Releases: npm/cli
v6.6.0-next.0
REFACTORING OUT npm-REGISTRY-CLIENT
Today is an auspicious day! This release marks the end of a massive internal refactor to npm that means we finally got rid of the legacy npm-registry-client
in favor of the shiny, new, window.fetch
-like npm-registry-fetch
.
Now, the installer had already done most of this work with the release of npm@5
, but it turns out every other command still used the legacy client. This release updates all of those commands to use the new client, and while we're at it, adds a few extra goodies:
- All OTP-requiring commands will now prompt.
--otp
is no longer required fordist-tag
,access
, et al. - We're starting to integrate a new config system which will eventually get extracted into a standalone package.
- We now use
libnpm
for the API functionality of a lot of our commands! That means you can install a library if you want to write your own tooling around them. - There's now an
npm org
command for managing users in your org. pacote
now consumes npm-style configurations, instead of its own naming for various config vars. This will make it easier to load npm configs usinglibnpm.config
and hand them directly topacote
.
There's too many commits to list all of them here, so check out the PR if you're curious about details:
c5af34c05
npm-registry-client@REMOVED (@zkat)4cca9cb90
ad67461dc
77625f9e2
6e922aefb
584613ea8
64de4ebf0
6cd87d1a9
2786834c0
514558e09
dec07ebe3
084741913
45aff0e02
846ddcc44
8971ba1b9
99156e081
ab2155306
b37a66542
d2af0777a
e0b4c6880
ff72350b4
6ed943303
90a069e7d
b24ed5fdc
ec9fcc14f
8a56fa39e
41d19e18f
125ff9551
1c3b226ff
3c0a7b06b
08fcb3f0f
c8135d97a
ae936f22c
#2 Move rest of commands tonpm-registry-fetch
and usefiggy-pudding
for configs. (@zkat)
NEW FEATURES
02c837e01
#106 Makenpm dist-tags
the same asnpm dist-tag ls
. (@isaacs)1065a7809
#65 Add support forIBM i
. (@dmabupt)
BUGFIXES
890a74458
npm.community#3278 Fix support for passing git binary path config with--git
. (@larsgw)90e55a143
npm.community#2713 Check fornpm.config
's existence inerror-handler.js
to prevent weird errors when failures happen before config object is loaded. (@BeniCheni)
DOCS
31a7274b7
#71 Fix typo in npm-token documentation. (@GeorgeTaveras1231)
DEPENDENCIES
9cefcdc1d
npm-registry-fetch@3.8.0
(@zkat)1c769c9b3
pacote@9.1.0
(@zkat)f3bc5539b
figgy-pudding@3.5.1
(@zkat)bf7199d3c
npm-profile@4.0.1
(@zkat)118c50496
semver@5.5.1
(@isaacs)eab4df925
libcipm@3.0.2
(@zkat)b86e51573
libnpm@1.4.0
(@zkat)56fffbff2
get-stream@4.1.0
(@zkat)df972e948
npm-profile@REMOVED (@zkat)32c73bf0e
libnpm@2.0.1
(@zkat)569491b80
licensee@5.0.0
(@zkat)a3ba0ccf1
move rimraf to prod deps (@zkat)
v6.5.0
NEW FEATURES
fc1a8d185
Backronymnpm ci
tonpm clean-install
. (@zkat)4be51a9cc
#81 Adds 'Homepage' to outdated --long output. (@jbottigliero)
BUGFIXES
89652cb9b
npm.community#1661 Fix sign-git-commit options. They were previously totally wrong. (@zkat)414f2d1a1
npm.community#1742 Set lowercase headers for npm audit requests. (@maartenba)a34246baf
#75 Fixnpm edit
handling of scoped packages.
