## v4.6.1 (2017-04-21) A little release to tide you over while we hammer out the last bits for npm@5. ### FEATURES * [`d13c9b2f2`](https://github.com/npm/npm/commit/d13c9b2f24b6380427f359b6e430b149ac8aaa79) `init-package-json@1.10.0`: The `name:` prompt is now `package name:` to make this less ambiguous for new users. The default package name is now a valid package name. For example: If your package directory has mixed case, the default package name will be all lower case. * [`f08c66323`](https://github.com/npm/npm/commit/f08c663231099f7036eb82b92770806a3a79cdf1) [#16213](https://github.com/npm/npm/pull/16213) Add `--allow-same-version` option to `npm version` so that you can use `npm version` to run your version lifecycles and tag your git repo without actually changing the version number in your `package.json`. ([@lucastheisen](https://github.com/lucastheisen)) * [`f5e8becd0`](https://github.com/npm/npm/commit/f5e8becd05e0426379eb0c999abdbc8e87a7f6f2) Timing has been added throughout the install implementation. You can see it by running a command with `--loglevel=timing`. You can also run commands with `--timing` which will write an `npm-debug.log` even on success and add an entry to `_timing.json` in your cache with the timing information from that run. ([@iarna](https://github.com/iarna)) ### BUG FIXES * [`9c860f2ed`](https://github.com/npm/npm/commit/9c860f2ed3bdea1417ed059b019371cd253db2ad) [#16021](https://github.com/npm/npm/pull/16021) Fix a crash in `npm doctor` when used with a registry that does not support the `ping` API endpoint. ([@watilde](https://github.com/watilde)) * [`65b9943e9`](https://github.com/npm/npm/commit/65b9943e9424c67547b0029f02b0258e35ba7d26) [#16364](https://github.com/npm/npm/pull/16364) Shorten the ELIFECYCLE error message. The shorter error message should make it much easier to discern the actual cause of the error. ([@j-f1](https://github.com/j-f1)) * [`a87a4a835`](https://github.com/npm/npm/commit/a87a4a8359693518ee41dfeb13c5a8929136772a) `npmlog@4.0.2`: Fix flashing of the progress bar when your terminal is very narrow. ([@iarna](https://github.com/iarna)) * [`41c10974f`](https://github.com/npm/npm/commit/41c10974fe95a2e520e33e37725570c75f6126ea) `write-file-atomic@1.3.2`: Wait for `fsync` to complete before considering our file written to disk. This will improve certain sorts of Windows diagnostic problems. * [`2afa9240c`](https://github.com/npm/npm/commit/2afa9240ce5b391671ed5416464f2882d18a94bc) [#16336](https://github.com/npm/npm/pull/16336) Don't ham-it-up when expecting JSON. ([@bdukes](https://github.com/bdukes)) ### DOCUMENTATION FIXES * [`566f3eebe`](https://github.com/npm/npm/commit/566f3eebe741f935b7c1e004bebf19b8625a1413) [#16296](https://github.com/npm/npm/pull/16296) Use a single convention when referring to the `` you're running. ([@desfero](https://github.com/desfero)) * [`ccbb94934`](https://github.com/npm/npm/commit/ccbb94934d4f677f680c3e2284df3d0ae0e65758) [#16267](https://github.com/npm/npm/pull/16267) Fix a missing space in the example package.json. ([@famousgarkin](https://github.com/famousgarkin)) ### DEPENDENCY UPDATES * [`ebde4ea33`](https://github.com/npm/npm/commit/ebde4ea3363dfc154c53bd537189503863c9b3a4) `hosted-git-info@2.4.2` * [`c46ad71bb`](https://github.com/npm/npm/commit/c46ad71bbe27aaa9ee10e107d8bcd665d98544d7) `init-package-json@1.9.6` * [`d856d570d`](https://github.com/npm/npm/commit/d856d570d2df602767c039cf03439d647bba2e3d) `npm-registry-client@8.1.1` * [`4a2e14436`](https://github.com/npm/npm/commit/4a2e1443613a199665e7adbda034d5b9d10391a2) `readable-stream@2.2.9` * [`f0399138e`](https://github.com/npm/npm/commit/f0399138e6d6f1cd7f807d523787a3b129996301) `normalize-package-data@2.3.8` ### v4.5.0 (2017-03-24) Welcome a wrinkle on npm's registry API! Codename: Corgi ![corgi-meme](https://cloud.githubusercontent.com/assets/757502/24126107/64c14268-0d89-11e7-871b-d457e6d0082b.jpg) This release has some bug fixes, but it's mostly about bringing support for MUCH smaller package metadata. How much smaller? Well, for npm itself it reduces 416K of gzip compressed JSON to 24K. As a user, all you have to do is update to get to use the new API. If you're interested in the details we've [documented the changes](https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md) in detail. #### CORGUMENTS Package metadata: now smaller. This means a smaller cache and less to download. * [`86dad0d74`](https://github.com/npm/npm/commit/86dad0d747f288eab467d49c9635644d3d44d6f0) Add support for filtered package metadata. ([@iarna](https://github.com/iarna)) * [`41789cffa`](https://github.com/npm/npm/commit/41789cffac9845603f4bdf3f5b03f412144a0e9f) `npm-registry-client@8.1.0` ([@iarna](https://github.com/iarna)) #### NO SHRINKWRAP, NO PROBLEM Previously we needed to extract every package's tarball to look for an `npm-shrinkwrap.json` before we could begin working through what its dependencies were. This was one of the things stopping npm's network accesses from happening more concurrently. The new filtered package metadata provides a new key, `_hasShrinkwrap`. When that's set to `false` then we know we don't have to look for one. * [`4f5060eb3`](https://github.com/npm/npm/commit/4f5060eb31b9091013e1d6a34050973613a294a3) [#15969](https://github.com/npm/npm/pull/15969) Add support for skipping `npm-shrinkwrap.json` extraction when the registry can affirm that one doesn't exist. ([@iarna](https://github.com/iarna)) #### INTERRUPTING SCRIPTS * [`878aceb25`](https://github.com/npm/npm/commit/878aceb25e6d6052dac15da74639ce274c8e62c5) [#16129](https://github.com/npm/npm/pull/16129) Better handle Ctrl-C while running scripts. `npm` will now no longer exit until the script it is running has exited. If you press Ctrl-C a second time it kill the script rather than just forwarding the Ctrl-C. ([@jaridmargolin](https://github.com/jaridmargolin)) #### DEPENDENCY UPDATES: * [`def75eebf`](https://github.com/npm/npm/commit/def75eebf1ad437bf4fd3f5e103cc2d963bd2a73) `hosted-git-info@2.4.1`: Preserve case of the user name part of shortcut specifiers, previously they were lowercased. ([@iarna](https://github.com/iarna)) * [`eb3789fd1`](https://github.com/npm/npm/commit/eb3789fd18cfb063de9e6f80c3049e314993d235) `node-gyp@3.6.0`: Add support for VS2017 and Chakracore improvements. ([@refack](https://github.com/refack)) ([@kunalspathak](https://github.com/kunalspathak)) * [`245e25315`](https://github.com/npm/npm/commit/245e25315524b95c0a71c980223a27719392ba75) `readable-stream@2.2.6` ([@mcollina](https://github.com/mcollina)) * [`30357ebc5`](https://github.com/npm/npm/commit/30357ebc5691d7c9e9cdc6e0fe7dc6253220c9c2) `which@1.2.14` ([@isaacs](https://github.com/isaacs)) ### v4.4.4 (2017-03-16) ๐Ÿ˜ฉ๐Ÿ˜ค๐Ÿ˜… Okay! We have another `next` release for ya today. So, yes! With v4.4.3 we fixed the bug that made bundled scoped modules uninstallable. But somehow I overlooked the fact that we: A) were using these and B) that made upgrading to v4.4.3 impossible. ๐Ÿ˜ญ So I've renamed those two scoped modules to no longer use scopes and we now have a shiny new test to ensure that scoped modules don't creep into our transitive deps and make it impossible to upgrade to `npm`. (None of our woes applies to most of you all because most of you all don't use bundled dependencies. `npm` does because we want the published artifact to be installable without having to already have `npm`.) * [`2a7409fcb`](https://github.com/npm/npm/commit/2a7409fcba6a8fab716c80f56987b255983e048e) [#16066](https://github.com/npm/npm/pull/16066) Ensure we aren't using any scoped modules Because `npm`s prior 4.4.3 can't install dependencies that have bundled scoped modules. This didn't show up sooner because they ALSO had a bug that caused bundled scoped modules to not be included in the bundle. ([@iarna](https://github.com/iarna)) * [`eb4c70796`](https://github.com/npm/npm/commit/eb4c70796c38f24ee9357f5d4a0116db582cc7a9) [#16066](https://github.com/npm/npm/pull/16066) Switch to move-concurrently to remove scoped dependency ([@iarna](https://github.com/iarna)) ### v4.4.3 (2017-03-15) This is a small patch release, mostly because the published tarball for v4.4.2 was missing a couple of modules, due to a bug involving scoped modules, bundled dependencies and legacy tree layouts. There are a couple of other things here that happened to be ready to go. So without further adoโ€ฆ #### BUG FIXES * [`3d80f8f70`](https://github.com/npm/npm/commit/3d80f8f70679ad2b8ce7227d20e8dbce257a47b9) [npm/fs-vacuum#6](https://github.com/npm/fs-vacuum/pull/6) `fs-vacuum@1.2.1`: Make sure we never, ever remove home directories. Previously if your home directory was entirely empty then we might `rmdir` it. ([@helio-frota](https://github.com/helio-frota)) * [`1af85ca9f`](https://github.com/npm/npm/commit/1af85ca9f4d625f948e85961372de7df3f3774e2) [#16040](https://github.com/npm/npm/pull/16040) Fix bug where bundled transitive dependencies that happened to be installed under bundled scoped dependencies wouldn't be included in the tarball when building a package. ([@iarna](https://github.com/iarna)) * [`13c7fdc2e`](https://github.com/npm/npm/commit/13c7fdc2e87456a87b1c9385a3daeae228ed7c95) [#16040](https://github.com/npm/npm/pull/16040) Fix a bug where bundled scoped dependencies couldn't be extracted. ([@iarna](https://github.com/iarna)) * [`d6cde98c2`](https://github.com/npm/npm/commit/d6cde98c2513fe160eab41e31c3198dfde993207) [#16040](https://github.com/npm/npm/pull/16040) Stop printing `ENOENT` errors more than once. ([@iarna](https://github.com/iarna)) * [`722fbf0f6`](https://github.com/npm/npm/commit/722fbf0f6cf4413cdc24b610bbd60a7dbaf2adfe) [#16040](https://github.com/npm/npm/pull/16040) Rewrite the `extract` action for greater clarity. Specifically, this involves moving things around structurally to do the same thing [`d0c6d194`](https://github.com/npm/npm/commit/d0c6d194) did, but in a more comprehensive manner. This also fixes a long standing bug where errors from the move step would be eaten during this phase and as a result we would get mysterious crashes in the finalize phase when finalize tried to act on them. ([@iarna](https://github.com/iarna)) * [`6754dabb6`](https://github.com/npm/npm/commit/6754dabb6bd3301504efb3b62f36d3fe70958c19) [#16040](https://github.com/npm/npm/pull/16040) Flatten out `@npmcorp/move`'s deps for backwards compatibility reasons. Versions prior to this one will fail to install any package that bundles a scoped dependency. This was responsible for `ENOENT` errors during the `finalize` phase. ([@iarna](https://github.com/iarna)) #### DOC UPDATES * [`fba51c582`](https://github.com/npm/npm/commit/fba51c582d1d08dd4aa6eb27f9044dddba91bb18) [#15960](https://github.com/npm/npm/pull/15960) Update troubleshooting and contribution guide links. ([@watilde](https://github.com/watilde)) ### v4.4.2 (2017-03-09): This week, the focus on the release was mainly going through [all of npm's deps that we manage ourselves](https://github.com/npm/npm/wiki/npm-maintained-dependencies), and making sure all their PRs and versions were up to date. That means there's a few fixes here and there. Nothing too big codewise, though. The most exciting part of this release is probably our [shiny new Contributing](https://github.com/npm/npm/blob/latest/CONTRIBUTING.md) and [Troubleshooting](https://github.com/npm/npm/blob/latest/TROUBLESHOOTING.md) docs! [@snopeks](https://github.com/snopeks) did some โœจfantasticโœจ work hashing it out, and we're really hoping this is a nice big step towards making contributing to npm easier. The troubleshooting doc will also hopefully solve common issues for people! Do you think something is missing from it? File a PR and we'll add it! The current document is just a baseline for further editing and additions. Also there's maybe a bit of an easter egg in this release. 'Cause those are fun and I'm a huge nerd. ๐Ÿ˜‰ #### DOCUMENTATION AHOY * [`07e997a`](https://github.com/npm/npm/commit/07e997a7ecedba7b29ad76ffb2ce990d5c0200fc) [#15756](https://github.com/npm/npm/pull/15756) Overhaul `CONTRIBUTING.md` and add new `TROUBLESHOOTING.md` files. ๐Ÿ™Œ๐Ÿผ ([@snopeks](https://github.com/snopeks)) * [`2f3e4b6`](https://github.com/npm/npm/commit/2f3e4b645cdc268889cf95ba24b2aae572d722ad) [#15833](https://github.com/npm/npm/pull/15833) Mention the [24-hour unpublish policy](http://blog.npmjs.org/post/141905368000/changes-to-npms-unpublish-policy) on the main registry. ([@carols10cents](https://github.com/carols10cents)) #### NOT REALLY FEATURES, NOT REALLY BUGFIXES. MORE LIKE TWEAKS? ๐Ÿค” * [`84be534`](https://github.com/npm/npm/commit/84be534aedb78c65cd8012427fc04871ceeccf90) [#15888](https://github.com/npm/npm/pull/15888) Stop flattening `ls`-tree output. From now on, deduped deps will be marked as such in the place where they would've been before getting hoisted by the installer. ([@iarna](https://github.com/iarna)) * [`e9a5dca`](https://github.com/npm/npm/commit/e9a5dca369ead646ab5922326cede1406c62bd3b) [#15967](https://github.com/npm/npm/pull/15967) Limit metadata fetches to 10 concurrent requests. ([@iarna](https://github.com/iarna)) * [`46aa9bc`](https://github.com/npm/npm/commit/46aa9bcae088740df86234fc199f7aef53b116df) [#15967](https://github.com/npm/npm/pull/15967) Limit concurrent installer actions to 10. ([@iarna](https://github.com/iarna)) #### BUGFIXES * [`c3b994b`](https://github.com/npm/npm/commit/c3b994b71565eb4f943cce890bb887d810e6e2d4) [#15901](https://github.com/npm/npm/pull/15901) Use EXDEV aware move instead of rename. This will allow moving across devices and moving when filesystems don't support renaming directories full of files. It might make folks using Docker a bit happier. ([@iarna](https://github.com/iarna)) * [`0de1a9c`](https://github.com/npm/npm/commit/0de1a9c1db90e6705c65c068df1fe82899e60d68) [#15735](https://github.com/npm/npm/pull/15735) Autocomplete support for npm scripts with `:` colons in the name. ([@beyondcompute](https://github.com/beyondcompute)) * [`84b0b92`](https://github.com/npm/npm/commit/84b0b92e7f78ec4add42e8161c555325c99b7f98) [#15874](https://github.com/npm/npm/pull/15874) Stop using [undocumented](https://github.com/nodejs/node/pull/11355) `res.writeHeader` alias for `res.writeHead`. ([@ChALkeR](https://github.com/ChALkeR)) * [`895ffe4`](https://github.com/npm/npm/commit/895ffe4f3eecd674796395f91c30eda88aca6b36) [#15824](https://github.com/npm/npm/pull/15824) Fix empty versions column in `npm search` output. ([@bcoe](https://github.com/bcoe)) * [`38c8d7a`](https://github.com/npm/npm/commit/38c8d7adc1f43ab357d1e729ae7cd5d801a26e68) `init-package-json@1.9.5`: [npm/init-package-json#61](https://github.com/npm/init-package-json/pull/61) Exclude existing `devDependencies` from being added to `dependencies`. Fixes [#12260](https://github.com/npm/npm/issues/12260). ([@addaleax](https://github.com/addaleax)) ### v4.4.1 (2017-03-06): This is a quick little patch release to forgo the update notification checker if you're on an unsupported (but not otherwise broken) version of Node.js. Right now that means 0.10 or 0.12. * [`56ac249`](https://github.com/npm/npm/commit/56ac249ef8ede1021f1bc62a0e4fe1e9ba556af2) [#15864](https://github.com/npm/npm/pull/15864) Only use `update-notifier` on supported versions. ([@legodude17](https://github.com/legodude17)) ### v4.4.0 (2017-02-23): Aaaah, [@iarna](https://github.com/iarna) here, it's been a little while since I did one of these! This is a nice little release, we've got an update notifier, vastly less verbose error messages, new warnings on package metadata that will probably give you a bad day, and a sprinkling of bug fixes. #### UPDATE NOTIFICATIONS We now have a little nudge to update your `npm`, courtesy of [update-notifier](https://www.npmjs.com/package/update-notifier). * [`148ee66`](https://github.com/npm/npm/commit/148ee663740aa05877c64f16cdf18eba33fbc371) [#15774](https://github.com/npm/npm/pull/15774) `npm` will now check at start up to see if a newer version is available. It will check once a day. If you want to disable this, set `optOut` to `true` in `~/.config/configstore/update-notifier-npm.json`. ([@ceejbot](https://github.com/ceejbot)) #### LESS VERBOSE ERROR MESSAGES `npm` has, for a long time, had very verbose error messages. There was a lot of info in there, including the cause of the error you were seeing but without a lot of experience reading them pulling that out was time consuming and difficult. With this change the output is cut down substantially, centering the error message. So, for example if you try to `npm run sdlkfj` then the entire error you'll get will be: ``` npm ERR! missing script: sldkfj npm ERR! A complete log of this run can be found in: npm ERR! /Users/rebecca/.npm/_logs/2017-02-24T00_41_36_988Z-debug.log ``` The CLI team has discussed cutting this down even further and stripping the `npm ERR!` prefix off those lines too. We'd appreciate your feedback on this! * [`e544124`](https://github.com/npm/npm/commit/e544124592583654f2970ec332003cfd00d04f2b) [#15716](https://github.com/npm/npm/pull/15716) Make error output less verbose. ([@iarna](https://github.com/iarna)) * [`166bda9`](https://github.com/npm/npm/commit/166bda97410d0518b42ed361020ade1887e684af) [#15716](https://github.com/npm/npm/pull/15716) Stop encouraging users to visit the issue tracker unless we know for certain that it's an npm bug. ([@iarna](https://github.com/iarna)) #### OTHER NEW FEATURES * [`53412eb`](https://github.com/npm/npm/commit/53412eb22c1c75d768e30f96d69ed620dfedabde) [#15772](https://github.com/npm/npm/pull/15772) We now warn if you have a module listed in both dependencies and devDependencies. ([@TedYav](https://github.com/TedYav)) * [`426b180`](https://github.com/npm/npm/commit/426b1805904a13bdc5c0dd504105ba037270cbee) [#15757](https://github.com/npm/npm/pull/15757) Default reporting metrics to default registry. Previously it defaulted to using `https://registry.npmjs.org`, now it will default to the result of `npm config get registry`. For most folks this won't actually change anything, but it means that folks who use a private registry will have metrics routed there by default. This has the potential to be interesting because it means that in the future private registry products ([npme](https://npme.npmjs.com/docs/)!) will be able to report on these metrics. ([@iarna](https://github.com/iarna)) #### BUG FIXES * [`8ea0de9`](https://github.com/npm/npm/commit/8ea0de98563648ba0db032acd4d23d27c4a50a66) [#15716](https://github.com/npm/npm/pull/15716) Write logs for `cb() never called` errors. * [`c4e83dc`](https://github.com/npm/npm/commit/c4e83dca830b24305e3cb3201a42452d56d2d864) Make it so that errors while reading the existing node_modules tree can't result in installer crashes. ([@iarna](https://github.com/iarna)) * [`2690dc2`](https://github.com/npm/npm/commit/2690dc2684a975109ef44953c2cf0746dbe343bb) Update `npm doctor` to not treat broken symlinks in your global modules as a permission failure. This is particularly important if you link modules and your text editor uses the convention of creating symlinks from `.#filename.js` to a machine name and pid to lock files (eg emacs and compatible things). ([@iarna](https://github.com/iarna)) * [`f4c3f48`](https://github.com/npm/npm/commit/f4c3f489aa5787cf0d60e8436be2190e4b0d0ff7) [#15777](https://github.com/npm/npm/pull/15777) Not exactly a bug, but change a parameterless `.apply` to `.call`. ([@notarseniy](https://github.com/notarseniy)) #### DEPENDENCY UPDATES * [`549dcff`](https://github.com/npm/npm/commit/549dcff58c7aaa1e7ba71abaa14008fdf2697297) `rimraf@2.6.0`: Retry EBUSY, ENOTEMPTY and EPERM on non-Windows platforms too. More reliable `rimraf.sync` on Windows. ([@isaacs](https://github.com/isaacs)) * [`052dfb6`](https://github.com/npm/npm/commit/052dfb623da508f2b5f681da0258125552a18a4a) `validate-npm-package-name@3.0.0`: Remove ableist language in README. Stop allowing ~'!