sure tests -still pass. - -This new command: - -``` -npm install-test x -``` - -is the equivalent of running: - -``` -npm install x && npm test -``` - -* [`1ac3e08`](https://github.com/npm/npm/commit/1ac3e08) - [`bcb04f6`](https://github.com/npm/npm/commit/bcb04f6) - [`b6c17dd`](https://github.com/npm/npm/commit/b6c17dd) - [#9443](https://github.com/npm/npm/pull/9443) - Add `npm install-test` command, alias `npm it`. - ([@isaacs](https://github.com/isaacs), - [@ashleygwilliams](https://github.com/ashleygwilliams), - [@othiym23](https://github.com/othiym23)) - -#### BUG FIXES VIA DEPENDENCY UPDATES - -* [`31c0080`](https://github.com/npm/npm/commit/31c0080) - [#8640](https://github.com/npm/npm/issues/8640) - [npm/normalize-package-data#69](https://github.com/npm/normalize-package-data/pull/69) - `normalize-package-data@2.3.5`: - Fix a bug where if you didn't specify the name of a scoped module's - binary, it would install it such that it was impossible to call it. - ([@iarna](https://github.com/iarna)) -* [`02b37bc`](https://github.com/npm/npm/commit/02b37bc) - [npm/fstream-npm#14](https://github.com/npm/fstream-npm/pull/14) - `fstream-npm@1.0.7`: - Only filter `config.gypi` when it's in the build directory. - ([@mscdex](https://github.com/mscdex)) -* [`accb9d2`](https://github.com/npm/npm/commit/accb9d2) - [npm/fstream-npm#15](https://github.com/npm/fstream-npm/pull/15) - `fstream-npm@1.0.6`: - Stop including directories that happened to have names matching whitelisted - npm files in npm module tarballs. The most common cause was that if you had - a README directory then everything in it would be included if wanted it - or not. - ([@taion](https://github.com/taion)) - -#### DOCUMENTATION FIXES - -* [`7cf6366`](https://github.com/npm/npm/commit/7cf6366) - [#10036](https://github.com/npm/npm/pull/10036) - Fix typo / over-abbreviation. - ([@ifdattic](https://github.com/ifdattic)) -* [`d0ad8f4`](https://github.com/npm/npm/commit/d0ad8f4) - [#10176](https://github.com/npm/npm/pull/10176) - Fix broken link, scopes => scope. - ([@ashleygwilliams](https://github.com/ashleygwilliams)) -* [`d623783`](https://github.com/npm/npm/commit/d623783) - [#9460](https://github.com/npm/npm/issue/9460) - Specifying the default command run by "npm start" and the - fact that you can pass it arguments. - ([@JuanCaicedo](https://github.com/JuanCaicedo)) - -#### DEPENDENCY UPDATES FOR THEIR OWN SAKE - -* [`0a4c29e`](https://github.com/npm/npm/commit/0a4c29e) - [npm/npmlog#19](https://github.com/npm/npmlog/pull/19) - `npmlog@2.0.0`: Make it possible to emit log messages with `error` as the - prefix. - ([@bengl](https://github.com/bengl)) -* [`9463ce9`](https://github.com/npm/npm/commit/9463ce9) - `read-package-json@2.0.2`: - Minor cleanups. - ([@KenanY](https://github.com/KenanY)) - -### v3.3.12 (2015-11-02): - -Hi, a little hot-fix release for a bug introduced in 3.3.11. The ENOENT fix -last week ([`f0e2088`](https://github.com/npm/npm/commit/f0e2088)) broke -upgrades of modules that have bundled dependencies (like `npm`, augh!) - -* [`aedf7cf`](https://github.com/npm/npm/commit/aedf7cf) - [#10192](//github.com/npm/npm/pull/10192) - If a bundled module is going to be replacing a module that's currently on - disk (for instance, when you upgrade a module that includes bundled - dependencies) we want to select the version from the bundle in preference - over the one that was there previously. - ([@iarna](https://github.com/iarna)) - -### v3.3.11 (2015-10-29): - -This is a dependency update week, so that means no PRs from our lovely -users. Look for those next week. As it happens, the dependencies updated -were just devdeps, so nothing for you all to worry about. - -But the bug fixes, oh geez, I tracked down some really long standing stuff -this week!! The headliner is those intermittent `ENOENT` errors that no one -could reproduce consistently? I think they're nailed! But also pretty -important, the bug where `hapi` would install w/ a dep missing? Squashed! - -#### EEEEEEENOENT - -* [`f0e2088`](https://github.com/npm/npm/commit/f0e2088) - [#10026](https://github.com/npm/npm/issues/10026) - Eliminate some, if not many, of the `ENOENT` errors `npm@3` has seen over - the past few months. This was happening when npm would, in its own mind, - correct a bundled dependency, due to a `package.json` specifying an - incompatible version. Then, when npm extracted the bundled version, what - was on disk didn't match its mind and… well, when it tried to act on what - was in its mind, we got an `ENOENT` because it didn't actually exist on - disk. - ([@iarna](https://github.com/iarna)) - -#### PARTIAL SHRINKWRAPS, NO LONGER A BAD DAY - -* [`712fd9c`](https://github.com/npm/npm/commit/712fd9c) - [#10153](https://github.com/npm/npm/pull/10153) - Imagine that you have a module, let's call it `fun-time`, and it depends - on two dependencies, `need-fun@1` and `need-time`. Further, `need-time` - requires `need-fun@2`. So after install the logical tree will look like - this: - - ``` - fun-time - ├── need-fun@1 - └── need-time - └── need-fun@2 - ``` - - Now, the `fun-time` author also distributes a shrinkwrap, but it only includes - the `need-fun@1` in it. - - Resolving dependencies would look something like this: - - 1. Require `need-fun@1`: Use version from shrinkwrap (ignoring version) - 2. Require `need-time`: User version in package.json - 1. Require `need-fun@2`: Use version from shrinkwrap, which oh hey, is - already installed at the top level, so no further action is needed. - - Which results in this tree: - - ``` - fun-time - ├── need-fun@1 - └── need-time - ``` - - We're ignoring the version check on things specified in the shrinkwrap - so that you can override the version that will be installed. This is - because you may want to use a different version than is specified - by your dependencies' dependencies' `package.json` files. - - To fix this, we now only allow overrides of a dependency version when - that dependency is a child (in the tree) of the thing that requires it. - This means that when we're looking for `need-fun@2` we'll see `need-fun@1` - and reject it because, although it's from a shrinkwrap, it's parent is - `fun-time` and the package doing the requiring is `need-time`. - - ([@iarna](https://github.com/iarna)) - -#### STRING `package.bin` AND NON-NPMJS REGISTRIES - -* [`3de1463`](https://github.com/npm/npm/commit/3de1463) - [#9187](https://github.com/npm/npm/issues/9187) - If you were using a module with the `bin` field in your `package.json` set - to a string on a non-npmjs registry then npm would crash, due to the our - expectation that the `bin` field would be an object. We now pass all - `package.json` data through a routine that normalizes the format, - including the `bin` field. (This is the same routine that your - `package.json` is passed through when read off of disk or sent to the - registry for publication.) Doing this also ensures that older modules on - npm's own registry will be treated exactly the same as new ones. (In the - past we weren't always super careful about scrubbing `package.json` data - on publish. And even when we were, those rules have subtly changed over - time.) - ([@iarna](https://github.com/iarna)) - -### v3.3.10 (2015-10-22): - -Hey you all! Welcome to a busy bug fix and PR week. We've got changes -to how `npm install` replaces dependencies during updates, improvements -to shrinkwrap behavior, and all sorts of doc updates. - -In other news, `npm@3` landed in node master in preparation for `node@5` -with [`41923c0`](https://github.com/nodejs/node/commit/41923c0). - -#### UPDATED DEPS NOW MAKE MORE SENSE - -* [`971fd47`](https://github.com/npm/npm/commit/971fd47) - [#9929](https://github.com/npm/npm/pull/9929) - Make the tree more consistent by doing updates in place. This means - that trees after a dependency version update will more often look - the same as after a fresh install. - ([@iarna](https://github.com/iarna)) - -#### SHRINKWRAP + DEV DEPS NOW RESPECTED - -* [`eb28a8c`](https://github.com/npm/npm/commit/eb28a8c) - [#9647](https://github.com/npm/npm/issues/9647) - If a shrinkwrap already has dev deps, don't throw them away when - someone later runs `npm install --save`. - ([@iarna](https://github.com/iarna)) - -#### FANTASTIC DOCUMENTATION UPDATES - -* [`291162c`](https://github.com/npm/npm/commit/291162c) - [#10021](https://github.com/npm/npm/pull/10021) - Improve wording in the FAQ to be more empathetic and less jokey. - ([@TaMe3971](https://github.com/TaMe3971)) -* [`9a28c54`](https://github.com/npm/npm/commit/9a28c54) - [#10020](https://github.com/npm/npm/pull/10020) - Document the command to see the list of config defaults in the section - on config defaults. - ([@lady3bean](https://github.com/lady3bean)) -* [`8770b0a`](https://github.com/npm/npm/commit/8770b0a) - [#7600](https://github.com/npm/npm/issues/7600) - Add shortcuts to all command documentation. - ([@RichardLitt](https://github.com/RichardLitt)) -* [`e9b7d0d`](https://github.com/npm/npm/commit/e9b7d0d) - [#9950](https://github.com/npm/npm/pull/9950) - On errors that can be caused by outdated node & npm, suggest updating - as a part of the error message. - ([@ForbesLindesay](https://github.com/ForbesLindesay)) - -#### NEW STANDARD HAS ALWAYS BEEN STANDARD - -* [`40c1b0f`](https://github.com/npm/npm/commit/40c1b0f) - [#9954](https://github.com/npm/npm/pull/9954) - Update to `standard@5` and reformat the source to work with it. - ([@cbas](https://github.com/cbas)) - -### v3.3.9 (2015-10-15): - -This week sees a few small changes ready to land: - -#### TRAVIS NODE 0.8 BUILDS REJOICE - -* [`25a234b`](https://github.com/npm/npm/commit/25a234b) - [#9668](https://github.com/npm/npm/issues/9668) - Install `npm@3`'s bundled dependencies with `npm@2`, so that the ancient npm - that ships with node 0.8 can install `npm@3` directly. - ([@othiym23](https://github.com/othiym23)) - -#### SMALL ERROR MESSAGE IMPROVEMENT - -* [`a332f61`](https://github.com/npm/npm/commit/a332f61) - [#9927](https://github.com/npm/npm/pull/9927) - Update error messages where we report a list of versions that you could - have installed to show this as a comma separated list instead of as JSON. - ([@iarna](https://github.com/iarna)) - -#### DEPENDENCY UPDATES - -* [`4cd74b0`](https://github.com/npm/npm/commit/4cd74b0) - `nock@2.15.0` - ([@pgte](https://github.com/pgte)) -* [`9360976`](https://github.com/npm/npm/commit/9360976) - `tap@2.1.1` - ([@isaacs](https://github.com/isaacs)) -* [`1ead0a4`](https://github.com/npm/npm/commit/1ead0a4) - `which@1.2.0` - ([@isaacs](https://github.com/isaacs)) -* [`759f88a`](https://github.com/npm/npm/commit/759f88a) - `has-unicode@1.0.1` - ([@iarna](https://github.com/iarna)) - -### v3.3.8 (2015-10-12): - -This is a small update release, we're reverting -[`22a3af0`](https://github.com/npm/npm/commit/22a3af0) from last week's -release, as it is resulting in crashes. We'll revisit this PR during this -week. - -* [`ddde1d5`](https://github.com/npm/npm/commit/ddde1d5) - Revert "lifecycle: Swap out custom logic with add-to-path module" - ([@iarna](https://github.com/iarna)) - -### v3.3.7 (2015-10-08): - -So, as Kat mentioned in last week's 2.x release, we're now swapping weeks -between accepting PRs and doing dependency updates, in an effort to keep -release management work from taking over our lives. This week is a PR week, -so we've got a bunch of goodies for you. - -Relatedly, this week means 3.3.6 is now `latest` and it is WAY faster than -previous 3.x releases. Give it or this a look! - -#### OPTIONAL DEPS, MORE OPTIONAL - -* [`2289234`](https://github.com/npm/npm/commit/2289234) - [#9643](https://github.com/npm/npm/issues/9643) - [#9664](https://github.com/npm/npm/issues/9664) - `npm@3` was triggering `npm@2`'s build mechanics when it was linking bin files - into the tree. This was originally intended to trigger rebuilds of - bundled modules, but `npm@3`'s flat module structure confused it. This - caused two seemingly unrelated issues. First, failing optional - dependencies could under some circumstances (if they were built during - this phase) trigger a full build failure. And second, rebuilds were being - triggered of already installed modules, again, in some circumstances. - Both of these are fixed by disabling the `npm@2` mechanics and adding a - special rebuild phase for the initial installation of bundled modules. - ([@iarna](https://github.com/iarna)) - -#### BAD NAME, NO CRASH - -* [`b78fec9`](https://github.com/npm/npm/commit/b78fec9) - [#9766](https://github.com/npm/npm/issues/9766) - Refactor all attempts to read the module name or package name to go via a - single function, with appropriate guards unusual circumstances where they - aren't where we expect them. This ultimately will ensure we don't see any - more recurrences of the `localeCompare` error and related crashers. - ([@iarna](https://github.com/iarna)) - -#### MISCELLANEOUS BUG FIXES - -* [`22a3af0`](https://github.com/npm/npm/commit/22a3af0) - [#9553](https://github.com/npm/npm/pull/9553) - Factor the lifecycle code to manage paths out into its own module and use that. - ([@kentcdodds](https://github.com/kentcdodds)) -* [`6a29fe3`](https://github.com/npm/npm/commit/6a29fe3) - [#9677](https://github.com/npm/npm/pull/9677) - Start testing our stuff in node 4 on travis - ([@fscherwi](https://github.com/fscherwi)) -* [`508c6a4`](https://github.com/npm/npm/commit/508c6a4) - [#9669](https://github.com/npm/npm/issues/9669) - Make `recalculateMetadata` more resilient to unexpectedly bogus dependency specifiers. - ([@tmct](https://github.com/tmct)) -* [`3c44763`](https://github.com/npm/npm/commit/3c44763) - [#9643](https://github.com/npm/npm/issues/9463) - Update `install --only` to ignore the `NODE_ENV` var and _just_ use the only - value, if specified. - ([@watilde](https://github.com/watilde)) -* [`87336c3`](https://github.com/npm/npm/commit/87336c3) - [#9879](https://github.com/npm/npm/pull/9879) - `npm@3`'s shrinkwrap was refusing to shrinkwrap if an optional dependency - was missing– patch it to allow this. - ([@mantoni](https://github.com/mantoni)) - -#### DOCUMENTATION UPDATES - -* [`82659fd`](https://github.com/npm/npm/commit/82659fd) - [#9208](https://github.com/npm/npm/issues/9208) - Correct the npm style guide around quote usage - ([@aaroncrows](https://github.com/aaroncrows)) -* [`a69c83a`](https://github.com/npm/npm/commit/a69c83a) - [#9645](https://github.com/npm/npm/pull/9645) - Fix spelling error in README - ([@dkoleary88](https://github.com/dkoleary88)) -* [`f2cf054`](https://github.com/npm/npm/commit/f2cf054) - [#9714](https://github.com/npm/npm/pull/9714) - Fix typos in our documentation - ([@reggi](https://github.com/reggi)) -* [`7224bef`](https://github.com/npm/npm/commit/7224bef) - [#9759](https://github.com/npm/npm/pull/9759) - Fix typo in npm-team docs - ([@zkat](https://github.com/zkat)) -* [`7e6e007`](https://github.com/npm/npm/commit/7e6e007) - [#9820](https://github.com/npm/npm/pull/9820) - Correct documentation as to `binding.gyp` - ([@KenanY](https://github.com/KenanY)) - -### v3.3.6 (2015-09-30): - -I have the most exciting news for you this week. YOU HAVE NO IDEA. Well, -ok, maybe you do if you follow my twitter. - -Performance just got 5 bazillion times better (under some circumstances, -ymmv, etc). So– my test scenario is our very own website. In `npm@2`, on my -macbook running `npm ls` takes about 5 seconds. Personally it's more than -I'd like, but it's entire workable. In `npm@3` it has been taking _50_ seconds, -which is appalling. But after doing some work on Monday isolating the performance -issues I've been able to reduce `npm@3`'s run time back down to 5 seconds. - -Other scenarios were even worse, there was one that until now in `npm@3` that -took almost 6 minutes, and has been reduced to 14 seconds. - -* [`7bc0d4c`](https://github.com/npm/npm/commit/7bc0d4c) - [`cf42217`](https://github.com/npm/npm/commit/cf42217) - [#8826](https://github.com/npm/npm/issues/8826) - Stop using deepclone on super big datastructures. Avoid cloning - all-together even when that means mutating things, when possible. - Otherwise use a custom written tree-copying function that understands - the underlying datastructure well enough to only copy what we absolutely - need to. - ([@iarna](https://github.com/iarna)) - -In other news, look for us this Friday and Saturday at the amazing -[Open Source and Feelings](https://osfeels.com) conference, where something like a -third of the company will be attending. - -#### And finally a dependency update - -* [`a6a4437`](https://github.com/npm/npm/commit/a6a4437) - `glob@5.0.15` - ([@isaacs](https://github.com/isaacs)) - -#### And some subdep updates - -* [`cc5e6a0`](https://github.com/npm/npm/commit/cc5e6a0) - `hoek@2.16.3` - ([@nlf](https://github.com/nlf)) -* [`912a516`](https://github.com/npm/npm/commit/912a516) - `boom@2.9.0` - ([@arb](https://github.com/arb)) -* [`63944e9`](https://github.com/npm/npm/commit/63944e9) - `bluebird@2.10.1` - ([@petkaantonov](https://github.com/petkaantonov)) -* [`ef16003`](https://github.com/npm/npm/commit/ef16003) - `mime-types@2.1.7` & `mime-db@1.19.0` - ([@dougwilson](https://github.com/dougwilson)) -* [`2b8c0dd`](https://github.com/npm/npm/commit/2b8c0dd) - `request@2.64.0` - ([@simov](https://github.com/simov)) -* [`8139124`](https://github.com/npm/npm/commit/8139124) - `brace-expansion@1.1.1` - ([@juliangruber](https://github.com/juliangruber)) - -### v3.3.5 (2015-09-24): - -Some of you all may not be aware, but npm is ALSO a company. I tell you this -'cause npm-the-company had an all-staff get together this week, flying in -our remote folks from around the world. That was great, but it also -basically eliminated normal work on Monday and Tuesday. - -Still, we've got a couple of really important bug fixes this week. Plus a -lil bit from the [now LTS 2.x branch](https://github.com/npm/npm/releases/tag/v2.14.6). - -#### ATTENTION WINDOWS USERS - -If you previously updated to npm 3 and you try to update again, you may get -an error messaging telling you that npm won't install npm into itself. Until you -are at 3.3.5 or greater, you can get around this with `npm install -f -g npm`. - -* [`bef06f5`](https://github.com/npm/npm/commit/bef06f5) - [#9741](https://github.com/npm/npm/pull/9741) Uh... so... er... it - seems that since `npm@3.2.0` on Windows with a default configuration, it's - been impossible to update npm. Well, that's not actually true, there's a - work around (see above), but it shouldn't be complaining in the first - place. - ([@iarna](https://github.com/iarna)) - -#### STACK OVERFLOWS ON PUBLISH - -* [`330b496`](https://github.com/npm/npm/commit/330b496) - [#9667](https://github.com/npm/npm/pull/9667) - We were keeping track of metadata about your project while packing the - tree in a way that resulted in this data being written to packed tar files - headers. When this metadata included cycles, it resulted in the the tar - file entering an infinite recursive loop and eventually crashing with a - stack overflow. - - I've patched this by keeping track of your metadata by closing over the - variables in question instead, and I've further restricted gathering and - tracking the metadata to times when it's actually needed. (Which is only - if you need bundled modules.) - ([@iarna](https://github.com/iarna)) - -#### LESS CRASHY ERROR MESSAGES ON BAD PACKAGES - -* [`829921f`](https://github.com/npm/npm/commit/829921f) - [#9741](https://github.com/npm/npm/pull/9741) - Packages with invalid names or versions were crashing the installer. These - are now captured and warned as was originally intended. - ([@iarna](https://github.com/iarna)) - -#### ONE DEPENDENCY UPDATE - -* [`963295c`](https://github.com/npm/npm/commit/963295c) - `npm-install-checks@2.0.1` - ([@iarna](https://github.com/iarna)) - -#### AND ONE SUBDEPENDENCY - -* [`448737d`](https://github.com/npm/npm/commit/448737d) - `request@2.63.0` - ([@simov](https://github.com/simov)) - -### v3.3.4 (2015-09-17): - -This is a relatively quiet release, bringing a few bug fixes and -some module updates, plus via the -[2.14.5 release](https://github.com/npm/npm/releases/tag/v2.14.5) -some forward compatibility fixes with versions of Node that -aren't yet released. - -#### NO BETA NOTICE THIS TIME!! - -But, EXCITING NEWS FRIENDS, this week marks the exit of `npm@3` -from beta. This means that the week of this release, -[v3.3.3](https://github.com/npm/npm/releases/tag/v3.3.3) will -become `latest` and this version (v3.3.4) will become `next`!! - -#### CRUFT FOR THE CRUFT GODS - -What I call "cruft", by which I mean, files sitting around in -your `node_modules` folder, will no longer produce warnings in -`npm ls` nor during `npm install`. This brings `npm@3`'s behavior -in line with `npm@2`. - -* [`a127801`](https://github.com/npm/npm/commit/a127801) - [#9285](https://github.com/npm/npm/pull/9586) - Stop warning about cruft in module directories. - ([@iarna](https://github.com/iarna)) - -#### BETTER ERROR MESSAGE - -* [`95ee92c`](https://github.com/npm/npm/commit/95ee92c) - [#9433](https://github.com/npm/npm/issues/9433) - Give better error messages for invalid URLs in the dependency - list. - ([@jamietre](https://github.com/jamietre)) - -#### MODULE UPDATES - -* [`ebb92ca`](https://github.com/npm/npm/commit/ebb92ca) - `retry@0.8.0` ([@tim-kos](https://github.com/tim-kos)) -* [`55f1285`](https://github.com/npm/npm/commit/55f1285) - `normalize-package-data@2.3.4` ([@zkat](https://github.com/zkat)) -* [`6d4ebff`](https://github.com/npm/npm/commit/6d4ebff) - `sha@2.0.1` ([@ForbesLindesay](https://github.com/ForbesLindesay)) -* [`09a9c7a`](https://github.com/npm/npm/commit/09a9c7a) - `semver@5.0.3` ([@isaacs](https://github.com/isaacs)) -* [`745000f`](https://github.com/npm/npm/commit/745000f) - `node-gyp@3.0.3` ([@rvagg](https://github.com/rvagg)) - -#### SUB DEP MODULE UPDATES - -* [`578ca25`](https://github.com/npm/npm/commit/578ca25) - `request@2.62.0` ([@simov](https://github.com/simov)) -* [`1d8996e`](https://github.com/npm/npm/commit/1d8996e) - `jju@1.2.1` ([@rlidwka](https://github.com/rlidwka)) -* [`6da1ba4`](https://github.com/npm/npm/commit/6da1ba4) - `hoek@2.16.2` ([@nlf](https://github.com/nlf)) - -### v3.3.3 (2015-09-10): - -This short week brought us brings us a few small bug fixes, a -doc change and a whole lotta dependency updates. - -Plus, as usual, this includes a forward port of everything in -[`npm@2.14.4`](https://github.com/npm/npm/releases/tag/v2.14.4). - -#### BETA BUT NOT FOREVER - -**_THIS IS BETA SOFTWARE_**. `npm@3` will remain in beta until -we're confident that it's stable and have assessed the effect of -the breaking changes on the community. During that time we will -still be doing `npm@2` releases, with `npm@2` tagged as `latest` -and `next`. We'll _also_ be publishing new releases of `npm@3` -as `npm@v3.x-next` and `npm@v3.x-latest` alongside those -versions until we're ready to switch everyone over to `npm@3`. -We need your help to find and fix its remaining bugs. It's a -significant rewrite, so we are _sure_ there still significant -bugs remaining. So do us a solid and deploy it in non-critical -CI environments and for day-to-day use, but maybe don't use it -for production maintenance or frontline continuous deployment -just yet. - -#### REMOVE INSTALLED BINARIES ON WINDOWS - -So waaaay back at the start of August, I fixed a bug with -[#9198](https://github.com/npm/npm/pull/9198). That fix made it -so that if you had two modules installed that both installed the -same binary (eg `gulp` & `gulp-cli`), that removing one wouldn't -remove the binary if it was owned by the other. - -It did this by doing some hocus-pocus that, turns out, was -Unix-specific, so on Windows it just threw up its hands and -stopped removing installed binaries at all. Not great. - -So today we're fixing that– it let us maintain the same safety -that we added in #9198, but ALSO works with Windows. - -* [`25fbaed`](https://github.com/npm/npm/commit/25fbaed) - [#9394](https://github.com/npm/npm/issues/9394) - Treat cmd-shims the same way we treat symlinks - ([@iarna](https://github.com/iarna)) - -#### API DOCUMENTATION HAS BEEN SACRIFICED THE API GOD - -The documentation of the internal APIs of npm is going away, -because it would lead people into thinking they should integrate -with npm by using it. Please don't do that! In the future, we'd -like to give you a suite of stand alone modules that provide -better, more stand alone APIs for your applications to build on. -But for now, call the npm binary with `process.exec` or -`process.spawn` instead. - -* [`2fb60bf`](https://github.com/npm/npm/commit/2fb60bf) - Remove misleading API documentation - ([@othiym23](https://github.com/othiym23)) - -#### ALLOW `npm link` ON WINDOWS W/ PRERELEASE VERSIONS OF NODE - -We never meant to have this be a restriction in the first place -and it was only just discovered with the recent node 4.0.0 -release candidate. - -* [`6665e54`](https://github.com/npm/npm/commit/6665e54) - [#9505](https://github.com/npm/npm/pull/9505) - Allow npm link to run on Windows with prerelease versions of - node - ([@jon-hall](https://github.com/jon-hall)) - -#### graceful-fs update - -We're updating all of npm's deps to use the most recent -`graceful-fs`. This turns out to be important for future not yet -released versions of node, because older versions monkey-patch -`fs` in ways that will break in the future. Plus it ALSO makes -use of `process.binding` which is an internal API that npm -definitely shouldn't have been using. We're not done yet, but -this is the bulk of them. - -* [`e7bc98e`](https://github.com/npm/npm/commit/e7bc98e) - `write-file-atomic@1.1.3` - ([@iarna](https://github.com/iarna)) -* [`7417600`](https://github.com/npm/npm/commit/7417600) - `tar@2.2.1` - ([@zkat](https://github.com/zkat)) -* [`e4e9d40`](https://github.com/npm/npm/commit/e4e9d40) - `read-package-json@2.0.1` - ([@zkat](https://github.com/zkat)) -* [`481611d`](https://github.com/npm/npm/commit/481611d) - `read-installed@4.0.3` - ([@zkat](https://github.com/zkat)) -* [`0dabbda`](https://github.com/npm/npm/commit/0dabbda) - `npm-registry-client@7.0.4` - ([@zkat](https://github.com/zkat)) -* [`c075a91`](https://github.com/npm/npm/commit/c075a91) - `fstream@1.0.8` - ([@zkat](https://github.com/zkat)) -* [`2e4341a`](https://github.com/npm/npm/commit/2e4341a) - `fs-write-stream-atomic@1.0.4` - ([@zkat](https://github.com/zkat)) -* [`18ad16e`](https://github.com/npm/npm/commit/18ad16e) - `fs-vacuum@1.2.7` - ([@zkat](https://github.com/zkat)) - -#### DEPENDENCY UPDATES - -* [`9d6666b`](https://github.com/npm/npm/commit/9d6666b) - `node-gyp@3.0.1` - ([@rvagg](https://github.com/rvagg)) -* [`349c4df`](https://github.com/npm/npm/commit/349c4df) - `retry@0.7.0` - ([@tim-kos](https://github.com/tim-kos)) -* [`f507551`](https://github.com/npm/npm/commit/f507551) - `which@1.1.2` - ([@isaacs](https://github.com/isaacs)) -* [`e5b6743`](https://github.com/npm/npm/commit/e5b6743) - `nopt@3.0.4` - ([@zkat](https://github.com/zkat)) - -#### THE DEPENDENCIES OF OUR DEPENDENCIES ARE OUR DEPENDENCIES UPDATES - -* [`316382d`](https://github.com/npm/npm/commit/316382d) - `mime-types@2.1.6` & `mime-db@1.18.0` -* [`64b741e`](https://github.com/npm/npm/commit/64b741e) - `spdx-correct@1.0.1` -* [`fff62ac`](https://github.com/npm/npm/commit/fff62ac) - `process-nextick-args@1.0.3` -* [`9d6488c`](https://github.com/npm/npm/commit/9d6488c) - `cryptiles@2.0.5` -* [`1912012`](https://github.com/npm/npm/commit/1912012) - `bluebird@2.10.0` -* [`4d09402`](https://github.com/npm/npm/commit/4d09402) - `readdir-scoped-modules@1.0.2` - -### v3.3.2 (2015-09-04): - -#### PLEASE HOLD FOR THE NEXT AVAILABLE MAINTAINER - -This is a tiny little maintenance release, both to update dependencies and to -keep `npm@3` up to date with changes made to `npm@2`. -[@othiym23](https://github.com/othiym23) is putting out this release (again) as -his esteemed colleague [@iarna](https://github.com/iarna) finishes relocating -herself, her family, and her sizable anime collection all the way across North -America. It contains [all the goodies in -`npm@2.14.3`](https://github.com/npm/npm/releases/tag/v2.14.3) and one other -dependency update. - -#### BETA WARNINGS FOR FUN AND PROFIT - -**_THIS IS BETA SOFTWARE_**. `npm@3` will remain in beta until we're -confident that it's stable and have assessed the effect of the breaking -changes on the community. During that time we will still be doing `npm@2` -releases, with `npm@2` tagged as `latest` and `next`. We'll _also_ be -publishing new releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest` -alongside those versions until we're ready to switch everyone over to -`npm@3`. We need your help to find and fix its remaining bugs. It's a -significant rewrite, so we are _sure_ there still significant bugs -remaining. So do us a solid and deploy it in non-critical CI environments -and for day-to-day use, but maybe don't use it for production maintenance or -frontline continuous deployment just yet. - -That said, it's getting there! It will be leaving beta very soon! - -#### ONE OTHER DEPENDENCY UPDATE - -* [`bb5de34`](https://github.com/npm/npm/commit/bb5de3493531228df0bd3f0742d5493c826be6dd) - `is-my-json-valid@2.12.2`: Upgrade to a new, modernized version of - `json-pointer`. ([@mafintosh](https://github.com/mafintosh)) - -### v3.3.1 (2015-08-27): - -Hi all, this `npm@3` update brings you another round of bug fixes. The -headliner here is that `npm update` works again. We're running down the -clock on blocker 3.x issues! Shortly after that hits zero we'll be -promoting 3.x to latest!! - -And of course, we have changes that were brought forward from 2.x. Check out -the release notes for -[2.14.1](https://github.com/npm/npm/releases/tag/v2.14.1) and -[2.14.2](https://github.com/npm/npm/releases/tag/v2.14.2). - -#### BETA WARNINGS FOR FUN AND PROFIT - -**_THIS IS BETA SOFTWARE_**. `npm@3` will remain in beta until we're -confident that it's stable and have assessed the effect of the breaking -changes on the community. During that time we will still be doing `npm@2` -releases, with `npm@2` tagged as `latest` and `next`. We'll _also_ be -publishing new releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest` -alongside those versions until we're ready to switch everyone over to -`npm@3`. We need your help to find and fix its remaining bugs. It's a -significant rewrite, so we are _sure_ there still significant bugs -remaining. So do us a solid and deploy it in non-critical CI environments -and for day-to-day use, but maybe don't use it for production maintenance or -frontline continuous deployment just yet. - -#### NPM UPDATE, NOW AGAIN YOUR FRIEND - -* [`f130a00`](https://github.com/npm/npm/commit/f130a00) - [#9095](https://github.com/npm/npm/issues/9095) - `npm update` once again works! Previously, after selecting packages - to update, it would then pick the wrong location to run the install - from. ([@iarna](https://github.com/iarna)) - -#### MORE VERBOSING FOR YOUR VERBOSE LIFECYCLES - -* [`d088b7d`](https://github.com/npm/npm/commit/d088b7d) - [#9227](https://github.com/npm/npm/pull/9227) - Add some additional logging at the verbose and silly levels - when running lifecycle scripts. Hopefully this will make - debugging issues with them a bit easier! - ([@saper](https://github.com/saper)) - -#### AND SOME OTHER BUG FIXES… - -* [`f4a5784`](https://github.com/npm/npm/commit/f4a5784) - [#9308](https://github.com/npm/npm/issues/9308) - Make fetching metadata for local modules faster! This ALSO means - that doing things like running `npm repo` won't build your - module and maybe run `prepublish`. - ([@iarna](https://github.com/iarna)) - -* [`4468c92`](https://github.com/npm/npm/commit/4468c92) - [#9205](https://github.com/npm/npm/issues/9205) - Fix a bug where local modules would sometimes not resolve relative - links using the correct base path. - ([@iarna](https://github.com/iarna)) - -* [`d395a6b`](https://github.com/npm/npm/commit/d395a6b) - [#8995](https://github.com/npm/npm/issues/8995) - Certain combinations of packages could result in different install orders for their - initial installation than for reinstalls run on the same folder. - ([@iarna](https://github.com/iarna)) - -* [`d119ea6`](https://github.com/npm/npm/commit/d119ea6) - [#9113](https://github.com/npm/npm/issues/9113) - Make extraneous packages _always_ up in `npm ls`. Previously, if an - extraneous package had a dependency that depended back on the original - package this would result in the package not showing up in `ls`. - ([@iarna](https://github.com/iarna)) - -* [`02420dc`](https://github.com/npm/npm/commit/02420dc) - [#9113](https://github.com/npm/npm/issues/9113) - Stop warning about missing top level package.json files. Errors in said - files will still be reported. - ([@iarna](https://github.com/iarna)) - -#### SOME DEP UPDATES - -* [`1ed1364`](https://github.com/npm/npm/commit/1ed1364) `rimraf@2.4.3` - ([@isaacs](https://github.com/isaacs)) Added EPERM to delay/retry loop -* [`e7b8315`](https://github.com/npm/npm/commit/e7b8315) `read@1.0.7` - Smaller distribution package, better metadata - ([@isaacs](https://github.com/isaacs)) - -#### SOME DEPS OF DEPS UPDATES - -* [`b273bcc`](https://github.com/npm/npm/commit/b273bcc) `mime-types@2.1.5` -* [`df6e225`](https://github.com/npm/npm/commit/df6e225) `mime-db@1.17.0` -* [`785f2ad`](https://github.com/npm/npm/commit/785f2ad) `is-my-json-valid@2.12.1` -* [`88170dd`](https://github.com/npm/npm/commit/88170dd) `form-data@1.0.0-rc3` -* [`af5357b`](https://github.com/npm/npm/commit/af5357b) `request@2.61.0` -* [`337f96a`](https://github.com/npm/npm/commit/337f96a) `chalk@1.1.1` -* [`3dfd74d`](https://github.com/npm/npm/commit/3dfd74d) `async@1.4.2` - -### v3.3.0 (2015-08-13): - -This is a pretty EXCITING week. But I may be a little excitable– or -possibly sleep deprived, it's sometimes hard to tell them apart. =D So -[Kat](https://github.com/zkat) really went the extra mile this week and got -the client side support for teams and orgs out in this week's 2.x release. -You can't use that just yet, 'cause we have to turn on some server side -stuff too, but this way it'll be there for you all the moment we do! Check -out the details over in the [2.14.0 release -notes](https://github.com/npm/npm/releases/tag/v2.14.0)! - -But we over here in 3.x ALSO got a new feature this week, check out the new -`--only` and `--also` flags for better control over when dev and production -dependencies are used by various npm commands. - -That, and some important bug fixes round out this week. Enjoy everyone! - -#### NEVER SHALL NOT BETA THE BETA - -**_THIS IS BETA SOFTWARE_**. EXCITING NEW BETA WARNING!!! Ok, I fibbed, -EXACTLY THE SAME BETA WARNINGS: `npm@3` will remain in beta until we're -confident that it's stable and have assessed the effect of the breaking -changes on the community. During that time we will still be doing `npm@2` -releases, with `npm@2` tagged as `latest` and `next`. We'll _also_ be -publishing new releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest` -alongside those versions until we're ready to switch everyone over to -`npm@3`. We need your help to find and fix its remaining bugs. It's a -significant rewrite, so we are _sure_ there still significant bugs -remaining. So do us a solid and deploy it in non-critical CI environments -and for day-to-day use, but maybe don't use it for production maintenance or -frontline continuous deployment just yet. - -#### ONLY ALSO DEV - -Hey we've got a SUPER cool new feature for you all, thanks to the fantastic -work of [@davglass](https://github.com/davglass) and -[@bengl](https://github.com/bengl) we have `--only=prod`, -`--only=dev`, `--also=prod` and `--also=dev` options. These apply in -various ways to: `npm install`, `npm ls`, `npm outdated` and `npm update`. - -So for instance: - -``` -npm install --only=dev -``` - -Only installs dev dependencies. By contrast: - -``` -npm install --only=prod -``` - -Will only install prod dependencies and is very similar to `--production` -but differs in that it doesn't set the environment variables that -`--production` does. - -The