7b89576bd
#2174 fix running empty scripts withnpm run-script
(@nlf)bc9afb195
#2002 #2184 Preserve builtin conf when installing npm globally (@isaacs)
b74c05d88
@npmcli/[email protected]
- fix windows command-line argument escaping
629a667a9
[email protected]
de9891bd2
[email protected]
c3e7aa31c
#2123 #1957@npmcli/[email protected]
a8aa38513
#2134 #2156 Fixcannot read property length of undefined
inERESOLVE
explanation code (@isaacs)1dbf0f9bb
#2150 #2155 send json errors to stderr, not stdout (@isaacs)fd1d7a21b
#1927 #2154 Set process.title a bit more usefully (@isaacs)2a80c67ef
#2008 #2153 Support legacy auth tokens for registries that use them (@ruyadorno)786e36404
#2017 #2159 pass all options to Arborist fornpm ci
(@darcyclarke)b47ada7d1
#2161 fixed typo (@scarabedore)
04a3e8c10
#1962@npmcli/[email protected]
:- prevent self-assignment of parent/fsParent
- Support update options in global package space
96a0d2802
default the 'start' script when server.js present (@isaacs)7716e423e
#2075 #2071 print the registry when using 'npm login' (@Wicked7000)7046fe10c
#2122 tests fornpm cache
command (@nlf)
74325f53b
#2124@npmcli/[email protected]
:- Export the
isServerPackage
method - Proxy signals to and from foreground child processes
- Export the
0e58e6f6b
#1984 #2079 #1923 #606 #2031@npmcli/[email protected]
:- Process deps for all link nodes
- Use junctions instead of symlinks
- Use @npmcli/move-file instead of fs.rename
1dad328a1
#1865 #2106 #2084[email protected]
:- Properly set the installation command for
prepare
scripts when installing git/dir deps
- Properly set the installation command for
e090d706c
#2097[email protected]
:- Do not crash when the package.json file lacks a 'version' field
8fa541a10
[email protected]
052e977b9
#1822 #1247 add section on peerDependenciesMeta field in package.json (@foxxyz)52d32d175
#1970 match npm-exec.md -p usage with lib/exec.js (@dr-js)48ee8d01e
#2096 Fix RFC links in changelog (@jtojnar)
6cd3cd08a
Support all conf keys in publishConfiga1f9be8a7
#2074 Support publishing any kind of spec, not just directories
545382df6
[email protected]
:- Support publishing things other than folders
7d88f1719
[email protected]
823b40a4e
[email protected]
90bf57826
[email protected]
e5a413577
[email protected]
fc5aa7b4a
[email protected]
9fc1dee13
[email protected]
0ea870ec5
[email protected]
32fd744ea
[email protected]
fc76f3d9f
@npmcli/[email protected]
- Fix
cannot read property 'description' of undefined
innpm ls
whenpackage-lock.json
is corrupted - Do not allow peerDependencies to be nested under dependents in any circumstances
- Always resolve peerDependencies in
--prefer-dedupe
mode
- Fix
3990b422d
#2067 use sh as default unix shell, not bash (@isaacs)81d6ceef6
#1975 fix npm exec on folders missing package.json (@ruyadorno)2a680e91a
#2083 delete the contents ofnode_modules
only innpm ci
(@nlf)2636fe1f4
#2086 disable banner output if loglevel is silent innpm run-script
(@macno)
4156f053e
@npmcli/[email protected]
- restore the default
npm start
script
- restore the default
1900ae9ad
@npmcli/[email protected]
- fix errors when processing scripts as root
8cb0c166c
@npmcli/[email protected]
- make sure missing bin links get set on reify
46c7f792a
#2047 #1935 skip the prompt when in a known ci environment (@nlf)f8f6e1fad
#2049 properly remove pycache in release script (@MylesBorins)5db95b393