()* in package names. ([@tomdale](https://github.com/tomdale)) ([@chrisdickinson](https://github.com/chrisdickinson)) * [`6663ea6`](https://github.com/npm/npm/commit/6663ea6ac0f0ecec5a3f04a3c01a71499632f4dc) `abbrev@1.1.0` ([@isaacs](https://github.com/isaacs)) * [`be6de9a`](https://github.com/npm/npm/commit/be6de9aab9e20b6eac70884e8626161eebf8721a) `opener@1.4.3` ([@dominic](https://github.com/dominic)) * [`900a5e3`](https://github.com/npm/npm/commit/900a5e3e3411ec221306455f99b24b9ce35757c0) `readable-stream@2.2.3` ([@RangerMauve](https://github.com/RangerMauve)) ([@mcollina](https://github.com/mcollina)) * [`c972a8b`](https://github.com/npm/npm/commit/c972a8b0f20a61a79c45b6642f870bea8c55c7e4) `tacks@1.2.6` ([@iarna](https://github.com/iarna)) * [`85a36ef`](https://github.com/npm/npm/commit/85a36efdac0c24501876875cb9ad40292024e0b0) [`7ac9265`](https://github.com/npm/npm/commit/7ac9265c56b4d9eeaca6fcfb29513f301713e7bb) `tap@10.2.0` ([@isaacs](https://github.com/saacs)) ### v4.3.0 (2017-02-09): Yay! Release time! It's a rainy day, and we have another smallish release for y'all. These things are not necessarily related. Or are they ๐ŸŒง๐Ÿค” As far as news go, you may have noticed that the CLI team dropped support for `node@0.12` when that version went out of maintenance. Still, we've avoided explicitly breaking it and `node@0.10` so far -- but not much longer. Sometime soon, the CLI team plans on switching over to language features only available as of `node@4 LTS`, and will likely start dropping old versions of node as they go out of maintenance. The new features are exciting! We're really looking forward to using them in the core CLI (and its dependencies) as we keep up with our current feature work. And speaking of features, this release is a minor bump due to a small change in how `npm login` works for the sake of supporting OAuth-based login for npm Enterprise users. But we won't leave the rest of y'all out -- we're working on a larger version of this feature. Soon enough, you'll be able to log in to npm with, say, GitHub -- and use some shiny features that come from the integration. Or turn on 2FA and other such security features. Keep your eyes peeled for new on this in the next few releases and our weekly newsletter! #### NEW AUTH TYPES There's a new command line option: `--auth-type`, which can be used to log in to a supporting registry with OAuth2 or SAML. The current implementation is mainly meant to support npmE customers, so if you're one of those: ask us about using it! If not, just hold off cause we'll have a much more complete version of this feature out soon. * [`ac8595e`](https://github.com/npm/npm/commit/ac8595e3c9b615ff95abc3301fac1262c434792c) [`bcf2dd8`](https://github.com/npm/npm/commit/bcf2dd8a165843255c06515fa044c6e4d3b71ca4) [`9298d20`](https://github.com/npm/npm/commit/9298d20af58b92572515bfa9cf7377bd4221dc7d) [`66b61bc`](https://github.com/npm/npm/commit/66b61bc42e81ee8a1ee00fc63517f62284140688) [`dc85de7`](https://github.com/npm/npm/commit/dc85de7df6bb61f7788611813ee82ae695a18f1f) [#13389](https://github.com/npm/npm/pull/13389) Implement single-sign-on support with `--auth-type` option. ([@zkat](https://github.com/zkat)) #### FASTER STARTUP. SOMETIMES! `request` is pretty heavy. And it loads a bunch of things. It's actually a pretty big chunk of npm's load time. This small patch by Rebecca will make it so npm only loads that module when we're actually intending to make network requests. Those of you who use npm commands that run offline might see a small speedup in startup time. * [`ac73568`](https://github.com/npm/npm/commit/ac735682e666e8724549d56146821f3b8b018e25) [#15631](https://github.com/npm/npm/pull/15631) Lazy load `caching-registry-client`. ([@iarna](https://github.com/iarna)) #### DOCUMENTATION * [`4ad9247`](https://github.com/npm/npm/commit/4ad9247aa82f7553c9667ee93c74ec7399d6ceec) [#15630](https://github.com/npm/npm/pull/15630) Fix formatting/rendering for root npm README. ([@ungoldman](https://github.com/ungoldman)) #### DEPENDENCY UPDATES * [`8cc1112`](https://github.com/npm/npm/commit/8cc1112958638ff88ac2c24c4a065acacb93d64b) [npm/hosted-git-info#21](https://github.com/npm/hosted-git-info/pull/21) `hosted-git-info@2.2.0`: Add support for `.tarball()` URLs. ([@zkat](https://github.com/zkat)) * [`6eacc1b`](https://github.com/npm/npm/commit/6eacc1bc1925fe3cc79fc97bdc3194d944fce55e) `npm-registry-mock@1.1.0` ([@addaleax](https://github.com/addaleax)) * [`a9b6d77`](https://github.com/npm/npm/commit/a9b6d775e61cf090df0e13514c624f99bf31d1e7) `aproba@1.1.1` ([@iarna](https://github.com/iarna)) ### v4.2.0 (2017-01-26): Hi all! I'm Kat, and I'm currently sitting in a train traveling at ~300km/h through Spain. So clearly, this release should have *something* to do with speed. And it does! Heck, with this release, you could say we're really _blazing_, even. ๐ŸŒฒ๐Ÿ”ฅ๐Ÿ˜ #### IMPROVED CLI SEARCH~ You might recall if you've been keeping up that one of the reasons for a semver-major bump to `npm@4` was an improved CLI search (read: no longer blowing up Node). The work done for that new search system, while still relying on a full metadata download and local search, was also meant to act as groundwork for then-ongoing work on a brand-new, smarter search system for npm. Shortly after `npm@4` came out, the bulk of the server-side work was done, and with this release, the npm CLI has integrated use of the new endpoint for high-quality, fast-turnaround searches. No, seriously, it's *fast*. And *relevant*: [![GOTTA GO FAST! This is a gif of the new npm search returning results in around a second for `npm search web framework`.](https://cloud.githubusercontent.com/assets/17535/21954136/f007e8be-d9fd-11e6-9231-f899c12790e0.gif)](https://github.com/npm/npm/pull/15481) Give it a shot! And remember to check out the new website version of the search, too, which uses the same backend as the CLI now. ๐ŸŽ‰ Incidentally, the backend is a public service, so you can write your own search tools, be they web-based, CLI, or GUI-based. You can read up on the [full documentation for the search endpoint](https://github.com/npm/registry/blob/master/docs/REGISTRY-API.md#get-v1search), and let us know about the cool things you come up with! * [`ce3ca51`](https://github.com/npm/npm/commit/ce3ca51ca2d60e15e901c8bf6256338e53e1eca2) [#15481](https://github.com/npm/npm/pull/15481) Add an internal `gunzip-maybe` utility for optional gunzipping. ([@zkat](https://github.com/zkat)) * [`e322932`](https://github.com/npm/npm/commit/e3229324d507fda10ea9e94fd4de8a4ae5025c75) [`a53055e`](https://github.com/npm/npm/commit/a53055e423f1fe168f05047aa0dfec6d963cb211) [`a1f4365`](https://github.com/npm/npm/commit/a1f436570730c6e4a173ca92d1967a87c29b7f2d) [`c56618c`](https://github.com/npm/npm/commit/c56618c62854ea61f6f716dffe7bcac80b5f4144) [#15481](https://github.com/npm/npm/pull/15481) Add support for using the new npm search endpoint for fast, quality search results. Includes a fallback to "classic" search. ([@zkat](https://github.com/zkat)) #### WHERE DID THE DEBUG LOGS GO This is another pretty significant change: Usually, when the npm process crashed, you would get an `npm-debug.log` in your current working directory. This debug log would get cleared out as soon as you ran npm again. This was a bit annoying because 1) you would get a random file in your `git status` that you might accidentally commit, and 2) if you hit a hard-to-reproduce bug and instinctually tried again, you would no longer have access to the repro `npm-debug.log`. So now, any time a crash happens, we'll save your debug logs to your cache folder, under `_logs` (`~/.npm` on *nix, by default -- use `npm config get cache` to see what your current value is). The cache will now hold a (configurable) number of `npm-debug.log` files, which you can access in the future. Hopefully this will help clean stuff up and reduce frustration from missed repros! In the future, this will also be used by `npm report` to make it super easy to put up issues about crashes you run into with npm. ๐Ÿ’ƒ๐Ÿ•บ๐Ÿฟ๐Ÿ‘ฏโ€โ™‚๏ธ * [`04fca22`](https://github.com/npm/npm/commit/04fca223a0f704b69340c5f81b26907238fad878) [#11439](https://github.com/npm/npm/pull/11439) Put debug logs in `$(npm get cache)/_logs` and store multiple log files. ([@KenanY](https://github.com/KenanY)) ([@othiym23](https://github.com/othiym23)) ([@isaacs](https://github.com/isaacs)) ([@iarna](https://github.com/iarna)) #### DOCS * [`ae8e71c`](https://github.com/npm/npm/commit/ae8e71c2b7d64d782af287a21e146d7cea6e5273) [#15402](https://github.com/npm/npm/pull/15402) Add missing backtick in one of the `npm doctor` messages. ([@watilde](https://github.com/watilde), [@charlotteis](https://github.com/charlotteis)) * [`821fee6`](https://github.com/npm/npm/commit/821fee6d0b12a324e035c397ae73904db97d07d2) [#15480](https://github.com/npm/npm/pull/15480) Clarify that unscoped packages can depend on scoped packages and vice-versa. ([@chocolateboy](https://github.com/chocolateboy)) * [`2ee45a8`](https://github.com/npm/npm/commit/2ee45a884137ae0706b7c741c671fef2cb3bac96) [#15515](https://github.com/npm/npm/pull/15515) Update minimum supported Node version number in the README to `node@>=4`. ([@watilde](https://github.com/watilde)) * [`af06aa9`](https://github.com/npm/npm/commit/af06aa9a357578a8fd58c575f3dbe55bc65fc376) [#15520](https://github.com/npm/npm/pull/15520) Add section to `npm-scope` docs to explain that scope owners will own scoped packages with that scope. That is, user `@alice` is not allowed to publish to `@bob/my-package` unless explicitly made an owner