related new flag, `--also` is most useful with things like: - -``` -npm shrinkwrap --also=dev -``` - -As shrinkwraps don't include dev deps by default. This replaces passing in -`--dev` in that scenario. - -And that leads into the fact that this deprecates `--dev` as its semantics -across commands were inconsistent and confusing. - -* [`3ab1eea`](https://github.com/npm/npm/commit/3ab1eea) - [#9024](https://github.com/npm/npm/pull/9024) - Add support for `--only`, `--also` and deprecate `--dev` - ([@bengl](https://github.com/bengl)) - -#### DON'T TOUCH! THAT'S NOT YOUR BIN - -* [`b31812e`](https://github.com/npm/npm/commit/b31812e) - [#8996](https://github.com/npm/npm/pull/8996) - When removing a module that has bin files, if one that we're going to - remove is a symlink to a DIFFERENT module, leave it alone. This only happens - when you have two modules that try to provide the same bin. - ([@iarna](https://github.com/iarna)) - -#### THERE'S AN END IN SIGHT - -* [`d2178a9`](https://github.com/npm/npm/commit/d2178a9) - [#9223](https://github.com/npm/npm/pull/9223) - Close a bunch of infinite loops that could show up with symlink cycles in your dependencies. - ([@iarna](https://github.com/iarna)) - -#### OOPS DIDN'T MEAN TO FIX THAT - -Well, not _just_ yet. This was scheduled for next week, but it snuck into -2.x this week. - -* [`139dd92`](https://github.com/npm/npm/commit/139dd92) - [#8716](https://github.com/npm/npm/pull/8716) - `npm init` will now only pick up the modules you install, not everything - else that got flattened with them. - ([@iarna](https://github.com/iarna)) - -### v3.2.2 (2015-08-08): - -Lot's of lovely bug fixes for `npm@3`. I'm also suuuuper excited that I -think we have a handle on stack explosions that effect a small portion of -our users. We also have some tantalizing clues as to where some low hanging -fruit may be for performance issues. - -And of course, in addition to the `npm@3` specific bug fixes, there are some -great one's coming in from `npm@2`! [@othiym23](https://github.com/othiym23) -put together that release this week– check out its -[release notes](https://github.com/npm/npm/releases/tag/v2.13.4) for the deets. - -#### AS ALWAYS STILL BETA - -**_THIS IS BETA SOFTWARE_**. Just like the airline safety announcements, -we're not taking this plane off till we finish telling you: `npm@3` will -remain in beta until we're confident that it's stable and have assessed the -effect of the breaking changes on the community. During that time we will -still be doing `npm@2` releases, with `npm@2` tagged as `latest` and `next`. -We'll _also_ be publishing new releases of `npm@3` as `npm@v3.x-next` and -`npm@v3.x-latest` alongside those versions until we're ready to switch -everyone over to `npm@3`. We need your help to find and fix its remaining -bugs. It's a significant rewrite, so we are _sure_ there still significant -bugs remaining. So do us a solid and deploy it in non-critical CI -environments and for day-to-day use, but maybe don't use it for production -maintenance or frontline continuous deployment just yet. - -#### BUG FIXES - -* [`a8c8a13`](https://github.com/npm/npm/commit/a8c8a13) - [#9050](https://github.com/npm/npm/issues/9050) - Resolve peer deps relative to the parent of the requirer - ([@iarna](http://github.com/iarna)) -* [`05f0226`](https://github.com/npm/npm/commit/05f0226) - [#9077](https://github.com/npm/npm/issues/9077) - Fix crash when saving `git+ssh` urls - ([@iarna](http://github.com/iarna)) -* [`e4a3808`](https://github.com/npm/npm/commit/e4a3808) - [#8951](https://github.com/npm/npm/issues/8951) - Extend our patch to allow `*` to match something when a package only has - prerelease versions to everything and not just the cache. - ([@iarna](http://github.com/iarna)) -* [`d135abf`](https://github.com/npm/npm/commit/d135abf) - [#8871](https://github.com/npm/npm/issues/8871) - Don't warn about a missing `package.json` or missing fields in the global - install directory. - ([@iarna](http://github.com/iarna)) - -#### DEP VERSION BUMPS - -* [`990ee4f`](https://github.com/npm/npm/commit/990ee4f) - `path-is-inside@1.0.1` ([@domenic](https://github.com/domenic)) -* [`1f71ec0`](https://github.com/npm/npm/commit/1f71ec0) - `lodash.clonedeep@3.0.2` ([@jdalton](https://github.com/jdalton)) -* [`a091354`](https://github.com/npm/npm/commit/a091354) - `marked@0.3.5` ([@chjj](https://github.com/chjj)) -* [`fc51f28`](https://github.com/npm/npm/commit/fc51f28) - `tap@1.3.2` ([@isaacs](https://github.com/isaacs)) -* [`3569ec0`](https://github.com/npm/npm/commit/3569ec0) - `nock@2.10.0` ([@pgte](https://github.com/pgte)) -* [`ad5f6fd`](https://github.com/npm/npm/commit/ad5f6fd) - `npm-registry-mock@1.0.1` ([@isaacs](https://github.com/isaacs)) - -### v3.2.1 (2015-07-31): - -#### AN EXTRA QUIET RELEASE - -A bunch of stuff got deferred for various reasons, which just means more -branches to land next week! - -Don't forget to check out [Kat's 2.x release](https://github.com/npm/npm/releases/tag/v2.13.4) for other quiet goodies. - -#### AS ALWAYS STILL BETA - -**_THIS IS BETA SOFTWARE_**. Yes, we're still reminding you of this. No, -you can't be excused. `npm@3` will remain in beta until we're confident -that it's stable and have assessed the effect of the breaking changes on the -community. During that time we will still be doing `npm@2` releases, with -`npm@2` tagged as `latest` and `next`. We'll _also_ be publishing new -releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest` alongside those -versions until we're ready to switch everyone over to `npm@3`. We need your -help to find and fix its remaining bugs. It's a significant rewrite, so we -are _sure_ there still significant bugs remaining. So do us a solid and -deploy it in non-critical CI environments and for day-to-day use, but maybe -don't use it for production maintenance or frontline continuous deployment -just yet. - - -#### MAKING OUR TESTS TEST THE THING THEY TEST - -* [`6e53c3d`](https://github.com/npm/npm/commit/6e53c3d) - [#8985](https://github.com/npm/npm/pull/8985) - Many thanks to @bengl for noticing that one of our tests wasn't testing - what it claimed it was testing! ([@bengl](https://github.com/bengl)) - -#### MY PACKAGE.JSON WAS ALREADY IN THE RIGHT ORDER - -* [`eb2c7aa`](https://github.com/npm/npm/commit/d00d0f) - [#9068](https://github.com/npm/npm/pull/9079) - Stop sorting keys in the `package.json` that we haven't edited. Many - thanks to [@Qix-](https://github.com/Qix-) for bringing this up and - providing a first pass at a patch for this. - ([@iarna](https://github.com/iarna)) - -#### DEV DEP UPDATE - -* [`555f60c`](https://github.com/npm/npm/commit/555f60c) `marked@0.3.4` - -### v3.2.0 (2015-07-24): - -#### MORE CONFIG, BETTER WINDOWS AND A BUG FIX - -This is a smallish release with a new config option and some bug fixes. And -lots of module updates. - -#### BETA BETAS ON - -**_THIS IS BETA SOFTWARE_**. Yes, we're still reminding you of this. No, -you can't be excused. `npm@3` will remain in beta until we're confident -that it's stable and have assessed the effect of the breaking changes on the -community. During that time we will still be doing `npm@2` releases, with -`npm@2` tagged as `latest` and `next`. We'll _also_ be publishing new -releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest` alongside those -versions until we're ready to switch everyone over to `npm@3`. We need your -help to find and fix its remaining bugs. It's a significant rewrite, so we -are _sure_ there still significant bugs remaining. So do us a solid and -deploy it in non-critical CI environments and for day-to-day use, but maybe -don't use it for production maintenance or frontline continuous deployment -just yet. - - -#### NEW CONFIGS, LESS PROGRESS - -* [`423d8f7`](https://github.com/npm/npm/commit/423d8f7) - [#8704](https://github.com/npm/npm/issues/8704) - Add the ability to disable the new progress bar with `--no-progress` - ([@iarna](https://github.com/iarna)) - -#### AND BUG FIXES - -* [`b3ee452`](https://github.com/npm/npm/commit/b3ee452) - [#9038](https://github.com/npm/npm/pull/9038) - We previously disabled the use of the new `fs.access` API on Windows, but - the bug we were seeing is fixed in `io.js@1.5.0` so we now use `fs.access` - if you're using that version or greater. - ([@iarna](https://github.com/iarna)) - -* [`b181fa3`](https://github.com/npm/npm/commit/b181fa3) - [#8921](https://github.com/npm/npm/issues/8921) - [#8637](https://github.com/npm/npm/issues/8637) - Rejigger how we validate modules for install. This allow is to fix - a problem where arch/os checking wasn't being done at all. - It also made it easy to add back in a check that declines to - install a module in itself unless you force it. - ([@iarna](https://github.com/iarna)) - -#### AND A WHOLE BUNCH OF SUBDEP VERSIONS - -These are all development dependencies and semver-compatible subdep -upgrades, so they should not have visible impact on users. - -* [`6b3f6d9`](https://github.com/npm/npm/commit/6b3f6d9) `standard@4.3.3` -* [`f4e22e5`](https://github.com/npm/npm/commit/f4e22e5) `readable-stream@2.0.2` (inside concat-stream) -* [`f130bfc`](https://github.com/npm/npm/commit/f130bfc) `minimatch@2.0.10` (inside node-gyp's copy of glob) -* [`36c6a0d`](https://github.com/npm/npm/commit/36c6a0d) `caseless@0.11.0` -* [`80df59c`](https://github.com/npm/npm/commit/80df59c) `chalk@1.1.0` -* [`ea935d9`](https://github.com/npm/npm/commit/ea935d9) `bluebird@2.9.34` -* [`3588a0c`](https://github.com/npm/npm/commit/3588a0c) `extend@3.0.0` -* [`c6a8450`](https://github.com/npm/npm/commit/c6a8450) `form-data@1.0.0-rc2` -* [`a04925b`](https://github.com/npm/npm/commit/a04925b) `har-validator@1.8.0` -* [`ee7c095`](https://github.com/npm/npm/commit/ee7c095) `has-ansi@2.0.0` -* [`944fc34`](https://github.com/npm/npm/commit/944fc34) `hawk@3.1.0` -* [`783dc7b`](https://github.com/npm/npm/commit/783dc7b) `lodash._basecallback@3.3.1` -* [`acef0fe`](https://github.com/npm/npm/commit/acef0fe) `lodash._baseclone@3.3.0` -* [`dfe959a`](https://github.com/npm/npm/commit/dfe959a) `lodash._basedifference@3.0.3` -* [`a03bc76`](https://github.com/npm/npm/commit/a03bc76) `lodash._baseflatten@3.1.4` -* [`8a07d50`](https://github.com/npm/npm/commit/8a07d50) `lodash._basetostring@3.0.1` -* [`7785e3f`](https://github.com/npm/npm/commit/7785e3f) `lodash._baseuniq@3.0.3` -* [`826fb35`](https://github.com/npm/npm/commit/826fb35) `lodash._createcache@3.1.2` -* [`76030b3`](https://github.com/npm/npm/commit/76030b3) `lodash._createpadding@3.6.1` -* [`1a49ec6`](https://github.com/npm/npm/commit/1a49ec6) `lodash._getnative@3.9.1` -* [`eebe47f`](https://github.com/npm/npm/commit/eebe47f) `lodash.isarguments@3.0.4` -* [`09994d4`](https://github.com/npm/npm/commit/09994d4) `lodash.isarray@3.0.4` -* [`b6f8dbf`](https://github.com/npm/npm/commit/b6f8dbf) `lodash.keys@3.1.2` -* [`c67dd6b`](https://github.com/npm/npm/commit/c67dd6b) `lodash.pad@3.1.1` -* [`4add042`](https://github.com/npm/npm/commit/4add042) `lodash.repeat@3.0.1` -* [`e04993c`](https://github.com/npm/npm/commit/e04993c) `lru-cache@2.6.5` -* [`2ed7da4`](https://github.com/npm/npm/commit/2ed7da4) `mime-db@1.15.0` -* [`ae08244`](https://github.com/npm/npm/commit/ae08244) `mime-types@2.1.3` -* [`e71410e`](https://github.com/npm/npm/commit/e71410e) `os-homedir@1.0.1` -* [`67c13e0`](https://github.com/npm/npm/commit/67c13e0) `process-nextick-args@1.0.2` -* [`12ee041`](https://github.com/npm/npm/commit/12ee041) `qs@4.0.0` -* [`15564a6`](https://github.com/npm/npm/commit/15564a6) `spdx-license-ids@1.0.2` -* [`8733bff`](https://github.com/npm/npm/commit/8733bff) `supports-color@2.0.0` -* [`230943c`](https://github.com/npm/npm/commit/230943c) `tunnel-agent@0.4.1` -* [`26a4653`](https://github.com/npm/npm/commit/26a4653) `ansi-styles@2.1.0` -* [`3d27081`](https://github.com/npm/npm/commit/3d27081) `bl@1.0.0` -* [`9efa110`](https://github.com/npm/npm/commit/9efa110) `async@1.4.0` - -#### MERGED FORWARD - -* As usual, we've ported all the `npm@2` goodies in this week's - [v2.13.3](https://github.com/npm/npm/releases/tag/v2.13.3) - release. - -### v3.1.3 (2015-07-17): - -Rebecca: So Kat, I hear this week's other release uses a dialog between us to -explain what changed? - -Kat: Well, you could say that… - -Rebecca: I would! This week I fixed more `npm@3` bugs! - -Kat: That sounds familiar. - -Rebecca: Eheheheh, well, before we look at those, a word from our sponsor… - -#### BETA IS AS BETA DOES - -**_THIS IS BETA SOFTWARE_**. Yes, we're still reminding you of this. No, -you can't be excused. `npm@3` will remain in beta until we're confident -that it's stable and have assessed the effect of the breaking changes on the -community. During that time we will still be doing `npm@2` releases, with -`npm@2` tagged as `latest` and `next`. We'll _also_ be publishing new -releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest` alongside those -versions until we're ready to switch everyone over to `npm@3`. We need your -help to find and fix its remaining bugs. It's a significant rewrite, so we -are _sure_ there still significant bugs remaining. So do us a solid and -deploy it in non-critical CI environments and for day-to-day use, but maybe -don't use it for production maintenance or frontline continuous deployment -just yet. - -Rebecca: Ok, enough of the dialoguing, that's Kat's schtick. But do remember -kids, betas hide in dark hallways waiting to break your stuff, stuff like… - -#### SO MANY LINKS YOU COULD MAKE A CHAIN - -* [`6d69ec9`](https://github.com/npm/npm/6d69ec9) - [#8967](https://github.com/npm/npm/issues/8967) - Removing a module linked into your globals would result in having - all of its subdeps removed. Since the npm release process does - exactly this, it burned me -every- -single- -week-. =D - While we're here, we also removed extraneous warns that used to - spill out when you'd remove a symlink. - ([@iarna](https://github.com/iarna)) - -* [`fdb360f`](https://github.com/npm/npm/fdb360f) - [#8874](https://github.com/npm/npm/issues/8874) - Linking scoped modules was failing outright, but this fixes that - and updates our tests so we don't do it again. - ([@iarna](https://github.com/iarna)) - -#### WE'LL TRY NOT TO CRACK YOUR WINDOWS - -* [`9fafb18`](https://github.com/npm/npm/9fafb18) - [#8701](https://github.com/npm/npm/issues/8701) - `npm@3` introduced permissions checks that run before it actually tries to - do something. This saves you from having an install fail half way - through. We did this using the shiny new `fs.access` function available - in `node 0.12` and `io.js`, with fallback options for older nodes. Unfortunately - the way we implemented the fallback caused racey problems for Windows systems. - This fixes that by ensuring we only ever run any one check on a directory once. - BUT it turns out there are bugs in `fs.access` on Windows. So this ALSO just disables - the use of `fs.access` on Windows entirely until that settles out. - ([@iarna](https://github.com/iarna)) - -#### ZOOM ZOOM, DEP UPDATES - -* [`5656baa`](https://github.com/npm/npm/5656baa) - `gauge@1.2.2`: Better handle terminal resizes while printing the progress bar - ([@iarna](https://github.com/iarna)) - -#### MERGED FORWARD - -* Check out Kat's [super-fresh release notes for v2.13.2](https://github.com/npm/npm/releases/tag/v2.13.2) - and see all the changes we ported from `npm@2`. - -### v3.1.2 - -#### SO VERY BETA RELEASE - -So, `v3.1.1` managed to actually break installing local modules. And then -immediately after I drove to an island for the weekend. 😁 So let's get -this fixed outside the usual release train! - -Fortunately it didn't break installing _global_ modules and so you could -swap it out for another version at least. - -#### DISCLAIMER MEANS WHAT IT SAYS - -**_THIS IS BETA SOFTWARE_**. Yes, we're still reminding you of this. No, -you can't be excused. `npm@3` will remain in beta until we're confident -that it's stable and have assessed the effect of the breaking changes on the -community. During that time we will still be doing `npm@2` releases, with -`npm@2` tagged as `latest` and `next`. We'll _also_ be publishing new -releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest` alongside those -versions until we're ready to switch everyone over to `npm@3`. We need your -help to find and fix its remaining bugs. It's a significant rewrite, so we -are _sure_ there still significant bugs remaining. So do us a solid and -deploy it in non-critical CI environments and for day-to-day use, but maybe -don't use it for production maintenance or frontline continuous deployment -just yet. - -#### THIS IS IT, THE REASON - -* [`f5e19df`](https://github.com/npm/npm/commit/f5e19df) - [#8893](https://github.com/npm/npm/issues/8893) - Fix crash when installing local modules introduced by the fix for - [#8608](https://github.com/npm/npm/issues/8608) - ([@iarna](https://github.com/iarna) - -### v3.1.1 - -#### RED EYE RELEASE - -Rebecca's up too late writing tests, so you can have `npm@3` bug fixes! Lots -of great new issues from you all! ❤️️ Keep it up! - -#### YUP STILL BETA, PLEASE PAY ATTENTION - -**_THIS IS BETA SOFTWARE_**. Yes, we're still reminding you of this. No, -you can't be excused. `npm@3` will remain in beta until we're confident -that it's stable and have assessed the effect of the breaking changes on the -community. During that time we will still be doing `npm@2` releases, with -`npm@2` tagged as `latest` and `next`. We'll _also_ be publishing new -releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest` alongside those -versions until we're ready to switch everyone over to `npm@3`. We need your -help to find and fix its remaining bugs. It's a significant rewrite, so we -are _sure_ there still significant bugs remaining. So do us a solid and -deploy it in non-critical CI environments and for day-to-day use, but maybe -don't use it for production maintenance or frontline continuous deployment -just yet. - -#### BOOGS - -* [`9badfd6`](https://github.com/npm/npm/commit/9babfd63f19f2d80b2d2624e0963b0bdb0d76ef4) - [#8608](https://github.com/npm/npm/issues/8608) - Make global installs and uninstalls MUCH faster by only reading the directories of - modules referred to by arguments. - ([@iarna](https://github.com/iarna) -* [`075a5f0`](https://github.com/npm/npm/commit/075a5f046ab6837f489b08d44cb601e9fdb369b7) - [#8660](https://github.com/npm/npm/issues/8660) - Failed optional deps would still result in the optional deps own - dependencies being installed. We now find them and fail them out of the - tree. - ([@iarna](https://github.com/iarna) -* [`c9fbbb5`](https://github.com/npm/npm/commit/c9fbbb540083396ea58fd179d81131d959d8e049) - [#8863](https://github.com/npm/npm/issues/8863) - The "no compatible version found" error message was including only the - version requested, not the name of the package we wanted. Ooops! - ([@iarna](https://github.com/iarna) -* [`32e6bbd`](https://github.com/npm/npm/commit/32e6bbd21744dcbe8c0720ab53f60caa7f2a0588) - [#8806](https://github.com/npm/npm/issues/8806) - The "uninstall" lifecycle was being run after all of a module's dependencies has been - removed. This reverses that order-- this means "uninstall" lifecycles can make use - of the package's dependencies. - ([@iarna](https://github.com/iarna) - -#### MERGED FORWARD - -* Check out the [v2.13.1 release notes](https://github.com/npm/npm/releases/tag/v2.13.1) - and see all the changes we ported from `npm@2`. - -### v3.1.0 (2015-07-02): - -This has been a brief week of bug fixes, plus some fun stuff merged forward -from this weeks 2.x release. See the -[2.13.0 release notes](https://github.com/npm/npm/releases/tag/v2.13.0) -for details on that. - -You all have been AWESOME with -[all](https://github.com/npm/npm/milestones/3.x) -[the](https://github.com/npm/npm/milestones/3.2.0) -`npm@3` bug reports! Thank you and keep up the great work! - -#### NEW PLACE, SAME CODE - -Remember how last week we said `npm@3` would go to `3.0-next` and latest -tags? Yeaaah, no, please use `npm@v3.x-next` and `npm@v3.x-latest` going forward. - -I dunno why we said "suuure, we'll never do a feature release till we're out -of beta" when we're still forward porting `npm@2.x` features. `¯\_(ツ)_/¯` - -If you do accidentally use the old tag names, I'll be maintaining them -for a few releases, but they won't be around forever. - -#### YUP STILL BETA, PLEASE PAY ATTENTION - -**_THIS IS BETA SOFTWARE_**. `npm@3` will remain in beta until we're -confident that it's stable and have assessed the effect of the breaking -changes on the community. During that time we will still be doing `npm@2` -releases, with `npm@2` tagged as `latest` and `next`. We'll _also_ be -publishing new releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest` -alongside those versions until we're ready to switch everyone over to -`npm@3`. We need your help to find and fix its remaining bugs. It's a -significant rewrite, so we are _sure_ there still significant bugs -remaining. So do us a solid and deploy it in non-critical CI environments -and for day-to-day use, but maybe don't use it for production maintenance -or frontline continuous deployment just yet. - -#### BUGS ON THE WINDOWS - - * [`0030ade`](https://github.com/npm/npm/commit/0030ade) - [#8685](https://github.com/npm/npm/issues/8685) - Windows would hang when trying to clone git repos - ([@euprogramador](https://github.com/npm/npm/pull/8777)) - * [`b259bcc`](https://github.com/npm/npm/commit/b259bcc) - [#8786](https://github.com/npm/npm/pull/8786) - Windows permissions checks would cause installations to fail under some - circumstances. We're disabling the checks entirely for this release. - I'm hoping to check back with this next week to get a Windows friendly - fix in. - ([@iarna](https://github.com/iarna)) - -#### SO MANY BUGS SQUASHED, JUST CALL US RAID - - * [`0848698`](https://github.com/npm/npm/commit/0848698) - [#8686](https://github.com/npm/npm/pull/8686) - Stop leaving progress bar cruft on the screen during publication - ([@ajcrites](https://github.com/ajcrites)) - * [`57c3cea`](https://github.com/npm/npm/commit/57c3cea) - [#8695](https://github.com/npm/npm/pull/8695) - Remote packages with shrinkwraps made npm cause node + iojs to explode - and catch fire. NO MORE. - ([@iarna](https://github.com/iarna)) - * [`2875ba3`](https://github.com/npm/npm/commit/2875ba3) - [#8723](https://github.com/npm/npm/pull/8723) - I uh, told you that engineStrict checking had gone away last week. - TURNS OUT I LIED. So this is making that actually be true. - ([@iarna](https://github.com/iarna)) - * [`28064e5`](https://github.com/npm/npm/commit/28064e5) - [#3358](https://github.com/npm/npm/issues/3358) - Consistently allow Unicode BOMs at the start of package.json files. - Previously this was allowed some of time, like when you were installing - modules, but not others, like running npm version or installing w/ - `--save`. - ([@iarna](https://github.com/iarna)) - * [`3cb6ad2`](https://github.com/npm/npm/commit/3cb6ad2) - [#8736](https://github.com/npm/npm/issues/8766) - `npm@3` wasn't running the "install" lifecycle in your current (toplevel) - module. This broke modules that relied on C compilation. BOO. - ([@iarna](https://github.com/iarna)) - * [`68da583`](https://github.com/npm/npm/commit/68da583) - [#8766](https://github.com/npm/npm/issues/8766) - To my great shame, `npm link package` wasn't working AT ALL if you - didn't have `package` already installed. - ([@iarna](https://github.com/iarna)) - * [`edd7448`](https://github.com/npm/npm/commit/edd7448) - `read-package-tree@5.0.0`: This update makes read-package-tree not explode - when there's bad data in your node_modules folder. `npm@2` silently - ignores this sort of thing. - ([@iarna](https://github.com/iarna)) - * [`0bb08c8`](https://github.com/npm/npm/commit/0bb08c8) - [#8778](https://github.com/npm/npm/pull/8778) - RELATEDLY, we now show any errors from your node_modules folder after - your installation completes as warnings. We're also reporting these in - `npm ls` now. - ([@iarna](https://github.com/iarna)) - * [`6c248ff`](https://github.com/npm/npm/commit/6c248ff) - [#8779](https://github.com/npm/npm/pull/8779) - Hey, you know how we used to complain if your `package.json` was - missing stuff? Well guess what, we are again. I know, I know, you can - thank me later. - ([@iarna](https://github.com/iarna)) - * [`d6f7c98`](https://github.com/npm/npm/commit/d6f7c98) - So, when we were rolling back after errors we had untested code that - tried to undo moves. Being untested it turns out it was very broken. - I've removed it until we have time to do this right. - ([@iarna](https://github.com/iarna)) - -#### NEW VERSION - -Just the one. Others came in via the 2.x release. Do check out its -changelog, immediately following this message. - - * [`4e602c5`](https://github.com/npm/npm/commit/4e602c5) `lodash@3.2.2` - -### v3.0.0 (2015-06-25): - -Wow, it's finally here! This has been a long time coming. We are all -delighted and proud to be getting this out into the world, and are looking -forward to working with the npm user community to get it production-ready -as quickly as possible. - -`npm@3` constitutes a nearly complete rewrite of npm's installer to be -easier to maintain, and to bring a bunch of valuable new features and -design improvements to you all. - -[@othiym23](https://github.com/othiym23) and -[@isaacs](https://github.com/isaacs) have been -[talking about the changes](http://blog.npmjs.org/post/91303926460/npm-cli-roadmap-a-periodic-update) -in this release for well over a year, and it's been the primary focus of -[@iarna](https://github.com/iarna) since she joined the team. - -Given that this is a near-total rewrite, all changes listed here are -[@iarna](https://github.com/iarna)'s work unless otherwise specified. - -#### NO, REALLY, READ THIS PARAGRAPH. IT'S THE IMPORTANT ONE. - -**_THIS IS BETA SOFTWARE_**. `npm@3` will remain in beta until we're -confident that it's stable and have assessed the effect of the breaking -changes on the community. During that time we will still be doing `npm@2` -releases, with `npm@2` tagged as `latest` and `next`. We'll _also_ be -publishing new releases of `npm@3` as `npm@3.0-next` and `npm@3.0-latest` -alongside those versions until we're ready to switch everyone over to -`npm@3`. We need your help to find and fix its remaining bugs. It's a -significant rewrite, so we are _sure_ there still significant bugs -remaining. So do us a solid and deploy it in non-critical CI environments -and for day-to-day use, but maybe don't use it for production maintenance -or frontline continuous deployment just yet. - -#### BREAKING CHANGES - -##### `peerDependencies` - -`grunt`, `gulp`, and `broccoli` plugin maintainers take note! You will be -affected by this change! - -* [#6930](https://github.com/npm/npm/issues/6930) - ([#6565](https://github.com/npm/npm/issues/6565)) - `peerDependencies` no longer cause _anything_ to be implicitly installed. - Instead, npm will now warn if a packages `peerDependencies` are missing, - but it's up to the consumer of the module (i.e. you) to ensure the peers - get installed / are included in `package.json` as direct `dependencies` - or `devDependencies` of your package. -* [#3803](https://github.com/npm/npm/issues/3803) - npm also no longer checks `peerDependencies` until after it has fully - resolved the tree. - -This shifts the responsibility for fulfilling peer dependencies from library -/ framework / plugin maintainers to application authors, and is intended to -get users out of the dependency hell caused by conflicting `peerDependency` -constraints. npm's job is to keep you _out_ of dependency hell, not put you -in it. - -##### `engineStrict` - -* [#6931](https://github.com/npm/npm/issues/6931) The rarely-used - `package.json` option `engineStrict` has been deprecated for several - months, producing warnings when it was used. Starting with `npm@3`, the - value of the field is ignored, and engine violations will only produce - warnings. If you, as a user, want strict `engines` field enforcement, - just run `npm config set engine-strict true`. - -As with the peer dependencies change, this is about shifting control from -module authors to application authors. It turns out `engineStrict` was very -difficult to understand even harder to use correctly, and more often than -not just made modules using it difficult to deploy. - -##### `npm view` - -* [`77f1aec`](https://github.com/npm/npm/commit/77f1aec) With `npm view` (aka - `npm info`), always return arrays for versions, maintainers, etc. Previously - npm would return a plain value if there was only one, and multiple values if - there were more. ([@KenanY](https://github.com/KenanY)) - -#### KNOWN BUGS - -Again, this is a _**BETA RELEASE**_, so not everything is working just yet. -Here are the issues that we already know about. If you run into something -that isn't on this list, -[let us know](https://github.com/npm/npm/issues/new)! - -* [#8575](https://github.com/npm/npm/issues/8575) - Circular deps will never be removed by the prune-on-uninstall code. -* [#8588](https://github.com/npm/npm/issues/8588) - Local deps where the dep name and the name in the package.json differ - don't result in an error. -* [#8637](https://github.com/npm/npm/issues/8637) - Modules can install themselves as direct dependencies. `npm@2` declined to - do this. -* [#8660](https://github.com/npm/npm/issues/8660) - Dependencies of failed optional dependencies aren't rolled back when the - optional dependency is, and then are reported as extraneous thereafter. - -#### NEW FEATURES - -##### The multi-stage installer! - -* [#5919](https://github.com/npm/npm/issues/5919) - Previously the installer had a set of steps it executed for each package - and it would immediately start executing them as soon as it decided to - act on a package. - - But now it executes each of those steps at the same time for all - packages, waiting for all of one stage to complete before moving on. This - eliminates many race conditions and makes the code easier to reason - about. - -This fixes, for instance: - -* [#6926](https://github.com/npm/npm/issues/6926) - ([#5001](https://github.com/npm/npm/issues/5001), - [#6170](https://github.com/npm/npm/issues/6170)) - `install` and `postinstall` lifecycle scripts now only execute `after` - all the module with the script's dependencies are installed. - -##### Install: it looks different! - -You'll now get a tree much like the one produced by `npm ls` that -highlights in orange the packages that were installed. Similarly, any -removed packages will have their names prefixed by a `-`. - -Also, `npm outdated` used to include the name of the module in the -`Location` field: - -``` -Package Current Wanted Latest Location -deep-equal MISSING 1.0.0 1.0.0 deep-equal -glob 4.5.3 4.5.3 5.0.10 rimraf > glob -``` - -Now it shows the module that required it as the final point in the -`Location` field: - -``` -Package Current Wanted Latest Location -deep-equal MISSING 1.0.0 1.0.0 npm -glob 4.5.3 4.5.3 5.0.10 npm > rimraf -``` - -Previously the `Location` field was telling you where the module was on -disk. Now it tells you what requires the module. When more than one thing -requires the module you'll see it listed once for each thing requiring it. - -##### Install: it works different! - -* [#6928](https://github.com/npm/npm/issues/6928) - ([#2931](https://github.com/npm/npm/issues/2931) - [#2950](https://github.com/npm/npm/issues/2950)) - `npm install` when you have an `npm-shrinkwrap.json` will ensure you have - the modules specified in it are installed in exactly the shape specified - no matter what you had when you started. -* [#6913](https://github.com/npm/npm/issues/6913) - ([#1341](https://github.com/npm/npm/issues/1341) - [#3124](https://github.com/npm/npm/issues/3124) - [#4956](https://github.com/npm/npm/issues/4956) - [#6349](https://github.com/npm/npm/issues/6349) - [#5465](https://github.com/npm/npm/issues/5465)) - `npm install` when some of your dependencies are missing sub-dependencies - will result in those sub-dependencies being installed. That is, `npm - install` now knows how to fix broken installs, most of the time. -* [#5465](https://github.com/npm/npm/issues/5465) - If you directly `npm install` a module that's already a subdep of - something else and your new version is incompatible, it will now install - the previous version nested in the things that need it. -* [`a2b50cf`](https://github.com/npm/npm/commit/a2b50cf) - [#5693](https://github.com/npm/npm/issues/5693) - When installing a new module, if it's mentioned in your - `npm-shrinkwrap.json` or your `package.json` use the version specifier - from there if you didn't specify one yourself. - -##### Flat, flat, flat! - -Your dependencies will now be installed *maximally flat*. Insofar as is -possible, all of your dependencies, and their dependencies, and THEIR -dependencies will be installed in your project's `node_modules` folder with no -nesting. You'll only see modules nested underneath one another when two (or -more) modules have conflicting dependencies. - -* [#3697](https://github.com/npm/npm/issues/3697) - This will hopefully eliminate most cases where Windows users ended up - with paths that were too long for Explorer and other standard tools to - deal with. -* [#6912](https://github.com/npm/npm/issues/6912) - ([#4761](https://github.com/npm/npm/issues/4761) - [#4037](https://github.com/npm/npm/issues/4037)) - This also means that your installs will be deduped from the start. -* [#5827](https://github.com/npm/npm/issues/5827) - This deduping even extends to git deps. -* [#6936](https://github.com/npm/npm/issues/6936) - ([#5698](https://github.com/npm/npm/issues/5698)) - Various commands are dedupe aware now. - -This has some implications for the behavior of other commands: - -* `npm uninstall` removes any dependencies of the module that you specified - that aren't required by any other module. Previously, it would only - remove those that happened to be installed under it, resulting in left - over cruft if you'd ever deduped. -* `npm ls` now shows you your dependency tree organized around what - requires what, rather than where those modules are on disk. -* [#6937](https://github.com/npm/npm/issues/6937) - `npm dedupe` now flattens the tree in addition to deduping. - -And bundling of dependencies when packing or publishing changes too: - -* [#2442](https://github.com/npm/npm/issues/2442) - bundledDependencies no longer requires that you specify deduped sub deps. - npm can now see that a dependency is required by something bundled and - automatically include it. To put that another way, bundledDependencies - should ONLY include things that you included in dependencies, - optionalDependencies or devDependencies. -* [#5437](https://github.com/npm/npm/issues/5437) - When bundling a dependency that's both a `devDependency` and the child of - a regular `dependency`, npm bundles the child dependency. - -As a demonstration of our confidence in our own work, npm's own -dependencies are now flattened, deduped, and bundled in the `npm@3` style. -This means that `npm@3` can't be packed or published by `npm@2`, which is -something to be aware of if you're hacking on npm. - -##### Shrinkwraps: they are a-changin'! - -First of all, they should be idempotent now -([#5779](https://github.com/npm/npm/issues/5779)). No more differences -because the first time you install (without `npm-shrinkwrap.json`) and the -second time (with `npm-shrinkwrap.json`). - -* [#6781](https://github.com/npm/npm/issues/6781) - Second, if you save your changes to `package.json` and you have - `npm-shrinkwrap.json`, then it will be updated as well. This applies to - all of the commands that update your tree: - * `npm install --save` - * `npm update --save` - * `npm dedupe --save` ([#6410](https://github.com/npm/npm/issues/6410)) - * `npm uninstall --save` -* [#4944](https://github.com/npm/npm/issues/4944) - ([#5161](https://github.com/npm/npm/issues/5161) - [#5448](https://github.com/npm/npm/issues/5448)) - Third, because `node_modules` folders are now deduped and flat, - shrinkwrap has to also be smart