Hey y'all~
We've got some goodies for you here, including npm@5's first semver-minor release! This version includes a huge number of fixes, particularly for some of the critical bugs users were running into after upgrading npm. You should overall see a much more stable experience, and we're going to continue hacking on fixes for the time being. Semver-major releases, specially for tools like npm, are bound to cause some instability, and getting npm@5 stable is the CLI team's top priority for now!
Not that bugfixes are the only things that landed, either: between improvements that fell out of the bugfixes, and some really cool work by community members like @mikesherov, npm@5.1.0 is twice as fast as npm@5.0.0 in some benchmarks. We're not stopping there, either: you can expect a steady stream of speed improvements over the course of the year. It's not top priority, but we'll keep doing what we can to make sure npm saves its users as much time as possible.
Hang on to your seats. At 100 commits, this release is a bit of a doozy. 😎
FEATURESSemver-minor releases, of course, mean that there's a new feature somewhere, right? Here's what's bumping that number for us this time:
a09c1a69d #16687 Allow customizing the shell used to execute run-scripts. (@mmkal)4f45ba222 a48958598 901bef0e1 #17508 Add a new requires field to package-lock.json with information about the logical dependency tree. This includes references to the specific version each package is intended to see, and can be used for many things, such as converting package-lock.json to other lockfile formats, various optimizations, and verifying correctness of a package tree. (@iarna)47e8fc8eb #17508 Make npm ls take package locks (and shrinkwraps) into account. This means npm ls can now be used to see which dependencies are missing, so long as a package lock has been previously generated with it in. (@iarna)f0075e7ca #17508 Take package.json changes into account when running installs -- if you remove or add a dependency to package.json manually, npm will now pick that up and update your tree and package lock accordingly. (@iarna)83a5455aa #17205 Add npm udpate as an alias for npm update, for symmetry with install/isntall. (@gdassori)57225d394 #17120 npm will no longer warn about preferGlobal, and the option is now deprecated. (@zkat)82df7bb16 #17351 As some of you may already know npm build doesn't do what a lot of people expect: It's mainly an npm plumbing command, and is part of the more familiar npm rebuild command. That said, a lot of users assume that this is the way to run an npm run-script named build, which is an incredibly common script name to use. To clarify things for users, and encourage them to use npm run build instead, npm will now warn if npm build is run without any arguments. (@lennym)59f86ef90 43be9d222 e906cdd98 #16633 npm now parallelizes tarball extraction across multiple child process workers. This can significantly speed up installations, specially when installing from cache, and will improve with number of processors. (@zkat)e0849878d #17441 Avoid building environment for empty lifecycle scripts. This change alone accounted for as much as a 15% speed boost for npm installations by outright skipping entire steps of the installer when not needed. (@mikesherov)265c2544c npm/hosted-git-info#24 hosted-git-info@2.5.0: Add caching to fromURL, which gets called many, many times by the installer. This improved installation performance by around 10% on realistic application repositories. (@mikesherov)901d26cb npm/read-package-json#20 read-package-json@2.0.9: Speed up installs by as much as 20% by reintroducing a previously-removed cache and making it actually be correct this time around. (@mikesherov)44e37045d Eliminate Bluebird.promisifyAll from our codebase. (@iarna)3b4681b53 #17508 Stop calling addBundle on locked deps, speeding up the package-lock.json-based fast path. (@iarna)package-lock.json field, called requires, which tracks which modules a given module requires.package.json to trump the package-lock.json.npm ls now loads the shrinkwrap, which opens the door to showing a full tree of dependencies even when nothing is yet installed. (It doesn't do that yet though.)656544c31 d21ab57c3 #16637 Fix some cases where npm prune was leaving some dependencies unpruned if to-be-pruned dependencies depended on them. (@exogen)394436b09 #17552 Make refresh-package-json re-verify the package platform. This fixes an issue most notably experienced by Windows users using create-react-app where fsevents would not short-circuit and cause a crash during its otherwise-skipped native build phase. (@zkat)9e5a94354 #17590 Fix an issue where npm@5 would crash when trying to remove packages installed with npm@<5. (@iarna)c3b586aaf #17141 Don't update the package.json when modifying packages that don't go there. This was previously causing package.json to get a "false": {} field added. (@iarna)d04a23de2 4a5b360d5 d9e53db48 pacote@2.7.38 (@colinrotherham, @zkat, @mcibique):
e2f815f87 #17104 Write an empty str and wait for flush to exit to reduce issues with npm exiting before all output is complete when it's a child process. (@zkat)835fcec60 #17060 Make git repos with prepare scripts always install with both dev and prod flags. (@intellix)f1dc8a175 #16879 Fix support for always-auth and _auth. They are now both available in both unscoped and registry-scoped configurations. (@jozemlakar)ddd8a1ca2 Serialize package specs to prevent [object Object] showing up in logs during extraction. (@zkat)99ef3b52c #17505 Stop trying to commit updated npm-shrinkwrap.json and package-lock.json if they're .gitignored. (@zkat)58be2ec59 Make sure uid and gid are getting correctly set even when they're 0. This should fix some Docker-related issues with bad permissions/broken ownership. (@rgrove)9d1e3b6fa #17506 Skip writing package.json and locks if on-disk version is identical to the new one. (@zkat)3fc6477a8 #17592 Fix an issue where npm install -g . on a package with no name field would cause the entire global node_modules directory to be replaced with a symlink to $CWD. lol. (@iarna)06ba0a14a #17591 Fix spurious removal reporting: if you tried to remove something that didn't actually exist, npm would tell you it removed 1 package even though there wasothing to do. (@iarna)20ff05f8 #17629 When removing a link, keep dependencies installed inside of it instead of removing them, if the link is outside the scope of the current project. This fixes an issue where removing globally-linked packages would remove all their dependencies in the source directory, as well as some ergonomic issues when using links in other situations. (@iarna)fd5fab595npm-shrinkwrap.json and package-lock.json from RFC. (@iarna)9589c1ccb #17451 Fix typo in changelog. (@watilde)f8e76d856 #17370 Correct the default prefix config path for Windows operating systems in the documentation for npm folders. (@kierendixon)d0f3b5a12 #17369 Fix npm-config reference to userconfig & globalconfig environment variables. (@racztiborzoltan)87629880a #17336 Remove note in docs about prepublish being entirely removed. (@Hirse)a1058afd9 #17169 Document --no-package-lock flag. (@leggsimon)32fc6e41a #17250 Fix a typo in the shrinkwrap docs. (@Zarel)f19bd3c8c #17249 Fix a package-lock.json cross-reference link. (@not-an-aardvark)153245edc #17075 Fix a typo in npm-config docs. (@KennethKinLum)c9b534a14 #17074 Clarify config documention with multiple boolean flags. (@KennethKinLum)e111b0a40 #16768 Document the -l option to npm config list. (@happylynx)5a803ebad #16548 Fix permissions for documentation files. Some of them had +x set. (???) (@metux)d57d4f48c #17319 Document that the --silent option for npm run-script can be used to suppress npm ERR! output on errors. (@styfle)Not all contributions need to be visible features, docs, or bugfixes! It's super helpful when community members go over our code and help clean it up, too!
9e5b76140 #17411 Convert all callback-style move usage to use Promises. (@vramana)0711c08f7 #17394 Remove unused argument in deepSortObject. (@vramana)7d650048c #17563 Refactor some code to use Object.assign. (@vramana)993f673f0 #17600 Remove an old comment. (@vramana)RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4