by user (or org) `@bob`. ([@hzoo](https://github.com/hzoo)) * [`bc892e6`](https://github.com/npm/npm/commit/bc892e6d07a4c6646480703641a4d71129c38b6d) [#15539](https://github.com/npm/npm/pull/15539) Replace `http` with `https` and fix typos in some docs. ([@watilde](https://github.com/watilde)) * [`1dfe875`](https://github.com/npm/npm/commit/1dfe875b9ac61a0ab9f61a2eab02bacf6cce583c) [#15545](https://github.com/npm/npm/pull/15545) Update Node.js download link to point to the right place. ([@watilde](https://github.com/watilde)) #### DEPENDENCIES * [`b824bfb`](https://github.com/npm/npm/commit/b824bfbeb2d89c92762e9170b026af98b5a3668a) `ansi-regex@2.1.1` * [`81ea3e8`](https://github.com/npm/npm/commit/81ea3e8e4ea34cd9c2b418512dcb508abcee1380) `mississippi@1.3.0` #### MISC * [`98df212`](https://github.com/npm/npm/commit/98df212a91fd6ff4a02b9cd247f4166f93d3977a) [#15492](https://github.com/npm/npm/pull/15492) Update the "master" node version used for AppVeyor to `node@7`. ([@watilde](https://github.com/watilde)) * [`d75fc03`](https://github.com/npm/npm/commit/d75fc03eda5364f12ac266fa4f66e31c2e44e864) [#15413](https://github.com/npm/npm/pull/15413) `npm run-script` now exits with the child process' exit code on exit. ([@kapals](https://github.com/kapals)) ### v4.1.2 (2017-01-12) We have a twee little release this week as we come back from the holidays. #### 0.12 IS UNSUPPORTED NOW (really) After [jumping the gun a little](https://github.com/npm/npm/releases/tag/v4.0.2), we can now officially remove 0.12 from our supported versions list. The Node.js project has now officially ended even maintenance support for 0.12 and thus, so will we. To reiterate from the last time we did this: What this means: * Your contributions will no longer block on the tests passing on 0.12. * We will no longer block dependency upgrades on working with 0.12. * Bugs filed on the npm CLI that are due to incompatibilities with 0.12 (and older versions) will be closed with a strong urging to upgrade to a supported version of Node. * On the flip side, we'll continue to (happily!) accept patches that address regressions seen when running the CLI with Node.js 0.12. What this doesn't mean: * The CLI is going to start depending on ES2015+ features. npm continues to work, in almost all cases, all the way back to Node.js 0.8, and our long history of backwards compatibility is a source of pride for the team. * We aren't concerned about the problems of users who, for whatever reason, can't update to newer versions of npm. As mentioned above, we're happy to take community patches intended to address regressions. We're not super interested in taking sides on what version of Node.js you "should" be running. We're a workflow tool, and we understand that you all have a diverse set of operational environments you need to be able to support. At the same time, we _are_ a small team, and we need to put some limits on what we support. Tracking what's supported by our runtime's own team seems most practical, so that's what we're doing. * [`c7bbba8`](https://github.com/npm/npm/commit/c7bbba8744b62448103a1510c65d9751288abb5d) Remove 0.12 from our supported versions list. ([@iarna](https://github.com/iarna)) #### WRITING TO SYMLINKED `package.json` (AND OTHER FILES) If your `package.json`, `npm-shrinkwrap.json` or `.npmrc` were a symlink and you used an `npm` command that modified one of these (eg `npm config set` or `npm install --save`) then previously we would have removed your symlink and replaced it with an ordinary file. While making these files symlinks is pretty uncommon, this was still surprising behavior. With this fix we now overwrite the _destination_ of the symlink and preserve the symlink itself. * [`a583983`](https://github.com/npm/npm/commit/a5839833d3de7072be06884b91902c093aff1aed) [write-file-atomic/#5](https://github.com/npm/write-file-atomic/issues/5) [#10223](https://github.com/npm/npm/10223) `write-file-atomic@1.3.1`: When the target is a symlink, write-file-atomic now overwrites the _destination_ of the symlink, instead of replacing the symlink itself. This makes it's behavior match `fs.writeFile`. Fixed a bug where it would ALWAYS fs.stat to look up default mode and chown values even if you'd passed them in. (It still used the values you passed in, but did a needless stat.) ([@iarna](https://github.com/iarna)) #### DEPENDENCY UPDATES * [`521f230`](https://github.com/npm/npm/commit/521f230dd57261e64ac9613b3db62f5312971dca) `node-gyp@3.5.0`: Improvements to how Python is located. New `--devdir` flag. ([@bnoordhuis](https://github.com/bnoordhuis)) ([@mhart](https://github.com/mhart)) * [`ccd83e8`](https://github.com/npm/npm/commit/ccd83e8a70d35fb0904f8a9adb2ff7ac8a6b2706) `JSONStream@1.3.0`: Add new emitPath option. ([@nathanwills](https://github.com/nathanwills)) #### TEST IMPROVEMENTS * [`d76e084`](https://github.com/npm/npm/commit/d76e08463fd65705217624b861a1443811692f34) Disable metric reporting for test suite even if the user has it enabled. ([@iarna](https://github.com/iarna)) ### v4.1.1 (2016-12-16) This fixes a bug in the metrics reporting where, if you had enabled it then installs would create a metrics reporting process, that would create a metrics reporting process, that wouldโ€ฆ well, you get the idea. The only way to actually kill these processes is to turn off your networking, then on MacOS/Linux kill them with `kill -9`. Alternatively you can just reboot. Anyway, this is a quick release to fix that bug: * [`51c393f`](https://github.com/npm/npm/commit/51c393feff5f4908c8a9fb02baef505b1f2259be) [#15237](https://github.com/npm/npm/pull/15237) Don't launch a metrics sender process if we're running from a metrics sender process. ([@iarna](https://github.com/iarna)) ### v4.1.0 (2016-12-15) I'm really excited about `npm@4.1.0`. I know, I know, I'm kinda overexcited in my changelogs, but this one is GREAT. We've got a WHOLE NEW subcommand, I mean, when was the last time you saw that? YEARS! And we have the beginnings of usage metrics reporting. Then there's a fix for a really subtle bug that resulted in `shasum` errors. And then we also have a few more bug fixes and other improvements. #### ANONYMOUS METRIC REPORTING We're adding the ability for you all to help us track the quality of your experiences using `npm`. Metrics will be sent if you run: ``` npm config set send-metrics true ``` Then `npm` will report to `registry.npmjs.org` the number of successful and failed installations you've had. The data contains no identifying information and npm will not attempt to correlate things like IP address with the metrics being submitted. Currently we only track number of successful and failed installations. In the future we would like to find additional metrics to help us better quantify the quality of the `npm` experience. * [`190a658`](https://github.com/npm/npm/commit/190a658c4222f6aa904cbc640fc394a5c875e4db) [#15084](https://github.com/npm/npm/pull/15084) Add facility for recording and reporting success metrics. ([@iarna](https://github.com/iarna)) * [`87afc8b`](https://github.com/npm/npm/commit/87afc8b466f553fb49746c932c259173de48d0a4) [npm/npm-registry-client#147](https://github.com/npm/npm-registry-client/pull/148) `npm-registry-client@7.4.5`: Add support for sending anonymous CLI metrics. ([@iarna](https://github.com/iarna), [@sisidovski](https://github.com/sisidovski)) ### NPM DOCTOR 
Check                               Value                        Recommendation
npm ping                            ok
npm -v                              v4.0.5
node -v                             v4.6.1                       Use node v6.9.2
npm config get registry             https://registry.npmjs.org/
which git                           /Users/rebecca/bin/git
Perms check on cached files         ok
Perms check on global node_modules  ok
Perms check on local node_modules   ok
Checksum cached files               ok
It's a rare day that we add a new command to `npm`, so I'm excited to present to you `npm doctor`. It checks for a number of common problems and provides some recommended solutions. It was put together through the hard work of [@watilde](https://github.com/watilde). * [`2359505`](https://github.com/npm/npm/commit/23595055669f76c9fe8f5f1cf4a705c2e794f0dc) [`0209ee5`](https://github.com/npm/npm/commit/0209ee50448441695fbf9699019d34178b69ba73) [#14582](https://github.com/npm/npm/pull/14582) Add new `npm doctor` to give your project environment a health check. ([@watilde](https://github.com/watilde)) #### FIX MAJOR SOURCE OF SHASUM ERRORS If you've been getting intermittent shasum errors then you'll be pleased to know that we've tracked down at least one source of them, if not THE source of them. * [`87afc8b`](https://github.com/npm/npm/commit/87afc8b466f553fb49746c932c259173de48d0a4) [#14626](https://github.com/npm/npm/issues/14626) [npm/npm-registry-client#148](https://github.com/npm/npm-registry-client/pull/148) `npm-registry-client@7.4.5`: Fix a bug where an `ECONNRESET` while fetching a package file would result in a partial download that would be reported as a "shasum mismatch". It now throws away the partial download and retries it. ([@iarna](https://github.com/iarna)) #### FILE URLS AND NODE.JS 7 When `npm` was formatting `file` URLs we took advantage of `url.format` to construct them. Node.js 7 changed the behavior in such a way that our use of `url.format` stopped producing URLs that we could make use of. The reasons for this have to do with the `file` URL specification and how invalid (according to the specification) URLs are handled. How this changed is most easily explained with a table:
URLNode.js <= 6npm's understandingNode.js 7npm's understanding
VALIDfile:///abc/deffile:///abc/def/abc/deffile:///abc/def/abc/def
invalidfile:/abc/deffile:/abc/def/abc/deffile:///abc/def/abc/def