enough to handle this. - -And finally, enjoy this shrinkwrap bug fix: - -* [#3675](https://github.com/npm/npm/issues/3675) - When shrinkwrapping a dependency that's both a `devDependency` and the - child of a regular `dependency`, npm now correctly includes the child. - -##### The Age of Progress (Bars)! - -* [#6911](https://github.com/npm/npm/issues/6911) - ([#1257](https://github.com/npm/npm/issues/1257) - [#5340](https://github.com/npm/npm/issues/5340) - [#6420](https://github.com/npm/npm/issues/6420)) - The spinner is gone (yay? boo? will you miss it?), and in its place npm - has _progress bars_, so you actually have some sense of how long installs - will take. It's provided in Unicode and non-Unicode variants, and Unicode - support is automatically detected from your environment. - -#### TINY JEWELS - -The bottom is where we usually hide the less interesting bits of each -release, but each of these are small but incredibly useful bits of this -release, and very much worth checking out: - -* [`9ebe312`](https://github.com/npm/npm/commit/9ebe312) - Build system maintainers, rejoice: npm does a better job of cleaning up - after itself in your temporary folder. -* [#6942](https://github.com/npm/npm/issues/6942) - Check for permissions issues prior to actually trying to install - anything. -* Emit warnings at the end of the installation when possible, so that - they'll be on your screen when npm stops. -* [#3505](https://github.com/npm/npm/issues/3505) - `npm --dry-run`: You can now ask that npm only report what it _would have - done_ with the new `--dry-run` flag. This can be passed to any of the - commands that change your `node_modules` folder: `install`, `uninstall`, - `update` and `dedupe`. -* [`81b46fb`](https://github.com/npm/npm/commit/81b46fb) - npm now knows the correct URLs for `npm bugs` and `npm repo` for - repositories hosted on Bitbucket and GitLab, just like it does for GitHub - (and GitHub support now extends to projects hosted as gists as well as - traditional repositories). -* [`5be4008a`](https://github.com/npm/npm/commit/5be4008a09730cfa3891d9f145e4ec7f2accd144) - npm has been cleaned up to pass the [`standard`](http://npm.im/standard) - style checker. Forrest and Rebecca both feel this makes it easier to read - and understand the code, and should also make it easier for new - contributors to put merge-ready patches. - ([@othiym23](https://github.com/othiym23)) - -#### ZARRO BOOGS - -* [`6401643`](https://github.com/npm/npm/commit/6401643) - Make sure the global install directory exists before installing to it. - ([@thefourtheye](https://github.com/thefourtheye)) -* [#6158](https://github.com/npm/npm/issues/6158) - When we remove modules we do so inside-out running unbuild for each one. -* [`960a765`](https://github.com/npm/npm/commit/960a765) - The short usage information for each subcommand has been brought in sync - with the documentation. ([@smikes](https://github.com/smikes)) diff --git a/deps/node/deps/npm/changelogs/CHANGELOG-4.md b/deps/node/deps/npm/changelogs/CHANGELOG-4.md deleted file mode 100644 index 2c971bb1..00000000 --- a/deps/node/deps/npm/changelogs/CHANGELOG-4.md +++ /dev/null @@ -1,1566 +0,0 @@ -## v4.6.1 (2017-04-21) - -A little release to tide you over while we hammer out the last bits for npm@5. - -### FEATURES - -* [`d13c9b2f2`](https://github.com/npm/npm/commit/d13c9b2f24b6380427f359b6e430b149ac8aaa79) - `init-package-json@1.10.0`: - The `name:` prompt is now `package name:` to make this less ambiguous for new users. - - The default package name is now a valid package name. For example: If your package directory - has mixed case, the default package name will be all lower case. -* [`f08c66323`](https://github.com/npm/npm/commit/f08c663231099f7036eb82b92770806a3a79cdf1) - [#16213](https://github.com/npm/npm/pull/16213) - Add `--allow-same-version` option to `npm version` so that you can use `npm version` to run - your version lifecycles and tag your git repo without actually changing the version number in - your `package.json`. - ([@lucastheisen](https://github.com/lucastheisen)) -* [`f5e8becd0`](https://github.com/npm/npm/commit/f5e8becd05e0426379eb0c999abdbc8e87a7f6f2) - Timing has been added throughout the install implementation. You can see it by running - a command with `--loglevel=timing`. You can also run commands with `--timing` which will write - an `npm-debug.log` even on success and add an entry to `_timing.json` in your cache with - the timing information from that run. - ([@iarna](https://github.com/iarna)) - -### BUG FIXES - -* [`9c860f2ed`](https://github.com/npm/npm/commit/9c860f2ed3bdea1417ed059b019371cd253db2ad) - [#16021](https://github.com/npm/npm/pull/16021) - Fix a crash in `npm doctor` when used with a registry that does not support - the `ping` API endpoint. - ([@watilde](https://github.com/watilde)) -* [`65b9943e9`](https://github.com/npm/npm/commit/65b9943e9424c67547b0029f02b0258e35ba7d26) - [#16364](https://github.com/npm/npm/pull/16364) - Shorten the ELIFECYCLE error message. The shorter error message should make it much - easier to discern the actual cause of the error. - ([@j-f1](https://github.com/j-f1)) -* [`a87a4a835`](https://github.com/npm/npm/commit/a87a4a8359693518ee41dfeb13c5a8929136772a) - `npmlog@4.0.2`: - Fix flashing of the progress bar when your terminal is very narrow. - ([@iarna](https://github.com/iarna)) -* [`41c10974f`](https://github.com/npm/npm/commit/41c10974fe95a2e520e33e37725570c75f6126ea) - `write-file-atomic@1.3.2`: - Wait for `fsync` to complete before considering our file written to disk. - This will improve certain sorts of Windows diagnostic problems. -* [`2afa9240c`](https://github.com/npm/npm/commit/2afa9240ce5b391671ed5416464f2882d18a94bc) - [#16336](https://github.com/npm/npm/pull/16336) - Don't ham-it-up when expecting JSON. - ([@bdukes](https://github.com/bdukes)) - -### DOCUMENTATION FIXES - -* [`566f3eebe`](https://github.com/npm/npm/commit/566f3eebe741f935b7c1e004bebf19b8625a1413) - [#16296](https://github.com/npm/npm/pull/16296) - Use a single convention when referring to the `<command>` you're running. - ([@desfero](https://github.com/desfero)) -* [`ccbb94934`](https://github.com/npm/npm/commit/ccbb94934d4f677f680c3e2284df3d0ae0e65758) - [#16267](https://github.com/npm/npm/pull/16267) - Fix a missing space in the example package.json. - ([@famousgarkin](https://github.com/famousgarkin)) - -### DEPENDENCY UPDATES - -* [`ebde4ea33`](https://github.com/npm/npm/commit/ebde4ea3363dfc154c53bd537189503863c9b3a4) - `hosted-git-info@2.4.2` -* [`c46ad71bb`](https://github.com/npm/npm/commit/c46ad71bbe27aaa9ee10e107d8bcd665d98544d7) - `init-package-json@1.9.6` -* [`d856d570d`](https://github.com/npm/npm/commit/d856d570d2df602767c039cf03439d647bba2e3d) - `npm-registry-client@8.1.1` -* [`4a2e14436`](https://github.com/npm/npm/commit/4a2e1443613a199665e7adbda034d5b9d10391a2) - `readable-stream@2.2.9` -* [`f0399138e`](https://github.com/npm/npm/commit/f0399138e6d6f1cd7f807d523787a3b129996301) - `normalize-package-data@2.3.8` - -### v4.5.0 (2017-03-24) - -Welcome a wrinkle on npm's registry API! - -Codename: Corgi - - - -This release has some bug fixes, but it's mostly about bringing support for -MUCH smaller package metadata. How much smaller? Well, for npm itself it -reduces 416K of gzip compressed JSON to 24K. - -As a user, all you have to do is update to get to use the new API. If -you're interested in the details we've [documented the -changes](https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md) -in detail. - -#### CORGUMENTS - -Package metadata: now smaller. This means a smaller cache and less to download. - -* [`86dad0d74`](https://github.com/npm/npm/commit/86dad0d747f288eab467d49c9635644d3d44d6f0) - Add support for filtered package metadata. - ([@iarna](https://github.com/iarna)) -* [`41789cffa`](https://github.com/npm/npm/commit/41789cffac9845603f4bdf3f5b03f412144a0e9f) - `npm-registry-client@8.1.0` - ([@iarna](https://github.com/iarna)) - -#### NO SHRINKWRAP, NO PROBLEM - -Previously we needed to extract every package's tarball to look for an -`npm-shrinkwrap.json` before we could begin working through what its -dependencies were. This was one of the things stopping npm's network -accesses from happening more concurrently. The new filtered package -metadata provides a new key, `_hasShrinkwrap`. When that's set to `false` -then we know we don't have to look for one. - -* [`4f5060eb3`](https://github.com/npm/npm/commit/4f5060eb31b9091013e1d6a34050973613a294a3) - [#15969](https://github.com/npm/npm/pull/15969) - Add support for skipping `npm-shrinkwrap.json` extraction when the - registry can affirm that one doesn't exist. - ([@iarna](https://github.com/iarna)) - -#### INTERRUPTING SCRIPTS - -* [`878aceb25`](https://github.com/npm/npm/commit/878aceb25e6d6052dac15da74639ce274c8e62c5) - [#16129](https://github.com/npm/npm/pull/16129) - Better handle Ctrl-C while running scripts. `npm` will now no longer exit - until the script it is running has exited. If you press Ctrl-C a second - time it kill the script rather than just forwarding the Ctrl-C. - ([@jaridmargolin](https://github.com/jaridmargolin)) - -#### DEPENDENCY UPDATES: - -* [`def75eebf`](https://github.com/npm/npm/commit/def75eebf1ad437bf4fd3f5e103cc2d963bd2a73) - `hosted-git-info@2.4.1`: - Preserve case of the user name part of shortcut specifiers, previously they were lowercased. - ([@iarna](https://github.com/iarna)) -* [`eb3789fd1`](https://github.com/npm/npm/commit/eb3789fd18cfb063de9e6f80c3049e314993d235) - `node-gyp@3.6.0`: Add support for VS2017 and Chakracore improvements. - ([@refack](https://github.com/refack)) - ([@kunalspathak](https://github.com/kunalspathak)) -* [`245e25315`](https://github.com/npm/npm/commit/245e25315524b95c0a71c980223a27719392ba75) - `readable-stream@2.2.6` ([@mcollina](https://github.com/mcollina)) -* [`30357ebc5`](https://github.com/npm/npm/commit/30357ebc5691d7c9e9cdc6e0fe7dc6253220c9c2) - `which@1.2.14` ([@isaacs](https://github.com/isaacs)) - -### v4.4.4 (2017-03-16) - -😩😤😅 Okay! We have another `next` -release for ya today. So, yes! With v4.4.3 we fixed the bug that made -bundled scoped modules uninstallable. But somehow I overlooked the fact -that we: A) were using these and B) that made upgrading to v4.4.3 impossible. 😭 - -So I've renamed those two scoped modules to no longer use scopes and we now -have a shiny new test to ensure that scoped modules don't creep into our -transitive deps and make it impossible to upgrade to `npm`. - -(None of our woes applies to most of you all because most of you all don't -use bundled dependencies. `npm` does because we want the published artifact to be -installable without having to already have `npm`.) - -* [`2a7409fcb`](https://github.com/npm/npm/commit/2a7409fcba6a8fab716c80f56987b255983e048e) - [#16066](https://github.com/npm/npm/pull/16066) - Ensure we aren't using any scoped modules - Because `npm`s prior 4.4.3 can't install dependencies that have bundled scoped - modules. This didn't show up sooner because they ALSO had a bug that caused - bundled scoped modules to not be included in the bundle. - ([@iarna](https://github.com/iarna)) -* [`eb4c70796`](https://github.com/npm/npm/commit/eb4c70796c38f24ee9357f5d4a0116db582cc7a9) - [#16066](https://github.com/npm/npm/pull/16066) - Switch to move-concurrently to remove scoped dependency - ([@iarna](https://github.com/iarna)) - -### v4.4.3 (2017-03-15) - -This is a small patch release, mostly because the published tarball for -v4.4.2 was missing a couple of modules, due to a bug involving scoped -modules, bundled dependencies and legacy tree layouts. - -There are a couple of other things here that happened to be ready to go. So -without further ado… - -#### BUG FIXES - -* [`3d80f8f70`](https://github.com/npm/npm/commit/3d80f8f70679ad2b8ce7227d20e8dbce257a47b9) - [npm/fs-vacuum#6](https://github.com/npm/fs-vacuum/pull/6) - `fs-vacuum@1.2.1`: Make sure we never, ever remove home directories. Previously if your - home directory was entirely empty then we might `rmdir` it. - ([@helio-frota](https://github.com/helio-frota)) -* [`1af85ca9f`](https://github.com/npm/npm/commit/1af85ca9f4d625f948e85961372de7df3f3774e2) - [#16040](https://github.com/npm/npm/pull/16040) - Fix bug where bundled transitive dependencies that happened to be - installed under bundled scoped dependencies wouldn't be included in the - tarball when building a package. - ([@iarna](https://github.com/iarna)) -* [`13c7fdc2e`](https://github.com/npm/npm/commit/13c7fdc2e87456a87b1c9385a3daeae228ed7c95) - [#16040](https://github.com/npm/npm/pull/16040) - Fix a bug where bundled scoped dependencies couldn't be extracted. - ([@iarna](https://github.com/iarna)) -* [`d6cde98c2`](https://github.com/npm/npm/commit/d6cde98c2513fe160eab41e31c3198dfde993207) - [#16040](https://github.com/npm/npm/pull/16040) - Stop printing `ENOENT` errors more than once. - ([@iarna](https://github.com/iarna)) -* [`722fbf0f6`](https://github.com/npm/npm/commit/722fbf0f6cf4413cdc24b610bbd60a7dbaf2adfe) - [#16040](https://github.com/npm/npm/pull/16040) - Rewrite the `extract` action for greater clarity. - Specifically, this involves moving things around structurally to do the same - thing [`d0c6d194`](https://github.com/npm/npm/commit/d0c6d194) did, but in a more comprehensive manner. - This also fixes a long standing bug where errors from the move step would be - eaten during this phase and as a result we would get mysterious crashes in - the finalize phase when finalize tried to act on them. - ([@iarna](https://github.com/iarna)) -* [`6754dabb6`](https://github.com/npm/npm/commit/6754dabb6bd3301504efb3b62f36d3fe70958c19) - [#16040](https://github.com/npm/npm/pull/16040) - Flatten out `@npmcorp/move`'s deps for backwards compatibility reasons. Versions prior to this - one will fail to install any package that bundles a scoped dependency. This was responsible - for `ENOENT` errors during the `finalize` phase. - ([@iarna](https://github.com/iarna)) - -#### DOC UPDATES - -* [`fba51c582`](https://github.com/npm/npm/commit/fba51c582d1d08dd4aa6eb27f9044dddba91bb18) - [#15960](https://github.com/npm/npm/pull/15960) - Update troubleshooting and contribution guide links. - ([@watilde](https://github.com/watilde)) - - -### v4.4.2 (2017-03-09): - -This week, the focus on the release was mainly going through [all of npm's deps -that we manage -ourselves](https://github.com/npm/npm/wiki/npm-maintained-dependencies), and -making sure all their PRs and versions were up to date. That means there's a few -fixes here and there. Nothing too big codewise, though. - -The most exciting part of this release is probably our [shiny new -Contributing](https://github.com/npm/npm/blob/latest/CONTRIBUTING.md) and -[Troubleshooting](https://github.com/npm/npm/blob/latest/TROUBLESHOOTING.md) -docs! [@snopeks](https://github.com/snopeks) did some ✨fantastic✨ work hashing it -out, and we're really hoping this is a nice big step towards making contributing -to npm easier. The troubleshooting doc will also hopefully solve common issues -for people! Do you think something is missing from it? File a PR and we'll add -it! The current document is just a baseline for further editing and additions. - -Also there's maybe a bit of an easter egg in this release. 'Cause those are fun and I'm a huge nerd. 😉 - -#### DOCUMENTATION AHOY - -* [`07e997a`](https://github.com/npm/npm/commit/07e997a7ecedba7b29ad76ffb2ce990d5c0200fc) - [#15756](https://github.com/npm/npm/pull/15756) - Overhaul `CONTRIBUTING.md` and add new `TROUBLESHOOTING.md` files. 🙌🏼 - ([@snopeks](https://github.com/snopeks)) -* [`2f3e4b6`](https://github.com/npm/npm/commit/2f3e4b645cdc268889cf95ba24b2aae572d722ad) - [#15833](https://github.com/npm/npm/pull/15833) - Mention the [24-hour unpublish - policy](http://blog.npmjs.org/post/141905368000/changes-to-npms-unpublish-policy) - on the main registry. - ([@carols10cents](https://github.com/carols10cents)) - -#### NOT REALLY FEATURES, NOT REALLY BUGFIXES. MORE LIKE TWEAKS? 🤔 - -* [`84be534`](https://github.com/npm/npm/commit/84be534aedb78c65cd8012427fc04871ceeccf90) - [#15888](https://github.com/npm/npm/pull/15888) - Stop flattening `ls`-tree output. From now on, deduped deps will be marked as - such in the place where they would've been before getting hoisted by the - installer. - ([@iarna](https://github.com/iarna)) -* [`e9a5dca`](https://github.com/npm/npm/commit/e9a5dca369ead646ab5922326cede1406c62bd3b) - [#15967](https://github.com/npm/npm/pull/15967) - Limit metadata fetches to 10 concurrent requests. - ([@iarna](https://github.com/iarna)) -* [`46aa9bc`](https://github.com/npm/npm/commit/46aa9bcae088740df86234fc199f7aef53b116df) - [#15967](https://github.com/npm/npm/pull/15967) - Limit concurrent installer actions to 10. - ([@iarna](https://github.com/iarna)) - -#### BUGFIXES - -* [`c3b994b`](https://github.com/npm/npm/commit/c3b994b71565eb4f943cce890bb887d810e6e2d4) - [#15901](https://github.com/npm/npm/pull/15901) - Use EXDEV aware move instead of rename. This will allow moving across devices - and moving when filesystems don't support renaming directories full of files. It might make folks using Docker a bit happier. - ([@iarna](https://github.com/iarna)) -* [`0de1a9c`](https://github.com/npm/npm/commit/0de1a9c1db90e6705c65c068df1fe82899e60d68) - [#15735](https://github.com/npm/npm/pull/15735) - Autocomplete support for npm scripts with `:` colons in the name. - ([@beyondcompute](https://github.com/beyondcompute)) -* [`84b0b92`](https://github.com/npm/npm/commit/84b0b92e7f78ec4add42e8161c555325c99b7f98) - [#15874](https://github.com/npm/npm/pull/15874) - Stop using [undocumented](https://github.com/nodejs/node/pull/11355) - `res.writeHeader` alias for `res.writeHead`. - ([@ChALkeR](https://github.com/ChALkeR)) -* [`895ffe4`](https://github.com/npm/npm/commit/895ffe4f3eecd674796395f91c30eda88aca6b36) - [#15824](https://github.com/npm/npm/pull/15824) - Fix empty versions column in `npm search` output. - ([@bcoe](https://github.com/bcoe)) -* [`38c8d7a`](https://github.com/npm/npm/commit/38c8d7adc1f43ab357d1e729ae7cd5d801a26e68) - `init-package-json@1.9.5`: [npm/init-package-json#61](https://github.com/npm/init-package-json/pull/61) Exclude existing `devDependencies` from being added to `dependencies`. Fixes [#12260](https://github.com/npm/npm/issues/12260). - ([@addaleax](https://github.com/addaleax)) - -### v4.4.1 (2017-03-06): - -This is a quick little patch release to forgo the update notification -checker if you're on an unsupported (but not otherwise broken) version of -Node.js. Right now that means 0.10 or 0.12. - -* [`56ac249`](https://github.com/npm/npm/commit/56ac249ef8ede1021f1bc62a0e4fe1e9ba556af2) - [#15864](https://github.com/npm/npm/pull/15864) - Only use `update-notifier` on supported versions. - ([@legodude17](https://github.com/legodude17)) - -### v4.4.0 (2017-02-23): - -Aaaah, [@iarna](https://github.com/iarna) here, it's been a little while -since I did one of these! This is a nice little release, we've got an -update notifier, vastly less verbose error messages, new warnings on package -metadata that will probably give you a bad day, and a sprinkling of bug -fixes. - -#### UPDATE NOTIFICATIONS - -We now have a little nudge to update your `npm`, courtesy of -[update-notifier](https://www.npmjs.com/package/update-notifier). - -* [`148ee66`](https://github.com/npm/npm/commit/148ee663740aa05877c64f16cdf18eba33fbc371) - [#15774](https://github.com/npm/npm/pull/15774) - `npm` will now check at start up to see if a newer version is available. - It will check once a day. If you want to disable this, set `optOut` to `true` in - `~/.config/configstore/update-notifier-npm.json`. - ([@ceejbot](https://github.com/ceejbot)) - -#### LESS VERBOSE ERROR MESSAGES - -`npm` has, for a long time, had very verbose error messages. There was a -lot of info in there, including the cause of the error you were seeing but -without a lot of experience reading them pulling that out was time consuming -and difficult. - -With this change the output is cut down substantially, centering the error -message. So, for example if you try to `npm run sdlkfj` then the entire -error you'll get will be: - -``` -npm ERR! missing script: sldkfj - -npm ERR! A complete log of this run can be found in: -npm ERR! /Users/rebecca/.npm/_logs/2017-02-24T00_41_36_988Z-debug.log -``` - -The CLI team has discussed cutting this down even further and stripping the -`npm ERR!` prefix off those lines too. We'd appreciate your feedback on -this! - -* [`e544124`](https://github.com/npm/npm/commit/e544124592583654f2970ec332003cfd00d04f2b) - [#15716](https://github.com/npm/npm/pull/15716) - Make error output less verbose. - ([@iarna](https://github.com/iarna)) -* [`166bda9`](https://github.com/npm/npm/commit/166bda97410d0518b42ed361020ade1887e684af) - [#15716](https://github.com/npm/npm/pull/15716) - Stop encouraging users to visit the issue tracker unless we know for - certain that it's an npm bug. - ([@iarna](https://github.com/iarna)) - -#### OTHER NEW FEATURES - -* [`53412eb`](https://github.com/npm/npm/commit/53412eb22c1c75d768e30f96d69ed620dfedabde) - [#15772](https://github.com/npm/npm/pull/15772) - We now warn if you have a module listed in both dependencies and - devDependencies. - ([@TedYav](https://github.com/TedYav)) -* [`426b180`](https://github.com/npm/npm/commit/426b1805904a13bdc5c0dd504105ba037270cbee) - [#15757](https://github.com/npm/npm/pull/15757) - Default reporting metrics to default registry. Previously it defaulted to using - `https://registry.npmjs.org`, now it will default to the result of - `npm config get registry`. For most folks this won't actually change anything, but it - means that folks who use a private registry will have metrics routed there by default. - This has the potential to be interesting because it means that in the - future private registry products ([npme](https://npme.npmjs.com/docs/)!) - will be able to report on these metrics. - ([@iarna](https://github.com/iarna)) - -#### BUG FIXES - -* [`8ea0de9`](https://github.com/npm/npm/commit/8ea0de98563648ba0db032acd4d23d27c4a50a66) - [#15716](https://github.com/npm/npm/pull/15716) - Write logs for `cb() never called` errors. -* [`c4e83dc`](https://github.com/npm/npm/commit/c4e83dca830b24305e3cb3201a42452d56d2d864) - Make it so that errors while reading the existing node_modules tree can't - result in installer crashes. - ([@iarna](https://github.com/iarna)) -* [`2690dc2`](https://github.com/npm/npm/commit/2690dc2684a975109ef44953c2cf0746dbe343bb) - Update `npm doctor` to not treat broken symlinks in your global modules as - a permission failure. This is particularly important if you link modules and your text - editor uses the convention of creating symlinks from `.#filename.js` to a - machine name and pid to lock files (eg emacs and compatible things). - ([@iarna](https://github.com/iarna)) -* [`f4c3f48`](https://github.com/npm/npm/commit/f4c3f489aa5787cf0d60e8436be2190e4b0d0ff7) - [#15777](https://github.com/npm/npm/pull/15777) - Not exactly a bug, but change a parameterless `.apply` to `.call`. - ([@notarseniy](https://github.com/notarseniy)) - -#### DEPENDENCY UPDATES - -* [`549dcff`](https://github.com/npm/npm/commit/549dcff58c7aaa1e7ba71abaa14008fdf2697297) - `rimraf@2.6.0`: - Retry EBUSY, ENOTEMPTY and EPERM on non-Windows platforms too. - More reliable `rimraf.sync` on Windows. - ([@isaacs](https://github.com/isaacs)) -* [`052dfb6`](https://github.com/npm/npm/commit/052dfb623da508f2b5f681da0258125552a18a4a) - `validate-npm-package-name@3.0.0`: - Remove ableist language in README. - Stop allowing ~'!()* in package names. - ([@tomdale](https://github.com/tomdale)) - ([@chrisdickinson](https://github.com/chrisdickinson)) -* [`6663ea6`](https://github.com/npm/npm/commit/6663ea6ac0f0ecec5a3f04a3c01a71499632f4dc) - `abbrev@1.1.0` ([@isaacs](https://github.com/isaacs)) -* [`be6de9a`](https://github.com/npm/npm/commit/be6de9aab9e20b6eac70884e8626161eebf8721a) - `opener@1.4.3` ([@dominic](https://github.com/dominic)) -* [`900a5e3`](https://github.com/npm/npm/commit/900a5e3e3411ec221306455f99b24b9ce35757c0) - `readable-stream@2.2.3` ([@RangerMauve](https://github.com/RangerMauve)) ([@mcollina](https://github.com/mcollina)) -* [`c972a8b`](https://github.com/npm/npm/commit/c972a8b0f20a61a79c45b6642f870bea8c55c7e4) - `tacks@1.2.6` - ([@iarna](https://github.com/iarna)) -* [`85a36ef`](https://github.com/npm/npm/commit/85a36efdac0c24501876875cb9ad40292024e0b0) - [`7ac9265`](https://github.com/npm/npm/commit/7ac9265c56b4d9eeaca6fcfb29513f301713e7bb) - `tap@10.2.0` - ([@isaacs](https://github.com/saacs)) - -### v4.3.0 (2017-02-09): - -Yay! Release time! It's a rainy day, and we have another smallish release for -y'all. These things are not necessarily related. Or are they 🌧🤔 - -As far as news go, you may have noticed that the CLI team dropped support for -`node@0.12` when that version went out of maintenance. Still, we've avoided -explicitly breaking it and `node@0.10` so far -- but not much longer. - -Sometime soon, the CLI team plans on switching over to language features only -available as of `node@4 LTS`, and will likely start dropping old versions of node -as they go out of maintenance. The new features are exciting! We're really -looking forward to using them in the core CLI (and its dependencies) as we keep up -with our current feature work. - -And speaking of features, this release is a minor bump due to a small change in -how `npm login` works for the sake of supporting OAuth-based login for npm -Enterprise users. But we won't leave the rest of y'all out -- we're working on a -larger version of this feature. Soon enough, you'll be able to log in to npm -with, say, GitHub -- and use some shiny features that come from the integration. -Or turn on 2FA and other such security features. Keep your eyes peeled for new -on this in the next few releases and our weekly newsletter! - -#### NEW AUTH TYPES - -There's a new command line option: `--auth-type`, which can be used to log in to -a supporting registry with OAuth2 or SAML. The current implementation is mainly -meant to support npmE customers, so if you're one of those: ask us about using -it! If not, just hold off cause we'll have a much more complete version of this -feature out soon. - -* [`ac8595e`](https://github.com/npm/npm/commit/ac8595e3c9b615ff95abc3301fac1262c434792c) [`bcf2dd8`](https://github.com/npm/npm/commit/bcf2dd8a165843255c06515fa044c6e4d3b71ca4) [`9298d20`](https://github.com/npm/npm/commit/9298d20af58b92572515bfa9cf7377bd4221dc7d) [`66b61bc`](https://github.com/npm/npm/commit/66b61bc42e81ee8a1ee00fc63517f62284140688) [`dc85de7`](https://github.com/npm/npm/commit/dc85de7df6bb61f7788611813ee82ae695a18f1f) - [#13389](https://github.com/npm/npm/pull/13389) - Implement single-sign-on support with `--auth-type` option. - ([@zkat](https://github.com/zkat)) - -#### FASTER STARTUP. SOMETIMES! - -`request` is pretty heavy. And it loads a bunch of things. It's actually a -pretty big chunk of npm's load time. This small patch by Rebecca will make it so -npm only loads that module when we're actually intending to make network -requests. Those of you who use npm commands that run offline might see a small -speedup in startup time. - -* [`ac73568`](https://github.com/npm/npm/commit/ac735682e666e8724549d56146821f3b8b018e25) - [#15631](https://github.com/npm/npm/pull/15631) - Lazy load `caching-registry-client`. - ([@iarna](https://github.com/iarna)) - -#### DOCUMENTATION - -* [`4ad9247`](https://github.com/npm/npm/commit/4ad9247aa82f7553c9667ee93c74ec7399d6ceec) - [#15630](https://github.com/npm/npm/pull/15630) - Fix formatting/rendering for root npm README. - ([@ungoldman](https://github.com/ungoldman)) - -#### DEPENDENCY UPDATES - -* [`8cc1112`](https://github.com/npm/npm/commit/8cc1112958638ff88ac2c24c4a065acacb93d64b) - [npm/hosted-git-info#21](https://github.com/npm/hosted-git-info/pull/21) - `hosted-git-info@2.2.0`: - Add support for `.tarball()` URLs. - ([@zkat](https://github.com/zkat)) -* [`6eacc1b`](https://github.com/npm/npm/commit/6eacc1bc1925fe3cc79fc97bdc3194d944fce55e) - `npm-registry-mock@1.1.0` - ([@addaleax](https://github.com/addaleax)) -* [`a9b6d77`](https://github.com/npm/npm/commit/a9b6d775e61cf090df0e13514c624f99bf31d1e7) - `aproba@1.1.1` - ([@iarna](https://github.com/iarna)) - -### v4.2.0 (2017-01-26): - -Hi all! I'm Kat, and I'm currently sitting in a train traveling at ~300km/h -through Spain. So clearly, this release should have *something* to do with -speed. And it does! Heck, with this release, you could say we're really -_blazing_, even. 🌲🔥😏 - -#### IMPROVED CLI SEARCH~ - -You might recall if you've been keeping up that one of the reasons for a -semver-major bump to `npm@4` was an improved CLI search (read: no longer blowing -up Node). The work done for that new search system, while still relying on a -full metadata download and local search, was also meant to act as groundwork for -then-ongoing work on a brand-new, smarter search system for npm. Shortly after -`npm@4` came out, the bulk of the server-side work was done, and with this -release, the npm CLI has integrated use of the new endpoint for high-quality, -fast-turnaround searches. - -No, seriously, it's *fast*. And *relevant*: - -[](https://github.com/npm/npm/pull/15481) - -Give it a shot! And remember to check out the new website version of the search, -too, which uses the same backend as the CLI now. 🎉 - -Incidentally, the backend is a public service, so you can write your own search -tools, be they web-based, CLI, or GUI-based. You can read up on the [full -documentation for the search -endpoint](https://github.com/npm/registry/blob/master/docs/REGISTRY-API.md#get-v1search), -and let us know about the cool things you come up with! - -* [`ce3ca51`](https://github.com/npm/npm/commit/ce3ca51ca2d60e15e901c8bf6256338e53e1eca2) - [#15481](https://github.com/npm/npm/pull/15481) - Add an internal `gunzip-maybe` utility for optional gunzipping. - ([@zkat](https://github.com/zkat)) -* [`e322932`](https://github.com/npm/npm/commit/e3229324d507fda10ea9e94fd4de8a4ae5025c75) [`a53055e`](https://github.com/npm/npm/commit/a53055e423f1fe168f05047aa0dfec6d963cb211) [`a1f4365`](https://github.com/npm/npm/commit/a1f436570730c6e4a173ca92d1967a87c29b7f2d) [`c56618c`](https://github.com/npm/npm/commit/c56618c62854ea61f6f716dffe7bcac80b5f4144) - [#15481](https://github.com/npm/npm/pull/15481) - Add support for using the new npm search endpoint for fast, quality search - results. Includes a fallback to "classic" search. - ([@zkat](https://github.com/zkat)) - -#### WHERE DID THE DEBUG LOGS GO - -This is another pretty significant change: Usually, when the npm process -crashed, you would get an `npm-debug.log` in your current working directory. -This debug log would get cleared out as soon as you ran npm again. This was a -bit annoying because 1) you would get a random file in your `git status` that -you might accidentally commit, and 2) if you hit a hard-to-reproduce bug and -instinctually tried again, you would no longer have access to the repro -`npm-debug.log`. - -So now, any time a crash happens, we'll save your debug logs to your cache -folder, under `_logs` (`~/.npm` on *nix, by default -- use `npm config get -cache` to see what your current value is). The cache will now hold a -(configurable) number of `npm-debug.log` files, which you can access in the -future. Hopefully this will help clean stuff up and reduce frustration from -missed repros! In the future, this will also be used by `npm report` to make it -super easy to put up issues about crashes you run into with npm. 