#2050 pack: do not show individual files of bundled deps (@isaacs)3ee8f3b34
#2051 view: Better errors when package.json is not JSON (@isaacs)
99ae633f6
[email protected]
- respect gitTagVersion = false
d4173f58d
@npmcli/[email protected]
- do not return empty buffer when stdio is inherited
- attach child process to returned promise
c09380fa5
@npmcli/[email protected]
- forward SIGINT and SIGTERM to children that inherit stdio
b154861ad
@npmcli/[email protected]
ffea6596b
[email protected]
- support http proxy for https registries
77ad86b5e
Merge docs deps with main project
cc026daf8
docs:npm-dedupe
throughnpm-install
aec77acf8
#1915 use "dockhand" for faster static documentation generation (@ethomson)aeb10d210
#2024 Fix post-install script name (@irajtaghlidi)
39ad1ad9e
#2001npm config
tests (@ruyadorno)b9c1caa8e
#2026npm owner
test and refactor (@ruyadorno)
-
b737ee999
#2009 #2007[email protected]
:- Maintain order in package.json files array globs
- Strip slashes from package files list results
-
783965508
#1997 #2000 #2005@npmcli/[email protected]
- Ensure that root is added when root.meta is set
- Include all edges in explain() output when a root edge exists
- Do not conflict on meta-peers that will not be replaced
- Install peerOptionals if explicitly requested, or dev
ce4724a38
#1986 checkresult
when determining exit code ofls <filter>
(@G-Rath)00d926f8d
#1987 don't suppress run output when--silent
is passed (@G-Rath)043da2347
improve cache clear error message (@isaacs)
a57f5c466
update docs for: access, adduser, audit, bin, bugs, build, cache, ci, completion, config and dedupe (@isaacs)5b88b72b9
remove the long-gone bundle command (@isaacs)ae09aa5c1
#1993 document --save-peer as a common option to npm install (@JakeChampion)c9993e6b1
#1982 fix url links for init-package-json/node-semver (@takenspc)
9476734b7
#1967 add mention to workspaces prepare lifecycle (@ruyadorno)
5cf71c689
#1971 owner rm at local pkg not work (@ShangguanQuail)
722b7ae63
#1974 patch node-gyp (@targos)4ae825c01
#1976 patch node-gyp (@MylesBorins)181eabf13
@npmcli/[email protected]
- fix workspaces
prepare
lifecycle scripts - fix peer deps overchecks resulting in ERESOLVE
- fix workspaces
6cc115409
[email protected]
dbf9d6d1f
[email protected]
03fca6a3b
Adds docs on workspaces, explaining its basic concept and how to use it. (@ruyadorno)
120e62736
[email protected]
6560b8d95
@npmcli/[email protected]
- do not drop scope information when fetching scoped package tarballs
- fix cycles/ordering resolution when peer deps require nesting
282a1e008
[email protected]
b259edcb4
[email protected]
7bcdb3636
#1949 fix: ensurepublishConfig
is passed through (@nlf)97978462e
fix: patchconfig.js
to remove duplicate vals (@darcyclarke)
60769d757
#1911 docs: v7 npm-install refresh (@ruyadorno)08de49042
#1938 docs: v7 using npm config updates (@ruyadorno)
15366a1cf
[email protected]
f04a74140
[email protected]
1de21dce0
fix: support dot-separated aliases defined in a.npmrc
ini files forinit-*
configs (@ruyadorno)
a67275cd9
[email protected]
6fb83b78d
[email protected]
1ca30cc9b
[email protected]
28a2d2ba4
@npmcli/[email protected]
- npm/rfcs#239 Improve handling
of conflicting
peerDependencies
in transitive dependencies, so that--force
will always accept a best effort override, and--strict-peer-deps
will fail faster on conflicts.