invalidfile:abc/deffile:abc/def$CWD/abc/deffile://abc/def/def on the abc host
invalidfile:../abc/deffile:../abc/def$CWD/../abc/deffile://../abc/def/abc/def on the .. host
So the result was that passing a `file` URL that npm had received that used through Node.js 7's `url.format` changed its meaning as far as `npm` was concerned. As those kinds of URLs are, per the specification, invalid, how they should be handled is undefined and so the change in Node.js wasn't a bug per se. Our solution is to stop using `url.format` when constructing this kind of URL. * [`173935b`](https://github.com/npm/npm/commit/173935b4298e09c4fdcb8f3a44b06134d5aff181) [#15114](https://github.com/npm/npm/issues/15114) Stop using `url.format` for relative local dep paths. ([@zkat](https://github.com/zkat)) #### EXTRANEOUS LIFECYCLE SCRIPT EXECUTION WHEN REMOVING * [`afb1dfd`](https://github.com/npm/npm/commit/afb1dfd944e57add25a05770c0d52d983dc4e96c) [#15090](https://github.com/npm/npm/pull/15090) Skip top level lifecycles when uninstalling. ([@iarna](https://github.com/iarna)) #### REFACTORING AND INTERNALS * [`c9b279a`](https://github.com/npm/npm/commit/c9b279aca0fcb8d0e483e534c7f9a7250e2a9392) [#15205](https://github.com/npm/npm/pull/15205) [#15196](https://github.com/npm/npm/pull/15196) Only have one function that determines which version of a package to use given a specifier and a list of versions. ([@iarna](https://github.com/iarna), [@zkat](https://github.com/zkat)) * [`981ce63`](https://github.com/npm/npm/commit/981ce6395e7892dde2591b44e484e191f8625431) [#15090](https://github.com/npm/npm/pull/15090) Rewrite prune to use modern npm plumbing. ([@iarna](https://github.com/iarna)) * [`bc4b739`](https://github.com/npm/npm/commit/bc4b73911f58a11b4a2d28b49e24b4dd7365f95b) [#15089](https://github.com/npm/npm/pull/15089) Rename functions and variables in the module that computes what changes to make to your installation. ([@iarna](https://github.com/iarna)) * [`2449f74`](https://github.com/npm/npm/commit/2449f74a202b3efdb1b2f5a83356a78ea9ecbe35) [#15089](https://github.com/npm/npm/pull/15089) When computing changes to make to your installation, use a function to add new actions to take instead of just pushing on a list. ([@iarna](https://github.com/iarna)) #### IMPROVED LOGGING * [`335933a`](https://github.com/npm/npm/commit/335933a05396258eead139d27eea3f7668ccdfab) [#15089](https://github.com/npm/npm/pull/15089) Log when we remove obsolete dependencies in the tree. ([@iarna](https://github.com/iarna)) #### DOCUMENTATION * [`33ca4e6`](https://github.com/npm/npm/commit/33ca4e6db3c1878cbc40d5e862ab49bb0e82cfb2) [#15157](https://github.com/npm/npm/pull/15157) Update `npm cache` docs to use more consistent language ([@JonahMoses](https://github.com/JonahMoses)) #### DEPENDENCY UPDATES * [`c2d22fa`](https://github.com/npm/npm/commit/c2d22faf916e8260136a1cc95913ca474421c0d3) [#15215](https://github.com/npm/npm/pull/15215) `nopt@4.0.1`: The breaking change is a small tweak to how empty string values are handled. See the brand-new [CHANGELOG.md for nopt](https://github.com/npm/nopt/blob/v4.0.1/CHANGELOG.md) for further details about what's changed in this release! ([@adius](https://github.com/adius), [@samjonester](https://github.com/samjonester), [@elidoran](https://github.com/elidoran), [@helio](https://github.com/helio), [@silkentrance](https://github.com/silkentrance), [@othiym23](https://github.com/othiym23)) * [`54d949b`](https://github.com/npm/npm/commit/54d949b05adefffeb7b5b10229c5fe0ccb929ac3) [npm/lockfile#24](https://github.com/npm/lockfile/pull/24) `lockfile@1.0.3`: Handled case where callback was not passed in by the user. ([@ORESoftware](https://github.com/ORESoftware)) * [`54acc03`](https://github.com/npm/npm/commit/54acc0389b39850c0725d0868cb5e61317b57503) `npmlog@4.0.2`: Documentation update. ([@helio-frota](https://github.com/helio-frota)) * [`57f4bc1`](https://github.com/npm/npm/commit/57f4bc1150322294c1ea0a287ad0a8e457c151e6) `osenv@0.1.4`: Test changes. ([@isaacs](https://github.com/isaacs)) * [`bea1a2d`](https://github.com/npm/npm/commit/bea1a2d0db566560e13ecc1d5f42e55811269c88) `retry@0.10.1`: No changes. ([@tim-kos](https://github.com/tim-kos)) * [`6749e39`](https://github.com/npm/npm/commit/6749e395f868109afd97f79d36507e6567dd48fb) [kapouer/marked-man#9](https://github.com/kapouer/marked-man/pull/9) `marked-man@0.2.0`: Add table support. ([@gholk](https://github.com/gholk)) ### v4.0.5 (2016-12-01) It's that time of year! December is upon us, which means y'all are just going to be doing a lot less, in general, for the next month or so. The "Xmas Chasm", as we like to call it, has already begun. So for those of you reading it from the other side: Hi! Welcome back! This week's release is a relatively small one, involving just a few bugfixes and dependency upgrades. The CLI team has been busy recently with scoping out `npm@5`, and starting to do initial spec work for in-scope stuff. #### BUGFIXES On to the actual changes! * [`9776d8f`](https://github.com/npm/npm/commit/9776d8f70a0ea8d921cbbcab7a54e52c15fc455f) [#15081](https://github.com/npm/npm/pull/15081) `bundledDependencies` are intended to be left untouched by the installer, as much as possible -- if they're bundled, we assume that you want to be particular about the contents of your bundle. The installer used to have a corner case where existing dependencies that had bundledDependencies would get clobbered by as the installer moved stuff around, even though the installer already avoided moving deps that were themselves bundled. This is now fixed, along with the connected crasher, and your bundledDeps should be left even more intact than before! ([@iarna](https://github.com/iarna)) * [`fc61c08`](https://github.com/npm/npm/commit/fc61c082122104031ccfb2a888432c9f809a0e8b) [#15082](https://github.com/npm/npm/pull/15082) Initialize nodes from bundled dependencies. This should address [#14427](https://github.com/npm/npm/issues/14427) and related issues, but it's turned out to be a tremendously difficult issue to reproduce in a test. We decided to include it even pending tests, because we found the root cause of the errors. ([@iarna](https://github.com/iarna)) * [`d8471a2`](https://github.com/npm/npm/commit/d8471a294ef848fc893f60e17d6ec6695b975d16) [#12811](https://github.com/npm/npm/pull/12811) Consider `devDependencies` when deciding whether to hoist a package. This should resolve a variety of missing dependency issues some folks were seeing when `devDependencies` happened to also be dependencies of your `dependencies`. This often manifested as modules going missing, or only being installed, after `npm install` was called twice. ([@schmod](https://github.com/schmod)) #### DEPENDENCY UPDATES * [`5978703`](https://github.com/npm/npm/commit/5978703da8669adae464789b1b15ee71d7f8d55d) `graceful-fs@4.1.11`: `EPERM` errors are Windows are now handled more gracefully. Windows users that tended to see these errors due to, say, an antivirus-induced race condition, should see them much more rarely, if at all. ([@zkatr](https://github.com/zkat)) * [`85b0174`](https://github.com/npm/npm/commit/85b0174ba9842e8e89f3c33d009e4b4a9e877c7d) `request@2.79.0` ([@zkat](https://github.com/zkat)) * [`9664d36`](https://github.com/npm/npm/commit/9664d36653503247737630440bc2ff657de965c3) `tap@8.0.1` ([@zkat](https://github.com/zkat)) #### MISCELLANEOUS * [`f0f7b0f`](https://github.com/npm/npm/commit/f0f7b0fd025daa2b69994130345e6e8fdaaa0304) [#15083](https://github.com/npm/npm/pull/15083) Removed dead code. ([@iarna](https://github.com/iarna)) * [`bc32afe`](https://github.com/npm/npm/commit/bc32afe4d12e3760fb5a26466dc9c26a5a2981d5) [`c8a22fe`](https://github.com/npm/npm/commit/c8a22fe5320550e09c978abe560b62ce732686f4) [`db2666d`](https://github.com/npm/npm/commit/db2666d8c078fc69d0c02c6a3de9b31be1e995e9) [#15085](https://github.com/npm/npm/pull/15085) Change some network tests so they can run offline. ([@iarna](https://github.com/iarna)) * [`744a39b`](https://github.com/npm/npm/commit/744a39b836821b388ad8c848bd898c1d006689a9) [#15085](https://github.com/npm/npm/pull/15085) Make Node.js tests compatible with Windows. ([@iarna](https://github.com/iarna)) ### v4.0.3 (2016-11-17) Hey you all, we've got a couple of bug fixes for you, a slew of documentation improvements and some improvements to our CI environment. I know we just got v4 out the door, but the CLI team is already busy planning v5. We'll have more for you in early December. #### BUG FIXES * [`45d40d9`](https://github.com/npm/npm/commit/45d40d96d2cd145f1e36702d6ade8cd033f7f332) [`ba2adc2`](https://github.com/npm/npm/commit/ba2adc2e822d5e75021c12f13e3f74ea2edbde32) [`1dc8908`](https://github.com/npm/npm/commit/1dc890807bd78a1794063688af31287ed25a2f06) [`2ba19ee`](https://github.com/npm/npm/commit/2ba19ee643d612d103cdd8f288d313b00d05ee87) [#14403](https://github.com/npm/npm/pull/14403) Fix a bug where a scoped module could produce crashes when incorrectly computing the paths related to their location. This patch reorganizes how path information is passed in to eliminate the possibility of this sort of bug. ([@iarna](https://github.com/iarna)) ([@NatalieWolfe](https://github.com/NatalieWolfe)) * [`1011ec6`](https://github.com/npm/npm/commit/1011ec61230288c827a1c256735c55cf03d6228f) [npm/npmlog#46](https://github.com/npm/npmlog/pull/46) `npmlog@4.0.1`: Fix a bug where the progress bar would still display even if you passed in `--no-progress`. ([@iarna](https://github.com/iarna)) #### DOCUMENTATION UPDATES * [`c3ac177`](https://github.com/npm/npm/commit/c3ac177236124c80524c5f252ba8f6670f05dcd8) [#14406](https://github.com/npm/npm/pull/14406) Sync up the dispute policy included with the CLI with the [current official text](https://www.npmjs.com/policies/disputes). ([@mike-engel](https://github.com/mike-engel)) * [`9c663b2`](https://github.com/npm/npm/commit/9c663b2dd8552f892dc0205330bbc73a484ecd81) [#14627](https://github.com/npm/npm/pull/14627) Update