💃🕺🏿👯♂️ - -* [`04fca22`](https://github.com/npm/npm/commit/04fca223a0f704b69340c5f81b26907238fad878) - [#11439](https://github.com/npm/npm/pull/11439) - Put debug logs in `$(npm get cache)/_logs` and store multiple log files. - ([@KenanY](https://github.com/KenanY)) - ([@othiym23](https://github.com/othiym23)) - ([@isaacs](https://github.com/isaacs)) - ([@iarna](https://github.com/iarna)) - -#### DOCS - -* [`ae8e71c`](https://github.com/npm/npm/commit/ae8e71c2b7d64d782af287a21e146d7cea6e5273) - [#15402](https://github.com/npm/npm/pull/15402) - Add missing backtick in one of the `npm doctor` messages. - ([@watilde](https://github.com/watilde), [@charlotteis](https://github.com/charlotteis)) -* [`821fee6`](https://github.com/npm/npm/commit/821fee6d0b12a324e035c397ae73904db97d07d2) - [#15480](https://github.com/npm/npm/pull/15480) - Clarify that unscoped packages can depend on scoped packages and vice-versa. - ([@chocolateboy](https://github.com/chocolateboy)) -* [`2ee45a8`](https://github.com/npm/npm/commit/2ee45a884137ae0706b7c741c671fef2cb3bac96) - [#15515](https://github.com/npm/npm/pull/15515) - Update minimum supported Node version number in the README to `node@>=4`. - ([@watilde](https://github.com/watilde)) -* [`af06aa9`](https://github.com/npm/npm/commit/af06aa9a357578a8fd58c575f3dbe55bc65fc376) - [#15520](https://github.com/npm/npm/pull/15520) - Add section to `npm-scope` docs to explain that scope owners will own scoped - packages with that scope. That is, user `@alice` is not allowed to publish to - `@bob/my-package` unless explicitly made an owner by user (or org) `@bob`. - ([@hzoo](https://github.com/hzoo)) -* [`bc892e6`](https://github.com/npm/npm/commit/bc892e6d07a4c6646480703641a4d71129c38b6d) - [#15539](https://github.com/npm/npm/pull/15539) - Replace `http` with `https` and fix typos in some docs. - ([@watilde](https://github.com/watilde)) -* [`1dfe875`](https://github.com/npm/npm/commit/1dfe875b9ac61a0ab9f61a2eab02bacf6cce583c) - [#15545](https://github.com/npm/npm/pull/15545) - Update Node.js download link to point to the right place. - ([@watilde](https://github.com/watilde)) - -#### DEPENDENCIES - - * [`b824bfb`](https://github.com/npm/npm/commit/b824bfbeb2d89c92762e9170b026af98b5a3668a) - `ansi-regex@2.1.1` - * [`81ea3e8`](https://github.com/npm/npm/commit/81ea3e8e4ea34cd9c2b418512dcb508abcee1380) - `mississippi@1.3.0` - -#### MISC - -* [`98df212`](https://github.com/npm/npm/commit/98df212a91fd6ff4a02b9cd247f4166f93d3977a) - [#15492](https://github.com/npm/npm/pull/15492) - Update the "master" node version used for AppVeyor to `node@7`. - ([@watilde](https://github.com/watilde)) -* [`d75fc03`](https://github.com/npm/npm/commit/d75fc03eda5364f12ac266fa4f66e31c2e44e864) - [#15413](https://github.com/npm/npm/pull/15413) - `npm run-script` now exits with the child process' exit code on exit. - ([@kapals](https://github.com/kapals)) - -### v4.1.2 (2017-01-12) - -We have a twee little release this week as we come back from the holidays. - -#### 0.12 IS UNSUPPORTED NOW (really) - -After [jumping the gun a -little](https://github.com/npm/npm/releases/tag/v4.0.2), we can now -officially remove 0.12 from our supported versions list. The Node.js -project has now officially ended even maintenance support for 0.12 and thus, -so will we. To reiterate from the last time we did this: - -What this means: - -* Your contributions will no longer block on the tests passing on 0.12. -* We will no longer block dependency upgrades on working with 0.12. -* Bugs filed on the npm CLI that are due to incompatibilities with 0.12 - (and older versions) will be closed with a strong urging to upgrade to a - supported version of Node. -* On the flip side, we'll continue to (happily!) accept patches that - address regressions seen when running the CLI with Node.js 0.12. - -What this doesn't mean: - -* The CLI is going to start depending on ES2015+ features. npm continues - to work, in almost all cases, all the way back to Node.js 0.8, and our - long history of backwards compatibility is a source of pride for the - team. -* We aren't concerned about the problems of users who, for whatever - reason, can't update to newer versions of npm. As mentioned above, we're - happy to take community patches intended to address regressions. - -We're not super interested in taking sides on what version of Node.js -you "should" be running. We're a workflow tool, and we understand that -you all have a diverse set of operational environments you need to be -able to support. At the same time, we _are_ a small team, and we need -to put some limits on what we support. Tracking what's supported by our -runtime's own team seems most practical, so that's what we're doing. - -* [`c7bbba8`](https://github.com/npm/npm/commit/c7bbba8744b62448103a1510c65d9751288abb5d) - Remove 0.12 from our supported versions list. - ([@iarna](https://github.com/iarna)) - -#### WRITING TO SYMLINKED `package.json` (AND OTHER FILES) - -If your `package.json`, `npm-shrinkwrap.json` or `.npmrc` were a symlink and -you used an `npm` command that modified one of these (eg `npm config set` or -`npm install --save`) then previously we would have removed your symlink and -replaced it with an ordinary file. While making these files symlinks is pretty -uncommon, this was still surprising behavior. With this fix we now overwrite -the _destination_ of the symlink and preserve the symlink itself. - -* [`a583983`](https://github.com/npm/npm/commit/a5839833d3de7072be06884b91902c093aff1aed) - [write-file-atomic/#5](https://github.com/npm/write-file-atomic/issues/5) - [#10223](https://github.com/npm/npm/10223) - `write-file-atomic@1.3.1`: - When the target is a symlink, write-file-atomic now overwrites the - _destination_ of the symlink, instead of replacing the symlink itself. This - makes it's behavior match `fs.writeFile`. - - Fixed a bug where it would ALWAYS fs.stat to look up default mode and chown - values even if you'd passed them in. (It still used the values you passed - in, but did a needless stat.) - ([@iarna](https://github.com/iarna)) - -#### DEPENDENCY UPDATES - -* [`521f230`](https://github.com/npm/npm/commit/521f230dd57261e64ac9613b3db62f5312971dca) - `node-gyp@3.5.0`: - Improvements to how Python is located. New `--devdir` flag. - ([@bnoordhuis](https://github.com/bnoordhuis)) - ([@mhart](https://github.com/mhart)) -* [`ccd83e8`](https://github.com/npm/npm/commit/ccd83e8a70d35fb0904f8a9adb2ff7ac8a6b2706) - `JSONStream@1.3.0`: - Add new emitPath option. - ([@nathanwills](https://github.com/nathanwills)) - -#### TEST IMPROVEMENTS - -* [`d76e084`](https://github.com/npm/npm/commit/d76e08463fd65705217624b861a1443811692f34) - Disable metric reporting for test suite even if the user has it enabled. - ([@iarna](https://github.com/iarna)) - -### v4.1.1 (2016-12-16) - -This fixes a bug in the metrics reporting where, if you had enabled it then -installs would create a metrics reporting process, that would create a -metrics reporting process, that would… well, you get the idea. The only -way to actually kill these processes is to turn off your networking, then -on MacOS/Linux kill them with `kill -9`. Alternatively you can just reboot. - -Anyway, this is a quick release to fix that bug: - -* [`51c393f`](https://github.com/npm/npm/commit/51c393feff5f4908c8a9fb02baef505b1f2259be) - [#15237](https://github.com/npm/npm/pull/15237) - Don't launch a metrics sender process if we're running from a metrics - sender process. - ([@iarna](https://github.com/iarna)) - -### v4.1.0 (2016-12-15) - -I'm really excited about `npm@4.1.0`. I know, I know, I'm kinda overexcited -in my changelogs, but this one is GREAT. We've got a WHOLE NEW subcommand, I -mean, when was the last time you saw that? YEARS! And we have the beginnings -of usage metrics reporting. Then there's a fix for a really subtle bug that -resulted in `shasum` errors. And then we also have a few more bug fixes and -other improvements. - -#### ANONYMOUS METRIC REPORTING - -We're adding the ability for you all to help us track the quality of your -experiences using `npm`. Metrics will be sent if you run: - -``` -npm config set send-metrics true -``` - -Then `npm` will report to `registry.npmjs.org` the number of successful and -failed installations you've had. The data contains no identifying -information and npm will not attempt to correlate things like IP address -with the metrics being submitted. - -Currently we only track number of successful and failed installations. In -the future we would like to find additional metrics to help us better -quantify the quality of the `npm` experience. - -* [`190a658`](https://github.com/npm/npm/commit/190a658c4222f6aa904cbc640fc394a5c875e4db) - [#15084](https://github.com/npm/npm/pull/15084) - Add facility for recording and reporting success metrics. - ([@iarna](https://github.com/iarna)) -* [`87afc8b`](https://github.com/npm/npm/commit/87afc8b466f553fb49746c932c259173de48d0a4) - [npm/npm-registry-client#147](https://github.com/npm/npm-registry-client/pull/148) - `npm-registry-client@7.4.5`: - Add support for sending anonymous CLI metrics. - ([@iarna](https://github.com/iarna), - [@sisidovski](https://github.com/sisidovski)) - -### NPM DOCTOR - -<pre> -<u>Check</u> <u>Value</u> <u>Recommendation</u> -npm ping ok -npm -v v4.0.5 -node -v v4.6.1 Use node v6.9.2 -npm config get registry https://registry.npmjs.org/ -which git /Users/rebecca/bin/git -Perms check on cached files ok -Perms check on global node_modules ok -Perms check on local node_modules ok -Checksum cached files ok -</pre> - -It's a rare day that we add a new command to `npm`, so I'm excited to -present to you `npm doctor`. It checks for a number of common problems and -provides some recommended solutions. It was put together through the hard -work of [@watilde](https://github.com/watilde). - -* [`2359505`](https://github.com/npm/npm/commit/23595055669f76c9fe8f5f1cf4a705c2e794f0dc) - [`0209ee5`](https://github.com/npm/npm/commit/0209ee50448441695fbf9699019d34178b69ba73) - [#14582](https://github.com/npm/npm/pull/14582) - Add new `npm doctor` to give your project environment a health check. - ([@watilde](https://github.com/watilde)) - -#### FIX MAJOR SOURCE OF SHASUM ERRORS - -If you've been getting intermittent shasum errors then you'll be pleased to -know that we've tracked down at least one source of them, if not THE source -of them. - -* [`87afc8b`](https://github.com/npm/npm/commit/87afc8b466f553fb49746c932c259173de48d0a4) - [#14626](https://github.com/npm/npm/issues/14626) - [npm/npm-registry-client#148](https://github.com/npm/npm-registry-client/pull/148) - `npm-registry-client@7.4.5`: - Fix a bug where an `ECONNRESET` while fetching a package file would result - in a partial download that would be reported as a "shasum mismatch". It - now throws away the partial download and retries it. - ([@iarna](https://github.com/iarna)) - -#### FILE URLS AND NODE.JS 7 - -When `npm` was formatting `file` URLs we took advantage of `url.format` to -construct them. Node.js 7 changed the behavior in such a way that our use of -`url.format` stopped producing URLs that we could make use of. - -The reasons for this have to do with the `file` URL specification and how -invalid (according to the specification) URLs are handled. How this changed -is most easily explained with a table: - -<table> -<tr><th></th><th>URL</th><th>Node.js <= 6</th><th><tt>npm</tt>'s understanding</th><th>Node.js 7</th><th><tt>npm</tt>'s understanding</th></tr> -<tr><td>VALID</td><td><tt>file:///abc/def</tt></td><td><tt>file:///abc/def</tt></td><td><tt>/abc/def</tt></td><td><tt>file:///abc/def</tt></td><td><tt>/abc/def</tt></td></tr> -<tr><td>invalid</td><td><tt>file:/abc/def</tt></td><td><tt>file:/abc/def</tt></td><td><tt>/abc/def</tt></td><td><tt>file:///abc/def</tt></td><td><tt>/abc/def</tt></td></tr> -<tr><td>invalid</td><td><tt>file:abc/def</tt></td><td><tt>file:abc/def</tt></td><td><tt>$CWD/abc/def</tt></td><td><tt>file://abc/def</tt></td><td><tt>/def</tt> on the <tt>abc</tt> host</td></tr> -<tr><td>invalid</td><td><tt>file:../abc/def</tt></td><td><tt>file:../abc/def</tt></td><td><tt>$CWD/../abc/def</tt></td><td><tt>file://../abc/def</tt></td><td><tt>/abc/def</tt> on the <tt>..</tt> host</td></tr> -</table> - -So the result was that passing a `file` URL that npm had received that used -through Node.js 7's `url.format` changed its meaning as far as `npm` was -concerned. As those kinds of URLs are, per the specification, invalid, how -they should be handled is undefined and so the change in Node.js wasn't a -bug per se. - -Our solution is to stop using `url.format` when constructing this kind of -URL. - -* [`173935b`](https://github.com/npm/npm/commit/173935b4298e09c4fdcb8f3a44b06134d5aff181) - [#15114](https://github.com/npm/npm/issues/15114) - Stop using `url.format` for relative local dep paths. - ([@zkat](https://github.com/zkat)) - -#### EXTRANEOUS LIFECYCLE SCRIPT EXECUTION WHEN REMOVING - -* [`afb1dfd`](https://github.com/npm/npm/commit/afb1dfd944e57add25a05770c0d52d983dc4e96c) - [#15090](https://github.com/npm/npm/pull/15090) - Skip top level lifecycles when uninstalling. - ([@iarna](https://github.com/iarna)) - -#### REFACTORING AND INTERNALS - -* [`c9b279a`](https://github.com/npm/npm/commit/c9b279aca0fcb8d0e483e534c7f9a7250e2a9392) - [#15205](https://github.com/npm/npm/pull/15205) - [#15196](https://github.com/npm/npm/pull/15196) - Only have one function that determines which version of a package to use - given a specifier and a list of versions. - ([@iarna](https://github.com/iarna), - [@zkat](https://github.com/zkat)) - -* [`981ce63`](https://github.com/npm/npm/commit/981ce6395e7892dde2591b44e484e191f8625431) - [#15090](https://github.com/npm/npm/pull/15090) - Rewrite prune to use modern npm plumbing. - ([@iarna](https://github.com/iarna)) - -* [`bc4b739`](https://github.com/npm/npm/commit/bc4b73911f58a11b4a2d28b49e24b4dd7365f95b) - [#15089](https://github.com/npm/npm/pull/15089) - Rename functions and variables in the module that computes what changes to - make to your installation. - ([@iarna](https://github.com/iarna)) - -* [`2449f74`](https://github.com/npm/npm/commit/2449f74a202b3efdb1b2f5a83356a78ea9ecbe35) - [#15089](https://github.com/npm/npm/pull/15089) - When computing changes to make to your installation, use a function to add - new actions to take instead of just pushing on a list. - ([@iarna](https://github.com/iarna)) - -#### IMPROVED LOGGING - -* [`335933a`](https://github.com/npm/npm/commit/335933a05396258eead139d27eea3f7668ccdfab) - [#15089](https://github.com/npm/npm/pull/15089) - Log when we remove obsolete dependencies in the tree. - ([@iarna](https://github.com/iarna)) - -#### DOCUMENTATION - -* [`33ca4e6`](https://github.com/npm/npm/commit/33ca4e6db3c1878cbc40d5e862ab49bb0e82cfb2) - [#15157](https://github.com/npm/npm/pull/15157) - Update `npm cache` docs to use more consistent language - ([@JonahMoses](https://github.com/JonahMoses)) - -#### DEPENDENCY UPDATES - -* [`c2d22fa`](https://github.com/npm/npm/commit/c2d22faf916e8260136a1cc95913ca474421c0d3) - [#15215](https://github.com/npm/npm/pull/15215) - `nopt@4.0.1`: - The breaking change is a small tweak to how empty string values are - handled. See the brand-new - [CHANGELOG.md for nopt](https://github.com/npm/nopt/blob/v4.0.1/CHANGELOG.md) for further - details about what's changed in this release! - ([@adius](https://github.com/adius), - [@samjonester](https://github.com/samjonester), - [@elidoran](https://github.com/elidoran), - [@helio](https://github.com/helio), - [@silkentrance](https://github.com/silkentrance), - [@othiym23](https://github.com/othiym23)) -* [`54d949b`](https://github.com/npm/npm/commit/54d949b05adefffeb7b5b10229c5fe0ccb929ac3) - [npm/lockfile#24](https://github.com/npm/lockfile/pull/24) - `lockfile@1.0.3`: - Handled case where callback was not passed in by the user. - ([@ORESoftware](https://github.com/ORESoftware)) -* [`54acc03`](https://github.com/npm/npm/commit/54acc0389b39850c0725d0868cb5e61317b57503) - `npmlog@4.0.2`: - Documentation update. - ([@helio-frota](https://github.com/helio-frota)) -* [`57f4bc1`](https://github.com/npm/npm/commit/57f4bc1150322294c1ea0a287ad0a8e457c151e6) - `osenv@0.1.4`: - Test changes. - ([@isaacs](https://github.com/isaacs)) -* [`bea1a2d`](https://github.com/npm/npm/commit/bea1a2d0db566560e13ecc1d5f42e55811269c88) - `retry@0.10.1`: - No changes. - ([@tim-kos](https://github.com/tim-kos)) -* [`6749e39`](https://github.com/npm/npm/commit/6749e395f868109afd97f79d36507e6567dd48fb) - [kapouer/marked-man#9](https://github.com/kapouer/marked-man/pull/9) - `marked-man@0.2.0`: - Add table support. - ([@gholk](https://github.com/gholk)) - -### v4.0.5 (2016-12-01) - -It's that time of year! December is upon us, which means y'all are just going to -be doing a lot less, in general, for the next month or so. The "Xmas Chasm", as -we like to call it, has already begun. So for those of you reading it from the -other side: Hi! Welcome back! - -This week's release is a relatively small one, involving just a few bugfixes and -dependency upgrades. The CLI team has been busy recently with scoping out -`npm@5`, and starting to do initial spec work for in-scope stuff. - -#### BUGFIXES - -On to the actual changes! - -* [`9776d8f`](https://github.com/npm/npm/commit/9776d8f70a0ea8d921cbbcab7a54e52c15fc455f) - [#15081](https://github.com/npm/npm/pull/15081) - `bundledDependencies` are intended to be left untouched by the installer, as - much as possible -- if they're bundled, we assume that you want to be - particular about the contents of your bundle. - - The installer used to have a corner case where existing dependencies that had - bundledDependencies would get clobbered by as the installer moved stuff - around, even though the installer already avoided moving deps that were - themselves bundled. This is now fixed, along with the connected crasher, and - your bundledDeps should be left even more intact than before! - ([@iarna](https://github.com/iarna)) -* [`fc61c08`](https://github.com/npm/npm/commit/fc61c082122104031ccfb2a888432c9f809a0e8b) - [#15082](https://github.com/npm/npm/pull/15082) - Initialize nodes from bundled dependencies. This should address - [#14427](https://github.com/npm/npm/issues/14427) and related issues, but it's - turned out to be a tremendously difficult issue to reproduce in a test. We - decided to include it even pending tests, because we found the root cause of - the errors. - ([@iarna](https://github.com/iarna)) -* [`d8471a2`](https://github.com/npm/npm/commit/d8471a294ef848fc893f60e17d6ec6695b975d16) - [#12811](https://github.com/npm/npm/pull/12811) - Consider `devDependencies` when deciding whether to hoist a package. This - should resolve a variety of missing dependency issues some folks were seeing - when `devDependencies` happened to also be dependencies of your - `dependencies`. This often manifested as modules going missing, or only being - installed, after `npm install` was called twice. - ([@schmod](https://github.com/schmod)) - -#### DEPENDENCY UPDATES - -* [`5978703`](https://github.com/npm/npm/commit/5978703da8669adae464789b1b15ee71d7f8d55d) - `graceful-fs@4.1.11`: - `EPERM` errors are Windows are now handled more gracefully. Windows users that - tended to see these errors due to, say, an antivirus-induced race condition, - should see them much more rarely, if at all. - ([@zkatr](https://github.com/zkat)) -* [`85b0174`](https://github.com/npm/npm/commit/85b0174ba9842e8e89f3c33d009e4b4a9e877c7d) - `request@2.79.0` - ([@zkat](https://github.com/zkat)) -* [`9664d36`](https://github.com/npm/npm/commit/9664d36653503247737630440bc2ff657de965c3) - `tap@8.0.1` - ([@zkat](https://github.com/zkat)) - -#### MISCELLANEOUS - -* [`f0f7b0f`](https://github.com/npm/npm/commit/f0f7b0fd025daa2b69994130345e6e8fdaaa0304) - [#15083](https://github.com/npm/npm/pull/15083) - Removed dead code. - ([@iarna](https://github.com/iarna))
* [`bc32afe`](https://github.com/npm/npm/commit/bc32afe4d12e3760fb5a26466dc9c26a5a2981d5) [`c8a22fe`](https://github.com/npm/npm/commit/c8a22fe5320550e09c978abe560b62ce732686f4) [`db2666d`](https://github.com/npm/npm/commit/db2666d8c078fc69d0c02c6a3de9b31be1e995e9) - [#15085](https://github.com/npm/npm/pull/15085) - Change some network tests so they can run offline. - ([@iarna](https://github.com/iarna)) -* [`744a39b`](https://github.com/npm/npm/commit/744a39b836821b388ad8c848bd898c1d006689a9) - [#15085](https://github.com/npm/npm/pull/15085) - Make Node.js tests compatible with Windows. - ([@iarna](https://github.com/iarna)) - -### v4.0.3 (2016-11-17) - -Hey you all, we've got a couple of bug fixes for you, a slew of -documentation improvements and some improvements to our CI environment. I -know we just got v4 out the door, but the CLI team is already busy planning -v5. We'll have more for you in early December. - -#### BUG FIXES - -* [`45d40d9`](https://github.com/npm/npm/commit/45d40d96d2cd145f1e36702d6ade8cd033f7f332) - [`ba2adc2`](https://github.com/npm/npm/commit/ba2adc2e822d5e75021c12f13e3f74ea2edbde32) - [`1dc8908`](https://github.com/npm/npm/commit/1dc890807bd78a1794063688af31287ed25a2f06) - [`2ba19ee`](https://github.com/npm/npm/commit/2ba19ee643d612d103cdd8f288d313b00d05ee87) - [#14403](https://github.com/npm/npm/pull/14403) - Fix a bug where a scoped module could produce crashes when incorrectly - computing the paths related to their location. This patch reorganizes how path information - is passed in to eliminate the possibility of this sort of bug. - ([@iarna](https://github.com/iarna)) - ([@NatalieWolfe](https://github.com/NatalieWolfe)) -* [`1011ec6`](https://github.com/npm/npm/commit/1011ec61230288c827a1c256735c55cf03d6228f) - [npm/npmlog#46](https://github.com/npm/npmlog/pull/46) - `npmlog@4.0.1`: Fix a bug where the progress bar would still display even if - you passed in `--no-progress`. - ([@iarna](https://github.com/iarna)) - -#### DOCUMENTATION UPDATES - -* [`c3ac177`](https://github.com/npm/npm/commit/c3ac177236124c80524c5f252ba8f6670f05dcd8) - [#14406](https://github.com/npm/npm/pull/14406) - Sync up the dispute policy included with the CLI with the [current official text](https://www.npmjs.com/policies/disputes). - ([@mike-engel](https://github.com/mike-engel)) -* [`9c663b2`](https://github.com/npm/npm/commit/9c663b2dd8552f892dc0205330bbc73a484ecd81) - [#14627](https://github.com/npm/npm/pull/14627) - Update build status branch in README. - ([@cameronroe](https://github.com/cameronroe)) -* [`8a8a0a3`](https://github.com/npm/npm/commit/8a8a0a3d490fc767def208f925cdff57e16e565b) - [#14609](https://github.com/npm/npm/pull/14609) - Update examples URLs of GitHub repos where those repos have moved to new URLs. - ([@dougwilson](https://github.com/dougwilson)) -* [`7a6425b`](https://github.com/npm/npm/commit/7a6425bcd4decde5d4b0af8b507e98723a07c680) - [#14472](https://github.com/npm/npm/pull/14472) - Document `sign-git-tag` in - [npm-version(1)](https://github.com/npm/npm/blob/release-next/doc/cli/npm-version.md)'s - configuration section. - ([@strugee](https://github.com/strugee)) -* [`f3087cc`](https://github.com/npm/npm/commit/f3087cc58c903d9a70275be805ebaf0eadbcbe1b) - [#14546](https://github.com/npm/npm/pull/14546) - Add a note about the dangers of configuring npm via uppercase env vars. - ([@tuhoojabotti](https://github.com/tuhoojabotti)) -* [`50e51b0`](https://github.com/npm/npm/commit/50e51b04a143959048cf9e1e4c8fe15094f480b0) - [#14559](https://github.com/npm/npm/pull/14559) - Remove documentation that incorrectly stated that we check `.npmrc` permissions. - ([@iarna](https://github.com/iarna)) - -##### OH UH, HELLO AGAIN NODE.JS 0.12 - -* [`6f0c353`](https://github.com/npm/npm/commit/6f0c353e4e89b0378a4c88c829ccf9a1c5ae829d) - [`f78bde6`](https://github.com/npm/npm/commit/f78bde6983bdca63d5fcb9c220c87e8f75ffb70e) - [#14591](https://github.com/npm/npm/pull/14591) - Reintroduce Node.js 0.12 to our support matrix. We jumped the gun when - removing it. We won't drop support for it till the Node.js project does - so at the end of December 2016. - ([@othiym23](https://github.com/othiym23)) - -#### TEST/CI UPDATES - -* [`aa73d1c`](https://github.com/npm/npm/commit/aa73d1c1cc22608f95382a35b33da252addff38e) - [`c914e80`](https://github.com/npm/npm/commit/c914e80f5abcb16c572fe756c89cf0bcef4ff991) -* [`58fe064`](https://github.com/npm/npm/commit/58fe064dcc80bc08c677647832f2adb4a56b538a) - [#14602](https://github.com/npm/npm/pull/14602) - When running tests with coverage, use nyc's cache. This provides an 8x speedup! - ([@bcoe](https://github.com/bcoe)) -* [`ba091ce`](https://github.com/npm/npm/commit/ba091ce843af5d694f4540e825b095435b3558d8) - [#14435](https://github.com/npm/npm/pull/14435) - Remove an unused zero byte `package.json` found in the test fixtures. - ([@baderbuddy](https://github.com/baderbuddy)) - -#### DEPENDENCY UPDATES - -* [`442e01e`](https://github.com/npm/npm/commit/442e01e42d8a439809f6726032e3b73ac0d2b2f8) - `readable-stream@2.2.2`: - Bring in latest changes from Node.js 7.x. - ([@calvinmetcalf](https://github.com/calvinmetcalf)) -* [`bfc4a1c`](https://github.com/npm/npm/commit/bfc4a1c0c17ef0a00dfaa09beba3389598a46535) - `which@1.2.12`: - Remove unused require. - ([@isaacs](https://github.com/isaacs)) - -#### DEV DEPENDENCY UPDATES - -* [`7075b05`](https://github.com/npm/npm/commit/7075b054d8d2452bb53bee9b170498a48a0dc4e9) - `marked-man@0.1.6` - ([@kapouer](https://github.com/kapouer)) -* [`3e13fea`](https://github.com/npm/npm/commit/3e13fea907ee1141506a6de7d26cbc91c28fdb80) - `tap@8.0.0` - ([@isaacs](https://github.com/isaacs)) - -### v4.0.2 (2016-11-03) - -Hola, amigxs. I know it's been a long time since I rapped at ya, but I -been spending a lotta time quietly reflecting on all the things going on -in my life. I was, like, [in Japan for a while](https://gist.github.com/othiym23/c98bd4ef5d9fb3f496835bd481ef40ae), -and before that my swell colleagues [@zkat](https://github.com/zkat) and -[@iarna](https://github.com/iarna) have been very capably managing the release -process for quite a while. But I returned from Japan somewhat refreshed, very -jetlagged, and filled with a burning urge to get `npm@4` as stable as possible -before we push it out to the user community at large, so I decided to do this -release myself. (Also, huge thanks to Kat and Rebecca for putting out `npm@4` -so capably while I was on vacation! So cool to return to a major release having -gone so well without my involvement!) - -That said... - -#### NEVER TRUST AN X.0.0 RELEASE - -Even though 4.0.1 came out hard on the heels of 4.0.0 with a couple -critical fixes, we've found a couple other major issues that we want to -see fixed before making `npm@4` into `npm@latest`. Some of these are -arguably breaking changes on their own, so now is the time to get them -out if we're going to do so before `npm@5`, and all of them are pretty -significant blockers for a substantial number of users, so now is the -best time to fix them. - -##### PREPUBLISHONLY WHOOPS - -The code running the `publish*` lifecycle events was very confusingly written. -In fact, we didn't really figure out what it was doing until we added the new -`prepublishOnly` event and it was running people's scripts from the wrong -directory. We made it simpler. See the [commit -message](https://github.com/npm/npm/commit/8b32d67aa277fd7e62edbed886387a855f58387f) -for details. - -Because the change is no longer running publish events when publishing prebuilt -artifacts, it's technically a breaking / semver-major change. In the off chance -that the new behavior breaks any of y'all's workflows, let us know, and we can -roll some or all of this change back until `npm@5` (or forever, if that works -better for you). - -* [`8b32d67`](https://github.com/npm/npm/commit/8b32d67aa277fd7e62edbed886387a855f58387f) - [#14502](https://github.com/npm/npm/pull/14502) - Simplify lifecycle invocation and fix `prepublishOnly`. - ([@othiym23](https://github.com/othiym23)) - -##### G'BYE NODE.JS 0.10, 0.12, and 5.X; HI THERE, NODE 7 - -With the advent of the second official Node.js LTS release, Node 6.x -'Boron', the Node.js project has now officially dropped versions 0.10 -and 0.12 out of the maintenance phase of LTS. (Also, Node 5 was never -part of LTS, and will see no further support now that Node 7 has been -released.) As a small team with limited resources, the npm CLI team is -following suit and dropping those versions of Node from its CI test -matrix. - -What this means: - -* Your contributions will no longer block on the tests passing on 0.10 and 0.12. -* We will no longer block dependency upgrades on working with 0.10 and 0.12. -* Bugs filed on the npm CLI that are due to incompatibilities with 0.10 - or 0.12 (and older versions) will be closed with a strong urging to - upgrade to a supported version of Node. -* On the flip side, we'll continue to (happily!) accept patches that - address regressions seen when running the CLI with Node.js 0.10 and - 0.12. - -What this doesn't mean: - -* The CLI is going to start depending on ES2015+ features. npm continues - to work, in almost all cases, all the way back to Node.js 0.8, and our - long history of backwards compatibility is a source of pride for the - team. -* We aren't concerned about the problems of users who, for whatever - reason, can't update to newer versions of npm. As mentioned above, we're - happy to take community patches intended to address regressions. - -We're not super interested in taking sides on what version of Node.js -you "should" be running. We're a workflow tool, and we understand that -you all have a diverse set of operational environments you need to be -able to support. At the same time, we _are_ a small team, and we need -to put some limits on what we support. Tracking what's supported by our -runtime's own team seems most practical, so that's what we're doing. - -* [`ab630c9`](https://github.com/npm/npm/commit/ab630c9a7a1b40cdd4f1244be976c25ab1525907) - [#14503](https://github.com/npm/npm/pull/14503) - Node 6 is LTS; 5.x, 0.10, and 0.12 are unsupported. - ([@othiym23](https://github.com/othiym23)) -* [`731ae52`](https://github.com/npm/npm/commit/731ae526fb6e9951c43d82a26ccd357b63cc56c2) - [#14503](https://github.com/npm/npm/pull/14503) - Update supported version expression. - ([@othiym23](https://github.com/othiym23)) - -##### DISENTANGLING SCOPE - -The new `Npm-Scope` header was previously reusing the `scope` -configuration option to pass the current scope back to your current -registry (which, as [described -previously](https://github.com/npm/npm/blob/release-next/CHANGELOG.md#send-extra-headers-to-registry), is meant to set up some upcoming -registry features). It turns out that had some [seriously weird -consequences](https://github.com/npm/npm/issues/14412) in the case where -you were already configuring `scope` in your own environment. The CLI -now uses separate configuration for this. - -* [`39358f7`](https://github.com/npm/npm/commit/39358f732ded4aa46d86d593393a0d6bca5dc12a) - [#14477](https://github.com/npm/npm/pull/14477) - Differentiate registry scope from project scope in configuration. - ([@zkat](https://github.com/zkat)) - -#### SMALLER CHANGES - -* [`7f41295`](https://github.com/npm/npm/commit/7f41295775f28b958a926f9cb371cb37b05771dd) - [#14519](https://github.com/npm/npm/pull/14519) - Document that as of `npm@4.0.1`, `npm shrinkwrap` now includes `devDependencies` unless - instructed otherwise. - ([@iarna](https://github.com/iarna)) -* [`bdc2f9e`](https://github.com/npm/npm/commit/bdc2f9e255ddf1a47fd13ec8749d17ed41638b2c) - [#14501](https://github.com/npm/npm/pull/14501) - The `ENOSELF` error message is tricky to word. It's also an error that - normally bites new users. Clean it up in an effort to make it easier - to understand what's going on. - ([@snopeks](https://github.com/snopeks), [@zkat](https://github.com/zkat)) - -#### DEPENDENCY UPGRADES - -* [`a52d0f0`](https://github.com/npm/npm/commit/a52d0f0c9cf2de5caef77e12eabd7dca9e89b49c) - `glob@7.1.1`: - - Handle files without associated perms on Windows. - - Fix failing case with `absolute` option. - ([@isaacs](https://github.com/isaacs), [@phated](https://github.com/phated)) -* [`afda66d`](https://github.com/npm/npm/commit/afda66d9afcdcbae1d148f589287583c4182d124) - [isaacs/node-graceful-fs#97](https://github.com/isaacs/node-graceful-fs/pull/97) - `graceful-fs@4.1.10`: Better backoff for EPERM on Windows. - ([@sam-github](https://github.com/sam-github)) -* [`e0023c0`](https://github.com/npm/npm/commit/e0023c089ded9161fbcbe544f12b07e12e3e5729) - [npm/inflight#3](https://github.com/npm/inflight/pull/3) - `inflight@1.0.6`: Clean up even if / when a callback throws. - ([@phated](https://github.com/phated)) -* [`1d91594`](https://github.com/npm/npm/commit/1d9159440364d2fe21e8bc15e08e284aaa118347) - `request@2.78.0` - ([@othiym23](https://github.com/othiym23)) - -### v4.0.1 (2016-10-24) - -Ayyyy~ 🌊 - -So thanks to folks who were running on `npm@next`, we managed to find a few -issues of notes in that preview version, and we're rolling out a small patch -change to fix them. Most notably, anyone who was using a symlinked `node` binary -(for example, if they installed Node.js through `homebrew`), was getting a very -loud warning every time they ran scripts. Y'all should get warnings in a more -useful way, now that we're resolving those path symlinks. - -Another fairly big change that we decided to slap into this version, since -`npm@4.0.0` is never going to be `latest`, is to make it so `devDependencies` -are included in `npm-shrinkwrap.json` by default -- if you do not want this, use -`--production` with `npm shrinkwrap`. - -#### BIG FIXES/CHANGES - -* [`eff46dd`](https://github.com/npm/npm/commit/eff46dd498ed007bfa77ab7782040a3a828b852d) - [#14374](https://github.com/npm/npm/pull/14374) - Fully resolve the path for `node` executables in both `$PATH` and - `process.execPath` to avoid issues with symlinked `node`. - ([@addaleax](https://github.com/addaleax)) -* [`964f2d3`](https://github.com/npm/npm/commit/964f2d3a0675584267e6ece95b0115a53c6ca6a9) - [#14375](https://github.com/npm/npm/pull/14375) - Make including `devDependencies` in `npm-shrinkwrap.json` the default. This - should help make the transition to `npm@5` smoother in the future. - ([@iarna](https://github.com/iarna)) - -#### BUGFIXES - -* [`a5b0a8d`](https://github.com/npm/npm/commit/a5b0a8db561916086fc7dbd6eb2836c952a42a7e) - [#14400](https://github.com/npm/npm/pull/14400) - Recently, we've had some consistent timeout failures while running the test - suite under Travis. This tweak to tests should take care of those issues and - Travis should go back to being reliably green. - ([@iarna](https://github.com/iarna)) - -#### DOC PATCHES - -* [`c5907b2`](https://github.com/npm/npm/commit/c5907b2fc1a82ec919afe3b370ecd34d8895c7a2) - [#14251](https://github.com/npm/npm/pull/14251) - Update links to Node.js downloads. They previously pointed to 404 pages.😬 - ([@ArtskydJ](https://github.com/ArtskydJ)) -* [`0c122f2`](https://github.com/npm/npm/commit/0c122f24ff1d4d400975edda2b7262aaaf6f7d69) - [#14380](https://github.com/npm/npm/pull/14380) - Add note and clarification on when `prepare` script is run. Make it more - consistent with surrounding descriptions. - ([@SimenB](https://github.com/SimenB)) -* [`51a62ab`](https://github.com/npm/npm/commit/51a62abd88324ba3dad18e18ca5e741f1d60883c) - [#14359](https://github.com/npm/npm/pull/14359) - Fixes typo in `npm@4` changelog. - ([@kimroen](https://github.com/kimroen)) - -### v4.0.0 (2016-10-20) - -Welcome to `npm@4`, friends! - -This is our first semver major release since the release of `npm@3` just over a -year ago. Back then, `@3` turned out to be a bit of a ground-shaking release, -with a brand-new installer with significant structural changes to how npm set up -your tree. This is the end of an era, in a way. `npm@4` also marks the release -when we move *both* `npm@2` and `npm@3` into maintenance: We will no longer be -updating those release branches with anything except critical bugfixes and -security patches. - -While its predecessor had some pretty serious impaact, `npm@4` is expected to -have a much smaller effect on your day-to-day use of npm. Over the past year, -we've collected a handful of breaking changes that we wanted to get in which are -only breaking under a strict semver interpretation (which we follow). Some of -these are simple usability improvements, while others fix crashes and serious -issues that required a major release to include. - -We hope this release sees you well, and you can look forward to an accelerated -release pace now that the CLI team is done focusing on sustaining work -- our -Windows fixing and big bugs pushes -- and we can start focusing again on -usability, features, and performance. Keep an eye out for `npm@5` in Q1 2017, -too: We're planning a major overhaul of `shrinkwrap` as well as various speed -and usability fixes for that release. It's gonna be a fun ride. I promise. 