- npm/rfcs#239 Improve handling
of conflicting
9306c6833
[email protected]
fafb348ef
[email protected]
365f2e756
[email protected]
09b456f2d
@npmcli/[email protected]
e859fba9e
#1936 fix npx for non-interactive shells (@nlf)9320b8e4f
#1906 restore old npx behavior of running existing bins first (@nlf)7bd47ca2c
@npmcli/[email protected]
- fixed handling of invalid package.json file
02737453b
[email protected]
- do not calculate integrity values of http errors
d816c2efa
c8f0d5457
d48086d0d
f34595f2e
#1902 tests for several commands (@nlf)6d49207db
#1903 Revert "Remove unused npx binary" (@MylesBorins)138dfc202
set executable permissions on bins that node installer usesb06d68078
@npmcli/[email protected]
- Do not remove
node_modules
folders from Workspaces whenloadActual
races withbuildIdealTree
(@ruyadorno)
- Do not remove
2509e3a1b
[email protected]
6de81a013
@npmcli/[email protected]
- Fix regression running 'install' scripts when package.json does not contain a scripts object
281a7f39a
@npmcli/[email protected]
- Allow
npm update
to update bundled root dependencies - Only do implicit node-gyp build for gyp files named
binding.gyp
- Allow
384f5ec47
update minipass-fetch to fix many 'cb() never called' errors7b1e75906
@npmcli/[email protected]
- Only do implicit node-gyp build for gyp files named
binding.gyp
- Only do implicit node-gyp build for gyp files named
c20e2f0c7
#1892 Support--omit
options in npm outdated
3b417055c
#1859 fixproxy
andhttps-proxy
config support (@badeggg)dd7d7a284
@npmcli/[email protected]
- #1849 Do not drop peer/dev dep while saving if both set
- Do not install or build if there is a global top bin conflict
- Default to building node-gyp dependencies
40c17e12c
[email protected]
47a8ca1d7
[email protected]
81073f99a
[email protected]
67793abd4
[email protected]
a27e8d006
[email protected]
893fed45e
[email protected]
bc20e0c8a
[email protected]
a2b8fd3c1
[email protected]
ee4c85b87
[email protected]
4bdad5fdf
[email protected]
c394937ec
@npmcli/[email protected]
- Default to building node-gyp dependencies and projects
- remove many unused dependencies
(@ruyadorno)
558e9781a
deep-equal2aa9a1f8a
requestd77594e52
npm-registry-couchapp8ec84d9f6
tacksa07b421f7
lincesee41126e165
npm-cache-filename130da51b5
npm-registry-mockb355af486
sprintf-js721c0a873
uid-number9c920e5f5
umaskaae1c38bb
config-chain450845eac
find-npm-prefix963d542d3
has-unicodecad9cbc70
infer-owner3ae02914d
lockfile7bc474d7c
once5c5e0099a
retrycfaddd334
sha3a978ffc7
slide
405e051f7
Fix EBADPLATFORM error message (@#1876)e4d911d21
@npmcli/[email protected]
- fix: workspaces install entering an infinite loop
- Save provided range if not a subset of savePrefix
- package-lock.json custom indentation
- Check engine and platform when building ideal tree
90550b2e0
#1853 test coverage and refactor for token command (@nlf)2715220c9
#1858 #1813 do not include omitted optional dependencies in install output (@ruyadorno)e225ddcf8
#1862 #1861 respect depth when runningnpm ls <pkg>
(@ruyadorno)2469ae515
#1870 #1780 Add 'fetch-timeout' config (@isaacs)52114b75e
#1871 fixnpm ls
for linked dependencies (@ruyadorno)9981211c0
#1857 #1703 fixnpm outdated
parsing invalid specs (@ruyadorno)
24f3a5448
#1811 npm ci should never save package.json or lockfile (@isaacs)5e780a5f0
remove unused spec parameter, assign error code (@nlf)f019a248a
Remove unused npx binary (@isaacs)db157b3ce
@npmcli/[email protected]
- Resolve race condition with conflicting bin links in local installs
- #1812 Log engine mismatches more usefully
- #1814 Do not loop trying to resolve dependencies that fail to load
- npm/rfcs#224 Do not automatically install optional peer dependencies
- Add the
strictPeerDeps
option, defaulting tofalse
- fix forwarding configs to resolve pkg spec when adding new deps
b3a50d275
#1846@npmcli/[email protected]
- This updates node-gyp to v7, allowing us to deduplicate a lot of significant dependencies.
