Features!
You may have noticed this is a semver-minor bump. Wondering why? This is why!
bc263c3fd
#19054 Fully cross-platform package-lock.json
. Installing a failing optional dependency on one platform no longer removes it from the dependency tree, meaning that package-lock.json
should now be generated consistently across platforms! đ (@iarna) f94fcbc50
#19160 Add --package-lock-only
config option. This makes it so you can generate a target package-lock.json
without performing a full install of node_modules
. (@alopezsanchez) 66d18280c
#19104 Add new --node-options
config to pass through a custom NODE_OPTIONS
for lifecycle scripts. (@bmeck) 114d518c7
Ignore mtime when packing tarballs: This means that doing npm pack
on the same repository should yield two tarballs with the same checksum. This will also help prevent cache bloat when using git dependencies. In the future, this will allow npm to explicitly cache git dependencies. (@isaacs)
Node 9
Previously, it turns out npm broke on the latest Node, node@9
. We went ahead and fixed it up so y'all should be able to use the latest npm again!
4ca695819
[email protected]
: Fix node@9
incompatibility. (@isaacs) c851bb503
[email protected]
: Fix node@9
incompatibility. (@isaacs) 6caf23096
Remove âunsupportedâ warning for Node 9 now that things are fixed. (@iarna) 1930b0f8c
Update test matrix with node@8
LTS and node@9
. (@iarna)
Bug Fixes
b70321733
#18881 When dealing with a node_modules
that was created with older versions of npm (and thus older versions of npa) we need to gracefully handle older spec entries. Failing to do so results in us treating those packages as if they were http remote deps, which results in invalid lock files with version
set to tarball URLs. This should now be fixed. (@iarna) 2f9c5dd00
#18880 Stop overwriting version in package data on disk. This is another safeguard against the version overwriting thatâs plagued some folks upgrading from older package-locks. (@iarna) (@joshclow) a93e0a51d
#18846 Correctly save transitive dependencies when using npm update
in package-lock.json
. (@iarna) fdde7b649
#18825 Fix typo and concatenation in error handling. (@alulsh) be67de7b9
#18711 Upgrade to bearer tokens from legacy auth when enabling 2FA. (@iarna) bfdf0fd39
#19033 Fix issue where files with @
signs in their names would not get included when packing tarballs. (@zkat) b65b89bde
#19048 Fix problem where npm login
was ignoring various networking-related options, such as custom certs. (@wejendorp) 8c194b86e
[email protected]
: Include node_modules/
directories not in the root. (@isaacs) d7ef6a20b
[email protected]
: Fix some *nix binary path escaping issues. (@zkat) 981828466
[email protected]
: Fix fallback to copy-concurrently
when file move fails. This might fix permissions and such issues on platforms that were getting weird filesystem errors during install. (@karolba) a0be6bafb
[email protected]
: Includes a bunch of fixes, specially for issues around git dependencies. Shasum-related errors should be way less common now, too. (@zkat) b80d650de
#19163 Fix a number of git and tarball specs and checksum errors. (@zkat) cac225025
#19054 Donât count failed optionals when summarizing installed packages. (@iarna)
UX
b1ec2885c
#18326 Stop truncating output of npm view
. This means, for example, that you no longer need to use --json
when a package has a lot of versions, to see the whole list. (@SimenB) 55a124e0a
#18884 Profile UX improvements: better messaging on unexpected responses, and stop claiming we set passwords to null when resetting them. (@iarna) 635481c61
#18844 Improve error messaging for OTP/2FA. (@iarna) 52b142ed5
#19054 Stop running the same rollback multiple times. This should address issues where Windows users saw strange failures when fsevents
failed to install. (@iarna) 798428b0b
#19172 [email protected]
: Log the fact line endings are being changed upon install. (@marcosscriven)
Refactors
Usually, we donât include internal refactor stuff in our release notes, but itâs worth calling out some of them because theyâre part of a larger effort the CLI team and associates are undertaking to modularize npm itself so other package managers and associated tools can reuse all that code!
9d22c96b7
#18500 Extract bin-links and gentle-fs to a separate library. This will allow external tools to do bin linking and certain fs operations in an npm-compatible way! (@mikesherov) 015a7803b
#18883 Capture logging from log events on the process global. This allows npm to use npmlog to report logging from external libraries like npm-profile
. (@iarna) c930e98ad
[email protected]
: Use our own node-gyp
. This means npm no longer needs to pull some maneuvers to make sure node-gyp
is in the right place, and that external packages using npm-lifecycle
will get working native builds without having to do their own node-gyp
maneuvers. (@zkochan) 876f0c8f3
829893d61
#19099 [email protected]
: npmâs prefix-finding logic is now a standalone module. That is, the logic that figures out where the root of your project is if youâve cd
âd into a subdirectory. Did you know you can run npm install
from these subdirectories, and itâll only affect the root? It works like git! (@iarna)
Docs
7ae12b21c
#18823 Fix spelling of the word authenticator. Because English is hard. (@tmcw) 5dfc3ab7b
#18742 Explicitly state âgithub:foo/barâ as a valid shorthand for hosted git specs. (@felicio) a9dc098a6
#18679 Add some documentation about the script-shell
config. (@gszabo) 24d7734d1
#18571 Change verboten
to forbidden
. (@devmount) a8a45668f
#18568 Improve wording for the docs for the âenginesâ section of package.json files. (@apitman) dbc7e5b60
#19118 Use valid JSON in example for bundledDependencies. (@charmander) 779339485
#19162 Remove trailing white space from npm access
docs. (@WispProxy)
Dependency Bumps