😘 - -#### BRIEF OVERVIEW OF **BREAKING** CHANGES - -The following breaking changes are included in this release: - -* `npm search` rewritten to stream results, and no longer supports sorting. -* `npm scripts` no longer prepend the path of the node executable used to run - npm before running scripts. A `--scripts-prepend-node-path` option has been - added to configure this behavior. -* `npat` has been removed. -* `prepublish` has been deprecated, replaced by `prepare`. A `prepublishOnly` - script has been temporarily added, which will *only* run on `npm publish`. -* `npm outdated` exits with exit code `1` if it finds any outdated packages. -* `npm tag` has been removed after a deprecation cycle. Use `npm dist-tag`. -* Partial shrinkwraps are no longer supported. `npm-shrinkwrap.json` is - considered a complete installation manifest except for `devDependencies`. -* npm's default git branch is no longer `master`. We'll be using `latest` from - now on. - -#### SEARCH REWRITE (**BREAKING**) - -Let's face it -- `npm search` simply doesn't work anymore. Apart from the fact -that it grew slower over the years, it's reached a point where we can no longer -fit the entire registry metadata in memory, and anyone who tries to use the -command now sees a really awful memory overflow crash from node. - -It's still going to be some time before the CLI, registry, and web team are able -to overhaul `npm search` altogether, but until then, we've rewritten the -previous `npm search` implementation to *stream* results on the fly, from both -the search endpoint and a local cache. In absolute terms, you won't see a -performance increase and this patch *does* come at the cost of sorting -capabilities, but what it does do is start outputting results as it finds them. -This should make the experience much better, overall, and we believe this is an -acceptable band-aid until we have that search endpoint in place. - -Incidentally, if you want a really nice search experience, we recommend checking -out [npms.io](http://npms.io), which includes a handy-dandy -[`npms-cli`](https://npm.im/npms-cli) for command-line usage -- it's an npm -search site that returns high-quality results quickly and is operated by members -of the npm community. - -* [`cfd43b4`](https://github.com/npm/npm/commit/cfd43b49aed36d0e8ea6c35b07ed8b303b69be61) [`2b8057b`](https://github.com/npm/npm/commit/2b8057be2e1b51e97b1f8f38d7f58edf3ce2c145) - [#13746](https://github.com/npm/npm/pull/13746) - Stream search process end-to-end. - ([@zkat](https://github.com/zkat) and [@aredridel](https://github.com/aredridel)) -* [`50f4ec8`](https://github.com/npm/npm/commit/50f4ec8e8ce642aa6a58cb046b2b770ccf0029db) [`70b4bc2`](https://github.com/npm/npm/commit/70b4bc22ec8e81cd33b9448f5b45afd1a50d50ba) [`8fb470f`](https://github.com/npm/npm/commit/8fb470fe755c4ad3295cb75d7b4266f8e67f8d38) [`ac3a6e0`](https://github.com/npm/npm/commit/ac3a6e0eba61fb40099b1370c74ad1598777def4) [`bad54dd`](https://github.com/npm/npm/commit/bad54dd9f1119fe900a8d065f8537c6f1968b589) [`87d504e`](https://github.com/npm/npm/commit/87d504e0a61bccf09f5e975007d018de3a1c5f50) - [#13746](https://github.com/npm/npm/pull/13746) - Updated search-related tests. - ([@zkat](https://github.com/zkat)) -* [`3596de8`](https://github.com/npm/npm/commit/3596de88598c69eb5bae108703c8e74ca198b20c) - [#13746](https://github.com/npm/npm/pull/13746) - `JSONStream@1.2.1` - ([@zkat](https://github.com/zkat)) -* [`4b09209`](https://github.com/npm/npm/commit/4b09209bb605f547243065032a8b37772669745f) - [#13746](https://github.com/npm/npm/pull/13746) - `mississippi@1.2.0` - ([@zkat](https://github.com/zkat)) -* [`b650b39`](https://github.com/npm/npm/commit/b650b39d42654abb9eed1c7cd463b1c595ca2ef9) - [#13746](https://github.com/npm/npm/pull/13746) - `sorted-union-stream@2.1.3` - ([@zkat](https://github.com/zkat)) - -#### SCRIPT NODE PATH (**BREAKING**) - -Thanks to some great work by [@addaleax](https://github.com/addaleax), we've -addressed a fairly tricky issue involving the node process used by `npm -scripts`. - -Previously, npm would prefix the path of the node executable to the script's -`PATH`. This had the benefit of making sure that the node process would be the -same for both npm and `scripts` unless you had something like -[`node-bin`](https://npm.im/node-bin) in your `node_modules`. And it turns out -lots of people relied on this behavior being this way! - -It turns out that this had some unintended consequences: it broke systems like -[`nyc`](https://npm.im/nyc), but also completely broke/defeated things like -[`rvm`](https://rvm.io/) and -[`virtualenv`](https://virtualenv.pypa.io/en/stable/) by often causing things -that relied on them to fall back to the global system versions of ruby and -python. - -In the face of two perfectly valid, and used alternatives, we decided that the -second case was much more surprising for users, and that we should err on the -side of doing what those users expect. Anna put some hard work in and managed to -put together a patch that changes npm's behavior such that we no longer prepend -the node executable's path *by default*, and adds a new option, -`--scripts-prepend-node-path`, to allow users who rely on this behavior to have -it add the node path for them. - -This patch also makes it so this feature is discoverable by people who might run -into the first case above, by warning if the node executable is either missing -or shadowed by another one in `PATH`. This warning can also be disabled with the -`--scripts-prepend-node-path` option as needed. - -* [`3fb1eb3`](https://github.com/npm/npm/commit/3fb1eb3e00b5daf37f14e437d2818e9b65a43392) [`6a7d375`](https://github.com/npm/npm/commit/6a7d375d779ba5416fd5df154c6da673dd745d9d) [`378ae08`](https://github.com/npm/npm/commit/378ae08851882d6d2bc9b631b16b8c875d0b9704) - [#13409](https://github.com/npm/npm/pull/13409) - Add a `--scripts-prepend-node-path` option to configure whether npm prepends - the current node executable's path to `PATH`. - ([@addaleax](https://github.com/addaleax)) -* [`70b352c`](https://github.com/npm/npm/commit/70b352c6db41533b9a4bfaa9d91f7a2a1178f74e) - [#13409](https://github.com/npm/npm/pull/13409) - Change the default behaviour of npm to never prepending the current node - executable’s directory to `PATH` but printing a warning in the cases in which - it previously did. - ([@addaleax](https://github.com/addaleax)) - -#### REMOVE `npat` (**BREAKING**) - -Let's be real here -- almost no one knows this feature ever existed, and it's a -vestigial feature of the days when the ideal for npm was to distribute full -packages that could be directly developed on, even from the registry. - -It turns out the npm community decided to go a different way: primarily -publishing packages in a production-ready format, with no tests, build tools, -etc. And so, we say goodbye to `npat`. - -* [`e16c14a`](https://github.com/npm/npm/commit/e16c14afb6f52cb8b7adf60b2b26427f76773f2e) - [#14329](https://github.com/npm/npm/pull/14329) - Remove the npat feature. - ([@iarna](https://github.com/iarna)) - -#### NEW `prepare` SCRIPT. `prepublish` DEPRECATED (**BREAKING**) - -If there's anything that really seemed to confuse users, it's that the -`prepublish` script ran when invoking `npm install` without any arguments. - -Turns out many, many people really expected that it would only run on `npm -publish`, even if it actually did what most people expected: prepare the package -for publishing on the registry. - -And so, we've added a `prepare` command that runs in the exact same cases where -`prepublish` ran, and we've begun a deprecation cycle for `prepublish` itself -**only when run by `npm install`**, which will now include a warning any time -you use it that way. - -We've also added a `prepublishOnly` script which will execute **only** when `npm -publish` is invoked. Eventually, `prepublish` will stop executing on `npm -install`, and `prepublishOnly` will be removed, leaving `prepare` and -`prepublish` as two distinct lifecycles. - -* [`9b4a227`](https://github.com/npm/npm/commit/9b4a2278cee0a410a107c8ea4d11614731e0a943) [`bc32078`](https://github.com/npm/npm/commit/bc32078fa798acef0e036414cb448645f135b570) - [#14290](https://github.com/npm/npm/pull/14290) - Add `prepare` and `prepublishOnly` lifecycle events. - ([@othiym23](https://github.com/othiym23)) -* [`52fdefd`](https://github.com/npm/npm/commit/52fdefddb48f0c39c6e8eb4c118eb306c9436117) - [#14290](https://github.com/npm/npm/pull/14290) - Warn when running `prepublish` on `npm pack`. - ([@othiym23](https://github.com/othiym23)) -* [`4c2a948`](https://github.com/npm/npm/commit/4c2a9481b564cae3df3f4643766db4b987018a7b) [`a55bd65`](https://github.com/npm/npm/commit/a55bd651284552b93f7d972a2e944f65c1aa6c35) - [#14290](https://github.com/npm/npm/pull/14290) - Added `prepublish` warnings to `npm install`. - ([@zkat](https://github.com/zkat)) -* [`c27412b`](https://github.com/npm/npm/commit/c27412bb9fc7b09f7707c7d9ad23128959ae1abc) - [#14290](https://github.com/npm/npm/pull/14290) - Replace `prepublish` with `prepare` in `npm help package.json` documentation. - ([@zkat](https://github.com/zkat)) - -#### NO MORE PARTIAL SHRINKWRAPS (**BREAKING**) - -That's right. No more partial shrinkwraps. That means that if you have an -`npm-shrinkwrap.json` in your project, npm will no longer install anything that -isn't explicitly listed there, unless it's a `devDependency`. This will open -doors to some nice optimizations and make use of `npm shrinkwrap` just generally -smoother by removing some awful corner cases. We will also skip `devDependency` -installation from `package.json` if you added `devDependencies` to your -shrinkwrap by using `npm shrinkwrap --dev`. - -* [`b7dfae8`](https://github.com/npm/npm/commit/b7dfae8fd4dc0456605f7a921d20a829afd50864) - [#14327](https://github.com/npm/npm/pull/14327) - Use `readShrinkwrap` to read top level shrinkwrap. There's no reason for npm - to be doing its own bespoke heirloom-grade artisanal thing here. - ([@iarna](https://github.com/iarna)) -* [`0ae1f4b`](https://github.com/npm/npm/commit/0ae1f4b9d83af2d093974beb33f26d77fcc95bb9) [`4a54997`](https://github.com/npm/npm/commit/4a549970dc818d78b6de97728af08a1edb5ae7f0) [`f22a1ae`](https://github.com/npm/npm/commit/f22a1ae54b5d47f1a056a6e70868013ebaf66b79) [`3f61189`](https://github.com/npm/npm/commit/3f61189cb3843fee9f54288fefa95ade9cace066) - [#14327](https://github.com/npm/npm/pull/14327) - Treat shrinkwrap as canonical. That is, don't try to fill in for partial - shrinkwraps. Partial shrinkwraps should produce partial installs. If your - shrinkwrap contains NO `devDependencies` then we'll still try to install them - from your `package.json` instead of assuming you NEVER want `devDependencies`. - ([@iarna](https://github.com/iarna)) - -#### `npm tag` REMOVED (**BREAKING**) - -* [`94255da`](https://github.com/npm/npm/commit/94255da8ffc2d9ed6a0434001a643c1ad82fa483) - [#14328](https://github.com/npm/npm/pull/14328) - Remove deprecated tag command. Folks must use the `dist-tag` command from now - on. - ([@iarna](https://github.com/iarna)) - -#### NON-ZERO EXIT CODE ON OUTDATED DEPENDENCIES (**BREAKING**) - -* [`40a04d8`](https://github.com/npm/npm/commit/40a04d888d10a5952d5ca4080f2f5d2339d2038a) [`e2fa18d`](https://github.com/npm/npm/commit/e2fa18d9f7904eb048db7280b40787cb2cdf87b3) [`3ee3948`](https://github.com/npm/npm/commit/3ee39488b74c7d35fbb5c14295e33b5a77578104) [`3fa25d0`](https://github.com/npm/npm/commit/3fa25d02a8ff07c42c595f84ae4821bc9ee908df) - [#14013](https://github.com/npm/npm/pull/14013) - Do `exit 1` if any outdated dependencies are found by `npm outdated`. - ([@watilde](https://github.com/watilde)) -* [`c81838a`](https://github.com/npm/npm/commit/c81838ae96b253f4b1ac66af619317a3a9da418e) - [#14013](https://github.com/npm/npm/pull/14013) - Log non-zero exit codes at `verbose` level -- this isn't something command - line tools tend to do. It's generally the shell's job to display, if at all. - ([@zkat](https://github.com/zkat)) - -#### SEND EXTRA HEADERS TO REGISTRY - -For the purposes of supporting shiny new registry features, we've started -sending `Npm-Scope` and `Npm-In-CI` headers in outgoing requests. - -* [`846f61c`](https://github.com/npm/npm/commit/846f61c1dd4a033f77aa736ab01c27ae6724fe1c) - [npm/npm-registry-client#145](https://github.com/npm/npm-registry-client/pull/145) - [npm/npm-registry-client#147](https://github.com/npm/npm-registry-client/pull/147) - `npm-registry-client@7.3.0`: - * Allow npm to add headers to outgoing requests. - * Add `Npm-In-CI` header that reports whether we're running in CI. - ([@iarna](https://github.com/iarna)) -* [`6b6bb08`](https://github.com/npm/npm/commit/6b6bb08af661221224a81df8adb0b72019ca3e11) - [#14129](https://github.com/npm/npm/pull/14129) - Send `Npm-Scope` header along with requests to registry. `Npm-Scope` is set to - the `@scope` of the current top level project. This will allow registries to - implement user/scope-aware features and services. - ([@iarna](https://github.com/iarna)) -* [`506de80`](https://github.com/npm/npm/commit/506de80dc0a0576ec2aab0ed8dc3eef3c1dabc23) - [#14129](https://github.com/npm/npm/pull/14129) - Add test to ensure `Npm-In-CI` header is being sent when CI is set in env. - ([@iarna](https://github.com/iarna)) - -#### BUGFIXES - -* [`bc84012`](https://github.com/npm/npm/commit/bc84012c2c615024b08868acbd8df53a7ca8d146) - [#14117](https://github.com/npm/npm/pull/14117) - Fixes a bug where installing a shrinkwrapped package would fail if the - platform failed to install an optional dependency included in the shrinkwrap. - ([@watilde](https://github.com/watilde)) -* [`a40b32d`](https://github.com/npm/npm/commit/a40b32dc7fe18f007a672219a12d6fecef800f9d) - [#13519](https://github.com/npm/npm/pull/13519) - If a package has malformed metadata, `node.requiredBy` is sometimes missing. - Stop crashing when that happens. - ([@creationix](https://github.com/creationix)) - -#### OTHER PATCHES - -* [`643dae2`](https://github.com/npm/npm/commit/643dae2197c56f1c725ecc6539786bf82962d0fe) - [#14244](https://github.com/npm/npm/pull/14244) - Remove some ancient aliases that we'd rather not have around. - ([@zkat](https://github.com/zkat)) -* [`bdeac3e`](https://github.com/npm/npm/commit/bdeac3e0fb226e4777d4be5cd3c3bec8231c8044) - [#14230](https://github.com/npm/npm/pull/14230) - Detect unsupported Node.js versions and warn about it. Also error on really - old versions where we know we can't work. - ([@iarna](https://github.com/iarna)) - -#### DOC UPDATES - -* [`9ca18ad`](https://github.com/npm/npm/commit/9ca18ada7cc1c10b2d32bbb59d5a99dd1c743109) - [#13746](https://github.com/npm/npm/pull/13746) - Updated docs for `npm search` options. - ([@zkat](https://github.com/zkat)) -* [`e02a47f`](https://github.com/npm/npm/commit/e02a47f9698ff082488dc2b1738afabb0912793e) - Move the `npm@3` changelog into the archived changelogs directory. - ([@zkat](https://github.com/zkat)) -* [`c12bbf8`](https://github.com/npm/npm/commit/c12bbf8c5a5dff24a191b66ac638f552bfb76601) - [#14290](https://github.com/npm/npm/pull/14290) - Document prepublish-on-install deprecation. - ([@othiym23](https://github.com/othiym23)) -* [`c246a75`](https://github.com/npm/npm/commit/c246a75ac8697f4ca11d316b7e7db5f24af7972b) - [#14129](https://github.com/npm/npm/pull/14129) - Document headers added by npm to outgoing registry requests. - ([@iarna](https://github.com/iarna)) - -#### DEPENDENCIES - -* [`cb20c73`](https://github.com/npm/npm/commit/cb20c7373a32daaccba2c1ad32d0b7e1fc01a681) - [#13953](https://github.com/npm/npm/pull/13953) - `signal-exit@3.0.1` - ([@benjamincoe](https://github.com/benjamincoe)) diff --git a/deps/node/deps/npm/changelogs/CHANGELOG-5.md b/deps/node/deps/npm/changelogs/CHANGELOG-5.md deleted file mode 100644 index b4c75b3d..00000000 --- a/deps/node/deps/npm/changelogs/CHANGELOG-5.md +++ /dev/null @@ -1,2360 +0,0 @@ -## v5.10.0 (2018-05-10): - -### AUDIT SHOULDN'T WAIT FOREVER - -This will likely be reduced further with the goal that the audit process -shouldn't noticibly slow down your builds regardless of your network -situation. - -* [`3dcc240db`](https://github.com/npm/npm/commit/3dcc240dba5258532990534f1bd8a25d1698b0bf) - Timeout audit requests eventually. - ([@iarna](https://github.com/iarna)) - - -## v5.10.0-next.1 (2018-05-07): - -### EXTENDED `npm init` SCAFFOLDING - -Thanks to the wonderful efforts of [@jdalton](https://github.com/jdalton) of -lodash fame, `npm init` can now be used to invoke custom scaffolding tools! - -You can now do things like `npm init react-app` or `npm init esm` to scaffold an -npm package by running `create-react-app` and `create-esm`, respectively. This -also adds an `npm create` alias, to correspond to Yarn's `yarn create` feature, -which inspired this. - -* [`adc009ed4`](https://github.com/npm/npm/commit/adc009ed4114ed1e692f8ef15123af6040615cee) - [`f363edd04`](https://github.com/npm/npm/commit/f363edd04f474fa64e4d97228c0b2a7858f21e7c) - [`f03b45fb2`](https://github.com/npm/npm/commit/f03b45fb217df066c3cb7715f9c0469d84e5aa8e) - [`13adcbb52`](https://github.com/npm/npm/commit/13adcbb527fb8214e5f2233706c6b72ce072f3fa) - [#20303](https://github.com/npm/npm/pull/20303) - [#20372](https://github.com/npm/npm/pull/20372) - Add an `npm init` feature that calls out to `npx` when invoked with positional - arguments. ([@jdalton](https://github.com/jdalton)) - -### DEPENDENCY AUDITING - -This version of npm adds a new command, `npm audit`, which will run a security -audit of your project's dependency tree and notify you about any actions you may -need to take. - -The registry-side services required for this command to work will be available -on the main npm registry in the coming weeks. Until then, you won't get much out -of trying to use this on the CLI. - -As part of this change, the npm CLI now sends scrubbed and cryptographically -anonymized metadata about your dependency tree to your configured registry, to -allow notifying you about the existence of critical security flaws. For details -about how the CLI protects your privacy when it shares this metadata, see `npm -help audit`, or [read the docs for `npm audit` -online](https://github.com/npm/npm/blob/release-next/doc/cli/npm-audit.md). You -can disable this altogether by doing `npm config set audit false`, but will no -longer benefit from the service. - -* [`c81dfb91b`](https://github.com/npm/npm/commit/c81dfb91bc031f1f979fc200bb66718a7e8e1551) - `npm-registry-fetch@1.1.1` - ([@iarna](https://github.com/iarna)) -* [`b096f44a9`](https://github.com/npm/npm/commit/b096f44a96d185c45305b9b6a5f26d3ccbbf759d) - `npm-audit-report@1.0.9` - ([@iarna](https://github.com/iarna)) -* [`43b20b204`](https://github.com/npm/npm/commit/43b20b204ff9a86319350988d6774397b7da4593) - [#20389](https://github.com/npm/npm/pull/20389) - Add new `npm audit` command. - ([@iarna](https://github.com/iarna)) -* [`49ddb3f56`](https://github.com/npm/npm/commit/49ddb3f5669e90785217a639f936f4e38390eea2) - [#20389](https://github.com/npm/npm/pull/20389) - Temporarily suppress git metadata till there's an opt-in. - ([@iarna](https://github.com/iarna)) -* [`5f1129c4b`](https://github.com/npm/npm/commit/5f1129c4b072172c72cf9cff501885e2c11998ea) - [#20389](https://github.com/npm/npm/pull/20389) - Document the new command. - ([@iarna](https://github.com/iarna)) -* [`9a07b379d`](https://github.com/npm/npm/commit/9a07b379d24d089687867ca34df6e1e6189c72f1) - [#20389](https://github.com/npm/npm/pull/20389) - Default audit to off when running the npm test suite itself. - ([@iarna](https://github.com/iarna)) -* [`a6e2f1284`](https://github.com/npm/npm/commit/a6e2f12849b84709d89b3dc4f096e8c6f7db7ebb) - Make sure we hide stream errors on background audit submissions. Previously some classes - of error could end up being displayed (harmlessly) during installs. - ([@iarna](https://github.com/iarna)) -* [`aadbf3f46`](https://github.com/npm/npm/commit/aadbf3f4695e75b236ee502cbe41e51aec318dc3) - Include session and scope in requests (as we do in other requests to the registry). - ([@iarna](https://github.com/iarna)) -* [`7d43ddf63`](https://github.com/npm/npm/commit/7d43ddf6366d3bfc18ea9ccef8c7b8e43d3b79f5) - Exit with non-zero status when vulnerabilities are found. So you can have `npm audit` as a test or prepublish step! - ([@iarna](https://github.com/iarna)) -* [`bc3fc55fa`](https://github.com/npm/npm/commit/bc3fc55fae648da8efaf1be5b86078f0f736282e) - Verify lockfile integrity before running. You'd get an error either way, but this way it's - faster and can give you more concrete instructions on how to fix it. - ([@iarna](https://github.com/iarna)) -* [`2ac8edd42`](https://github.com/npm/npm/commit/2ac8edd4248f2393b35896f0300b530e7666bb0e) - Refuse to run in global mode. Audits require a lockfile and globals don't have one. Yet. - ([@iarna](https://github.com/iarna)) - -### CTRL-C OUT DURING PACKAGE EXTRACTION AS MUCH AS YOU WANT! - -* [`663d8b5e5`](https://github.com/npm/npm/commit/663d8b5e5427c2243149d2dd6968faa117e9db3f) - [npm/lockfile#29](https://github.com/npm/lockfile/pull/29) - `lockfile@1.0.4`: - Switches to `signal-exit` to detect abnormal exits and remove locks. - ([@Redsandro](https://github.com/Redsandro)) - -### SHRONKWRAPS AND LACKFILES - -If a published modules had legacy `npm-shrinkwrap.json` we were saving -ordinary registry dependencies (`name@version`) to your `package-lock.json` -as `https://` URLs instead of versions. - -* [`36f998411`](https://github.com/npm/npm/commit/36f9984113e39d7b190010a2d0694ee025924dcb) - When saving the lock-file compute how the dependency is being required instead of using - `_resolved` in the `package.json`. This fixes the bug that was converting - registry dependencies into `https://` dependencies. - ([@iarna](https://github.com/iarna)) -* [`113e1a3af`](https://github.com/npm/npm/commit/113e1a3af2f487c753b8871d51924682283c89fc) - When encountering a `https://` URL in our lockfiles that point at our default registry, extract - the version and use them as registry dependencies. This lets us heal - `package-lock.json` files produced by 6.0.0 - ([@iarna](https://github.com/iarna)) - -### MORE `package-lock.json` FORMAT CHANGES?! - -* [`074502916`](https://github.com/npm/npm/commit/0745029168dfdfee0d1823137550e6ebccf741a5) - [#20384](https://github.com/npm/npm/pull/20384) - Add `from` field back into package-lock for git dependencies. This will give - npm the information it needs to figure out whether git deps are valid, - specially when running with legacy install metadata or in - `--package-lock-only` mode when there's no `node_modules`. This should help - remove a significant amount of git-related churn on the lock-file. - ([@zkat](https://github.com/zkat)) - -### DOCUMENTATION IMPROVEMENTS - -* [`e0235ebb6`](https://github.com/npm/npm/commit/e0235ebb6e560f0114b8babedb6949385ab9bd57) - [#20384](https://github.com/npm/npm/pull/20384) - Update the lock-file spec doc to mention that we now generate the from field for `git`-type dependencies. - ([@watilde](https://github.com/watilde)) -* [`35de04676`](https://github.com/npm/npm/commit/35de04676a567ef11e1dd031d566231021d8aff2) - [#20408](https://github.com/npm/npm/pull/20408) - Describe what the colors in outdated mean. - ([@teameh](https://github.com/teameh)) - -### BUGFIXES - -* [`1b535cb9d`](https://github.com/npm/npm/commit/1b535cb9d4a556840aeab2682cc8973495c9919a) - [#20358](https://github.com/npm/npm/pull/20358) - `npm install-test` (aka `npm it`) will no longer generate `package-lock.json` - when running with `--no-package-lock` or `package-lock=false`. - ([@raymondfeng](https://github.com/raymondfeng)) -* [`268f7ac50`](https://github.com/npm/npm/commit/268f7ac508cda352d61df63a2ae7148c54bdff7c) - [`5f84ebdb6`](https://github.com/npm/npm/commit/5f84ebdb66e35486d1dec1ca29e9ba0e4c5b6d5f) - [`c12e61431`](https://github.com/npm/npm/commit/c12e61431ecf4f77e56dc8aa55c41d5d7eeaacad) - [#20390](https://github.com/npm/npm/pull/20390) - Fix a scenario where a git dependency had a comittish associated with it - that was not a complete commitid. `npm` would never consider that entry - in the `package.json` as matching the entry in the `package-lock.json` and - this resulted in inappropriate pruning or reinstallation of git - dependencies. This has been addressed in two ways, first, the addition of the - `from` field as described in [#20384](https://github.com/npm/npm/pull/20384) means - we can exactly match the `package.json`. Second, when that's missing (when working with - older `package-lock.json` files), we assume that the match is ok. (If - it's not, we'll fix it up when a real installation is done.) - ([@iarna](https://github.com/iarna)) - -### DOCS - -* [`7b13bf5e3`](https://github.com/npm/npm/commit/7b13bf5e373e2ae2466ecaa3fd6dcba67a97f462) - [#20331](https://github.com/npm/npm/pull/20331) - Fix broken link to 'private-modules' page. The redirect went away when the new - npm website went up, but the new URL is better anyway. - ([@vipranarayan14](https://github.com/vipranarayan14)) -* [`1c4ffddce`](https://github.com/npm/npm/commit/1c4ffddce05c25ef51e254dfc6a9a97e03c711ce) - [#20279](https://github.com/npm/npm/pull/20279) - Document the `--if-present` option for `npm run-script`. - ([@aleclarson](https://github.com/aleclarson)) - -### DEPENDENCY UPDATES - -* [`815d91ce0`](https://github.com/npm/npm/commit/815d91ce0e8044775e884c1dab93052da57f6650) - `libnpx@10.2.0` - ([@zkat](https://github.com/zkat)) -* [`02715f19f`](https://github.com/npm/npm/commit/02715f19fbcdecec8990b92fc60b1a022c59613b) - `update-notifier@2.5.0` - ([@alexccl](https://github.com/alexccl)) -* [`08c4ddd9e`](https://github.com/npm/npm/commit/08c4ddd9eb560aa6408a1bb1c1d2d9aa6ba46ba0) - `tar@4.4.2` - ([@isaacs](https://github.com/isaacs)) -* [`53718cb12`](https://github.com/npm/npm/commit/53718cb126956851850839b4d7d3041d4e9a80d0) - `tap@11.1.4` - ([@isaacs](https://github.com/isaacs)) -* [`0a20cf546`](https://github.com/npm/npm/commit/0a20cf546a246ac12b5fe2b6235ffb8649336ec4) - `safe-buffer@5.1.2` - ([@feross](https://github.com/feross)) -* [`e8c8e844c`](https://github.com/npm/npm/commit/e8c8e844c194351fe2d65cf3af79ef318bbc8bec) - `retry@0.12.0` - ([@tim-kos](https://github.com/tim-kos)) -* [`76c7f21bd`](https://github.com/npm/npm/commit/76c7f21bd04407d529edc4a76deaa85a2d6b6e6f) - `read-package-tree@5.2.1` - ([@zkat](https://github.com/zkat)) -* [`c8b0aa07b`](https://github.com/npm/npm/commit/c8b0aa07b34a0b0f8bc85154da75d9fb458eb504) - `query-string@6.1.0` - ([@sindresorhus](https://github.com/sindresorhus)) -* [`abfd366b4`](https://github.com/npm/npm/commit/abfd366b4709325f954f2b1ee5bd475330aab828) - `npm-package-arg@6.1.0` - ([@zkat](https://github.com/zkat)) -* [`bd29baf83`](https://github.com/npm/npm/commit/bd29baf834c3e16a9b3d7b60cdb4f462889800bf) - `lock-verify@2.0.2` - ([@iarna](https://github.com/iarna)) - -## v5.10.0-next.0 (2018-04-12): - -### NEW FEATURES - -* [`32ec2f54b`](https://github.com/npm/npm/commit/32ec2f54b2ad7370f2fd17e6e2fbbb2487c81266) - [#20257](https://github.com/npm/npm/pull/20257) - Add shasum and integrity to the new `npm view` output. - ([@zkat](https://github.com/zkat)) -* [`a22153be2`](https://github.com/npm/npm/commit/a22153be239dfd99d87a1a1c7d2c3700db0bebf3) - [#20126](https://github.com/npm/npm/pull/20126) - Add `npm cit` command that's equivalent of `npm ci && npm t` that's equivalent of `npm it`. - ([@SimenB](https://github.com/SimenB)) - -### BUG FIXES - -* [`089aeaf44`](https://github.com/npm/npm/commit/089aeaf4479f286b1ce62716c6442382ff0f2150) - Fix a bug where OTPs passed in via the commandline would have leading - zeros deleted resulted in authentication failures. - ([@iarna](https://github.com/iarna)) -* [`6eaa860ea`](https://github.com/npm/npm/commit/6eaa860ead3222a6dbd6d370b4271e7bf242b30b) - Eliminate direct use of `new Buffer` in `npm`. While the use of it in `npm` was safe, there - are two other reasons for this change: - - 1. Node 10 emits warnings about its use. - 2. Users who require npm as a library (which they definitely should not do) - can call the functions that call `new Buffer` in unsafe ways, if they try - really hard. - - ([@iarna](https://github.com/iarna)) - -* [`85900a294`](https://github.com/npm/npm/commit/85900a2944fed14bc8f59c48856fb797faaafedc) - Starting with 5.8.0 the `requires` section of the lock-file saved version ranges instead of - specific versions. Due to a bug, further actions on the same lock-file would result in the - range being switched back to a version. This corrects that, keeping ranges when they appear. - ([@iarna](https://github.com/iarna)) -* [`0dffa9c2a`](https://github.com/npm/npm/commit/0dffa9c2ae20b669f65c8e596dafd63e52248250) - [`609d6f6e1`](https://github.com/npm/npm/commit/609d6f6e1b39330b64ca4677a531819f2143a283) - [`08f81aa94`](https://github.com/npm/npm/commit/08f81aa94171987a8e1b71a87034e7b028bb9fc7) - [`f8b76e076`](https://github.com/npm/npm/commit/f8b76e0764b606e2c129cbaa66e48ac6a3ebdf8a) - [`6d609822d`](https://github.com/npm/npm/commit/6d609822d00da7ab8bd05c24ec4925094ecaef53) - [`59d080a22`](https://github.com/npm/npm/commit/59d080a22f7314a8e4df6e4f85c84777c1e4be42) - Restore the ability to bundle dependencies that are uninstallable from the - registry. This also eliminates needless registry lookups for bundled - dependencies. - - Fixed a bug where attempting to install a dependency that is bundled - inside another module without reinstalling that module would result in - ENOENT errors. - ([@iarna](https://github.com/iarna)) -* [`db846c2d5`](https://github.com/npm/npm/commit/db846c2d57399f277829036f9d96cd767088097e) - [#20029](https://github.com/npm/npm/pull/20029) - Allow packages with non-registry specifiers to follow the fast path that - the we use with the lock-file for registry specifiers. This will improve install time - especially when operating only on the package-lock (`--package-lock-only`). - - ([@zkat](https://github.com/zkat)) - - Fix the a bug where `npm i --only=prod` could remove development - dependencies from lock-file. - ([@iarna](https://github.com/iarna)) -* [`3e12d2407`](https://github.com/npm/npm/commit/3e12d2407446661d3dd226b03a2b6055b7932140) - [#20122](https://github.com/npm/npm/pull/20122) - Improve the update-notifier messaging (borrowing ideas from pnpm) and - eliminate false positives. - ([@zkat](https://github.com/zkat)) -* [`f18be9b39`](https://github.com/npm/npm/commit/f18be9b39888d05c7f98946c53214f40914f6284) - [#20154](https://github.com/npm/npm/pull/20154) - Let version succeed when `package-lock.json` is gitignored. - ([@nwoltman](https://github.com/nwoltman)) -* [`ced29253d`](https://github.com/npm/npm/commit/ced29253df6c6d67e4bf47ca83e042db4fb19034) - [#20212](https://github.com/npm/npm/pull/20212) - Ensure that we only create an `etc` directory if we are actually going to write files to it. - ([@buddydvd](https://github.com/buddydvd)) -* [`8e21b19a8`](https://github.com/npm/npm/commit/8e21b19a8c5e7d71cb51f3cc6a8bfaf7749ac2c5) - [#20140](https://github.com/npm/npm/pull/20140) - Note in documentation that `package-lock.json` version gets touched by `npm version`. - ([@srl295](https://github.com/srl295)) -* [`5d17c87d8`](https://github.com/npm/npm/commit/5d17c87d8d27caeac71f291fbd62628f2765fda2) - [#20032](https://github.com/npm/npm/pull/20032) - Fix bug where unauthenticated errors would get reported as both 404s and - 401s, i.e. `npm ERR! 404 Registry returned 401`. In these cases the error - message will now be much more informative. - ([@iarna](https://github.com/iarna)) -* [`05ff6c9b1`](https://github.com/npm/npm/commit/05ff6c9b14cb095988b768830e51789d6b6b8e6e) - [#20082](https://github.com/npm/npm/pull/20082) - Allow optional @ prefix on scope with `npm team` commands for parity with other commands. - ([@bcoe](https://github.com/bcoe)) -* [`6bef53891`](https://github.com/npm/npm/commit/6bef538919825b8cd2e738333bdd7b6ca2e2e0e3) - [#19580](https://github.com/npm/npm/pull/19580) - Improve messaging when two-factor authentication is required while publishing. - ([@jdeniau](https://github.com/jdeniau)) -* [`155dab2bd`](https://github.com/npm/npm/commit/155dab2bd7b06724eca190abadd89c9f03f85446) - Fix a bug where optional status of a dependency was not being saved to - the package-lock on the initial install. - ([@iarna](https://github.com/iarna)) -* [`8d6a4cafc`](https://github.com/npm/npm/commit/8d6a4cafc2e6963d9ec7c828e1af6f2abc12e7f3) - [`a0937e9af`](https://github.com/npm/npm/commit/a0937e9afe126dce7a746c1a6270b1ac69f2a9b3) - Ensure that `--no-optional` does not remove optional dependencies from the lock-file. - ([@iarna](https://github.com/iarna)) - -### DEPENDENCY UPDATES - -* [`8baa37551`](https://github.com/npm/npm/commit/8baa37551945bc329a6faf793ec5e3e2feff489b) - [zkat/cipm#46](https://github.com/zkat/cipm/pull/46) - `libcipm@1.6.2`: - Detect binding.gyp for default install lifecycle. Let's `npm ci` work on projects that - have their own C code. - ([@caleblloyd](https://github.com/caleblloyd)) -* [`323f74242`](https://github.com/npm/npm/commit/323f74242066c989f7faf94fb848ff8f3b677619) - [zkat/json-parse-better-errors#1](https://github.com/zkat/json-parse-better-errors/pull/1) - `json-parse-better-errors@1.0.2` - ([@Hoishin](https://github.com/Hoishin)) -* [`d0cf1f11e`](https://github.com/npm/npm/commit/d0cf1f11e5947446f74881a3d15d6a504baea619) - `readable-stream@2.3.6` - ([@mcollina](https://github.com/mcollina)) -* [`9e9fdba5e`](https://github.com/npm/npm/commit/9e9fdba5e7b7f3a1dd73530dadb96d9e3445c48d) - `update-notifier@2.4.0` - ([@sindersorhus](https://github.com/sindersorhus)) -* [`57fa33870`](https://github.com/npm/npm/commit/57fa338706ab122ab7e13d2206016289c5bdacf3) - `marked@0.3.1` - ([@joshbruce](https://github.com/joshbruce)) -* [`d2b20d34b`](https://github.com/npm/npm/commit/d2b20d34b60f35eecf0d51cd1f05de79b0e15096) - [#20276](https://github.com/npm/npm/pull/20276) - `node-gyp@3.6.2` -* [`2b5700679`](https://github.com/npm/npm/commit/2b5700679fce9ee0c24c4509618709a4a35a3d27) - [zkat/npx#172](https://github.com/zkat/npx/pull/172) - `libnpx@10.1.1` - ([@jdalton](https://github.com/jdalton)) - -## v5.9.0 (2018-03-23): - -Coming to you this week are a fancy new package view, pack/publish previews -and a handful of bug fixes! Let's get right in! - -### NEW PACKAGE VIEW - -There's a new `npm view` in town. You might it as `npm info` or `npm show`. -The new output gives you a nicely summarized view that for most packages -fits on one screen. If you ask it for `--json` you'll still get the same -results, so your scripts should still work fine. - -* [`143cdbf13`](https://github.com/npm/npm/commit/143cdbf1327f7d92ccae405bc05d95d28939a837) - [#19910](https://github.com/npm/npm/pull/19910) - Add humanized default view. - ([@zkat](https://github.com/zkat)) -* [`ca84be91c`](https://github.com/npm/npm/commit/ca84be91c434fb7fa472ee4c0b7341414acf52b5) - [#19910](https://github.com/npm/npm/pull/19910) - `tiny-relative-date@1.3.0` - ([@zkat](https://github.com/zkat)) -* [`9a5807c4f`](https://github.com/npm/npm/commit/9a5807c4f813c49b854170b6111c099b3054faa2) - [#19910](https://github.com/npm/npm/pull/19910) - `cli-columns@3.1.2` - ([@zkat](https://github.com/zkat)) -* [`23b4a4fac`](https://github.com/npm/npm/commit/23b4a4fac0fbfe8e03e2f65d9f674f163643d15d) - [#19910](https://github.com/npm/npm/pull/19910) - `byte-size@4.0.2` - -### PACK AND PUBLISH PREVIEWS - -The `npm pack` and `npm publish` commands print out a summary of the files -included in the package. They also both now take the `--dry-run` flag, so -you can double check your `.npmignore` settings before doing a publish. - -* [`116e9d827`](https://github.com/npm/npm/commit/116e9d8271d04536522a7f02de1dde6f91ca5e6e) - [#19908](https://github.com/npm/npm/pull/19908) - Add package previews to pack and publish. Also add --dry-run and --json - flags. - ([@zkat](https://github.com/zkat)) - -### MERGE CONFLICT, SMERGE CONFLICT - -If you resolve a `package-lock.json` merge conflict with `npm install` we -now suggest you setup a merge driver to handle these automatically for you. -If you're reading this and you'd like to set it up now, run: - -```console -npx npm-merge-driver install -g -``` - -* [`5ebe99719`](https://github.com/npm/npm/commit/5ebe99719d11fedeeec7a55f1b389dcf556f32f3) - [#20071](https://github.com/npm/npm/pull/20071) - suggest installing the merge driver - ([@zkat](https://github.com/zkat)) - -### MISC BITS - -* [`a05e27b71`](https://github.com/npm/npm/commit/a05e27b7104f9a79f5941e7458c4658872e5e0cd) - Going forward, record requested ranges not versions in the package-lock. - ([@iarna](https://github.com/iarna)) -* [`f721eec59`](https://github.com/npm/npm/commit/f721eec599df4bdf046d248e0f50822d436654b4) - Add 10 to Node.js supported version list. It's not out yet, but soon my pretties... - ([@iarna](https://github.com/iarna)) - -### DEPENDENCY UPDATES - -* [`40aabb94e`](https://github.com/npm/npm/commit/40aabb94e3f24a9feabb9c490403e10ec9dc254f) - `libcipm@1.6.1`: - Fix bugs on docker and with some `prepare` scripts and `npm ci`. - Fix a bug where script hooks wouldn't be called with `npm ci`. - Fix a bug where `npm ci` and `--prefix` weren't compatible. - ([@isaacseymour](https://github.com/isaacseymour)) - ([@umarov](https://github.com/umarov)) - ([@mikeshirov](https://github.com/mikeshirov)) - ([@billjanitsch](https://github.com/billjanitsch)) -* [`a85372e67`](https://github.com/npm/npm/commit/a85372e671eab46e62caa46631baa30900e32114) - `tar@4.4.1`: - Switch to safe-buffer and Buffer.from. - ([@isaacs](https://github.com/isaacs)) - ([@ChALkeR](https://github.com/ChALkeR)) -* [`588eabd23`](https://github.com/npm/npm/commit/588eabd23fa04420269b9326cab26d974d9c151f) - `lru-cache@4.1.2`: -* [`07f27ee89`](https://github.com/npm/npm/commit/07f27ee898f3c3199e75427017f2b6a189b1a85b) - `qrcode-terminal@0.12.0`: -* [`01e4e29bc`](https://github.com/npm/npm/commit/01e4e29bc879bdaa0e92f0b58e3725a41377d21c) - `request@2.85.0` -* [`344ba8819`](https://github.com/npm/npm/commit/344ba8819f485c72e1c7ac3e656d7e9210ccf607) - `worker-farm@1.6.0` -* [`dc6df1bc4`](https://github.com/npm/npm/commit/dc6df1bc4677164b9ba638e87c1185b857744720) - `validate-npm-package-license@3.0.3` -* [`97a976696`](https://github.com/npm/npm/commit/97a9766962ab5125af3b2a1f7b4ef550a2e3599b) - `ssri@5.3.0` -* [`9b629d0c6`](https://github.com/npm/npm/commit/9b629d0c69599635ee066cb71fcc1b0155317f19) - `query-string@5.1.1` - -## v5.8.0 (2018-03-08): - -Hey again, everyone! While last release was focused largely around PRs from the -CLI team, this release is mostly pulling in community PRs in npm itself and its -dependencies! We've got a good chunk of wonderful contributions for y'all, and -even new features and performance improvements! 🎉 - -We're hoping to continue our biweekly (as in every-other-week biweekly) release -schedule from now on, so you should be seeing more steady npm releases from here -on out. And that's good, 'cause we've got a _ton_ of new stuff on our roadmap -for this year. Keep an eye out for exciting news. 