build status branch in README. ([@cameronroe](https://github.com/cameronroe)) * [`8a8a0a3`](https://github.com/npm/npm/commit/8a8a0a3d490fc767def208f925cdff57e16e565b) [#14609](https://github.com/npm/npm/pull/14609) Update examples URLs of GitHub repos where those repos have moved to new URLs. ([@dougwilson](https://github.com/dougwilson)) * [`7a6425b`](https://github.com/npm/npm/commit/7a6425bcd4decde5d4b0af8b507e98723a07c680) [#14472](https://github.com/npm/npm/pull/14472) Document `sign-git-tag` in [npm-version(1)](https://github.com/npm/npm/blob/release-next/doc/cli/npm-version.md)'s configuration section. ([@strugee](https://github.com/strugee)) * [`f3087cc`](https://github.com/npm/npm/commit/f3087cc58c903d9a70275be805ebaf0eadbcbe1b) [#14546](https://github.com/npm/npm/pull/14546) Add a note about the dangers of configuring npm via uppercase env vars. ([@tuhoojabotti](https://github.com/tuhoojabotti)) * [`50e51b0`](https://github.com/npm/npm/commit/50e51b04a143959048cf9e1e4c8fe15094f480b0) [#14559](https://github.com/npm/npm/pull/14559) Remove documentation that incorrectly stated that we check `.npmrc` permissions. ([@iarna](https://github.com/iarna)) ##### OH UH, HELLO AGAIN NODE.JS 0.12 * [`6f0c353`](https://github.com/npm/npm/commit/6f0c353e4e89b0378a4c88c829ccf9a1c5ae829d) [`f78bde6`](https://github.com/npm/npm/commit/f78bde6983bdca63d5fcb9c220c87e8f75ffb70e) [#14591](https://github.com/npm/npm/pull/14591) Reintroduce Node.js 0.12 to our support matrix. We jumped the gun when removing it. We won't drop support for it till the Node.js project does so at the end of December 2016. ([@othiym23](https://github.com/othiym23)) #### TEST/CI UPDATES * [`aa73d1c`](https://github.com/npm/npm/commit/aa73d1c1cc22608f95382a35b33da252addff38e) [`c914e80`](https://github.com/npm/npm/commit/c914e80f5abcb16c572fe756c89cf0bcef4ff991) * [`58fe064`](https://github.com/npm/npm/commit/58fe064dcc80bc08c677647832f2adb4a56b538a) [#14602](https://github.com/npm/npm/pull/14602) When running tests with coverage, use nyc's cache. This provides an 8x speedup! ([@bcoe](https://github.com/bcoe)) * [`ba091ce`](https://github.com/npm/npm/commit/ba091ce843af5d694f4540e825b095435b3558d8) [#14435](https://github.com/npm/npm/pull/14435) Remove an unused zero byte `package.json` found in the test fixtures. ([@baderbuddy](https://github.com/baderbuddy)) #### DEPENDENCY UPDATES * [`442e01e`](https://github.com/npm/npm/commit/442e01e42d8a439809f6726032e3b73ac0d2b2f8) `readable-stream@2.2.2`: Bring in latest changes from Node.js 7.x. ([@calvinmetcalf](https://github.com/calvinmetcalf)) * [`bfc4a1c`](https://github.com/npm/npm/commit/bfc4a1c0c17ef0a00dfaa09beba3389598a46535) `which@1.2.12`: Remove unused require. ([@isaacs](https://github.com/isaacs)) #### DEV DEPENDENCY UPDATES * [`7075b05`](https://github.com/npm/npm/commit/7075b054d8d2452bb53bee9b170498a48a0dc4e9) `marked-man@0.1.6` ([@kapouer](https://github.com/kapouer)) * [`3e13fea`](https://github.com/npm/npm/commit/3e13fea907ee1141506a6de7d26cbc91c28fdb80) `tap@8.0.0` ([@isaacs](https://github.com/isaacs)) ### v4.0.2 (2016-11-03) Hola, amigxs. I know it's been a long time since I rapped at ya, but I been spending a lotta time quietly reflecting on all the things going on in my life. I was, like, [in Japan for a while](https://gist.github.com/othiym23/c98bd4ef5d9fb3f496835bd481ef40ae), and before that my swell colleagues [@zkat](https://github.com/zkat) and [@iarna](https://github.com/iarna) have been very capably managing the release process for quite a while. But I returned from Japan somewhat refreshed, very jetlagged, and filled with a burning urge to get `npm@4` as stable as possible before we push it out to the user community at large, so I decided to do this release myself. (Also, huge thanks to Kat and Rebecca for putting out `npm@4` so capably while I was on vacation! So cool to return to a major release having gone so well without my involvement!) That said... #### NEVER TRUST AN X.0.0 RELEASE Even though 4.0.1 came out hard on the heels of 4.0.0 with a couple critical fixes, we've found a couple other major issues that we want to see fixed before making `npm@4` into `npm@latest`. Some of these are arguably breaking changes on their own, so now is the time to get them out if we're going to do so before `npm@5`, and all of them are pretty significant blockers for a substantial number of users, so now is the best time to fix them. ##### PREPUBLISHONLY WHOOPS The code running the `publish*` lifecycle events was very confusingly written. In fact, we didn't really figure out what it was doing until we added the new `prepublishOnly` event and it was running people's scripts from the wrong directory. We made it simpler. See the [commit message](https://github.com/npm/npm/commit/8b32d67aa277fd7e62edbed886387a855f58387f) for details. Because the change is no longer running publish events when publishing prebuilt artifacts, it's technically a breaking / semver-major change. In the off chance that the new behavior breaks any of y'all's workflows, let us know, and we can roll some or all of this change back until `npm@5` (or forever, if that works better for you). * [`8b32d67`](https://github.com/npm/npm/commit/8b32d67aa277fd7e62edbed886387a855f58387f) [#14502](https://github.com/npm/npm/pull/14502) Simplify lifecycle invocation and fix `prepublishOnly`. ([@othiym23](https://github.com/othiym23)) ##### G'BYE NODE.JS 0.10, 0.12, and 5.X; HI THERE, NODE 7 With the advent of the second official Node.js LTS release, Node 6.x 'Boron', the Node.js project has now officially dropped versions 0.10 and 0.12 out of the maintenance phase of LTS. (Also, Node 5 was never part of LTS, and will see no further support now that Node 7 has been released.) As a small team with limited resources, the npm CLI team is following suit and dropping those versions of Node from its CI test matrix. What this means: * Your contributions will no longer block on the tests passing on 0.10 and 0.12. * We will no longer block dependency upgrades on working with 0.10 and 0.12. * Bugs filed on the npm CLI that are due to incompatibilities with 0.10 or 0.12 (and older versions) will be closed with a strong urging to upgrade to a supported version of Node. * On the flip side, we'll continue to (happily!) accept patches that address regressions seen when running the CLI with Node.js 0.10 and 0.12. What this doesn't mean: * The CLI is going to start depending on ES2015+ features. npm continues to work, in almost all cases, all the way back to Node.js 0.8, and our long history of backwards compatibility is a source of pride for the team. * We aren't concerned about the problems of users who, for whatever reason, can't update to newer versions of npm. As mentioned above, we're happy to take community patches intended to address regressions. We're not super interested in taking sides on what version of Node.js you "should" be running. We're a workflow tool, and we understand that you all have a diverse set of operational environments you need to be able to support. At the same time, we _are_ a small team, and we need to put some limits on what we support. Tracking what's supported by our runtime's own team seems most practical, so that's what we're doing. * [`ab630c9`](https://github.com/npm/npm/commit/ab630c9a7a1b40cdd4f1244be976c25ab1525907) [#14503](https://github.com/npm/npm/pull/14503) Node 6 is LTS; 5.x, 0.10, and 0.12 are unsupported. ([@othiym23](https://github.com/othiym23)) * [`731ae52`](https://github.com/npm/npm/commit/731ae526fb6e9951c43d82a26ccd357b63cc56c2) [#14503](https://github.com/npm/npm/pull/14503) Update supported version expression. ([@othiym23](https://github.com/othiym23)) ##### DISENTANGLING SCOPE The new `Npm-Scope` header was previously reusing the `scope` configuration option to pass the current scope back to your current registry (which, as [described previously](https://github.com/npm/npm/blob/release-next/CHANGELOG.md#send-extra-headers-to-registry), is meant to set up some upcoming registry features). It turns out that had some [seriously weird consequences](https://github.com/npm/npm/issues/14412) in the case where you were already configuring `scope` in your own environment. The CLI now uses separate configuration for this. * [`39358f7`](https://github.com/npm/npm/commit/39358f732ded4aa46d86d593393a0d6bca5dc12a) [#14477](https://github.com/npm/npm/pull/14477) Differentiate registry scope from project scope in configuration. ([@zkat](https://github.com/zkat)) #### SMALLER CHANGES * [`7f41295`](https://github.com/npm/npm/commit/7f41295775f28b958a926f9cb371cb37b05771dd) [#14519](https://github.com/npm/npm/pull/14519) Document that as of `npm@4.0.1`, `npm shrinkwrap` now includes `devDependencies` unless instructed otherwise. ([@iarna](https://github.com/iarna)) * [`bdc2f9e`](https://github.com/npm/npm/commit/bdc2f9e255ddf1a47fd13ec8749d17ed41638b2c) [#14501](https://github.com/npm/npm/pull/14501) The `ENOSELF` error message is tricky to word. It's also an error that normally bites new users. Clean it up in an effort to make it easier to understand what's going on. ([@snopeks](https://github.com/snopeks), [@zkat](https://github.com/zkat)) #### DEPENDENCY UPGRADES * [`a52d0f0`](https://github.com/npm/npm/commit/a52d0f0c9cf2de5caef77e12eabd7dca9e89b49c) `glob@7.1.1`: - Handle files without associated perms on Windows. - Fix failing case with `absolute` option. ([@isaacs](https://github.com/isaacs), [@phated](https://github.com/phated)) * [`afda66d`](https://github.com/npm/npm/commit/afda66d9afcdcbae1d148f589287583c4182d124) [isaacs/node-graceful-fs#97](https://github.com/isaacs/node-graceful-fs/pull/97) `graceful-fs@4.1.10`: Better backoff for EPERM on