(@larsgw)*d3e8a7c72
npm.community#2303 Make summary output fornpm ci
go tostdout
, notstderr
. (@alopezsanchez)71d8fb4a9
npm.community#1377 Close the file descriptor during publish if exiting upload via an error. This will prevent strange error messages when the upload fails and make sure
cleanup happens correctly. (@macdja38)
DOCS UPDATES
b1a8729c8
#60 Mention --otp flag when prompting for OTP. (@bakkot)bcae4ea81
#64 Clarify that git dependencies use the default branch, not justmaster
. (@zckrs)15da82690
#72bash_completion.d
dir is sometimes found in/etc
not/usr/local
. (@RobertKielty)8a6ecc793
#74 Update OTP documentation fordist-tag add
to clarify--otp
is needed right now. (@scotttrinh)dcc03ec85
#82 Note thatprepare
runs when installing git dependencies. (@seishun)a91a470b7
#83 Specify that --dry-run isn't available in older versions of npm publish. (@kjin)1b2fabcce
#96 Fix inline code tag issue in docs. (@midare)6cc70cc19
#68 Add semver link and a note on empty string format todeprecate
doc. (@neverett)61dbbb7c3
Fix semver docs after version update. (@zkat)4acd45a3d
#78 Correct spelling across various docs. (@hugovk)
DEPENDENCIES
4f761283e
figgy-pudding@3.5.1
(@zkat)3706db0bc
npm.community#1764ssri@6.0.1
(@zkat)83c2b117d
bluebird@3.5.2
(@petkaantonov)2702f46bd
ci-info@1.5.1
(@watson)4db6c3898
config-chain@1.1.1
:2 (@dawsbot)70bee4f69
glob@7.1.3
(@isaacs)e469fd6be
opener@1.5.1
: Fix browser opening under Windows Subsystem for Linux (WSL). (@thijsputman)03840dced
semver@5.5.1
(@iarna)161dc0b41
bluebird@3.5.3
(@petkaantonov)bb6f94395
graceful-fs@4.1.1
:5 (@isaacs)43b1f4c91
tar@4.4.8
(@isaacs)ab62afcc4
npm-packlist@1.1.1
:2 (@isaacs)027f06be3
ci-info@1.6.0
(@watson)
MISCELLANEOUS
27217dae8
#70 Automatically audit dependency licenses for npm itself. (@kemitchell)
v6.5.0-next.0
This release became npm@6.5.0
.
v6.4.1
BUGFIXES
4bd40f543
#42 Prevent blowing up on malformed responses from thenpm audit
endpoint, such as with third-party registries. (@framp)0e576f0aa
#46 FixNO_PROXY
support by renaming npm-side config to--noproxy
. The environment variable should still work. (@SneakyFish5)d8e811d6a
#33 Disableupdate-notifier
checks when a CI environment is detected. (@Sibiraj-S)1bc5b8cea
#47 Fix issue wherepostpack
scripts would break ifpack
was used with--dry-run
. (@larsgw)
DEPENDENCY BUMPS
4c57316d5
figgy-pudding@3.4.1
(@zkat)85f4d7905
cacache@11.2.0
(@zkat)d20ac242a
npm-packlist@1.1.11
: No real changes in npm-packlist, but npm-bundled included a circular dependency fix, as well as adding a proper LICENSE file. (@isaacs)e8d5f4418
npm.community#632libcipm@2.0.2
: Fixes issue wherenpm ci
wasn't running theprepare
lifecycle script when installing git dependencies (@edahlseng)a5e6f78e9
JSONStream@1.3.4
: Fixes memory leak problem when streaming large files (like legacy npm search). (@daern91)3b940331d
npm.community#1042npm-lifecycle@2.1.0
: Fixes issue for Windows user where multiplePath
/PATH
variables were being added to the environment and breaking things in all sorts of fun and interesting ways. (@JimiC)d612d2ce8
npm-registry-client@8.6.0
(@iarna)1f6ba1cb1
opener@1.5.0
(@domenic)37b8f405f
request@2.88.0
(@mikeal)bb91a2a14
tacks@1.2.7
(@iarna)30bc9900a
ci-info@1.4.0
: Adds support for two more CI services (@watson)1d2fa4ddd
marked@0.5.0
(@joshbruce)
DOCUMENTATION
08ecde292
#54 Mention registry terms of use in manpage and registry docs and update language in README for it. (@kemitchell)de956405d
#41 Add documentation for--dry-run
ininstall
andpack
docs. (@reconbot)95031b90c
#48 Update republish time and lightly reorganize republish info. (@neverett)767699b68
#53 Correctnpm@6.4.0
release date in changelog. (@charmander)3fea3166e
#55 Align command descriptions in help text. (@erik)
v6.4.1-next.0
This release became npm@6.4.1
.
v6.4.0
NEW FEATURES
6e9f04b0b
npm/cli#8 Search for authentication token defined by environment variables by preventing the translation layer from env variable to npm option from breaking:_authToken
. (@mkhl)84bfd23e7
npm/cli#35 Stop filtering out non-IPv4 addresses fromlocal-addrs
, making npm actually use IPv6 addresses when it must. (@valentin2105)792c8c709
npm/cli#31 configurable audit level for non-zero exitnpm audit
currently exits with exit code 1 if any vulnerabilities are found of any level. Add a flag of--audit-level
tonpm audit
to allow it to pass if only vulnerabilities below a certain level are found. Example:npm audit --audit-level=high
will exit with 0 if only low or moderate level vulns are detected. (@lennym)
BUGFIXES
d81146181
npm/cli#32 Don't check for updates to npm when we are updating npm itself. (@olore)
DEPENDENCY UPDATES
A very special dependency update event! Since the release of node-gyp@3.8.0
, an awkward version conflict that was preventing request
from begin flattened was resolved. This means two things:
- We've cut down the npm tarball size by another 200kb, to 4.6MB
npm audit
now shows no vulnerabilities for npm itself!