👀 - -### FEATURES - -* [`2f513fe1c`](https://github.com/npm/npm/commit/2f513fe1ce6db055b04a63fe4360212a83f77b34) - [#19904](https://github.com/npm/npm/pull/19904) - Make a best-attempt at preserving line ending style when saving - `package.json`/`package-lock.json`/`npm-shrinkwrap.json`. This goes - hand-in-hand with a previous patch to preserve detected indentation style. - ([@tuananh](https://github.com/tuananh)) -* [`d3cfd41a2`](https://github.com/npm/npm/commit/d3cfd41a28253db5a18260f68642513cbbc93e3b) - `pacote@7.6.1` ([@zkat](https://github.com/zkat)) - * Enable `file:`-based `resolved` URIs in `package-lock.json`. - * Retry git-based operations on certain types of failure. -* [`ecfbb16dc`](https://github.com/npm/npm/commit/ecfbb16dc705f28aa61b3223bdbf9e47230a0fa4) - [#19929](https://github.com/npm/npm/pull/19929) - Add support for the [`NO_COLOR` standard](http://no-color.org). This gives a - cross-application, consistent way of disabling ANSI color code output. Note - that npm already supported this through `--no-color` or - `npm_config_color='false'` configurations, so this is just another way to do - it. - ([@chneukirchen](https://github.com/chneukirchen)) -* [`fc8761daf`](https://github.com/npm/npm/commit/fc8761daf1e8749481457973890fa516eb96a195) - [#19629](https://github.com/npm/npm/pull/19629) - Give more detailed, contextual information when npm fails to parse - `package-lock.json` and `npm-shrinkwrap.json`, instead of saying `JSON parse - error` and leaving you out in the cold. - ([@JoshuaKGoldberg](https://github.com/JoshuaKGoldberg)) -* [`1d368e1e6`](https://github.com/npm/npm/commit/1d368e1e63229f236b9dbabf628989fa3aa98bdb) - [#19157](https://github.com/npm/npm/pull/19157) - Add `--no-proxy` config option. Previously, you needed to use the `NO_PROXY` - environment variable to use this feature -- now it's an actual npm option. - ([@Saturate](https://github.com/Saturate)) -* [`f0e998daa`](https://github.com/npm/npm/commit/f0e998daa049810d5f928615132250021e46451d) - [#18426](https://github.com/npm/npm/pull/18426) - Do environment variable replacement in config files even for config keys or - fragments of keys. - ([@misak113](https://github.com/misak113)) -* [`9847c82a8`](https://github.com/npm/npm/commit/9847c82a8528cfdf5968e9bb00abd8ed47903b5c) - [#18384](https://github.com/npm/npm/pull/18384) - Better error messaging and suggestions when users get `EPERM`/`EACCES` errors. - ([@chrisjpatty](https://github.com/chrisjpatty)) -* [`b9d0c0c01`](https://github.com/npm/npm/commit/b9d0c0c0173542a8d741a9a17b9fb34fbaf5068e) - [#19448](https://github.com/npm/npm/pull/19448) - Holiday celebrations now include all JavaScripters, not just Node developers. - ([@isaacs](https://github.com/isaacs)) - -### NPM CI - -I hope y'all have been having fun with `npm ci` so far! Since this is the first -release since that went out, we've had a few fixes and improvements now that -folks have actually gotten their hands on it! Benchmarks have been super -promising so far, and I've gotten messages from a lot of you saying you've sped -up your CI work by **2-5x** in some cases! Have a good example? Tell us on -Twitter! - -`npm ci` is, right now, [the fastest -installer](http://blog.npmjs.org/post/171556855892/introducing-npm-ci-for-faster-more-reliable) -you can use in CI situations, so go check it out if you haven't already! We'll -continue doing performance improvements on it, and a lot of those will help make -`npm install` fast as well. 🏎😎 - -* [`0d7f203d9`](https://github.com/npm/npm/commit/0d7f203d9e86cc6c8d69107689ea60fc7cbab424) - `libcipm@1.6.0` - ([@zkat](https://github.com/zkat)) - -This `libcipm` release includes a number of improvements: - -* **PERFORMANCE** Reduce calls to `read-package-json` and separate JSON update phase from man/bin linking phase. `npm ci` should be noticeably faster. -* **FEATURE** Progress bar now fills up as packages are installed, instead of sitting there doing nothing. -* **BUGFIX** Add support for `--only` and `--also` options. -* **BUFGIX** Linking binaries and running scripts in parallel was causing packages to sometimes clobber each other when hoisted, as well as potentially running too many run-scripts in parallel. This is now a serial operation, and it turns out to have had relatively little actual performance impact. -* **BUGFIX** Stop adding `_from` to directory deps (aka `file:packages/my-dep`). - -### BUGFIXES - -* [`58d2aa58d`](https://github.com/npm/npm/commit/58d2aa58d5f9c4db49f57a5f33952b3106778669) - [#20027](https://github.com/npm/npm/pull/20027) - Use a specific mtime when packing tarballs instead of the beginning of epoch - time. This should allow `npm pack` to generate tarballs with identical hashes - for identical contents, while fixing issues with some `zip` implementations - that do not support pre-1980 timestamps. - ([@isaacs](https://github.com/isaacs)) -* [`4f319de1d`](https://github.com/npm/npm/commit/4f319de1d6e8aca5fb68f78023425233da4f07f6) - Don't fall back to couch adduser if we didn't try couch login. - ([@iarna](https://github.com/iarna)) -* [`c8230c9bb`](https://github.com/npm/npm/commit/c8230c9bbd596156a4a8cfe62f2370f81d22bd9f) - [#19608](https://github.com/npm/npm/pull/19608) - Fix issue where using the npm-bundled `npx` on Windows was invoking `npx - prefix` (and downloading that package). - ([@laggingreflex](https://github.com/laggingreflex)) -* [`d70c01970`](https://github.com/npm/npm/commit/d70c01970311f4e84b35eef8559c114136a9ebc7) - [#18953](https://github.com/npm/npm/pull/18953) - Avoid using code that depends on `node@>=4` in the `unsupported` check, so npm - can report the issue normally instead of syntax-crashing. - ([@deployable](https://github.com/deployable)) - -### DOCUMENTATION - -* [`4477ca2d9`](https://github.com/npm/npm/commit/4477ca2d993088ac40ef5cf39d1f9c68be3d6252) - `marked@0.3.17`: Fixes issue preventing correct rendering of backticked - strings. man pages should be rendering correctly now instead of having empty - spaces wherever backticks were used. - ([@joshbruce](https://github.com/joshbruce)) -* [`71076ebda`](https://github.com/npm/npm/commit/71076ebdaddd04f2bf330fe668f15750bcff00ea) - [#19950](https://github.com/npm/npm/pull/19950) - Add a note to install --production. - ([@kyranet](https://github.com/kyranet)) -* [`3a33400b8`](https://github.com/npm/npm/commit/3a33400b89a8dd00fa9a49fcb57a8add36f79fa6) - [#19957](https://github.com/npm/npm/pull/19957) - nudge around some details in ci docs - ([@zkat](https://github.com/zkat)) -* [`06038246a`](https://github.com/npm/npm/commit/06038246a3fa58d6f42bb4ab897aa534ff6ed282) - [#19893](https://github.com/npm/npm/pull/19893) - Add a common open reason to the issue template. - ([@MrStonedOne](https://github.com/MrStonedOne)) -* [`7376dd8af`](https://github.com/npm/npm/commit/7376dd8afb654929adade126b4925461aa52da12) - [#19870](https://github.com/npm/npm/pull/19870) - Fix typo in `npm-config.md` - ([@joebowbeer](https://github.com/joebowbeer)) -* [`5390ed4fa`](https://github.com/npm/npm/commit/5390ed4fa2b480f7c58fff6ee670120149ec2d45) - [#19858](https://github.com/npm/npm/pull/19858) - Fix documented default value for config save option. It was still documented - as `false`, even though `npm@5.0.0` set it to `true` by default. - ([@nalinbhardwaj](https://github.com/nalinbhardwaj)) -* [`dc36d850a`](https://github.com/npm/npm/commit/dc36d850a1d763f71a98c99db05ca875dab124ed) - [#19552](https://github.com/npm/npm/pull/19552) - Rework `npm update` docs now that `--save` is on by default. - ([@selbekk](https://github.com/selbekk)) -* [`5ec5dffc8`](https://github.com/npm/npm/commit/5ec5dffc80527d9330388ff82926dd890f4945af) - [#19726](https://github.com/npm/npm/pull/19726) - Clarify that `name` and `version` fields are optional if your package is not - supposed to be installable as a dependency. - ([@ngarnier](https://github.com/ngarnier)) -* [`046500994`](https://github.com/npm/npm/commit/0465009942d6423f878c1359e91972fa5990f996) - [#19676](https://github.com/npm/npm/pull/19676) - Fix documented cache location on Windows. - ([@VladRassokhin](https://github.com/VladRassokhin)) -* [`ffa84cd0f`](https://github.com/npm/npm/commit/ffa84cd0f43c07858506764b4151ba6af11ea120) - [#19475](https://github.com/npm/npm/pull/19475) - Added example for `homepage` field from `package.json`. - ([@cg-cnu](https://github.com/cg-cnu)) -* [`de72d9a18`](https://github.com/npm/npm/commit/de72d9a18ae650ebaee0fdd6694fc89b1cbe8e95) - [#19307](https://github.com/npm/npm/pull/19307) - Document the `requires` field in `npm help package-lock.json`. - ([@jcrben](https://github.com/jcrben)) -* [`35c4abded`](https://github.com/npm/npm/commit/35c4abdedfa622f27e8ee47aa6e293f435323623) - [#18976](https://github.com/npm/npm/pull/18976) - Typo fix in coding style documentation. - ([@rinfan](https://github.com/rinfan)) -* [`0616fd22a`](https://github.com/npm/npm/commit/0616fd22a4e4f2b2998bb70d86d269756aab64be) - [#19216](https://github.com/npm/npm/pull/19216) - Add `edit` section to description in `npm-team.md`. - ([@WispProxy](https://github.com/WispProxy)) -* [`c2bbaaa58`](https://github.com/npm/npm/commit/c2bbaaa582d024cc48b410757efbb81d95837d43) - [#19194](https://github.com/npm/npm/pull/19194) - Tiny style fix in `npm.md`. - ([@WispProxy](https://github.com/WispProxy)) -* [`dcdfdcbb0`](https://github.com/npm/npm/commit/dcdfdcbb0035ef3290bd0912f562e26f6fc4ea94) - [#19192](https://github.com/npm/npm/pull/19192) - Document `--development` flag in `npm-ls.md`. - ([@WispProxy](https://github.com/WispProxy)) -* [`d7ff07135`](https://github.com/npm/npm/commit/d7ff07135a685dd89c15e29d6a28fca33cf448b0) - [#18514](https://github.com/npm/npm/pull/18514) - Make it so `javascript` -> `JavaScript`. This is important. - ([@masonpawsey](https://github.com/masonpawsey)) -* [`7a8705113`](https://github.com/npm/npm/commit/7a870511327d31e8921d6afa845ec8065c60064b) - [#18407](https://github.com/npm/npm/pull/18407) - Clarify the mechanics of the `file` field in `package.json` a bit. - ([@bmacnaughton](https://github.com/bmacnaughton)) -* [`b2a1cf084`](https://github.com/npm/npm/commit/b2a1cf0844ceaeb51ed04f3ae81678527ec9ae68) - [#18382](https://github.com/npm/npm/pull/18382) - Document the [`browser` - field](https://github.com/defunctzombie/package-browser-field-spec) in - `package.json`. - ([@mxstbr](https://github.com/mxstbr)) - -### MISC - -* [`b8a48a959`](https://github.com/npm/npm/commit/b8a48a9595b379cfc2a2c576f61062120ea0caf7) - [#19907](https://github.com/npm/npm/pull/19907) - Consolidate code for stringifying `package.json` and package locks. Also adds - tests have been added to test that `package[-lock].json` files are written to - disk with their original line endings. - ([@nwoltman](https://github.com/nwoltman)) -* [`b4f707d9f`](https://github.com/npm/npm/commit/b4f707d9f543f0995ed5811827a892fc8b2192b5) - [#19879](https://github.com/npm/npm/pull/19879) - Remove unused devDependency `nock` from `.gitignore`. - ([@watilde](https://github.com/watilde)) -* [`8150dd5f7`](https://github.com/npm/npm/commit/8150dd5f72520eb143f75e44787a5775bd8b8ebc) - [#16540](https://github.com/npm/npm/pull/16540) - Stop doing an `uninstall` when using `make clean`. - ([@metux](https://github.com/metux)) - -### OTHER DEPENDENCY BUMPS - -* [`ab237a2a5`](https://github.com/npm/npm/commit/ab237a2a5dcf70ee490e2f0322dfedb1560251d4) - `init-package-json@1.10.3` - ([@zkat](https://github.com/zkat)) -* [`f6d668941`](https://github.com/npm/npm/commit/f6d6689414f00a67a1f34afc6791bdc7d7be4d9b) - `npm-lifecycle@2.0.1` - ([@zkat](https://github.com/zkat)) -* [`882bfbdfa`](https://github.com/npm/npm/commit/882bfbdfaa3eb09b35875e648545cb6967f72562) - `npm-registry-client@8.5.1` - ([@zkat](https://github.com/zkat)) -* [`6ae38055b`](https://github.com/npm/npm/commit/6ae38055ba69db5785ee6c394372de0333763822) - `read-package-json@2.0.1`: Support git packed refs `--all` mode. - ([@zkat](https://github.com/zkat)) -* [`89db703ae`](https://github.com/npm/npm/commit/89db703ae4e25b9fb6c9d7c5119520107a23a752) - `readable-stream@2.3.5` - ([@mcollina](https://github.com/mcollina)) -* [`634dfa5f4`](https://github.com/npm/npm/commit/634dfa5f476b7954b136105a8f9489f5631085a3) - `worker-farm@1.5.4` - ([@rvagg](https://github.com/rvagg)) -* [`92ad34439`](https://github.com/npm/npm/commit/92ad344399f7a23e308d0f3f02547656a47ae6c5) - `hosted-git-info@2.6.0` - ([@zkat](https://github.com/zkat)) -* [`75279c488`](https://github.com/npm/npm/commit/75279c4884d02bd7d451b66616e320eb8cb03bcb) - `tar@4.4.0` - ([@isaacs](https://github.com/isaacs)) -* [`228aba276`](https://github.com/npm/npm/commit/228aba276b19c987cd5989f9bb9ffbe25edb4030) - `write-file-atomic@2.3.0` - ([@iarna](https://github.com/iarna)) -* [`006e9d272`](https://github.com/npm/npm/commit/006e9d272914fc3ba016f110b1411dd20f8a937d) - `libnpx@10.0.1` - ([@zkat](https://github.com/zkat)) -* [`9985561e6`](https://github.com/npm/npm/commit/9985561e666473deeb352c1d4252adf17c2fa01d) - `mississippi@3.0.0` - ([@bcomnes](https://github.com/bcomnes)) -* [`1dc6b3b52`](https://github.com/npm/npm/commit/1dc6b3b525967bc8526aa4765e987136cb570e8e) - `tap@11.1.2` - ([@isaacs](https://github.com/isaacs)) - -## v5.7.1 (2018-02-22): - -This release reverts a patch that could cause some ownership changes on system -files when running from some directories when also using `sudo`. 😲 - -Thankfully, it only affected users running `npm@next`, which is part of our -staggered release system, which we use to prevent issues like this from going -out into the wider world before we can catch them. Users on `latest` would have -never seen this! - -The original patch was added to increase consistency and reliability of methods -npm uses to avoid writing files as `root` in places it shouldn't, but the change -was applied in places that should have used regular `mkdirp`. This release -reverts that patch. - -* [`74e149da6`](https://github.com/npm/npm/commit/74e149da6efe6ed89477faa81fef08eee7999ad0) - [`#19883`](https://github.com/npm/npm/issue/19883) - Revert "*: Switch from mkdirp to correctMkdir to preserve perms and owners" - This reverts commit [`94227e15`](https://github.com/npm/npm/commit/94227e15eeced836b3d7b3d2b5e5cc41d4959cff). - ([@zkat](https://github.com/zkat)) - -## v5.7.0 (2018-02-20): - -Hey y'all, it's been a while. Expect our release rate to increase back to -normal here, as we've got a lot in the pipeline. Right now we've got a -bunch of things from folks at npm. In the next release we'll be focusing on -user contributions and there are a lot of them queued up! - -This release brings a bunch of exciting new features and bug fixes. - -### PACKAGE-LOCK GIT MERGE CONFLICT RESOLUTION - -Allow `npm install` to fix `package-lock.json` and `npm-shrinkwrap.json` -files that have merge conflicts in them without your having to edit them. -It works in conjunction with -[`npm-merge-driver`](https://www.npmjs.com/package/npm-merge-driver) to -entirely eliminate package-lock merge conflicts. - -* [`e27674c22`](https://github.com/npm/npm/commit/e27674c221dc17473f23bffa50123e49a021ae34) - Automatically resolve merge conflicts in lock-files. - ([@zkat](https://github.com/zkat)) - -### NPM CI - -The new `npm ci` command installs from your lock-file ONLY. If your -`package.json` and your lock-file are out of sync then it will report an error. - -It works by throwing away your `node_modules` and recreating it from scratch. - -Beyond guaranteeing you that you'll only get what is in your lock-file it's -also much faster (2x-10x!) than `npm install` when you don't start with a -`node_modules`. - -As you may take from the name, we expect it to be a big boon to continuous -integration environments. We also expect that folks who do production -deploys from git tags will see major gains. - -* [`5e4de9c99`](https://github.com/npm/npm/commit/5e4de9c99c934e25ef7b9c788244cc3c993da559) - Add new `npm ci` installer. - ([@zkat](https://github.com/zkat)) - -### OTHER NEW FEATURES - -* [`4d418c21b`](https://github.com/npm/npm/commit/4d418c21b051f23a3b6fb085449fdf4bf4f826f5) - [#19817](https://github.com/npm/npm/pull/19817) - Include contributor count in installation summary. - ([@kemitchell](https://github.com/kemitchell)) -* [`17079c2a8`](https://github.com/npm/npm/commit/17079c2a880d3a6f8a67c8f17eedc7eb51b8f0f8) - Require password to change email through `npm profile`. - ([@iarna](https://github.com/iarna)) -* [`e7c5d226a`](https://github.com/npm/npm/commit/e7c5d226ac0ad3da0e38f16721c710909d0a9847) - [`4f5327c05`](https://github.com/npm/npm/commit/4f5327c0556764aa1bbc9b58b1a8c8a84136c56a) - [#19780](https://github.com/npm/npm/pull/19780) - Add support for web-based logins. This is not yet available on the registry, however. - ([@isaacs](https://github.com/isaacs)) - -### BIG FIXES TO PRUNING - -* [`827951590`](https://github.com/npm/npm/commit/8279515903cfa3026cf7096189485cdf29f74a8f) - Handle running `npm install package-name` with a `node_modules` containing - packages without sufficient metadata to verify their origin. The only way - to get install packages like this is to use a non-`npm` package manager. - Previously `npm` removed any packages that it couldn't verify. Now it - will leave them untouched as long as you're not asking for a full install. - On a full install they will be reinstalled (but the same versions will be - maintained). - - This will fix problems for folks who are using a third party package - manager to install packages that have `postinstall` scripts that run - `npm install`. - ([@iarna](https://github.com/iarna)) -* [`3b305ee71`](https://github.com/npm/npm/commit/3b305ee71e2bf852ff3037366a1774b8c5fcc0a5) - Only auto-prune on installs that will create a lock-file. This restores - `npm@4` compatible behavior when the lock-file is disabled. When using a - lock-file `npm` will continue to remove anything in your `node_modules` - that's not in your lock-file. ([@iarna](https://github.com/iarna)) -* [`cec5be542`](https://github.com/npm/npm/commit/cec5be5427f7f5106a905de8630e1243e9b36ef4) - Fix bug where `npm prune --production` would remove dev deps from the lock - file. It will now only remove them from `node_modules` not from your lock - file. - ([@iarna](https://github.com/iarna)) -* [`857dab03f`](https://github.com/npm/npm/commit/857dab03f2d58586b45d41d3e5af0fb2d4e824d0) - Fix bug where git dependencies would be removed or reinstalled when - installing other dependencies. - ([@iarna](https://github.com/iarna)) - -### BUG FIXES TO TOKENS AND PROFILES - -* [`a66e0cd03`](https://github.com/npm/npm/commit/a66e0cd0314893b745e6b9f6ca1708019b1d7aa3) - For CIDR filtered tokens, allow comma separated CIDR ranges, as documented. Previously - you could only pass in multiple cidr ranges with multiple `--cidr` command line options. - ([@iarna](https://github.com/iarna)) -* [`d259ab014`](https://github.com/npm/npm/commit/d259ab014748634a89cad5b20eb7a40f3223c0d5) - Fix token revocation when an OTP is required. Previously you had to pass - it in via `--otp`. Now it will prompt you for an OTP like other - `npm token` commands. - ([@iarna](https://github.com/iarna)) -* [`f8b1f6aec`](https://github.com/npm/npm/commit/f8b1f6aecadd3b9953c2b8b05d15f3a9cff67cfd) - Update token and profile commands to support legacy (username/password) authentication. - (The npm registry uses tokens, not username/password pairs, to authenticate commands.) - ([@iarna](https://github.com/iarna)) - -### OTHER BUG FIXES - -* [`6954dfc19`](https://github.com/npm/npm/commit/6954dfc192f88ac263f1fcc66cf820a21f4379f1) - Fix a bug where packages would get pushed deeper into the tree when upgrading without - an existing copy on disk. Having packages deeper in the tree ordinarily is harmless but - is not when peerDependencies are in play. - ([@iarna](https://github.com/iarna)) -* [`1ca916a1e`](https://github.com/npm/npm/commit/1ca916a1e9cf94691d1ff2e5e9d0204cfaba39e1) - Fix bug where when switching from a linked module to a non-linked module, the dependencies - of the module wouldn't be installed on the first run of `npm install`. - ([@iarna](https://github.com/iarna)) -* [`8c120ebb2`](https://github.com/npm/npm/commit/8c120ebb28e87bc6fe08a3fad1bb87b50026a33a) - Fix integrity matching to eliminate spurious EINTEGRITY errors. - ([@zkat](https://github.com/zkat)) -* [`94227e15e`](https://github.com/npm/npm/commit/94227e15eeced836b3d7b3d2b5e5cc41d4959cff) - More consistently make directories using perm and ownership preserving features. - ([@iarna](https://github.com/iarna)) - -### DEPENDENCY UPDATES - -* [`364b23c7f`](https://github.com/npm/npm/commit/364b23c7f8a231c0df3866d6a8bde4d3f37bbc00) - [`f2049f9e7`](https://github.com/npm/npm/commit/f2049f9e7992e6edcfce8619b59746789367150f) - `cacache@10.0.4` - ([@zkat](https://github.com/zkat)) -* [`d183d7675`](https://github.com/npm/npm/commit/d183d76757e8a29d63a999d7fb4edcc1486c25c1) - `find-npm-prefix@1.0.2`: - ([@iarna](https://github.com/iarna)) -* [`ffd6ea62c`](https://github.com/npm/npm/commit/ffd6ea62ce583baff38cf4901cf599639bc193c8) - `fs-minipass@1.2.5` -* [`ee63b8a31`](https://github.com/npm/npm/commit/ee63b8a311ac53b0cf2efa79babe61a2c4083ef6) - `ini@1.3.5` - ([@isaacs](https://github.com/isaacs)) -* [`6f73f5509`](https://github.com/npm/npm/commit/6f73f5509e9e8d606526565c7ceb71c62642466e) - `JSONStream@1.3.2` - ([@dominictarr](https://github.com/dominictarr)) -* [`26cd64869`](https://github.com/npm/npm/commit/26cd648697c1324979289e381fe837f9837f3874) - [`9bc6230cf`](https://github.com/npm/npm/commit/9bc6230cf34a09b7e4358145ff0ac3c69c23c3f6) - `libcipm@1.3.3` - ([@zkat](https://github.com/zkat)) -* [`21a39be42`](https://github.com/npm/npm/commit/21a39be4241a60a898d11a5967f3fc9868ef70c9) - `marked@0.3.1`:5 - ([@joshbruce](https://github.com/joshbruce)) -* [`dabdf57b2`](https://github.com/npm/npm/commit/dabdf57b2d60d665728894b4c1397b35aa9d41c0) - `mississippi@2.0.0` -* [`2594c5867`](https://github.com/npm/npm/commit/2594c586723023edb1db172779afb2cbf8b30c08) - `npm-registry-couchapp@2.7.1` - ([@iarna](https://github.com/iarna)) -* [`8abb3f230`](https://github.com/npm/npm/commit/8abb3f230f119fe054353e70cb26248fc05db0b9) - `osenv@0.1.5` - ([@isaacs](https://github.com/isaacs)) -* [`11a0b00bd`](https://github.com/npm/npm/commit/11a0b00bd3c18625075dcdf4a5cb6500b33c6265) - `pacote@7.3.3` - ([@zkat](https://github.com/zkat)) -* [`9b6bdb2c7`](https://github.com/npm/npm/commit/9b6bdb2c77e49f6d473e70de4cd83c58d7147965) - `query-string@5.1.0` - ([@sindresorhus](https://github.com/sindresorhus)) -* [`d6d17d6b5`](https://github.com/npm/npm/commit/d6d17d6b532cf4c3461b1cf2e0404f7c62c47ec4) - `readable-stream@2.3.4` - ([@mcollina](https://github.com/mcollina)) -* [`51370aad5`](https://github.com/npm/npm/commit/51370aad561b368ccc95c1c935c67c8cd2844d40) - `semver@5.5.0` - ([@isaacs](https://github.com/isaacs)) -* [`0db14bac7`](https://github.com/npm/npm/commit/0db14bac762dd59c3fe17c20ee96d2426257cdd5) - [`81da938ab`](https://github.com/npm/npm/commit/81da938ab6efb881123cdcb44f7f84551924c988) - [`9999e83f8`](https://github.com/npm/npm/commit/9999e83f87c957113a12a6bf014a2099d720d716) - `ssri@5.2.4` - ([@zkat](https://github.com/zkat)) -* [`f526992ab`](https://github.com/npm/npm/commit/f526992ab6f7322a0b3a8d460dc48a2aa4a59a33) - `tap@11.1.1` - ([@isaacs](https://github.com/isaacs)) -* [`be096b409`](https://github.com/npm/npm/commit/be096b4090e2a33ae057912d28fadc5a53bd3391) - [`dc3059522`](https://github.com/npm/npm/commit/dc3059522758470adc225f0651be72c274bd29ef) - `tar@4.3.3` -* [`6b552daac`](https://github.com/npm/npm/commit/6b552daac952f413ed0e2df762024ad219a8dc0a) - `uuid@3.2.1` - ([@broofa](https://github.com/broofa)) -* [`8c9011b72`](https://github.com/npm/npm/commit/8c9011b724ad96060e7e82d9470e9cc3bb64e9c6) - `worker-farm@1.5.2` - ([@rvagg](https://github.com/rvagg)) - - -## v5.6.0 (2017-11-27): - -### Features! - -You may have noticed this is a semver-minor bump. Wondering why? This is why! - -* [`bc263c3fd`](https://github.com/npm/npm/commit/bc263c3fde6ff4b04deee132d0a9d89379e28c27) - [#19054](https://github.com/npm/npm/pull/19054) - **Fully cross-platform `package-lock.json`**. Installing a failing optional - dependency on one platform no longer removes it from the dependency tree, - meaning that `package-lock.json` should now be generated consistently across - platforms! 🎉 - ([@iarna](https://github.com/iarna)) -* [`f94fcbc50`](https://github.com/npm/npm/commit/f94fcbc50d8aec7350164df898d1e12a1e3da77f) - [#19160](https://github.com/npm/npm/pull/19160) - Add `--package-lock-only` config option. This makes it so you can generate a - target `package-lock.json` without performing a full install of - `node_modules`. - ([@alopezsanchez](https://github.com/alopezsanchez)) -* [`66d18280c`](https://github.com/npm/npm/commit/66d18280ca320f880f4377cf80a8052491bbccbe) - [#19104](https://github.com/npm/npm/pull/19104) - Add new `--node-options` config to pass through a custom `NODE_OPTIONS` for - lifecycle scripts. - ([@bmeck](https://github.com/bmeck)) -* [`114d518c7`](https://github.com/npm/npm/commit/114d518c75732c42acbef3acab36ba1d0fd724e2) - Ignore mtime when packing tarballs: This means that doing `npm pack` on the - same repository should yield two tarballs with the same checksum. This will - also help prevent cache bloat when using git dependencies. In the future, this - will allow npm to explicitly cache git dependencies. - ([@isaacs](https://github.com/isaacs)) - -### Node 9 - -Previously, it turns out npm broke on the latest Node, `node@9`. We went ahead -and fixed it up so y'all should be able to use the latest npm again! - -* [`4ca695819`](https://github.com/npm/npm/commit/4ca6958196ae41cef179473e3f7dbed9df9a32f1) - `minizlib@1.0.4`: `Fix node@9` incompatibility. - ([@isaacs](https://github.com/isaacs)) -* [`c851bb503`](https://github.com/npm/npm/commit/c851bb503a756b7cd48d12ef0e12f39e6f30c577) - `tar@4.0.2`: Fix `node@9` incompatibility. - ([@isaacs](https://github.com/isaacs)) -* [`6caf23096`](https://github.com/npm/npm/commit/6caf2309613d14ce77923ad3d1275cb89c6cf223) - Remove "unsupported" warning for Node 9 now that things are fixed. - ([@iarna](https://github.com/iarna)) -* [`1930b0f8c`](https://github.com/npm/npm/commit/1930b0f8c44373301edc9fb6ccdf7efcb350fa42) - Update test matrix with `node@8` LTS and `node@9`. - ([@iarna](https://github.com/iarna)) - -### Bug Fixes - -* [`b70321733`](https://github.com/npm/npm/commit/b7032173361665a12c9e4200bdc3f0eb4dee682f) - [#18881](https://github.com/npm/npm/pull/18881) - When dealing with a `node_modules` that was created with older versions of npm - (and thus older versions of npa) we need to gracefully handle older spec - entries. Failing to do so results in us treating those packages as if they - were http remote deps, which results in invalid lock files with `version` set - to tarball URLs. This should now be fixed. - ([@iarna](https://github.com/iarna)) -* [`2f9c5dd00`](https://github.com/npm/npm/commit/2f9c5dd0046a53ece3482e92a412413f5aed6955) - [#18880](https://github.com/npm/npm/pull/18880) - Stop overwriting version in package data on disk. This is another safeguard - against the version overwriting that's plagued some folks upgrading from older - package-locks. - ([@iarna](https://github.com/iarna)) - ([@joshclow](https://github.com/joshclow)) -* [`a93e0a51d`](https://github.com/npm/npm/commit/a93e0a51d3dafc31c809ca28cd7dfa71b2836f86) - [#18846](https://github.com/npm/npm/pull/18846) - Correctly save transitive dependencies when using `npm update` in - `package-lock.json`. - ([@iarna](https://github.com/iarna)) -* [`fdde7b649`](https://github.com/npm/npm/commit/fdde7b649987b2acd9a37ef203f1e263fdf6fece) - [#18825](https://github.com/npm/npm/pull/18825) - Fix typo and concatenation in error handling. - ([@alulsh](https://github.com/alulsh)) -* [`be67de7b9`](https://github.com/npm/npm/commit/be67de7b90790cef0a9f63f91c2f1a00942205ee) - [#18711](https://github.com/npm/npm/pull/18711) - Upgrade to bearer tokens from legacy auth when enabling 2FA. - ([@iarna](https://github.com/iarna)) -* [`bfdf0fd39`](https://github.com/npm/npm/commit/bfdf0fd39646b03db8e543e2bec7092da7880596) - [#19033](https://github.com/npm/npm/pull/19033) - Fix issue where files with `@` signs in their names would not get included - when packing tarballs. - ([@zkat](https://github.com/zkat)) -* [`b65b89bde`](https://github.com/npm/npm/commit/b65b89bdeaa65516f3e13afdb6e9aeb22d8508f4) - [#19048](https://github.com/npm/npm/pull/19048) - Fix problem where `npm login` was ignoring various networking-related options, - such as custom certs. - ([@wejendorp](https://github.com/wejendorp)) -* [`8c194b86e`](https://github.com/npm/npm/commit/8c194b86ec9617e2bcc31f30ee4772469a0bb440) - `npm-packlist@1.1.10`: Include `node_modules/` directories not in the root. - ([@isaacs](https://github.com/isaacs)) -* [`d7ef6a20b`](https://github.com/npm/npm/commit/d7ef6a20b44e968cb92babab1beb51f99110781d) - `libnpx@9.7.1`: Fix some *nix binary path escaping issues. - ([@zkat](https://github.com/zkat)) -* [`981828466`](https://github.com/npm/npm/commit/981828466a5936c70abcccea319b227c443e812b) - `cacache@10.0.1`: Fix fallback to `copy-concurrently` when file move fails. - This might fix permissions and such issues on platforms that were getting - weird filesystem errors during install. - ([@karolba](https://github.com/karolba)) -* [`a0be6bafb`](https://github.com/npm/npm/commit/a0be6bafb6dd7acb3e7b717c27c8575a2215bfff) - `pacote@7.0.2`: Includes a bunch of fixes, specially for issues around git - dependencies. Shasum-related errors should be way less common now, too. - ([@zkat](https://github.com/zkat)) -* [`b80d650de`](https://github.com/npm/npm/commit/b80d650def417645d2525863e9f17af57a917b42) - [#19163](https://github.com/npm/npm/pull/19163) - Fix a number of git and tarball specs and checksum errors. - ([@zkat](https://github.com/zkat)) -* [`cac225025`](https://github.com/npm/npm/commit/cac225025fa06cd055286e75541138cd95f52def) - [#19054](https://github.com/npm/npm/pull/19054) - Don't count failed optionals when summarizing installed packages. - ([@iarna](https://github.com/iarna)) - -### UX - -* [`b1ec2885c`](https://github.com/npm/npm/commit/b1ec2885c43f8038c4e05b83253041992fdfe382) - [#18326](https://github.com/npm/npm/pull/18326) - Stop truncating output of `npm view`. This means, for example, that you no - longer need to use `--json` when a package has a lot of versions, to see the - whole list. - ([@SimenB](https://github.com/SimenB)) -* [`55a124e0a`](https://github.com/npm/npm/commit/55a124e0aa6097cb46f1484f666444b2a445ba57) - [#18884](https://github.com/npm/npm/pull/18884) - Profile UX improvements: better messaging on unexpected responses, and stop - claiming we set passwords to null when resetting them. - ([@iarna](https://github.com/iarna)) -* [`635481c61`](https://github.com/npm/npm/commit/635481c6143bbe10a6f89747795bf4b83f75a7e9) - [#18844](https://github.com/npm/npm/pull/18844) - Improve error messaging for OTP/2FA. - ([@iarna](https://github.com/iarna)) -* [`52b142ed5`](https://github.com/npm/npm/commit/52b142ed5e0f13f23c99209932e8de3f7649fd47) - [#19054](https://github.com/npm/npm/pull/19054) - Stop running the same rollback multiple times. This should address issues - where Windows users saw strange failures when `fsevents` failed to install. - ([@iarna](https://github.com/iarna)) -* [`798428b0b`](https://github.com/npm/npm/commit/798428b0b7b6cfd6ce98041c45fc0a36396e170c) - [#19172](https://github.com/npm/npm/pull/19172) - `bin-links@1.1.0`: Log the fact line endings are being changed upon install. - ([@marcosscriven](https://github.com/marcosscriven)) - -### Refactors - -Usually, we don't include internal refactor stuff in our release notes, but it's -worth calling out some of them because they're part of a larger effort the CLI -team and associates are undertaking to modularize npm itself so other package -managers and associated tools can reuse all that code! - -* [`9d22c96b7`](https://github.com/npm/npm/commit/9d22c96b7160729c8126a38dcf554611b9e3ba87) - [#18500](https://github.com/npm/npm/pull/18500) - Extract bin-links and gentle-fs to a separate library. This will allow - external tools to do bin linking and certain fs operations in an - npm-compatible way! - ([@mikesherov](https://github.com/mikesherov)) -* [`015a7803b`](https://github.com/npm/npm/commit/015a7803b7b63bc8543882196d987b92b461932d) - [#18883](https://github.com/npm/npm/pull/18883) - Capture logging from log events on the process global. This allows npm to use - npmlog to report logging from external libraries like `npm-profile`. - ([@iarna](https://github.com/iarna)) -* [`c930e98ad`](https://github.com/npm/npm/commit/c930e98adc03cef357ae5716269a04d74744a852) - `npm-lifecycle@2.0.0`: Use our own `node-gyp`. This means npm no longer needs - to pull some maneuvers to make sure `node-gyp` is in the right place, and that - external packages using `npm-lifecycle` will get working native builds without - having to do their own `node-gyp` maneuvers. - ([@zkochan](https://github.com/zkochan)) -* [`876f0c8f3`](https://github.com/npm/npm/commit/876f0c8f341f8915e338b409f4b8616bb5263500) [`829893d61`](https://github.com/npm/npm/commit/829893d617bf81bba0d1ce4ea303f76ea37a2b2d) - [#19099](https://github.com/npm/npm/pull/19099) - `find-npm-prefix@1.0.1`: npm's prefix-finding logic is now a standalone - module. That is, the logic that figures out where the root of your project is - if you've `cd`'d into a subdirectory. Did you know you can run `npm install` - from these subdirectories, and it'll only affect the root? It works like git! - ([@iarna](https://github.com/iarna)) - -### Docs - -* [`7ae12b21c`](https://github.com/npm/npm/commit/7ae12b21cc841f76417d3bb13b74f177319d4deb) - [#18823](https://github.com/npm/npm/pull/18823) - Fix spelling of the word authenticator. Because English is hard. - ([@tmcw](https://github.com/tmcw)) -* [`5dfc3ab7b`](https://github.com/npm/npm/commit/5dfc3ab7bc2cb0fa7d9a8c00aa95fecdd14d7ae1) - [#18742](https://github.com/npm/npm/pull/18742) - Explicitly state 'github:foo/bar' as a valid shorthand for hosted git specs. - ([@felicio](https://github.com/felicio)) -* [`a9dc098a6`](https://github.com/npm/npm/commit/a9dc098a6eb7a87895f52a101ac0d41492da698e) - [#18679](https://github.com/npm/npm/pull/18679) - Add some documentation about the `script-shell` config. - ([@gszabo](https://github.com/gszabo)) -* [`24d7734d1`](https://github.com/npm/npm/commit/24d7734d1a1e906c83c53b6d1853af8dc758a998) - [#18571](https://github.com/npm/npm/pull/18571) - Change `verboten` to `forbidden`. - ([@devmount](https://github.com/devmount)) -* [`a8a45668f`](https://github.com/npm/npm/commit/a8a45668fb9b8eb84234fe89234bdcdf644ead58) - [#18568](https://github.com/npm/npm/pull/18568) - Improve wording for the docs for the "engines" section of package.json files. - ([@apitman](https://github.com/apitman)) -* [`dbc7e5b60`](https://github.com/npm/npm/commit/dbc7e5b602870330a8cdaf63bd303cd9050f792f) - [#19118](https://github.com/npm/npm/pull/19118) - Use valid JSON in example for bundledDependencies. - ([@charmander](https://github.com/charmander)) -* [`779339485`](https://github.com/npm/npm/commit/779339485bab5137d0fdc68d1ed6fa987aa8965a) - [#19162](https://github.com/npm/npm/pull/19162) - Remove trailing white space from `npm access` docs. - ([@WispProxy](https://github.com/WispProxy)) - -### Dependency Bumps - -* [`0e7cac941`](https://github.com/npm/npm/commit/0e7cac9413ff1104cf242cc3006f42aa1c2ab63f) - `bluebird@3.5.1` - ([@petkaantonov](https://github.com/petkaantonov)) -* [`c4d5887d9`](https://github.com/npm/npm/commit/c4d5887d978849ddbe2673630de657f141ae5bcf) - `update-notifier@2.3.0` - ([@sindresorhus](https://github.com/sindresorhus)) -* [`eb19a9691`](https://github.com/npm/npm/commit/eb19a9691cf76fbc9c5b66aa7aadb5d905af467a) - `npm-package-arg@6.0.0` - ([@zkat](https://github.com/zkat)) -* [`91d5dca96`](https://github.com/npm/npm/commit/91d5dca96772bc5c45511ddcbeeb2685c7ea68e8) - `npm-profile@2.0.5` - ([@iarna](https://github.com/iarna)) -* [`8de66c46e`](https://github.com/npm/npm/commit/8de66c46e57e4b449c9540c8ecafbc4fd58faff5) - `ssri@5.0.0` - ([@zkat](https://github.com/zkat)) -* [`cfbc3ea69`](https://github.com/npm/npm/commit/cfbc3ea69a8c62dc8e8543193c3ac472631dcef9) - `worker-farm@1.5.1` - ([@rvagg](https://github.com/rvagg)) -* [`60c228160`](https://github.com/npm/npm/commit/60c228160f22d41c2b36745166c9e8c2d84fee58) - `query-string@5.0.1` - ([@sindresorhus](https://github.com/sindresorhus)) -* [`72cad8c66`](https://github.com/npm/npm/commit/72cad8c664efd8eb1bec9a418bccd6c6ca9290de) - `copy-concurrently@1.0.5` - ([@iarna](https://github.com/iarna)) - -## v5.5.1 (2017-10-04): - -A very quick, record time, patch release, of a bug fix to a (sigh) last minute bug fix. - -* [`e628e058b`](https://github.com/npm/npm/commit/e628e058b) - Fix login to properly recognize OTP request and store bearer tokens. - ([@iarna](https://github.com/iarna)) - -## v5.5.0 (2017-10-04): - -Hey y'all, this is a big new feature release! We've got some security -related goodies plus a some quality-of-life improvements for anyone who uses -the public registry (so, virtually everyone). - -The changes largely came together in one piece, so I'm just gonna leave