Tuesday, 13 March, 2018 UTC


Hey again, everyone! While last release was focused largely around PRs from the CLI team, this release is mostly pulling in community PRs in npm itself and its dependencies! We’ve got a good chunk of wonderful contributions for y'all, and even new features and performance improvements! 🎉
We’re hoping to continue our biweekly (as in every-other-week biweekly) release schedule from now on, so you should be seeing more steady npm releases from here on out. And that’s good, ‘cause we’ve got a ton of new stuff on our roadmap for this year. Keep an eye out for exciting news. 👀


  • 2f513fe1c #19904 Make a best-attempt at preserving line ending style when saving package.json/package-lock.json/npm-shrinkwrap.json. This goes hand-in-hand with a previous patch to preserve detected indentation style. (@tuananh)
  • d3cfd41a2 [email protected] (@zkat)
    • Enable file:-based resolved URIs in package-lock.json.
    • Retry git-based operations on certain types of failure.
  • ecfbb16dc #19929 Add support for the NO_COLOR standard. This gives a cross-application, consistent way of disabling ANSI color code output. Note that npm already supported this through --no-color or npm_config_color='false' configurations, so this is just another way to do it. (@chneukirchen)
  • fc8761daf #19629 Give more detailed, contextual information when npm fails to parse package-lock.json and npm-shrinkwrap.json, instead of saying JSON parse error and leaving you out in the cold. (@JoshuaKGoldberg)
  • 1d368e1e6 #19157 Add --no-proxy config option. Previously, you needed to use the NO_PROXY environment variable to use this feature – now it’s an actual npm option. (@Saturate)
  • f0e998daa #18426 Do environment variable replacement in config files even for config keys or fragments of keys. (@misak113)
  • 9847c82a8 #18384 Better error messaging and suggestions when users get EPERM/EACCES errors. (@chrisjpatty)
  • b9d0c0c01 #19448 Holiday celebrations now include all JavaScripters, not just Node developers. (@isaacs)


I hope y'all have been having fun with npm ci so far! Since this is the first release since that went out, we’ve had a few fixes and improvements now that folks have actually gotten their hands on it! Benchmarks have been super promising so far, and I’ve gotten messages from a lot of you saying you’ve sped up your CI work by 2-5x in some cases! Have a good example? Tell us on Twitter!
npm ci is, right now, the fastest installer you can use in CI situations, so go check it out if you haven’t already! We’ll continue doing performance improvements on it, and a lot of those will help make npm install fast as well. 🏎😎
This libcipm release includes a number of improvements:
  • PERFORMANCE Reduce calls to read-package-json and separate JSON update phase from man/bin linking phase. npm ci should be noticeably faster.
  • FEATURE Progress bar now fills up as packages are installed, instead of sitting there doing nothing.
  • BUGFIX Add support for --only and --also options.
  • BUFGIX Linking binaries and running scripts in parallel was causing packages to sometimes clobber each other when hoisted, as well as potentially running too many run-sripts in parallel. This is now a serial operation, and it turns out to have had relatively little actual performance impact.
  • BUGFIX Stop adding _from to directory deps (aka file:packages/my-dep).


  • 58d2aa58d #20027 Use a specific mtime when packing tarballs instead of the beginning of epoch time. This should allow npm pack to generate tarballs with identical hashes for identical contents, while fixing issues with some zip implementations that do not support pre-1980 timestamps. (@isaacs)
  • 4f319de1d Don’t fall back to couch adduser if we didn’t try couch login. (@iarna)
  • c8230c9bb #19608 Fix issue where using the npm-bundled npx on Windows was invoking npx prefix (and downloading that package). (@laggingreflex)
  • d70c01970 #18953 Avoid using code that depends on [email protected]>=4 in the unsupported check, so npm can report the issue normally instead of syntax-crashing. (@deployable)


  • 4477ca2d9 [email protected]: Fixes issue preventing correct rendering of backticked strings. man pages should be rendering correctly now instead of having empty spaces wherever backticks were used. (@joshbruce)
  • 71076ebda #19950 Add a note to install –production. (@kyranet)
  • 3a33400b8 #19957 nudge around some details in ci docs (@zkat)
  • 06038246a #19893 Add a common open reason to the issue template. (@MrStonedOne)
  • 7376dd8af #19870 Fix typo in npm-config.md (@joebowbeer)
  • 5390ed4fa #19858 Fix documented default value for config save option. It was still documented as false, even though [email protected] set it to true by default. (@nalinbhardwaj)
  • dc36d850a #19552 Rework npm update docs now that --save is on by default. (@selbekk)
  • 5ec5dffc8 #19726 Clarify that name and version fields are optional if your package is not supposed to be installable as a dependency. (@ngarnier)
  • 046500994 #19676 Fix documented cache location on Windows. (@VladRassokhin)
  • ffa84cd0f #19475 Added example for homepage field from package.json. (@cg-cnu)
  • de72d9a18 #19307 Document the requires field in npm help package-lock.json. (@jcrben)
  • 35c4abded #18976 Typo fix in coding style documentation. (@rinfan)
  • 0616fd22a #19216 Add edit section to description in npm-team.md. (@WispProxy)
  • c2bbaaa58 #19194 Tiny style fix in npm.md. (@WispProxy)
  • dcdfdcbb0 #19192 Document --development flag in npm-ls.md. (@WispProxy)
  • d7ff07135 #18514 Make it so javascript -> JavaScript. This is important. (@masonpawsey)
  • 7a8705113 #18407 Clarify the mechanics of the file field in package.json a bit. (@bmacnaughton)
  • b2a1cf084 #18382 Document the browser field in package.json. (@mxstbr)


  • b8a48a959 #19907 Consolidate code for stringifying package.json and package locks. Also adds tests have been added to test that package[-lock].json files are written to disk with their original line endings. (@nwoltman)
  • b4f707d9f #19879 Remove unused devDependency nock from .gitignore. (@watilde)
  • 8150dd5f7 #16540 Stop doing an uninstall when using make clean. (@metux)