Windows. ([@sam-github](https://github.com/sam-github)) * [`e0023c0`](https://github.com/npm/npm/commit/e0023c089ded9161fbcbe544f12b07e12e3e5729) [npm/inflight#3](https://github.com/npm/inflight/pull/3) `inflight@1.0.6`: Clean up even if / when a callback throws. ([@phated](https://github.com/phated)) * [`1d91594`](https://github.com/npm/npm/commit/1d9159440364d2fe21e8bc15e08e284aaa118347) `request@2.78.0` ([@othiym23](https://github.com/othiym23)) ### v4.0.1 (2016-10-24) Ayyyy~ ๐ŸŒŠ So thanks to folks who were running on `npm@next`, we managed to find a few issues of notes in that preview version, and we're rolling out a small patch change to fix them. Most notably, anyone who was using a symlinked `node` binary (for example, if they installed Node.js through `homebrew`), was getting a very loud warning every time they ran scripts. Y'all should get warnings in a more useful way, now that we're resolving those path symlinks. Another fairly big change that we decided to slap into this version, since `npm@4.0.0` is never going to be `latest`, is to make it so `devDependencies` are included in `npm-shrinkwrap.json` by default -- if you do not want this, use `--production` with `npm shrinkwrap`. #### BIG FIXES/CHANGES * [`eff46dd`](https://github.com/npm/npm/commit/eff46dd498ed007bfa77ab7782040a3a828b852d) [#14374](https://github.com/npm/npm/pull/14374) Fully resolve the path for `node` executables in both `$PATH` and `process.execPath` to avoid issues with symlinked `node`. ([@addaleax](https://github.com/addaleax)) * [`964f2d3`](https://github.com/npm/npm/commit/964f2d3a0675584267e6ece95b0115a53c6ca6a9) [#14375](https://github.com/npm/npm/pull/14375) Make including `devDependencies` in `npm-shrinkwrap.json` the default. This should help make the transition to `npm@5` smoother in the future. ([@iarna](https://github.com/iarna)) #### BUGFIXES * [`a5b0a8d`](https://github.com/npm/npm/commit/a5b0a8db561916086fc7dbd6eb2836c952a42a7e) [#14400](https://github.com/npm/npm/pull/14400) Recently, we've had some consistent timeout failures while running the test suite under Travis. This tweak to tests should take care of those issues and Travis should go back to being reliably green. ([@iarna](https://github.com/iarna)) #### DOC PATCHES * [`c5907b2`](https://github.com/npm/npm/commit/c5907b2fc1a82ec919afe3b370ecd34d8895c7a2) [#14251](https://github.com/npm/npm/pull/14251) Update links to Node.js downloads. They previously pointed to 404 pages.๐Ÿ˜ฌ ([@ArtskydJ](https://github.com/ArtskydJ)) * [`0c122f2`](https://github.com/npm/npm/commit/0c122f24ff1d4d400975edda2b7262aaaf6f7d69) [#14380](https://github.com/npm/npm/pull/14380) Add note and clarification on when `prepare` script is run. Make it more consistent with surrounding descriptions. ([@SimenB](https://github.com/SimenB)) * [`51a62ab`](https://github.com/npm/npm/commit/51a62abd88324ba3dad18e18ca5e741f1d60883c) [#14359](https://github.com/npm/npm/pull/14359) Fixes typo in `npm@4` changelog. ([@kimroen](https://github.com/kimroen)) ### v4.0.0 (2016-10-20) Welcome to `npm@4`, friends! This is our first semver major release since the release of `npm@3` just over a year ago. Back then, `@3` turned out to be a bit of a ground-shaking release, with a brand-new installer with significant structural changes to how npm set up your tree. This is the end of an era, in a way. `npm@4` also marks the release when we move *both* `npm@2` and `npm@3` into maintenance: We will no longer be updating those release branches with anything except critical bugfixes and security patches. While its predecessor had some pretty serious impaact, `npm@4` is expected to have a much smaller effect on your day-to-day use of npm. Over the past year, we've collected a handful of breaking changes that we wanted to get in which are only breaking under a strict semver interpretation (which we follow). Some of these are simple usability improvements, while others fix crashes and serious issues that required a major release to include. We hope this release sees you well, and you can look forward to an accelerated release pace now that the CLI team is done focusing on sustaining work -- our Windows fixing and big bugs pushes -- and we can start focusing again on usability, features, and performance. Keep an eye out for `npm@5` in Q1 2017, too: We're planning a major overhaul of `shrinkwrap` as well as various speed and usability fixes for that release. It's gonna be a fun ride. I promise. ๐Ÿ˜˜ #### BRIEF OVERVIEW OF **BREAKING** CHANGES The following breaking changes are included in this release: * `npm search` rewritten to stream results, and no longer supports sorting. * `npm scripts` no longer prepend the path of the node executable used to run npm before running scripts. A `--scripts-prepend-node-path` option has been added to configure this behavior. * `npat` has been removed. * `prepublish` has been deprecated, replaced by `prepare`. A `prepublishOnly` script has been temporarily added, which will *only* run on `npm publish`. * `npm outdated` exits with exit code `1` if it finds any outdated packages. * `npm tag` has been removed after a deprecation cycle. Use `npm dist-tag`. * Partial shrinkwraps are no longer supported. `npm-shrinkwrap.json` is considered a complete installation manifest except for `devDependencies`. * npm's default git branch is no longer `master`. We'll be using `latest` from now on. #### SEARCH REWRITE (**BREAKING**) Let's face it -- `npm search` simply doesn't work anymore. Apart from the fact that it grew slower over the years, it's reached a point where we can no longer fit the entire registry metadata in memory, and anyone who tries to use the command now sees a really awful memory overflow crash from node. It's still going to be some time before the CLI, registry, and web team are able to overhaul `npm search` altogether, but until then, we've rewritten the previous `npm search` implementation to *stream* results on the fly, from both the search endpoint and a local cache. In absolute terms, you won't see a performance increase and this patch *does* come at the cost of sorting capabilities, but what it does do is start outputting results as it finds them. This should make the experience much better, overall, and we believe this is an acceptable band-aid until we have that search endpoint in place. Incidentally, if you want a really nice search experience, we recommend checking out [npms.io](http://npms.io), which includes a handy-dandy [`npms-cli`](https://npm.im/npms-cli) for command-line usage -- it's an npm search site that returns high-quality results quickly and is operated by members of the npm community. * [`cfd43b4`](https://github.com/npm/npm/commit/cfd43b49aed36d0e8ea6c35b07ed8b303b69be61) [`2b8057b`](https://github.com/npm/npm/commit/2b8057be2e1b51e97b1f8f38d7f58edf3ce2c145) [#13746](https://github.com/npm/npm/pull/13746) Stream search process end-to-end. ([@zkat](https://github.com/zkat) and [@aredridel](https://github.com/aredridel)) * [`50f4ec8`](https://github.com/npm/npm/commit/50f4ec8e8ce642aa6a58cb046b2b770ccf0029db) [`70b4bc2`](https://github.com/npm/npm/commit/70b4bc22ec8e81cd33b9448f5b45afd1a50d50ba) [`8fb470f`](https://github.com/npm/npm/commit/8fb470fe755c4ad3295cb75d7b4266f8e67f8d38) [`ac3a6e0`](https://github.com/npm/npm/commit/ac3a6e0eba61fb40099b1370c74ad1598777def4) [`bad54dd`](https://github.com/npm/npm/commit/bad54dd9f1119fe900a8d065f8537c6f1968b589) [`87d504e`](https://github.com/npm/npm/commit/87d504e0a61bccf09f5e975007d018de3a1c5f50) [#13746](https://github.com/npm/npm/pull/13746) Updated search-related tests. ([@zkat](https://github.com/zkat)) * [`3596de8`](https://github.com/npm/npm/commit/3596de88598c69eb5bae108703c8e74ca198b20c) [#13746](https://github.com/npm/npm/pull/13746) `JSONStream@1.2.1` ([@zkat](https://github.com/zkat)) * [`4b09209`](https://github.com/npm/npm/commit/4b09209bb605f547243065032a8b37772669745f) [#13746](https://github.com/npm/npm/pull/13746) `mississippi@1.2.0` ([@zkat](https://github.com/zkat)) * [`b650b39`](https://github.com/npm/npm/commit/b650b39d42654abb9eed1c7cd463b1c595ca2ef9) [#13746](https://github.com/npm/npm/pull/13746) `sorted-union-stream@2.1.3` ([@zkat](https://github.com/zkat)) #### SCRIPT NODE PATH (**BREAKING**) Thanks to some great work by [@addaleax](https://github.com/addaleax), we've addressed a fairly tricky issue involving the node process used by `npm scripts`. Previously, npm would prefix the path of the node executable to the script's `PATH`. This had the benefit of making sure that the node process would be the same for both npm and `scripts` unless you had something like [`node-bin`](https://npm.im/node-bin) in your `node_modules`. And it turns out lots of people relied on this behavior being this way! It turns out that this had some unintended consequences: it broke systems like [`nyc`](https://npm.im/nyc), but also completely broke/defeated things like [`rvm`](https://rvm.io/) and [`virtualenv`](https://virtualenv.pypa.io/en/stable/) by often causing things that relied on them to fall back to the global system versions of ruby and python. In the face of two perfectly valid, and used alternatives, we decided that the second case was much more surprising for users, and that we should err on the side of doing what those users expect. Anna put some hard work in and managed to put together a patch that changes npm's behavior such that we no longer prepend the node executable's path *by default*, and adds a new option, `--scripts-prepend-node-path`, to allow users who rely on this behavior to have it add the node path for them. This patch also makes it so this feature is discoverable by people who might run into the first case above, by warning if the node executable is either missing or shadowed by another one in `PATH`. This warning can also be disabled with the `--scripts-prepend-node-path` option