Thanks, @rvagg!
866d776c2
request@2.87.0
(@simov)f861c2b57
node-gyp@3.8.0
(@rvagg)32e6947c6
npm/cli#39colors@1.1.2
: REVERT REVERT, newer versions of this library are broken and print ansi codes even when disabled. (@iarna)beb96b92c
libcipm@2.0.1
(@zkat)348fc91ad
validate-npm-package-license@3.0.4
: Fixes errors with empty or string-only license fields. (@Gudahtt)e57d34575
iferr@1.0.2
(@shesek)46f1c6ad4
tar@4.4.6
(@isaacs)50df1bf69
hosted-git-info@2.7.1
(@iarna)
(@Erveon) (@huochunpeng)
DOCUMENTATION
af98e76ed
npm/cli#34 Removenpm publish
from list of commands not affected by--dry-run
. (@joebowbeer)e2b0f0921
npm/cli#36 Tweak formatting in repository field examples. (@noahbenham)e2346e770
npm/cli#14 Usedprocess.env
examples to make accessing certainnpm run-scripts
environment variables more clear. (@mwarger)
v6.4.0-next.0
This release became npm@6.4.0
.
v6.3.0
v6.3.0-next.0
NEW FEATURES
ad0dd226f
npm/cli#26npm version
now supports a--preid
option to specify the preid for prereleases. For example,npm version premajor --preid rc
will tag a version like2.0.0-rc.0
. (@dwilches)
MESSAGING IMPROVEMENTS
c1dad1e99
npm/cli#6 Makenpm audit fix
message provide better instructions for vulnerabilities that require manual review. (@bradsk88)15c1130fe
Fix missing colon next to tarball url in newnpm view
output. (@zkat)21cf0ab68
npm/cli#24 Use the defaut OTP explanation everywhere except when the context is "OTP-aware" (like when setting double-authentication). This improves the overall CLI messaging when prompting for an OTP code. (@jdeniau)
MISC
a9ac8712d
npm/cli#21 Use the extractedstringify-package
package. (@dpogue)9db15408c
npm/cli#27wrappy
was previously added to dependencies in order to flatten it, but we no longer do legacy-style for npm itself, so it has been removed frompackage.json
. (@rickschubert)
DOCUMENTATION
3242baf08
npm/cli#13 Update more dead links in README.md. (@u32i64)06580877b
npm/cli#19 Update links in docs'index.html
to refer to new bug/PR URLs. (@watilde)ca03013c2
npm/cli#15 Fix some typos in file-specifiers docs. (@Mstrodl)4f39f79bc
npm/cli#16 Fix some typos in file-specifiers and package-lock docs. (@watilde)35e51f79d
npm/cli#18 Update build status badge url in README. (@watilde)a67db5607
npm/cli#17 Replace TROUBLESHOOTING.md with posts in npm.community. (@watilde)e115f9de6
npm/cli#7 Use https URLs in documentation when appropriate. Happy Not Secure Day! (@XhmikosR)
v6.2.0
In case you missed it, we moved!. We look forward to seeing future PRs landing in npm/cli in the future, and we'll be chatting with you all in npm.community. Go check it out!
This final release of npm@6.2.0
includes a couple of features that weren't quite ready on time but that we'd still like to include. Enjoy!
FEATURES
244b18380
#20554 add support for --parseable output (@luislobo)7984206e2
#12697 Add newsign-git-commit
config to control whether the git commit itself gets signed, or just the tag (which is the default). (@tribou)
FIXES
4c32413a5
#19418 Do not useSET
to fetch the env in git-bash or Cygwin. (@gucong3000)
DEPENDENCY BUMPS
d9b2712a6
request@2.81.0
: Downgraded to allow better deduplication. This does introduce a bunch ofhoek
-related audit reports, but they don't affect npm itself so we consider it safe. We'll upgraderequest
again oncenode-gyp
unpins it. (@simov)2ac48f863
node-gyp@3.7.0
(@MylesBorins)8dc6d7640
cli-table3@0.5.0
:cli-table2
is unmaintained and requiredlodash
. With this dependency bump, we've removedlodash
from our tree, which cut back tarball size by another 300kb. (@Turbo87)90c759fee
npm-audit-report@1.3.1
(@zkat)4231a0a1e
Addcli-table3
to bundleDeps. (@iarna)322d9c2f1
Makestandard
happy. (@iarna)