the commit line here: - -* [`f6ebf5e8b`](https://github.com/npm/npm/commit/f6ebf5e8bd6a212c7661e248c62c423f2b54d978) - [`f97ad6a38`](https://github.com/npm/npm/commit/f97ad6a38412581d059108ea29be470acb4fa510) - [`f644018e6`](https://github.com/npm/npm/commit/f644018e6ef1ff7523c6ec60ae55a24e87a9d9ae) - [`8af91528c`](https://github.com/npm/npm/commit/8af91528ce6277cd3a8c7ca8c8102671baf10d2f) - [`346a34260`](https://github.com/npm/npm/commit/346a34260b5fba7de62717135f3e083cc4820853) - Two factor authentication, profile editing and token management. - ([@iarna](https://github.com/iarna)) - -### TWO FACTOR AUTHENTICATION - -You can now enable two-factor authentication for your npm account. You can -even do it from the CLI. In fact, you have to, for the time being: - -``` -npm profile enable-tfa -``` - -With the default two-factor authentication mode you'll be prompted to enter -a one-time password when logging in, when publishing and when modifying access rights to -your modules. - -### TOKEN MANAGEMENT - -You can now create, list and delete authentication tokens from the comfort -of the command line. Authentication tokens created this way can have NEW -restrictions placed on them. For instance, you can create a `read-only` -token to give to your CI. It will be able to download your private modules -but it won't be able to publish or modify modules. You can also create -tokens that can only be used from certain network addresses. This way you -can lock down access to your corporate VPN or other trusted machines. - -Deleting tokens isn't new, you could [do it via the -website](https://www.npmjs.com/settings/tokens) but now you can do it via -the CLI as well. - -### CHANGE YOUR PASSWORD, SET YOUR EMAIL - -You can finally change your password from the CLI with `npm profile set -password`! You can also update your email address with `npm profile set -email <address>`. If you change your email address we'll send you a new -verification email so you verify that its yours. - -### AND EVERYTHING ELSE ON YOUR PROFILE - -You can also update all of the other attributes of your profile that -previously you could only update via the website: `fullname`, `homepage`, -`freenode`, `twitter` and `github`. - -### AVAILABLE STAND ALONE - -All of these features were implemented in a stand alone library, so if you -have use for them in your own project you can find them in -[npm-profile](https://www.npmjs.com/package/npm-profile) on the registry. -There's also a little mini-cli written just for it at -[npm-profile-cli](https://www.npmjs.com/package/npm-profile-cli). You might -also be interested in the [API -documentation](https://github.com/npm/registry/tree/master/docs) for these -new features: [user profile editing](https://github.com/npm/registry/blob/master/docs/user/profile.md) and -[authentication](https://github.com/npm/registry/blob/master/docs/user/authentication.md). - -### BUG FIXES - -* [`5ee55dc71`](https://github.com/npm/npm/commit/5ee55dc71b8b74b8418c3d5ec17483a07b3b6777) - install.sh: Drop support for upgrading from npm@1 as npm@5 can't run on - any Node.js version that ships npm@1. This fixes an issue some folks were seeing when trying - to upgrade using `curl | http://npmjs.com/install.sh`. - ([@iarna](https://github.com/iarna)) -* [`5cad1699a`](https://github.com/npm/npm/commit/5cad1699a7a0fc85ac7f77a95087a9647f75e344) - `npm-lifecycle@1.0.3` Fix a bug where when more than one lifecycle script - got queued to run, npm would crash. - ([@zkat](https://github.com/zkat)) -* [`cd256cbb2`](https://github.com/npm/npm/commit/cd256cbb2f97fcbcb82237e94b66eac80e493626) - `npm-packlist@1.1.9` Fix a bug where test directories would always be - excluded from published modules. - ([@isaacs](https://github.com/isaacs)) -* [`2a11f0215`](https://github.com/npm/npm/commit/2a11f021561acb1eb1ad4ad45ad955793b1eb4af) - Fix formatting of unsupported version warning - ([@iarna](https://github.com/iarna)) - -### DEPENDENCY UPDATES - -* [`6d2a285a5`](https://github.com/npm/npm/commit/6d2a285a58655f10834f64d38449eb1f3c8b6c47) - `npm-registry-client@8.5.0` -* [`69e64e27b`](https://github.com/npm/npm/commit/69e64e27bf58efd0b76b3cf6e8182c77f8cc452f) - `request@2.83.0` -* [`34e0f4209`](https://github.com/npm/npm/commit/34e0f42090f6153eb5462f742e402813e4da56c8) - `abbrev@1.1.1` -* [`10d31739d`](https://github.com/npm/npm/commit/10d31739d39765f1f0249f688bd934ffad92f872) - `aproba@1.2.0` -* [`2b02e86c0`](https://github.com/npm/npm/commit/2b02e86c06cf2a5fe7146404f5bfd27f190ee4f4) - `meant@1.0.1` -* [`b81fff808`](https://github.com/npm/npm/commit/b81fff808ee269361d3dcf38c1b6019f1708ae02) - `rimraf@2.6.2`: - Fixes a long standing bug in rimraf's attempts to work around Windows limitations - where it owns a file and can change its perms but can't remove it without - first changing its perms. This _may_ be an improvement for Windows users of npm under - some circumstances. - ([@isaacs](https://github.com/isaacs)) - -## v5.4.2 (2017-09-14): - -This is a small bug fix release wrapping up most of the issues introduced with 5.4.0. - -### Bugs - -* [`0b28ac72d`](https://github.com/npm/npm/commit/0b28ac72d29132e9b761717aba20506854465865) - [#18458](https://github.com/npm/npm/pull/18458) - Fix a bug on Windows where rolling back of failed optional dependencies would fail. - ([@marcins](https://github.com/marcins)) -* [`3a1b29991`](https://github.com/npm/npm/commit/3a1b299913ce94fdf25ed3ae5c88fe6699b04e24) - `write-file-atomic@2.1.0` Revert update of `write-file-atomic`. There were changes made to it - that were resulting in EACCES errors for many users. - ([@iarna](https://github.com/iarna)) -* [`cd8687e12`](https://github.com/npm/npm/commit/cd8687e1257f59a253436d69e8d79a29c85d00c8) - Fix a bug where if npm decided it needed to move a module during an upgrade it would strip - out much of the `package.json`. This would result in broken trees after package updates. -* [`5bd0244ee`](https://github.com/npm/npm/commit/5bd0244eec347ce435e88ff12148c35da7c69efe) - [#18385](https://github.com/npm/npm/pull/18385) - Fix `npm outdated` when run on non-registry dependencies. - ([@joshclow](https://github.com/joshclow)) - ([@iarna](https://github.com/iarna)) - -### Ux - -* [`339f17b1e`](https://github.com/npm/npm/commit/339f17b1e6816eccff7df97875db33917eccdd13) - Report unsupported node versions with greater granularity. - ([@iarna](https://github.com/iarna)) - -### Docs - -* [`b2ab6f43b`](https://github.com/npm/npm/commit/b2ab6f43b8ae645134238acd8dd3083e5ba8846e) - [#18397](https://github.com/npm/npm/pull/18397) - Document that the default loglevel with `npm@5` is `notice`. - ([@KenanY](https://github.com/KenanY)) -* [`e5aedcd82`](https://github.com/npm/npm/commit/e5aedcd82af81fa9e222f9210f6f890c72a18dd3) - [#18372](https://github.com/npm/npm/pull/18372) - In npm-config documentation, note that env vars use \_ in place of -. - ([@jakubholynet](https://github.com/jakubholynet)) - -## v5.4.1 (2017-09-06): - -This is a very small bug fix release to fix a problem where permissions on -installed binaries were being set incorrectly. - -* [`767ff6eee`](https://github.com/npm/npm/commit/767ff6eee7fa3a0f42ad677dedc0ec1f0dc15e7c) - [zkat/pacote#117](https://github.com/zkat/pacote/pull/117) - [#18324](https://github.com/npm/npm/issues/18324) - `pacote@6.0.2` - ([@zkat](https://github.com/zkat)) - -## v5.4.0 (2017-08-22): - -Here's another ~~small~~ big release, with a ~~handful~~ bunch of fixes and -a couple of ~~small~~ new features! This release has been incubating rather -longer than usual and it's grown quite a bit in that time. I'm also excited -to say that it has contributions from **27** different folks, which is a new -record for us. Our previous record was 5.1.0 at 21. Before that the record -had been held by 1.3.16 since _December of 2013_. - - - -If you can't get enough of the bleeding edge, I encourage you to check out -our canary release of npm. Get it with `npm install -g npmc`. It's going to -be seeing some exciting stuff in the next couple of weeks, starting with a -rewritten `npm dedupe`, but moving on to… well, you'll just have to wait and -find out. - -### PERFORMANCE - -* [`d080379f6`](https://github.com/npm/npm/commit/d080379f620c716afa2c1d2e2ffc0a1ac3459194) - `pacote@6.0.1` Updates extract to use tar@4, which is much faster than the - older tar@2. It reduces install times by as much as 10%. - ([@zkat](https://github.com/zkat)) -* [`4cd6a1774`](https://github.com/npm/npm/commit/4cd6a1774f774506323cae5685c9ca9a10deab63) - [`0195c0a8c`](https://github.com/npm/npm/commit/0195c0a8cdf816834c2f737372194ddc576c451d) - [#16804](https://github.com/npm/npm/pull/16804) - `tar@4.0.1` Update publish to use tar@4. tar@4 brings many advantages - over tar@2: It's faster, better tested and easier to work with. It also - produces exactly the same byte-for-byte output when producing tarballs - from the same set of files. This will have some nice carry on effects for - things like caching builds from git. And finally, last but certainly not - least, upgrading to it also let's us finally eliminate `fstream`—if - you know what that is you'll know why we're so relieved. - ([@isaacs](https://github.com/isaacs)) - -### FEATURES - -* [`1ac470dd2`](https://github.com/npm/npm/commit/1ac470dd283cc7758dc37721dd6331d5b316dc99) - [#10382](https://github.com/npm/npm/pull/10382) - If you make a typo when writing a command now, npm will print a brief "did you - mean..." message with some possible alternatives to what you meant. - ([@watilde](https://github.com/watilde)) -* [`20c46228d`](https://github.com/npm/npm/commit/20c46228d8f9243910f8c343f4830d52455d754e) - [#12356](https://github.com/npm/npm/pull/12356) - When running lifecycle scripts, `INIT_CWD` will now contain the original - working directory that npm was executed from. Remember that you can use `npm - run-script` even if you're not inside your package root directory! - ([@MichaelQQ](https://github.com/MichaelQQ)) -* [`be91e1726`](https://github.com/npm/npm/commit/be91e1726e9c21c4532723e4f413b73a93dd53d1) - [`4e7c41f4a`](https://github.com/npm/npm/commit/4e7c41f4a29744a9976cc22c77eee9d44172f21e) - `libnpx@9.6.0`: Fixes a number of issues on Windows and adds support for - several more languages: Korean, Norwegian (bokmål and nynorsk), Ukrainian, - Serbian, Bahasa Indonesia, Polish, Dutch and Arabic. - ([@zkat](https://github.com/zkat)) -* [`2dec601c6`](https://github.com/npm/npm/commit/2dec601c6d5a576751d50efbcf76eaef4deff31e) - [#17142](https://github.com/npm/npm/pull/17142) - Add the new `commit-hooks` option to `npm version` so that you can disable commit - hooks when committing the version bump. - ([@faazshift](https://github.com/faazshift)) -* [`bde151902`](https://github.com/npm/npm/commit/bde15190230b5c62dbd98095311eab71f6b52321) - [#14461](https://github.com/npm/npm/pull/14461) - Make output from `npm ping` clear as to its success or failure. - ([@legodude17](https://github.com/legodude17)) - -### BUGFIXES - -* [`b6d5549d2`](https://github.com/npm/npm/commit/b6d5549d2c2d38dd0e4319c56b69ad137f0d50cd) - [#17844](https://github.com/npm/npm/pull/17844) - Make package-lock.json sorting locale-agnostic. Previously, sorting would vary - by locale, due to using `localeCompare` for key sorting. This'll give you - a little package-lock.json churn as it reshuffles things, sorry! - ([@LotharSee](https://github.com/LotharSee)) -* [`44b98b9dd`](https://github.com/npm/npm/commit/44b98b9ddcfcccf68967fdf106fca52bf0c3da4b) - [#17919](https://github.com/npm/npm/pull/17919) - Fix a crash where `npm prune --production` would fail while removing `.bin`. - ([@fasterthanlime](https://github.com/fasterthanlime)) -* [`c3d1d3ba8`](https://github.com/npm/npm/commit/c3d1d3ba82aa41dfb2bd135e6cdc59f8d33cd9fb) - [#17816](https://github.com/npm/npm/pull/17816) - Fail more smoothly when attempting to install an invalid package name. - ([@SamuelMarks](https://github.com/SamuelMarks)) -* [`55ac2fca8`](https://github.com/npm/npm/commit/55ac2fca81bf08338302dc7dc2070494e71add5c) - [#12784](https://github.com/npm/npm/pull/12784) - Guard against stack overflows when marking packages as failed. - ([@vtravieso](https://github.com/vtravieso)) -* [`597cc0e4b`](https://github.com/npm/npm/commit/597cc0e4b5e6ee719014e3171d4e966df42a275c) - [#15087](https://github.com/npm/npm/pull/15087) - Stop outputting progressbars or using color on dumb terminals. - ([@iarna](https://github.com/iarna)) -* [`7a7710ba7`](https://github.com/npm/npm/commit/7a7710ba72e6f82414653c2e7e91fea9a1aba7e2) - [#15088](https://github.com/npm/npm/pull/15088) - Don't exclude modules that are both dev & prod when using `npm ls --production`. - ([@iarna](https://github.com/iarna)) -* [`867df2b02`](https://github.com/npm/npm/commit/867df2b0214689822b87b51578e347f353be97e8) - [#18164](https://github.com/npm/npm/pull/18164) - Only do multiple procs on OSX for now. We've seen a handful of issues - relating to this in Docker and in on Windows with antivirus. - ([@zkat](https://github.com/zkat)) -* [`23540af7b`](https://github.com/npm/npm/commit/23540af7b0ec5f12bbdc1558745c8c4f0861042b) - [#18117](https://github.com/npm/npm/pull/18117) - Some package managers would write spaces to the \_from field in package.json's in the - form of `name @spec`. This was causing npm to fail to interpret them. We now handle that - correctly and doubly make sure we don't do that ourselves. - ([@IgorNadj](https://github.com/IgorNadj)) -* [`0ef320cb4`](https://github.com/npm/npm/commit/0ef320cb40222693b7367b97c60ddffabc2d58c5) - [#16634](https://github.com/npm/npm/pull/16634) - Convert any bin script with a shbang a the start to Unix line-endings. (These sorts of scripts - are not compatible with Windows line-endings even on Windows.) - ([@ScottFreeCode](https://github.com/ScottFreeCode)) -* [`71191ca22`](https://github.com/npm/npm/commit/71191ca2227694355c49dfb187104f68df5126bd) - [#16476](https://github.com/npm/npm/pull/16476) - `npm-lifecycle@1.0.2` Running an install with `--ignore-scripts` was resulting in the - the package object being mutated to have the lifecycle scripts removed from it and that - in turn was being written out to disk, causing further problems. This fixes that: - No more mutation, no more unexpected changes. - ([@addaleax](https://github.com/addaleax)) -* [`459fa9d51`](https://github.com/npm/npm/commit/459fa9d51600904ee75ed6267b159367a1209793) - [npm/read-package-json#74](https://github.com/npm/read-package-json/pull/74) - [#17802](https://github.com/npm/npm/pull/17802) - `read-package-json@2.0.1` Use unix-style slashes for generated bin - entries, which lets them be cross platform even when produced on Windows. - ([@iarna](https://github.com/iarna)) -* [`5ec72ab5b`](https://github.com/npm/npm/commit/5ec72ab5b27c5c83cee9ff568cf75a9479d4b83a) - [#18229](https://github.com/npm/npm/pull/18229) - Make install.sh find nodejs on debian. - ([@cebe](https://github.com/cebe)) - -### DOCUMENTATION - -* [`b019680db`](https://github.com/npm/npm/commit/b019680db78ae0a6dff2289dbfe9f61fccbbe824) - [#10846](https://github.com/npm/npm/pull/10846) - Remind users that they have to install missing `peerDependencies` manually. - ([@ryanflorence](https://github.com/ryanflorence)) -* [`3aee5986a`](https://github.com/npm/npm/commit/3aee5986a65add2f815b24541b9f4b69d7fb445f) - [#17898](https://github.com/npm/npm/pull/17898) - Minor punctuation fixes to the README. - ([@AndersDJohnson](https://github.com/AndersDJohnson)) -* [`e0d0a7e1d`](https://github.com/npm/npm/commit/e0d0a7e1dda2c43822b17eb71f4d51900575cc61) - [#17832](https://github.com/npm/npm/pull/17832) - Fix grammar, format, and spelling in documentation for `run-script`. - ([@simonua](https://github.com/simonua)) -* [`3fd6a5f2f`](https://github.com/npm/npm/commit/3fd6a5f2f8802a9768dba2ec32c593b5db5a878d) - [#17897](https://github.com/npm/npm/pull/17897) - Add more info about using `files` with `npm pack`/`npm publish`. - ([@davidjgoss](https://github.com/davidjgoss)) -* [`f00cdc6eb`](https://github.com/npm/npm/commit/f00cdc6eb90a0735bc3c516720de0b1428c79c31) - [#17785](https://github.com/npm/npm/pull/17785) - Add a note about filenames for certificates on Windows, which use a different - extension and file type. - ([@lgp1985](https://github.com/lgp1985)) -* [`0cea6f974`](https://github.com/npm/npm/commit/0cea6f9741243b1937abfa300c2a111d9ed79143) - [#18022](https://github.com/npm/npm/pull/18022) - Clarify usage for the `files` field in `package.json`. - ([@xcambar](https://github.com/xcambar)) -* [`a0fdd1571`](https://github.com/npm/npm/commit/a0fdd15710971234cbc57086cd1a4dc037a39471) - [#15234](https://github.com/npm/npm/pull/15234) - Clarify the behavior of the `files` array in the package-json docs. - ([@jbcpollak](https://github.com/jbcpollak)) -* [`cecd6aa5d`](https://github.com/npm/npm/commit/cecd6aa5d4dd04af765b26b749c1cd032f7eb913) - [#18137](https://github.com/npm/npm/pull/18137) - Clarify interaction between npmignore and files in package.json. - ([@supertong](https://github.com/supertong)) -* [`6b8972039`](https://github.com/npm/npm/commit/6b89720396767961001e727fc985671ce88b901b) - [#18044](https://github.com/npm/npm/pull/18044) - Corrected the typo in package-locks docs. - ([@vikramnr](https://github.com/vikramnr)) -* [`6e012924f`](https://github.com/npm/npm/commit/6e012924f99c475bc3637c86ab6a113875405fc7) - [#17667](https://github.com/npm/npm/pull/17667) - Fix description of package.json in npm-scripts docs. - ([@tripu](https://github.com/tripu)) - -### POSSIBLY INTERESTING DEPENDENCY UPDATES - -* [`48d84171a`](https://github.com/npm/npm/commit/48d84171a302fde2510b3f31e4a004c5a4d39c73) - [`f60b05d63`](https://github.com/npm/npm/commit/f60b05d6307a7c46160ce98d6f3ccba89411c4ba) - `semver@5.4.1` Perf improvements. - ([@zkat](https://github.com/zkat)) -* [`f4650b5d4`](https://github.com/npm/npm/commit/f4650b5d4b2be2c04c229cc53aa930e260af9b4e) - `write-file-atomic@2.3.0`: - Serialize writes to the same file so that results are deterministic. - Cleanup tempfiles when process is interrupted or killed. - ([@ferm10n](https://github.com/ferm10n)) - ([@iarna](https://github.com/iarna)) - -### CHORES - -* [`96d78df98`](https://github.com/npm/npm/commit/96d78df9843187bc53be2c93913e8567003ccb73) - [`80e2f4960`](https://github.com/npm/npm/commit/80e2f4960691bc5dbd8320002e4d9143784b9ce9) - [`4f49f687b`](https://github.com/npm/npm/commit/4f49f687bbd54b6a0e406936ae35593d8e971e1e) - [`07d2296b1`](https://github.com/npm/npm/commit/07d2296b10e3d8d6f079eba3a61f0258501d7161) - [`a267ab430`](https://github.com/npm/npm/commit/a267ab4309883012a9d55934533c5915e9842277) - [#18176](https://github.com/npm/npm/pull/18176) - [#18025](https://github.com/npm/npm/pull/18025) - Move the lifecycle code out of npm into a separate library, - [`npm-lifecycle`](https://github.com/npm/lifecycle). Shh, I didn't tell you this, but this - portends to some pretty cool stuff to come very soon now. - ([@mikesherov](https://github.com/mikesherov)) -* [`0933c7eaf`](https://github.com/npm/npm/commit/0933c7eaf9cfcdf56471fe4e71c403e2016973da) - [#18025](https://github.com/npm/npm/pull/18025) - Force Travis to use Precise instead of Trusty. We have issues with our - couchdb setup and Trusty. =/ - ([@mikesherov](https://github.com/mikesherov)) -* [`afb086230`](https://github.com/npm/npm/commit/afb086230223f3c4fcddee4e958d18fce5db0ff9) - [#18138](https://github.com/npm/npm/pull/18138) - Fix typos in files-and-ignores test. - ([@supertong](https://github.com/supertong)) -* [`3e6d11cde`](https://github.com/npm/npm/commit/3e6d11cde096b4ee7b07e7569b37186aa2115b1a) - [#18175](https://github.com/npm/npm/pull/18175) - Update dependencies to eliminate transitive dependencies with the WTFPL license, which - some more serious corporate lawyery types aren't super comfortable with. - ([@zkat](https://github.com/zkat)) -* [`ee4c9bd8a`](https://github.com/npm/npm/commit/ee4c9bd8ae574a0d6b24725ba6c7b718d8aaad8d) - [#16474](https://github.com/npm/npm/pull/16474) - The tests in `test/tap/lifecycle-signal.js`, as well as the features - they are testing, are partially broken. This moves them from - being skipped in CI to being disabled only for certain platforms. - In particular, because `npm` spawns its lifecycle scripts in a - shell, signals are not necessarily forwarded by the shell and - won’t cause scripts to exit; also, shells may report the signal - they receive using their exit status, rather than terminating - themselves with a signal. - ([@addaleax](https://github.com/addaleax)) -* [`9462e5d9c`](https://github.com/npm/npm/commit/9462e5d9cfbaa50218de6d0a630d6552e72ad0a8) - [#16547](https://github.com/npm/npm/pull/16547) - Remove unused file: bin/read-package-json.js - ([@metux](https://github.com/metux)) -* [`0756d687d`](https://github.com/npm/npm/commit/0756d687d4ccfcd4a7fd83db0065eceb9261befb) - [#16550](https://github.com/npm/npm/pull/16550) - The build tools for the documentation need to be built/installed - before the documents, even with parallel builds. - Make has a simple mechanism which was made exactly for that: - target dependencies. - ([@metux](https://github.com/metux)) - -## v5.3.0 (2017-07-12): - -As mentioned before, we're continuing to do relatively rapid, smaller releases -as we keep working on stomping out `npm@5` issues! We've made a lot of progress -since 5.0 already, and this release is no exception. - -### FEATURES - -* [`1e3a46944`](https://github.com/npm/npm/commit/1e3a469448b5db8376e6f64022c4c0c78cdb1686) - [#17616](https://github.com/npm/npm/pull/17616) - Add `--link` filter option to `npm ls`. - ([@richardsimko](https://github.com/richardsimko)) -* [`33df0aaa`](https://github.com/npm/npm/commit/33df0aaaa7271dac982b86f2701d10152c4177c8) - `libnpx@9.2.0`: - * 4 new languages - Czech, Italian, Turkish, and Chinese (Traditional)! This means npx is available in 14 different languages! - * New --node-arg option lets you pass CLI arguments directly to node when the target binary is found to be a Node.js script. - ([@zkat](https://github.com/zkat)) - -### BUGFIXES - -* [`33df0aaa`](https://github.com/npm/npm/commit/33df0aaaa7271dac982b86f2701d10152c4177c8) - `libnpx@9.2.0`: - * npx should now work on (most) Windows installs. A couple of issues remain. - * Prevent auto-fallback from going into an infinite loop when npx disappears. - * `npx npx npx npx npx npx npx npx` works again. - * `update-notifier` will no longer run for the npx bundled with npm. - * `npx <cmd>` in a subdirectory of your project should be able to find your `node_modules/.bin` now. Oops - ([@zkat](https://github.com/zkat)) -* [`8e979bf80`](https://github.com/npm/npm/commit/8e979bf80fb93233f19db003f08443e26cfc5e64) - Revert change where npm stopped flattening modules that required peerDeps. - This caused problems because folks were using peer deps to indicate that the - target of the peer dep needed to be able to require the dependency and had - been relying on the fact that peer deps didn't change the shape of the tree - (as of npm@3). - The fix that will actually work for people is for a peer dep to insist on - never being installed deeper than the the thing it relies on. At the moment - this is tricky because the thing the peer dep relies on may not yet have - been added to the tree, so we don't know where it is. - ([@iarna](https://github.com/iarna)) -* [`7f28a77f3`](https://github.com/npm/npm/commit/7f28a77f33ef501065f22e8d5e8cffee3195dccd) - [#17733](https://github.com/npm/npm/pull/17733) - Split remove and unbuild actions into two to get uninstall lifecycles and the - removal of transitive symlinks during uninstallation to run in the right - order. - ([@iarna](https://github.com/iarna)) -* [`637f2548f`](https://github.com/npm/npm/commit/637f2548facae011eebf5e5c38bfe56a6c2db9fa) - [#17748](https://github.com/npm/npm/pull/17748) - When rolling back use symlink project-relative path, fixing some issues with - `fs-vacuum` getting confused while removing symlinked things. - ([@iarna](https://github.com/iarna)) -* [`f153b5b22`](https://github.com/npm/npm/commit/f153b5b22f647d4d403f5b8cecd2ce63ac75b07c) - [#17706](https://github.com/npm/npm/pull/17706) - Use semver to compare node versions in npm doctor instead of plain `>` - comparison. - ([@leo-shopify](https://github.com/leo-shopify)) -* [`542f7561`](https://github.com/npm/npm/commit/542f7561d173eca40eb8d838a16a0ed582fef989) - [#17742](https://github.com/npm/npm/pull/17742) - Fix issue where `npm version` would sometimes not commit package-locks. - ([@markpeterfejes](https://github.com/markpeterfejes)) -* [`51a9e63d`](https://github.com/npm/npm/commit/51a9e63d31cb5ac52259dcf1c364004286072426) - [#17777](https://github.com/npm/npm/pull/17777) - Fix bug exposed by other bugfixes where the wrong package would be removed. - ([@iarna](https://github.com/iarna)) - -### DOCUMENTATION - -Have we mentioned we really like documentation patches? Keep sending them in! -Small patches are just fine, and they're a great way to get started contributing -to npm! - -* [`fb42d55a9`](https://github.com/npm/npm/commit/fb42d55a9a97afa5ab7db38b3b99088cf68684ea) - [#17728](https://github.com/npm/npm/pull/17728) - Document semver git urls in package.json docs. - ([@sankethkatta](https://github.com/sankethkatta)) -* [`f398c700f`](https://github.com/npm/npm/commit/f398c700fb0f2f3665ebf45995a910ad16cd8d05) - [#17684](https://github.com/npm/npm/pull/17684) - Tweak heading hierarchy in package.json docs. - ([@sonicdoe](https://github.com/sonicdoe)) -* [`d5ad65e50`](https://github.com/npm/npm/commit/d5ad65e50a573cdf9df4155225e869cd6c88ca5e) - [#17691](https://github.com/npm/npm/pull/17691) - Explicitly document `--no-save` flag for uninstall. - ([@timneedham](https://github.com/timneedham)) - -## v5.2.0 (2017-07-05): - -It's only been a couple of days but we've got some bug fixes we wanted to -get out to you all. We also believe that -[`npx`](https://medium.com/@maybekatz/introducing-npx-an-npm-package-runner-55f7d4bd282b) is ready to be bundled -with npm, which we're really excited about! - -### npx!!! - -npx is a tool intended to help round out the experience of using packages -from the npm registry — the same way npm makes it super easy to install and -manage dependencies hosted on the registry, npx is meant to make it easy to -use CLI tools and other executables hosted on the registry. It greatly -simplifies a number of things that, until now, required a bit of ceremony to -do with plain npm. - - - -[@zkat](https://github.com/zkat) has a [great introduction post to npx](https://medium.com/@maybekatz/introducing-npx-an-npm-package-runner-55f7d4bd282b) -that I highly recommend you give a read - -* [`fb040bee0`](https://github.com/npm/npm/commit/fb040bee0710759c60e45bf8fa2a3b8ddcf4212a) - [#17685](https://github.com/npm/npm/pull/17685) - Bundle npx with npm itself. - ([@zkat](https://github.com/zkat)) - -### BUG FIXES - -* [`9fe905c39`](https://github.com/npm/npm/commit/9fe905c399d07a3c00c7b22035ddb6b7762731e6) - [#17652](https://github.com/npm/npm/pull/17652) - Fix max callstack exceeded loops with trees with circular links. - ([@iarna](https://github.com/iarna)) -* [`c0a289b1b`](https://github.com/npm/npm/commit/c0a289b1ba6b99652c43a955b23acbf1de0b56ae) - [#17606](https://github.com/npm/npm/pull/17606) - Make sure that when write package.json and package-lock.json we always use unix path separators. - ([@Standard8](https://github.com/Standard8)) -* [`1658b79ca`](https://github.com/npm/npm/commit/1658b79cad89ccece5ae5ce3c2f691d44b933116) - [#17654](https://github.com/npm/npm/pull/17654) - Make `npm outdated` show results for globals again. Previously it never thought they were out of date. - ([@iarna](https://github.com/iarna)) -* [`06c154fd6`](https://github.com/npm/npm/commit/06c154fd653d18725d2e760ba825d43cdd807420) - [#17678](https://github.com/npm/npm/pull/17678) - Stop flattening modules that have peer dependencies. We're making this - change to support scenarios where the module requiring a peer dependency - is flattened but the peer dependency itself is not, due to conflicts. In - those cases the module requiring the peer dep can't be flattened past the - location its peer dep was placed in. This initial fix is naive, never - flattening peer deps, and we can look into doing something more - sophisticated later on. - ([@iarna](https://github.com/iarna)) -* [`88aafee8b`](https://github.com/npm/npm/commit/88aafee8b5b232b7eeb5690279a098d056575791) - [#17677](https://github.com/npm/npm/pull/17677) - There was an issue where updating a flattened dependency would sometimes - unflatten it. This only happened when the dependency had dependencies - that in turn required the original dependency. - ([@iarna](https://github.com/iarna)) -* [`b58ec8eab`](https://github.com/npm/npm/commit/b58ec8eab3b4141e7f1b8b42d8cc24f716a804d8) - [#17626](https://github.com/npm/npm/pull/17626) - Integrators who were building their own copies of npm ran into issues because - `make install` and https://npmjs.com/install.sh weren't aware that - `npm install` creates links now when given a directory to work on. This does not impact folks - installing npm with `npm install -g npm`. - ([@iarna](https://github.com/iarna)) - -### DOC FIXES - -* [`10bef735e`](https://github.com/npm/npm/commit/10bef735e825acc8278827d34df415dfcd8c67d4) - [#17645](https://github.com/npm/npm/pull/17645) - Fix some github issue links in the 5.1.0 changelog - ([@schmod](https://github.com/schmod)) -* [`85fa9dcb2`](https://github.com/npm/npm/commit/85fa9dcb2f0b4f51b515358e0184ec82a5845227) - [#17634](https://github.com/npm/npm/pull/17634) - Fix typo in package-lock docs. - ([@sonicdoe](https://github.com/sonicdoe)) -* [`688699bef`](https://github.com/npm/npm/commit/688699befc2d147288c69a9405fb8354ecaebe36) - [#17628](https://github.com/npm/npm/pull/17628) - Recommend that folks looking for support join us on https://package.community/ or message - [@npm_support](https://twitter.com/npm_support) on Twitter. - ([@strugee](https://github.com/strugee)) - - -## v5.1.0 (2017-07-05): - -Hey y'all~ - -We've got some goodies for you here, including `npm@5`'s first semver-minor -release! This version includes a huge number of fixes, particularly for some of -the critical bugs users were running into after upgrading npm. You should -overall see a much more stable experience, and we're going to continue hacking -on fixes for the time being. Semver-major releases, specially for tools like -npm, are bound to cause some instability, and getting `npm@5` stable is the CLI -team's top priority for now! - -Not that bugfixes are the only things that landed, either: between improvements -that fell out of the bugfixes, and some really cool work by community members -like [@mikesherov](https://github.com/mikesherov), `npm@5.1.0` is **_twice as -fast_** as `npm@5.0.0` in some benchmarks. We're not stopping there, either: you -can expect a steady stream of speed improvements over the course of the year. -It's not _top_ priority, but we'll keep doing what we can to make sure npm saves -its users as much time as possible. - -Hang on to your seats. At **100 commits**, this release is a bit of a doozy. 