as needed. * [`3fb1eb3`](https://github.com/npm/npm/commit/3fb1eb3e00b5daf37f14e437d2818e9b65a43392) [`6a7d375`](https://github.com/npm/npm/commit/6a7d375d779ba5416fd5df154c6da673dd745d9d) [`378ae08`](https://github.com/npm/npm/commit/378ae08851882d6d2bc9b631b16b8c875d0b9704) [#13409](https://github.com/npm/npm/pull/13409) Add a `--scripts-prepend-node-path` option to configure whether npm prepends the current node executable's path to `PATH`. ([@addaleax](https://github.com/addaleax)) * [`70b352c`](https://github.com/npm/npm/commit/70b352c6db41533b9a4bfaa9d91f7a2a1178f74e) [#13409](https://github.com/npm/npm/pull/13409) Change the default behaviour of npm to never prepending the current node executableโ€™s directory to `PATH` but printing a warning in the cases in which it previously did. ([@addaleax](https://github.com/addaleax)) #### REMOVE `npat` (**BREAKING**) Let's be real here -- almost no one knows this feature ever existed, and it's a vestigial feature of the days when the ideal for npm was to distribute full packages that could be directly developed on, even from the registry. It turns out the npm community decided to go a different way: primarily publishing packages in a production-ready format, with no tests, build tools, etc. And so, we say goodbye to `npat`. * [`e16c14a`](https://github.com/npm/npm/commit/e16c14afb6f52cb8b7adf60b2b26427f76773f2e) [#14329](https://github.com/npm/npm/pull/14329) Remove the npat feature. ([@iarna](https://github.com/iarna)) #### NEW `prepare` SCRIPT. `prepublish` DEPRECATED (**BREAKING**) If there's anything that really seemed to confuse users, it's that the `prepublish` script ran when invoking `npm install` without any arguments. Turns out many, many people really expected that it would only run on `npm publish`, even if it actually did what most people expected: prepare the package for publishing on the registry. And so, we've added a `prepare` command that runs in the exact same cases where `prepublish` ran, and we've begun a deprecation cycle for `prepublish` itself **only when run by `npm install`**, which will now include a warning any time you use it that way. We've also added a `prepublishOnly` script which will execute **only** when `npm publish` is invoked. Eventually, `prepublish` will stop executing on `npm install`, and `prepublishOnly` will be removed, leaving `prepare` and `prepublish` as two distinct lifecycles. * [`9b4a227`](https://github.com/npm/npm/commit/9b4a2278cee0a410a107c8ea4d11614731e0a943) [`bc32078`](https://github.com/npm/npm/commit/bc32078fa798acef0e036414cb448645f135b570) [#14290](https://github.com/npm/npm/pull/14290) Add `prepare` and `prepublishOnly` lifecycle events. ([@othiym23](https://github.com/othiym23)) * [`52fdefd`](https://github.com/npm/npm/commit/52fdefddb48f0c39c6e8eb4c118eb306c9436117) [#14290](https://github.com/npm/npm/pull/14290) Warn when running `prepublish` on `npm pack`. ([@othiym23](https://github.com/othiym23)) * [`4c2a948`](https://github.com/npm/npm/commit/4c2a9481b564cae3df3f4643766db4b987018a7b) [`a55bd65`](https://github.com/npm/npm/commit/a55bd651284552b93f7d972a2e944f65c1aa6c35) [#14290](https://github.com/npm/npm/pull/14290) Added `prepublish` warnings to `npm install`. ([@zkat](https://github.com/zkat)) * [`c27412b`](https://github.com/npm/npm/commit/c27412bb9fc7b09f7707c7d9ad23128959ae1abc) [#14290](https://github.com/npm/npm/pull/14290) Replace `prepublish` with `prepare` in `npm help package.json` documentation. ([@zkat](https://github.com/zkat)) #### NO MORE PARTIAL SHRINKWRAPS (**BREAKING**) That's right. No more partial shrinkwraps. That means that if you have an `npm-shrinkwrap.json` in your project, npm will no longer install anything that isn't explicitly listed there, unless it's a `devDependency`. This will open doors to some nice optimizations and make use of `npm shrinkwrap` just generally smoother by removing some awful corner cases. We will also skip `devDependency` installation from `package.json` if you added `devDependencies` to your shrinkwrap by using `npm shrinkwrap --dev`. * [`b7dfae8`](https://github.com/npm/npm/commit/b7dfae8fd4dc0456605f7a921d20a829afd50864) [#14327](https://github.com/npm/npm/pull/14327) Use `readShrinkwrap` to read top level shrinkwrap. There's no reason for npm to be doing its own bespoke heirloom-grade artisanal thing here. ([@iarna](https://github.com/iarna)) * [`0ae1f4b`](https://github.com/npm/npm/commit/0ae1f4b9d83af2d093974beb33f26d77fcc95bb9) [`4a54997`](https://github.com/npm/npm/commit/4a549970dc818d78b6de97728af08a1edb5ae7f0) [`f22a1ae`](https://github.com/npm/npm/commit/f22a1ae54b5d47f1a056a6e70868013ebaf66b79) [`3f61189`](https://github.com/npm/npm/commit/3f61189cb3843fee9f54288fefa95ade9cace066) [#14327](https://github.com/npm/npm/pull/14327) Treat shrinkwrap as canonical. That is, don't try to fill in for partial shrinkwraps. Partial shrinkwraps should produce partial installs. If your shrinkwrap contains NO `devDependencies` then we'll still try to install them from your `package.json` instead of assuming you NEVER want `devDependencies`. ([@iarna](https://github.com/iarna)) #### `npm tag` REMOVED (**BREAKING**) * [`94255da`](https://github.com/npm/npm/commit/94255da8ffc2d9ed6a0434001a643c1ad82fa483) [#14328](https://github.com/npm/npm/pull/14328) Remove deprecated tag command. Folks must use the `dist-tag` command from now on. ([@iarna](https://github.com/iarna)) #### NON-ZERO EXIT CODE ON OUTDATED DEPENDENCIES (**BREAKING**) * [`40a04d8`](https://github.com/npm/npm/commit/40a04d888d10a5952d5ca4080f2f5d2339d2038a) [`e2fa18d`](https://github.com/npm/npm/commit/e2fa18d9f7904eb048db7280b40787cb2cdf87b3) [`3ee3948`](https://github.com/npm/npm/commit/3ee39488b74c7d35fbb5c14295e33b5a77578104) [`3fa25d0`](https://github.com/npm/npm/commit/3fa25d02a8ff07c42c595f84ae4821bc9ee908df) [#14013](https://github.com/npm/npm/pull/14013) Do `exit 1` if any outdated dependencies are found by `npm outdated`. ([@watilde](https://github.com/watilde)) * [`c81838a`](https://github.com/npm/npm/commit/c81838ae96b253f4b1ac66af619317a3a9da418e) [#14013](https://github.com/npm/npm/pull/14013) Log non-zero exit codes at `verbose` level -- this isn't something command line tools tend to do. It's generally the shell's job to display, if at all. ([@zkat](https://github.com/zkat)) #### SEND EXTRA HEADERS TO REGISTRY For the purposes of supporting shiny new registry features, we've started sending `Npm-Scope` and `Npm-In-CI` headers in outgoing requests. * [`846f61c`](https://github.com/npm/npm/commit/846f61c1dd4a033f77aa736ab01c27ae6724fe1c) [npm/npm-registry-client#145](https://github.com/npm/npm-registry-client/pull/145) [npm/npm-registry-client#147](https://github.com/npm/npm-registry-client/pull/147) `npm-registry-client@7.3.0`: * Allow npm to add headers to outgoing requests. * Add `Npm-In-CI` header that reports whether we're running in CI. ([@iarna](https://github.com/iarna)) * [`6b6bb08`](https://github.com/npm/npm/commit/6b6bb08af661221224a81df8adb0b72019ca3e11) [#14129](https://github.com/npm/npm/pull/14129) Send `Npm-Scope` header along with requests to registry. `Npm-Scope` is set to the `@scope` of the current top level project. This will allow registries to implement user/scope-aware features and services. ([@iarna](https://github.com/iarna)) * [`506de80`](https://github.com/npm/npm/commit/506de80dc0a0576ec2aab0ed8dc3eef3c1dabc23) [#14129](https://github.com/npm/npm/pull/14129) Add test to ensure `Npm-In-CI` header is being sent when CI is set in env. ([@iarna](https://github.com/iarna)) #### BUGFIXES * [`bc84012`](https://github.com/npm/npm/commit/bc84012c2c615024b08868acbd8df53a7ca8d146) [#14117](https://github.com/npm/npm/pull/14117) Fixes a bug where installing a shrinkwrapped package would fail if the platform failed to install an optional dependency included in the shrinkwrap. ([@watilde](https://github.com/watilde)) * [`a40b32d`](https://github.com/npm/npm/commit/a40b32dc7fe18f007a672219a12d6fecef800f9d) [#13519](https://github.com/npm/npm/pull/13519) If a package has malformed metadata, `node.requiredBy` is sometimes missing. Stop crashing when that happens. ([@creationix](https://github.com/creationix)) #### OTHER PATCHES * [`643dae2`](https://github.com/npm/npm/commit/643dae2197c56f1c725ecc6539786bf82962d0fe) [#14244](https://github.com/npm/npm/pull/14244) Remove some ancient aliases that we'd rather not have around. ([@zkat](https://github.com/zkat)) * [`bdeac3e`](https://github.com/npm/npm/commit/bdeac3e0fb226e4777d4be5cd3c3bec8231c8044) [#14230](https://github.com/npm/npm/pull/14230) Detect unsupported Node.js versions and warn about it. Also error on really old versions where we know we can't work. ([@iarna](https://github.com/iarna)) #### DOC UPDATES * [`9ca18ad`](https://github.com/npm/npm/commit/9ca18ada7cc1c10b2d32bbb59d5a99dd1c743109) [#13746](https://github.com/npm/npm/pull/13746) Updated docs for `npm search` options. ([@zkat](https://github.com/zkat)) * [`e02a47f`](https://github.com/npm/npm/commit/e02a47f9698ff082488dc2b1738afabb0912793e) Move the `npm@3` changelog into the archived changelogs directory. ([@zkat](https://github.com/zkat)) * [`c12bbf8`](https://github.com/npm/npm/commit/c12bbf8c5a5dff24a191b66ac638f552bfb76601) [#14290](https://github.com/npm/npm/pull/14290) Document prepublish-on-install deprecation. ([@othiym23](https://github.com/othiym23)) * [`c246a75`](https://github.com/npm/npm/commit/c246a75ac8697f4ca11d316b7e7db5f24af7972b) [#14129](https://github.com/npm/npm/pull/14129) Document headers added by npm to outgoing registry requests. ([@iarna](https://github.com/iarna)) #### DEPENDENCIES * [`cb20c73`](https://github.com/npm/npm/commit/cb20c7373a32daaccba2c1ad32d0b7e1fc01a681) [#13953](https://github.com/npm/npm/pull/13953) `signal-exit@3.0.1` ([@benjamincoe](https://github.com/benjamincoe))