v6.3.0-next.0

NEW FEATURES

• ad0dd226f npm/cli#26 npm version now supports a --preid option to specify the preid for prereleases. For example, npm version premajor --preid rc will tag a version like 2.0.0-rc.0. (@dwilches)

MESSAGING IMPROVEMENTS

• c1dad1e99 npm/cli#6 Make npm audit fix message provide better instructions for vulnerabilities that require manual review. (@bradsk88)
• 15c1130fe Fix missing colon next to tarball url in new npm view output. (@zkat)
• 21cf0ab68 npm/cli#24 Use the defaut OTP explanation everywhere except when the context is "OTP-aware" (like when setting double-authentication). This improves the overall CLI messaging when prompting for an OTP code. (@jdeniau)

MISC

• a9ac8712d npm/cli#21 Use the extracted stringify-package package. (@dpogue)
• 9db15408c npm/cli#27 wrappy was previously added to dependencies in order to flatten it, but we no longer do legacy-style for npm itself, so it has been removed from package.json. (@rickschubert)

DOCUMENTATION

• 3242baf08 npm/cli#13 Update more dead links in README.md. (@u32i64)
• 06580877b npm/cli#19 Update links in docs' index.html to refer to new bug/PR URLs. (@watilde)
• ca03013c2 npm/cli#15 Fix some typos in file-specifiers docs. (@Mstrodl)
• 4f39f79bc npm/cli#16 Fix some typos in file-specifiers and package-lock docs. (@watilde)
• 35e51f79d npm/cli#18 Update build status badge url in README. (@watilde)
• a67db5607 npm/cli#17 Replace TROUBLESHOOTING.md with posts in npm.community. (@watilde)
• e115f9de6 npm/cli#7 Use https URLs in documentation when appropriate. Happy Not Secure Day! (@XhmikosR)

v6.2.0

In case you missed it, we moved!. We look forward to seeing future PRs landing in npm/cli in the future, and we'll be chatting with you all in npm.community. Go check it out!

This final release of npm@6.2.0 includes a couple of features that weren't quite ready on time but that we'd still like to include. Enjoy!

FEATURES

• 244b18380 #20554 add support for --parseable output (@luislobo)
• 7984206e2 #12697 Add new sign-git-commit config to control whether the git commit itself gets signed, or just the tag (which is the default). (@tribou)

FIXES

• 4c32413a5 #19418 Do not use SET to fetch the env in git-bash or Cygwin. (@gucong3000)

DEPENDENCY BUMPS

• d9b2712a6 request@2.81.0: Downgraded to allow better deduplication. This does introduce a bunch of hoek-related audit reports, but they don't affect npm itself so we consider it safe. We'll upgrade request again once node-gyp unpins it. (@simov)
• 2ac48f863 node-gyp@3.7.0 (@MylesBorins)
• 8dc6d7640 cli-table3@0.5.0: cli-table2 is unmaintained and required lodash. With this dependency bump, we've removed lodash from our tree, which cut back tarball size by another 300kb. (@Turbo87)
• 90c759fee npm-audit-report@1.3.1 (@zkat)
• 4231a0a1e Add cli-table3 to bundleDeps. (@iarna)
• 322d9c2f1 Make standard happy. (@iarna)

DOCS

• 5724983ea #21165 Fix some markdown formatting in npm-disputes.md. (@hchiam)
• 738178315 #20920 Explicitly state that republishing an unpublished package requires a 72h waiting period. (@gmattie)
• f0a372b07 Replace references to the old repo or issue tracker. We're at npm/cli now! (@zkat)