😎 - -### FEATURES - -Semver-minor releases, of course, mean that there's a new feature somewhere, -right? Here's what's bumping that number for us this time: - -* [`a09c1a69d`](https://github.com/npm/npm/commit/a09c1a69df05b753464cc1272cdccc6af0f4da5a) - [#16687](https://github.com/npm/npm/pull/16687) - Allow customizing the shell used to execute `run-script`s. - ([@mmkal](https://github.com/mmkal)) -* [`4f45ba222`](https://github.com/npm/npm/commit/4f45ba222e2ac6dbe6d696cb7a8e678bbda7c839) [`a48958598`](https://github.com/npm/npm/commit/a489585985540deed4edc03418636c9e97aa9e40) [`901bef0e1`](https://github.com/npm/npm/commit/901bef0e1ea806fc08d8d58744a9f813b6c020ab) - [#17508](https://github.com/npm/npm/pull/17508) - Add a new `requires` field to `package-lock.json` with information about the - _logical_ dependency tree. This includes references to the specific version - each package is intended to see, and can be used for many things, such as - [converting `package-lock.json` to other lockfile - formats](https://twitter.com/maybekatz/status/880578566907248640), various - optimizations, and verifying correctness of a package tree. - ([@iarna](https://github.com/iarna)) -* [`47e8fc8eb`](https://github.com/npm/npm/commit/47e8fc8eb9b5faccef9e03ab991cf37458c16249) - [#17508](https://github.com/npm/npm/pull/17508) - Make `npm ls` take package locks (and shrinkwraps) into account. This means - `npm ls` can now be used to see [which dependencies are - missing](https://twitter.com/maybekatz/status/880446509547794437), so long as - a package lock has been previously generated with it in. - ([@iarna](https://github.com/iarna)) -* [`f0075e7ca`](https://github.com/npm/npm/commit/f0075e7caa3e151424a254d7809ae4489ed8df90) - [#17508](https://github.com/npm/npm/pull/17508) - Take `package.json` changes into account when running installs -- if you - remove or add a dependency to `package.json` manually, npm will now pick that - up and update your tree and package lock accordingly. - ([@iarna](https://github.com/iarna)) -* [`83a5455aa`](https://github.com/npm/npm/commit/83a5455aac3c5cc2511ab504923b652b13bd66a0) - [#17205](https://github.com/npm/npm/pull/17205) - Add `npm udpate` as an alias for `npm update`, for symmetry with - `install`/`isntall`. - ([@gdassori](https://github.com/gdassori)) -* [`57225d394`](https://github.com/npm/npm/commit/57225d394b6174eb0be48393d8e18da0991f67b6) - [#17120](https://github.com/npm/npm/pull/17120) - npm will no longer warn about `preferGlobal`, and the option is now - deprecated. - ([@zkat](https://github.com/zkat)) -* [`82df7bb16`](https://github.com/npm/npm/commit/82df7bb16fc29c47a024db4a8c393e55f883744b) - [#17351](https://github.com/npm/npm/pull/17351) - As some of you may already know `npm build` doesn't do what a lot of people - expect: It's mainly an npm plumbing command, and is part of the more familiar - `npm rebuild` command. That said, a lot of users assume that this is the way - to run an npm `run-script` named `build`, which is an incredibly common script - name to use. To clarify things for users, and encourage them to use `npm run - build` instead, npm will now warn if `npm build` is run without any arguments. - ([@lennym](https://github.com/lennym)) - -### PERFORMANCE - -* [`59f86ef90`](https://github.com/npm/npm/commit/59f86ef90a58d8dc925c9613f1c96e68bee5ec7b) [`43be9d222`](https://github.com/npm/npm/commit/43be9d2222b23ebb0a427ed91824ae217e6d077a) [`e906cdd98`](https://github.com/npm/npm/commit/e906cdd980b4722e66618ce295c682b9a8ffaf8f) - [#16633](https://github.com/npm/npm/pull/16633) - npm now parallelizes tarball extraction across multiple child process workers. - This can significantly speed up installations, specially when installing from - cache, and will improve with number of processors. - ([@zkat](https://github.com/zkat)) -* [`e0849878d`](https://github.com/npm/npm/commit/e0849878dd248de8988c2ef3fc941054625712ca) - [#17441](https://github.com/npm/npm/pull/17441) - Avoid building environment for empty lifecycle scripts. This change alone - accounted for as much as a 15% speed boost for npm installations by outright - skipping entire steps of the installer when not needed. - ([@mikesherov](https://github.com/mikesherov)) -* [`265c2544c`](https://github.com/npm/npm/commit/265c2544c8ded10854909243482e6437ed03c261) - [npm/hosted-git-info#24](https://github.com/npm/hosted-git-info/pull/24) - `hosted-git-info@2.5.0`: Add caching to `fromURL`, which gets called many, - many times by the installer. This improved installation performance by around - 10% on realistic application repositories. - ([@mikesherov](https://github.com/mikesherov)) -* [`901d26cb`](https://github.com/npm/npm/commit/901d26cb656e7e773d9a38ef4eac9263b95e07c8) - [npm/read-package-json#20](https://github.com/npm/read-package-json/pull/70) - `read-package-json@2.0.9`: Speed up installs by as much as 20% by - reintroducing a previously-removed cache and making it actually be correct - this time around. - ([@mikesherov](https://github.com/mikesherov)) -* [`44e37045d`](https://github.com/npm/npm/commit/44e37045d77bc40adf339b423d42bf5e9b4d4d91) - Eliminate `Bluebird.promisifyAll` from our codebase. - ([@iarna](https://github.com/iarna)) -* [`3b4681b53`](https://github.com/npm/npm/commit/3b4681b53db7757985223932072875d099694677) - [#17508](https://github.com/npm/npm/pull/17508) - Stop calling `addBundle` on locked deps, speeding up the - `package-lock.json`-based fast path. - ([@iarna](https://github.com/iarna)) - -### BUGFIXES - -* [#17508](https://github.com/npm/npm/pull/17508) - This is a big PR that fixes a variety of issues when installing from package - locks. If you were previously having issues with missing dependencies or - unwanted removals, this might have fixed it: - * It introduces a new `package-lock.json` field, called `requires`, which tracks which modules a given module requires. - * It fixes [#16839](https://github.com/npm/npm/issues/16839) which was caused by not having this information available, particularly when git dependencies were involved. - * It fixes [#16866](https://github.com/npm/npm/issues/16866), allowing the `package.json` to trump the `package-lock.json`. - * `npm ls` now loads the shrinkwrap, which opens the door to showing a full tree of dependencies even when nothing is yet installed. (It doesn't do that yet though.) - ([@iarna](https://github.com/iarna)) -* [`656544c31`](https://github.com/npm/npm/commit/656544c31cdef3cef64fc10c24f03a8ae2685e35) [`d21ab57c3`](https://github.com/npm/npm/commit/d21ab57c3ef4f01d41fb6c2103debe884a17dc22) - [#16637](https://github.com/npm/npm/pull/16637) - Fix some cases where `npm prune` was leaving some dependencies unpruned if - to-be-pruned dependencies depended on them. - ([@exogen](https://github.com/exogen)) -* [`394436b09`](https://github.com/npm/npm/commit/394436b098dcca2d252061f95c4eeb92c4a7027c) - [#17552](https://github.com/npm/npm/pull/17552) - Make `refresh-package-json` re-verify the package platform. This fixes an - issue most notably experienced by Windows users using `create-react-app` where - `fsevents` would not short-circuit and cause a crash during its - otherwise-skipped native build phase. - ([@zkat](https://github.com/zkat)) -* [`9e5a94354`](https://github.com/npm/npm/commit/9e5a943547b29c8d022192afd9398b3a136a7e5a) - [#17590](https://github.com/npm/npm/pull/17590) - Fix an issue where `npm@5` would crash when trying to remove packages - installed with `npm@<5`. - ([@iarna](https://github.com/iarna)) -* [`c3b586aaf`](https://github.com/npm/npm/commit/c3b586aafa9eabac572eb6e2b8a7266536dbc65b) - [#17141](https://github.com/npm/npm/issues/17141) - Don't update the package.json when modifying packages that don't go there. - This was previously causing `package.json` to get a `"false": {}` field added. - ([@iarna](https://github.com/iarna)) -* [`d04a23de2`](https://github.com/npm/npm/commit/d04a23de21dd9991b32029d839b71e10e07b400d) [`4a5b360d5`](https://github.com/npm/npm/commit/4a5b360d561f565703024085da0927ccafe8793e) [`d9e53db48`](https://github.com/npm/npm/commit/d9e53db48ca227b21bb67df48c9b3580cb390e9e) - `pacote@2.7.38`: - * [zkat/pacote#102](https://github.com/zkat/pacote/pull/102) Fix issue with tar extraction and special characters. - * Enable loose semver parsing in some missing corner cases. - ([@colinrotherham](https://github.com/colinrotherham), [@zkat](https://github.com/zkat), [@mcibique](https://github.com/mcibique)) -* [`e2f815f87`](https://github.com/npm/npm/commit/e2f815f87676b7c50b896e939cee15a01aa976e4) - [#17104](https://github.com/npm/npm/pull/17104) - Write an empty str and wait for flush to exit to reduce issues with npm - exiting before all output is complete when it's a child process. - ([@zkat](https://github.com/zkat)) -* [`835fcec60`](https://github.com/npm/npm/commit/835fcec601204971083aa3a281c3a9da6061a7c2) - [#17060](https://github.com/npm/npm/pull/17060) - Make git repos with prepare scripts always install with both dev and prod - flags. - ([@intellix](https://github.com/intellix)) -* [`f1dc8a175`](https://github.com/npm/npm/commit/f1dc8a175eed56f1ed23bd5773e5e10beaf6cb31) - [#16879](https://github.com/npm/npm/pull/16879) - Fix support for `always-auth` and `_auth`. They are now both available in both - unscoped and registry-scoped configurations. - ([@jozemlakar](https://github.com/jozemlakar)) -* [`ddd8a1ca2`](https://github.com/npm/npm/commit/ddd8a1ca2fa3377199af74ede9d0c1a406d19793) - Serialize package specs to prevent `[object Object]` showing up in logs during - extraction. - ([@zkat](https://github.com/zkat)) -* [`99ef3b52c`](https://github.com/npm/npm/commit/99ef3b52caa7507e87a4257e622f8964b1c1f5f3) - [#17505](https://github.com/npm/npm/pull/17505) - Stop trying to commit updated `npm-shrinkwrap.json` and `package-lock.json` if - they're `.gitignore`d. - ([@zkat](https://github.com/zkat)) -* [`58be2ec59`](https://github.com/npm/npm/commit/58be2ec596dfb0353ad2570e6750e408339f1478) - Make sure uid and gid are getting correctly set even when they're `0`. This - should fix some Docker-related issues with bad permissions/broken ownership. - ([@rgrove](https://github.com/rgrove)) - ([@zkat](https://github.com/zkat)) -* [`9d1e3b6fa`](https://github.com/npm/npm/commit/9d1e3b6fa01bb563d76018ee153259d9507658cf) - [#17506](https://github.com/npm/npm/pull/17506) - Skip writing package.json and locks if on-disk version is identical to the new - one. - ([@zkat](https://github.com/zkat)) -* [`3fc6477a8`](https://github.com/npm/npm/commit/3fc6477a89773786e6c43ef43a23e5cdc662ff8e) - [#17592](https://github.com/npm/npm/pull/17592) - Fix an issue where `npm install -g .` on a package with no `name` field would - cause the entire global `node_modules` directory to be replaced with a symlink - to `$CWD`. lol. - ([@iarna](https://github.com/iarna)) -* [`06ba0a14a`](https://github.com/npm/npm/commit/06ba0a14a6c1c8cdcc8c062b68c8c63041b0cec0) - [#17591](https://github.com/npm/npm/pull/17591) - Fix spurious removal reporting: if you tried to remove something that didn't - actually exist, npm would tell you it removed 1 package even though there was - nothing to do. - ([@iarna](https://github.com/iarna)) -* [`20ff05f8`](https://github.com/npm/npm/commit/20ff05f8fe0ad8c36e1323d30b63b4d2ff7e11ef) - [#17629](https://github.com/npm/npm/pull/17629) - When removing a link, keep dependencies installed inside of it instead of - removing them, if the link is outside the scope of the current project. This - fixes an issue where removing globally-linked packages would remove all their - dependencies in the source directory, as well as some ergonomic issues when - using links in other situations. - ([@iarna](https://github.com/iarna)) - -### DOCS - -* [`fd5fab595`](https://github.com/npm/npm/commit/fd5fab5955a20a9bb8c0e77092ada1435f73a8d2) - [#16441](https://github.com/npm/npm/pull/16441) - Add spec for `npm-shrinkwrap.json` and `package-lock.json` from RFC. - ([@iarna](https://github.com/iarna)) -* [`9589c1ccb`](https://github.com/npm/npm/commit/9589c1ccb3f794abaaa48c2a647ada311dd881ef) - [#17451](https://github.com/npm/npm/pull/17451) - Fix typo in changelog. - ([@watilde](https://github.com/watilde)) -* [`f8e76d856`](https://github.com/npm/npm/commit/f8e76d8566ae1965e57d348df74edad0643b66a6) - [#17370](https://github.com/npm/npm/pull/17370) - Correct the default prefix config path for Windows operating systems in the - documentation for npm folders. - ([@kierendixon](https://github.com/kierendixon)) -* [`d0f3b5a12`](https://github.com/npm/npm/commit/d0f3b5a127718b0347c6622a2b9c28341c530d36) - [#17369](https://github.com/npm/npm/pull/17369) - Fix `npm-config` reference to `userconfig` & `globalconfig` environment - variables. - ([@racztiborzoltan](https://github.com/racztiborzoltan)) -* [`87629880a`](https://github.com/npm/npm/commit/87629880a71baec352c1b5345bc29268d6212467) - [#17336](https://github.com/npm/npm/pull/17336) - Remove note in docs about `prepublish` being entirely removed. - ([@Hirse](https://github.com/Hirse)) -* [`a1058afd9`](https://github.com/npm/npm/commit/a1058afd9a7a569bd0ac65b86eadd4fe077a7221) - [#17169](https://github.com/npm/npm/pull/17169) - Document `--no-package-lock` flag. - ([@leggsimon](https://github.com/leggsimon)) -* [`32fc6e41a`](https://github.com/npm/npm/commit/32fc6e41a2ce4dbcd5ce1e5f291e2e2efc779d48) - [#17250](https://github.com/npm/npm/pull/17250) - Fix a typo in the shrinkwrap docs. - ([@Zarel](https://github.com/Zarel)) -* [`f19bd3c8c`](https://github.com/npm/npm/commit/f19bd3c8cbd37c8a99487d6b5035282580ac3e9d) - [#17249](https://github.com/npm/npm/pull/17249) - Fix a package-lock.json cross-reference link. - ([@not-an-aardvark](https://github.com/not-an-aardvark)) -* [`153245edc`](https://github.com/npm/npm/commit/153245edc4845db670ada5e95ef384561706a751) - [#17075](https://github.com/npm/npm/pull/17075/files) - Fix a typo in `npm-config` docs. - ([@KennethKinLum](https://github.com/KennethKinLum)) -* [`c9b534a14`](https://github.com/npm/npm/commit/c9b534a148818d1a97787c0dfdba5f64ce3618a6) - [#17074](https://github.com/npm/npm/pull/17074) - Clarify config documentation with multiple boolean flags. - ([@KennethKinLum](https://github.com/KennethKinLum)) -* [`e111b0a40`](https://github.com/npm/npm/commit/e111b0a40c4bc6691d7b8d67ddce5419e67bfd27) - [#16768](https://github.com/npm/npm/pull/16768) - Document the `-l` option to `npm config list`. - ([@happylynx](https://github.com/happylynx)) -* [`5a803ebad`](https://github.com/npm/npm/commit/5a803ebadd61229bca3d64fb3ef1981729b2548e) - [#16548](https://github.com/npm/npm/pull/16548) - Fix permissions for documentation files. Some of them had `+x` set. (???) - ([@metux](https://github.com/metux)) -* [`d57d4f48c`](https://github.com/npm/npm/commit/d57d4f48c6cd00fdf1e694eb49e9358071d8e105) - [#17319](https://github.com/npm/npm/pull/17319) - Document that the `--silent` option for `npm run-script` can be used to - suppress `npm ERR!` output on errors. - ([@styfle](https://github.com/styfle)) - -### MISC - -Not all contributions need to be visible features, docs, or bugfixes! It's super -helpful when community members go over our code and help clean it up, too! - -* [`9e5b76140`](https://github.com/npm/npm/commit/9e5b76140ffdb7dcd12aa402793644213fb8c5d7) - [#17411](https://github.com/npm/npm/pull/17411) - Convert all callback-style `move` usage to use Promises. - ([@vramana](https://github.com/vramana)) -* [`0711c08f7`](https://github.com/npm/npm/commit/0711c08f779ac641ec42ecc96f604c8861008b28) - [#17394](https://github.com/npm/npm/pull/17394) - Remove unused argument in `deepSortObject`. - ([@vramana](https://github.com/vramana)) -* [`7d650048c`](https://github.com/npm/npm/commit/7d650048c8ed5faa0486492f1eeb698e7383e32f) - [#17563](https://github.com/npm/npm/pull/17563) - Refactor some code to use `Object.assign`. - ([@vramana](https://github.com/vramana)) -* [`993f673f0`](https://github.com/npm/npm/commit/993f673f056aea5f602ea04b1e697b027c267a2d) - [#17600](https://github.com/npm/npm/pull/17600) - Remove an old comment. - ([@vramana](https://github.com/vramana)) - -## v5.0.4 (2017-06-13): - -Hey y'all. This is another minor patch release with a variety of little fixes -we've been accumulating~ - -* [`f0a37ace9`](https://github.com/npm/npm/commit/f0a37ace9ab7879cab20f2b0fcd7840bfc305feb) - Fix `npm doctor` when hitting registries without `ping`. - ([@zkat](https://github.com/zkat)) -* [`64f0105e8`](https://github.com/npm/npm/commit/64f0105e81352b42b72900d83b437b90afc6d9ce) - Fix invalid format error when setting cache-related headers. - ([@zkat](https://github.com/zkat)) -* [`d2969c80e`](https://github.com/npm/npm/commit/d2969c80e4178faebf0f7c4cab6eb610dd953cc6) - Fix spurious `EINTEGRITY` issue. - ([@zkat](https://github.com/zkat)) -* [`800cb2b4e`](https://github.com/npm/npm/commit/800cb2b4e2d0bd00b5c9082a896f2110e907eb0b) - [#17076](https://github.com/npm/npm/pull/17076) - Use legacy `from` field to improve upgrade experience from legacy shrinkwraps - and installs. - ([@zkat](https://github.com/zkat)) -* [`4100d47ea`](https://github.com/npm/npm/commit/4100d47ea58b4966c02604f71350b5316108df6a) - [#17007](https://github.com/npm/npm/pull/17007) - Restore loose semver parsing to match older npm behavior when running into - invalid semver ranges in dependencies. - ([@zkat](https://github.com/zkat)) -* [`35316cce2`](https://github.com/npm/npm/commit/35316cce2ca2d8eb94161ec7fe7e8f7bec7b3aa7) - [#17005](https://github.com/npm/npm/pull/17005) - Emulate npm@4's behavior of simply marking the peerDep as invalid, instead of - crashing. - ([@zkat](https://github.com/zkat)) -* [`e7e8ee5c5`](https://github.com/npm/npm/commit/e7e8ee5c57c7238655677e118a8809b652019f53) - [#16937](https://github.com/npm/npm/pull/16937) - Workaround for separate bug where `requested` was somehow null. - ([@forivall](https://github.com/forivall)) -* [`2d9629bb2`](https://github.com/npm/npm/commit/2d9629bb2043cff47eaad2654a64d2cef5725356) - Better logging output for git errors. - ([@zkat](https://github.com/zkat)) -* [`2235aea73`](https://github.com/npm/npm/commit/2235aea73569fb9711a06fa6344ef31247177dcd) - More scp-url fixes: parsing only worked correctly when a committish was - present. - ([@zkat](https://github.com/zkat)) -* [`80c33cf5e`](https://github.com/npm/npm/commit/80c33cf5e6ef207450949764de41ea96538c636e) - Standardize package permissions on tarball extraction, instead of using perms - from the tarball. This matches previous npm behavior and fixes a number of - incompatibilities in the wild. - ([@zkat](https://github.com/zkat)) -* [`2b1e40efb`](https://github.com/npm/npm/commit/2b1e40efba0b3d1004259efa4275cf42144e3ce3) - Limit shallow cloning to hosts which are known to support it. - ([@zkat](https://github.com/zkat)) - -## v5.0.3 (2017-06-05) - -Happy Monday, y'all! We've got another npm release for you with the fruits of -our ongoing bugsquashing efforts. You can expect at least one more this week, -but probably more -- and as we announced last week, we'll be merging fixes more -rapidly into the `npmc` canary so you can get everything as soon as possible! - -Hope y'all are enjoying npm5 in the meantime, and don't hesitate to file issues -for anything you find! The goal is to get this release rock-solid as soon as we -can. 💚 - -* [`6e12a5cc0`](https://github.com/npm/npm/commit/6e12a5cc022cb5a157a37df7283b6d7b3d49bdab) - Bump several dependencies to get improvements and bugfixes: - * `cacache`: content files (the tarballs) are now read-only. - * `pacote`: fix failing clones with bad heads, send extra TLS-related opts to proxy, enable global auth configurations and `_auth`-based auth. - * `ssri`: stop crashing with `can't call method find of undefined` when running into a weird `opts.integrity`/`opts.algorithms` conflict during verification. - ([@zkat](https://github.com/zkat)) -* [`89cc8e3e1`](https://github.com/npm/npm/commit/89cc8e3e12dad67fd9844accf4d41deb4c180c5c) - [#16917](https://github.com/npm/npm/pull/16917) - Send `ca`, `cert` and `key` config through to network layer. - ([@colinrotherham](https://github.com/colinrotherham)) -* [`6a9b51c67`](https://github.com/npm/npm/commit/6a9b51c67ba3df0372991631992748329b84f2e7) - [#16929](https://github.com/npm/npm/pull/16929) - Send `npm-session` header value with registry requests again. - ([@zarenner](https://github.com/zarenner)) -* [`662a15ab7`](https://github.com/npm/npm/commit/662a15ab7e790e87f5e5a35252f05d5a4a0724a1) - Fix `npm doctor` so it stop complaining about read-only content files in the - cache. - ([@zkat](https://github.com/zkat)) -* [`191d10a66`](https://github.com/npm/npm/commit/191d10a6616d72e26d89fd00f5a4f6158bfbc526) - [#16918](https://github.com/npm/npm/pull/16918) - Clarify prepublish deprecation message. - ([@Hirse](https://github.com/Hirse)) - -## v5.0.2 (2017-06-02) - -Here's another patch release, soon after the other! - -This particular release includes a slew of fixes to npm's git support, which was -causing some issues for a chunk of people, specially those who were using -self-hosted/Enterprise repos. All of those should be back in working condition -now. - -There's another shiny thing you might wanna know about: npm has a Canary release -now! The `npm5` experiment we did during our beta proved to be incredibly -successful: users were able to have a tight feedback loop between reports and -getting the bugfixes they needed, and the CLI team was able to roll out -experimental patches and have the community try them out right away. So we want -to keep doing that. - -From now on, you'll be able to install the 'npm canary' with `npm i -g npmc`. -This release will be a separate binary (`npmc`. Because canary. Get it?), which -will update independently of the main CLI. Most of the time, this will track -`release-next` or something close to it. We might occasionally toss experimental -branches in there to see if our more adventurous users run into anything -interesting with it. For example, the current canary (`npmc@5.0.1-canary.6`) -includes an [experimental multiproc -branch](https://github.com/npm/npm/pull/16633) that parallelizes tarball -extraction across multiple processes. - -If you find any issues while running the canary version, please report them and -let us know it came from `npmc`! It would be tremendously helpful, and finding -things early is a huge reason to have it there. Happy hacking! - -### A NOTE ABOUT THE ISSUE TRACKER - -Just a heads up: We're preparing to do a massive cleanup of the issue tracker. -It's been a long time since it was something we could really keep up with, and -we didn't have a process for dealing with it that could actually be sustainable. - -We're still sussing the details out, and we'll talk about it more when we're -about to do it, but the plan is essentially to close old, abandoned issues and -start over. We will also [add some automation](https://github.com/probot) around -issue management so that things that we can't keep up with don't just stay -around forever. - -Stay tuned! - -### GIT YOLO - -* [`1f26e9567`](https://github.com/npm/npm/commit/1f26e9567a6d14088704e121ebe787c38b6849a4) - `pacote@2.7.27`: Fixes installing committishes that look like semver, even - though they're not using the required `#semver:` syntax. - ([@zkat](https://github.com/zkat)) -* [`85ea1e0b9`](https://github.com/npm/npm/commit/85ea1e0b9478551265d03d545e7dc750b9edf547) - `npm-package-arg@5.1.1`: This includes the npa git-parsing patch to make it so - non-hosted SCP-style identifiers are correctly handled. Previously, npa would - mangle them (even though hosted-git-info is doing the right thing for them). - ([@zkat](https://github.com/zkat)) - -### COOL NEW OUTPUT - -The new summary output has been really well received! One downside that reared -its head as more people used it, though, is that it doesn't really tell you -anything about the toplevel versions it installed. So, if you did `npm i -g -foo`, it would just say "added 1 package". This patch by -[@rmg](https://github.com/rmg) keeps things concise while still telling you -what you got! So now, you'll see something like this: - -``` -$ npm i -g foo bar -+ foo@1.2.3 -+ bar@3.2.1 -added 234 packages in .005ms -``` - -* [`362f9fd5b`](https://github.com/npm/npm/commit/362f9fd5bec65301082416b4292b8fe3eb7f824a) - [#16899](https://github.com/npm/npm/pull/16899) - For every package that is given as an argument to install, print the name and - version that was actually installed. - ([@rmg](https://github.com/rmg)) - -### OTHER BUGFIXES - -* [`a47593a98`](https://github.com/npm/npm/commit/a47593a98a402143081d7077d2ac677d13083010) - [#16835](https://github.com/npm/npm/pull/16835) - Fix a crash while installing with `--no-shrinkwrap`. - ([@jacknagel](https://github.com/jacknagel)) - -### DOC UPDATES - -* [`89e0cb816`](https://github.com/npm/npm/commit/89e0cb8165dd9c3c7ac74d531617f367099608f4) - [#16818](https://github.com/npm/npm/pull/16818) - Fixes a spelling error in the docs. Because the CLI team has trouble spelling - "package", I guess. - ([@ankon](https://github.com/ankon)) -* [`c01fbc46e`](https://github.com/npm/npm/commit/c01fbc46e151bcfb359fd68dd7faa392789b4f55) - [#16895](https://github.com/npm/npm/pull/16895) - Remove `--save` from `npm init` instructions, since it's now the default. - ([@jhwohlgemuth](https://github.com/jhwohlgemuth)) -* [`80c42d218`](https://github.com/npm/npm/commit/80c42d2181dd4d1b79fcee4e9233df268dfb30b7) - Guard against cycles when inflating bundles, as symlinks are bundles now. - ([@iarna](https://github.com/iarna)) -* [`7fe7f8665`](https://github.com/npm/npm/commit/7fe7f86658798db6667df89afc75588c0e43bc94) - [#16674](https://github.com/npm/npm/issues/16674) - Write the builtin config for `npmc`, not just `npm`. This is hardcoded for npm - self-installations and is needed for Canary to work right. - ([@zkat](https://github.com/zkat)) - -### DEP UPDATES - -* [`63df4fcdd`](https://github.com/npm/npm/commit/63df4fcddc7445efb50cc7d8e09cdd45146d3e39) - [#16894](https://github.com/npm/npm/pull/16894) - [`node-gyp@3.6.2`](https://github.com/nodejs/node-gyp/blob/master/CHANGELOG.md#v362-2017-06-01): - Fixes an issue parsing SDK versions on Windows, among other things. - ([@refack](https://github.com/refack)) -* [`5bb15c3c4`](https://github.com/npm/npm/commit/5bb15c3c4f0d7d77c73fd6dafa38ac36549b6e00) - `read-package-tree@5.1.6`: Fixes some racyness while reading the tree. - ([@iarna](https://github.com/iarna)) -* [`a6f7a52e7`](https://github.com/npm/npm/commit/a6f7a52e7) - `aproba@1.1.2`: Remove nested function declaration for speed up - ([@mikesherov](https://github.com/mikesherov)) - -## v5.0.1 (2017-05-31): - -Hey y'all! Hope you're enjoying the new npm! - -As you all know, fresh software that's gone through major overhauls tends to -miss a lot of spots the old one used to handle well enough, and `npm@5` is no -exception. The CLI team will be doing faster release cycles that go directly to -the `latest` tag for a couple of weeks while 5 stabilizes a bit and we're -confident the common low-hanging fruit people are running into are all taken -care of. - -With that said: this is our first patch release! The biggest focus is fixing up -a number of git-related issues that folks ran into right out the door. It also -fixes other things, like some proxy/auth-related issues, and even has a neat -speed boost! (You can expect more speed bumps in the coming releases as pending -work starts landing, too!) - -Thanks everyone who's been reporting issues and submitting patches! - -### BUGFIXES - -* [`e61e68dac`](https://github.com/npm/npm/commit/e61e68dac4fa51c0540a064204a75b19f8052e58) - [#16762](https://github.com/npm/npm/pull/16762) - Make `npm publish` obey the `--tag` flag again. - ([@zkat](https://github.com/zkat)) -* [`923fd58d3`](https://github.com/npm/npm/commit/923fd58d312f40f8c17b232ad1dfc8e2ff622dbd) - [#16749](https://github.com/npm/npm/pull/16749) - Speed up installations by nearly 20% by... removing one line of code. (hah) - ([@mikesherov](https://github.com/mikesherov)) -* [`9aac984cb`](https://github.com/npm/npm/commit/9aac984cbbfef22182ee42b51a193c0b47146ad6) - Guard against a particular failure mode for a bug still being hunted down. - ([@iarna](https://github.com/iarna)) -* [`80ab521f1`](https://github.com/npm/npm/commit/80ab521f18d34df109de0c5dc9eb1cde5ff6d7e8) - Pull in dependency updates for various core deps: - * New `pacote` fixes several git-related bugs. - * `ssri` update fixes crash on early node@4 versions. - * `make-fetch-happen` update fixes proxy authentication issue. - * `npm-user-validate` adds regex for blocking usernames with illegal chars. - ([@zkat](https://github.com/zkat)) -* [`7e5ce87b8`](https://github.com/npm/npm/commit/7e5ce87b84880c7433ee4c07d2dd6ce8806df436) - `pacote@2.7.26`: - Fixes various other git issues related to commit hashes. - ([@zkat](https://github.com/zkat)) -* [`acbe85bfc`](https://github.com/npm/npm/commit/acbe85bfc1a68d19ca339a3fb71da0cffbf58926) - [#16791](https://github.com/npm/npm/pull/16791) - `npm view` was calling `cb` prematurely and giving partial output when called - in a child process. - ([@zkat](https://github.com/zkat)) -* [`ebafe48af`](https://github.com/npm/npm/commit/ebafe48af91f702ccefc8c619d52fed3b8dfd3c7) - [#16750](https://github.com/npm/npm/pull/16750) - Hamilpatch the Musical: Talk less, complete more. - ([@aredridel](https://github.com/aredridel)) - -### DOCUMENTATION - -* [`dc2823a6c`](https://github.com/npm/npm/commit/dc2823a6c5fc098041e61515c643570819d059d2) - [#16799](https://github.com/npm/npm/pull/16799) - Document that `package-lock.json` is never allowed in tarballs. - ([@sonicdoe](https://github.com/sonicdoe)) -* [`f3cb84b44`](https://github.com/npm/npm/commit/f3cb84b446c51d628ee0033cdf13752c15b31a29) - [#16771](https://github.com/npm/npm/pull/16771) - Fix `npm -l` usage information for the `test` command. - ([@grawlinson](https://github.com/grawlinson)) - -### OTHER CHANGES - -* [`661262309`](https://github.com/npm/npm/commit/66126230912ab5ab35287b40a9908e036fa73994) - [#16756](https://github.com/npm/npm/pull/16756) - remove unused argument - ([@Aladdin-ADD](https://github.com/Aladdin-ADD)) -* [`c3e0b4287`](https://github.com/npm/npm/commit/c3e0b4287ea69735cc367aa7bb7e7aa9a6d9804b) - [#16296](https://github.com/npm/npm/pull/16296) - preserve same name convention for command - ([@desfero](https://github.com/desfero)) -* [`9f814831d`](https://github.com/npm/npm/commit/9f814831d330dde7702973186aea06caaa77ff31) - [#16757](https://github.com/npm/npm/pull/16757) - remove unused argument - ([@Aladdin-ADD](https://github.com/Aladdin-ADD)) -* [`3cb843239`](https://github.com/npm/npm/commit/3cb8432397b3666d88c31131dbb4599016a983ff) - minor linter fix - ([@zkat](https://github.com/zkat)) - -## v5.0.0 (2017-05-25) - -Wowowowowow npm@5! - -This release marks months of hard work for the young, scrappy, and hungry CLI -team, and includes some changes we've been hoping to do for literally years. -npm@5 takes npm a pretty big step forward, significantly improving its -performance in almost all common situations, fixing a bunch of old errors due to -the architecture, and just generally making it more robust and fault-tolerant. -It comes with changes to make life easier for people doing monorepos, for users -who want consistency/security guarantees, and brings semver support to git -dependencies. See below for all the deets! - -### Breaking Changes - -* Existing npm caches will no longer be used: you will have to redownload any cached packages. There is no tool or intention to reuse old caches. ([#15666](https://github.com/npm/npm/pull/15666)) - -* `npm install ./packages/subdir` will now create a symlink instead of a regular installation. `file://path/to/tarball.tgz` will not change -- only directories are symlinked. ([#15900](https://github.com/npm/npm/pull/15900)) - -* npm will now scold you if you capitalize its name. seriously it will fight you. - -* [npm will `--save` by default now](https://twitter.com/maybekatz/status/859229741676625920). Additionally, `package-lock.json` will be automatically created unless an `npm-shrinkwrap.json` exists. ([#15666](https://github.com/npm/npm/pull/15666)) - -* Git dependencies support semver through `user/repo#semver:^1.2.3` ([#15308](https://github.com/npm/npm/pull/15308)) ([#15666](https://github.com/npm/npm/pull/15666)) ([@sankethkatta](https://github.com/sankethkatta)) - -* Git dependencies with `prepare` scripts will have their `devDependencies` installed, and `npm install` run in their directory before being packed. - -* `npm cache` commands have been rewritten and don't really work anything like they did before. ([#15666](https://github.com/npm/npm/pull/15666)) - -* `--cache-min` and `--cache-max` have been deprecated. ([#15666](https://github.com/npm/npm/pull/15666)) - -* Running npm while offline will no longer insist on retrying network requests. npm will now immediately fall back to cache if possible, or fail. ([#15666](https://github.com/npm/npm/pull/15666)) - -* package locks no longer exclude `optionalDependencies` that failed to build. This means package-lock.json and npm-shrinkwrap.json should now be cross-platform. ([#15900](https://github.com/npm/npm/pull/15900)) - -* If you generated your package lock against registry A, and you switch to registry B, npm will now try to [install the packages from registry B, instead of A](https://twitter.com/maybekatz/status/862834964932435969). If you want to use different registries for different packages, use scope-specific registries (`npm config set @myscope:registry=https://myownregist.ry/packages/`). Different registries for different unscoped packages are not supported anymore. - -* Shrinkwrap and package-lock no longer warn and exit without saving the lockfile. - -* Local tarballs can now only be installed if they have a file extensions `.tar`, `.tar.gz`, or `.tgz`. - -* A new loglevel, `notice`, has been added and set as default. - -* One binary to rule them all: `./cli.js` has been removed in favor of `./bin/npm-cli.js`. In case you were doing something with `./cli.js` itself. ([#12096](https://github.com/npm/npm/pull/12096)) ([@watilde](https://github.com/watilde)) - -* Stub file removed ([#16204](https://github.com/npm/npm/pull/16204)) ([@watilde](https://github.com/watilde)) - -* The "extremely legacy" `_token` couchToken has been removed. ([#12986](https://github.com/npm/npm/pull/12986)) - -### Feature Summary - -#### Installer changes - -* A new, standardised lockfile feature meant for cross-package-manager compatibility (`package-lock.json`), and a new format and semantics for shrinkwrap. ([#16441](https://github.com/npm/npm/pull/16441)) - -* `--save` is no longer necessary. All installs will be saved by default. You can prevent saving with `--no-save`. Installing optional and dev deps is unchanged: use `-D/--save-dev` and `-O/--save-optional` if you want them saved into those fields instead. Note that since npm@3, npm will automatically update npm-shrinkwrap.json when you save: this will also be true for `package-lock.json`. ([#15666](https://github.com/npm/npm/pull/15666)) - -* Installing a package directory now ends up creating a symlink and does the Right Thing™ as far as saving to and installing from the package lock goes. If you have a monorepo, this might make things much easier to work with, and probably a lot faster too. 😁 ([#15900](https://github.com/npm/npm/pull/15900)) - -* Project-level (toplevel) `preinstall` scripts now run before anything else, and can modify `node_modules` before the CLI reads it. - -* Two new scripts have been added, `prepack` and `postpack`, which will run on both `npm pack` and `npm publish`, but NOT on `npm install` (without arguments). Combined with the fact that `prepublishOnly` is run before the tarball is generated, this should round out the general story as far as putzing around with your code before publication. - -* Git dependencies with `prepare` scripts will now [have their devDependencies installed, and their prepare script executed](https://twitter.com/maybekatz/status/860363896443371520) as if under `npm pack`. - -* Git dependencies now support semver-based matching: `npm install git://github.com/npm/npm#semver:^5` (#15308, #15666) - -* `node-gyp` now supports `node-gyp.cmd` on Windows ([#14568](https://github.com/npm/npm/pull/14568)) - -* npm no longer blasts your screen with the whole installed tree. Instead, you'll see a summary report of the install that is much kinder on your shell real-estate. Specially for large projects. ([#15914](https://github.com/npm/npm/pull/15914)): -``` -$ npm install -npm added 125, removed 32, updated 148 and moved 5 packages in 5.032s. -$ -``` - -* `--parseable` and `--json` now work more consistently across various commands, particularly `install` and `ls`. - -* Indentation is now [detected and preserved](https://twitter.com/maybekatz/status/860690502932340737) for `package.json`, `package-lock.json`, and `npm-shrinkwrap.json`. If the package lock is missing, it will default to `package.json`'s current indentation. - -#### Publishing - -* New [publishes will now include *both* `sha512`](https://twitter.com/maybekatz/status/863201943082065920) and `sha1` checksums. Versions of npm from 5 onwards will use the strongest algorithm available to verify downloads. [npm/npm-registry-client#157](https://github.com/npm/npm-registry-client/pull/157) - -#### Cache Rewrite! - -We've been talking about rewriting the cache for a loooong time. So here it is. -Lots of exciting stuff ahead. The rewrite will also enable some exciting future -features, but we'll talk about those when they're actually in the works. #15666 -is the main PR for all these changes. Additional PRs/commits are linked inline. - -* Package metadata, package download, and caching infrastructure replaced. - -* It's a bit faster. [Hopefully it will be noticeable](https://twitter.com/maybekatz/status/865393382260056064). 🤔 - -* With the shrinkwrap and package-lock changes, tarballs will be looked up in the cache by content address (and verified with it). - -* Corrupted cache entries will [automatically be removed and re-fetched](https://twitter.com/maybekatz/status/854933138182557696) on integrity check failure. - -* npm CLI now supports tarball hashes with any hash function supported by Node.js. That is, it will [use `sha512` for tarballs from registries that send a `sha512` checksum as the tarball hash](https://twitter.com/maybekatz/status/858137093624573953). Publishing with `sha512` is added by [npm/npm-registry-client#157](https://github.com/npm/npm-registry-client/pull/157) and may be backfilled by the registry for older entries. - -* Remote tarball requests are now cached. This means that even if you're missing the `integrity` field in your shrinkwrap or package-lock, npm will be able to install from the cache. - -* Downloads for large packages are streamed in and out of disk. npm is now able to install packages of """any""" size without running out of memory. Support for publishing them is pending (due to registry limitations). - -* [Automatic fallback-to-offline mode](https://twitter.com/maybekatz/status/854176565587984384). npm will seamlessly use your cache if you are offline, or if you lose access to a particular registry (for example, if you can no longer access a private npm repo, or if your git host is unavailable). - -* A new `--prefer-offline` option will make npm skip any conditional requests (304 checks) for stale cache data, and *only* hit the network if something is missing from the cache. - -* A new `--prefer-online` option that will force npm to revalidate cached data (with 304 checks), ignoring any staleness checks, and refreshing the cache with revalidated, fresh data. - -* A new `--offline` option will force npm to use the cache or exit. It will error with an `ENOTCACHED` code if anything it tries to install isn't already in the cache. - -* A new `npm cache verify` command that will garbage collect your cache, reducing disk usage for things you don't need (-handwave-), and will do full integrity verification on both the index and the content. This is also hooked into `npm doctor` as part of its larger suite of checking tools. - -* The new cache is *very* fault tolerant and supports concurrent access. - * Multiple npm processes will not corrupt a shared cache. - * Corrupted data will not be installed. Data is checked on both insertion and extraction, and treated as if it were missing if found to be corrupted. I will literally bake you a cookie if you manage to corrupt the cache in such a way that you end up with the wrong data in your installation (installer bugs notwithstanding). - * `npm cache clear` is no longer useful for anything except clearing up disk space. - -* Package metadata is cached separately per registry and package type: you can't have package name conflicts between locally-installed packages, private repo packages, and public repo packages. Identical tarball data will still be shared/deduplicated as long as their hashes match. - -* HTTP cache-related headers and features are "fully" (lol) supported for both metadata and tarball requests -- if you have your own registry, you can define your own cache settings the CLI will obey! - -* `prepublishOnly` now runs *before* the tarball to publish is created, after `prepare` has run. |