a1d375f6b
#1819 Add--strict-peer-deps
option (@isaacs)5837a4843
#1699 Use allow/deny list in docs (@luciomartinez)
63005f4a9
#1639 npm view should not output extra newline (@MylesBorins)3743a42c8
#1750 add outdated tests (@claudiahdz)2019abdf1
#1786 add lib/link.js tests (@ruyadorno)2f8d11968
@npmcli/[email protected]
- add meta vulnerability calculator for faster audits
- changed parsing specs to be relative to cwd
- fix logging script execution
- fix properly following resolved symlinks
- fix package.json dependencies order
49b2bf5a7
@npmcli/[email protected]
- fix unkown envs to be passed through
- fix setting correct globalPrefix on load
f9aac351d
[email protected]
- fix git ignored lockfiles
-
ef8f5676b
#1757 view: always fetch fullMetadata, and preferOnline -
a36e2537f
outdated: don't throw on non-version/tag/range dep -
371f0f062
@npmcli/[email protected]
- Provide explanation objects for
ERESOLVE
errors - Support overriding certain classes of
ERESOLVE
errors with--force
- Detect changes to package.json requiring package-lock dependency flag re-evaluation
- Provide explanation objects for
-
8e3e83bd4
@npmcli/[email protected]
- Remove bin links on prune
- Remove unnecessary tree walk for workspace projects
- Install workspaces on update:true
-
d6b134fd9
#1738 #1734 fix package spec parsing during cache add process (@mjeanroy) -
- Do not crash on cyclical meta-vulnerability references
-
5616a23b4
@npmcli/[email protected]
- Support
.git
files, so that git worktrees are respected
- Support
834e62a0e
- fix: npm ls extraneous workspaces
@npmcli/[email protected]
758b02358
#1739 add full install options to npm exec (@ruyadorno)2ee7c8a98
@npmcli/[email protected]
(@ruyadorno)
b38f68acd
ensurenpm-command
HTTP header is sent properly9f200abb9
Properly exit with error status codeaa0152b58
#1719 Detect CI properly50f9740ca
#1717 fund with multiple funding sources (@ruyadorno)3a63ecb6f
#1718 RFC-0029 add ability to skip pre/post hooks tonpm run-script
by using--ignore-scripts
(@ruyadorno)
-
707207bdd
add@npmcli/config
dependency -
5cb9a1d4d
#1688 use@npmcli/config
for configuration (@isaacs) -
- Redact passwords from HTTP logs
-
- Adds support for indentation/newline formatting preservation
-
- Adds support for indentation/newline formatting preservation
-
- Adds support for indentation/newline formatting preservation
-
- Adds support for indentation/newline formatting preservation
-
b44768aac
#1662 #1693 #1690@npmcli/[email protected]
:- Load root project
package.json
when running loadVirtual. - Fetch metadata from registry when loading tree from outdated package-lock.json file. This avoids a situation where a lockfile or shrinkwrap from npm v5 would result in deleting dependencies on install.
- Preserve
package.json
andpackage-lock.json
formatting in all places where these files are written.
- Load root project
-
1faa5b33d
#1655 show usage whenhelp-search
finds no results -
88e4241c5
#1698 add lib/logout.js unit tests (@ruyadorno)
b718b0e28
#1657 display multiple versions when using--json
withnpm view
(@claudiahdz)9e7cc42f6
#1071 migrate frommeant
toleven
(@jamesgeorge007)85027f40c
#1664 refactor and add tests fornpm adduser
(@ruyadorno)6e03e5583
#1672 refactor and add tests fornpm audit
(@claudiahdz)
Replace some environment variables that were excluded. This implements the amendment to RFC0021.
631142f4a
@npmcli/[email protected]
da95386ae
#1650 #1652 include booleans, skip already-set envs
Bring back support for npm audit --production
, fix a minor npm version
annoyance, and track down a very serious issue where a project could be
blown away when it matches a meta-dep in the tree.
5fb217701
#1641@npmcli/[email protected]
3598fe1f2
@npmcli/[email protected]
Add support fornpm audit --production
8ba2aeaee
[email protected]
New notification style for updates, and a working doctor.
cf2819210
#1622 Improve abbrevs for install and helpd062b2c02
new npm-specific update-notifier implementationf6d468a3b
update doctor commandb8b4d77af
#1638 Direct users to our GitHub issues instead of npm.community
Fix some issues found in the beta pubish process, and initial attempts to use npm v7 with citgm.
2c305e8b7
output generated tarball filename0808328c9
pack: set correct filename for scoped packages (@isaacs)cf27df035
@npmcli/[email protected]
(@isaacs)
Major refactoring and overhaul of, well, pretty much everything. Almost
all dependencies have been updated, many have been removed, and the entire
Installer
class is moved into
@npmcli/arborist
.
- You can install GitHub pull requests by adding
#pull/<number>
to the git url. So it'd be something likenpm install github:user/project#pull/123
to install PR number 123 of theuser/project
git repo. You can of course also use this in dependencies, or anywhere else dependency specifiers are found. - Initial Workspaces support is added. If you
npm install
in a project with aworkspaces
declaration, npm will install all your sub-projects' dependencies as well, and link everything up proper. npm exec
is added, to run any arbitrary command as if it was an npm script. This is sort of likenpx
, which is also ported to usenpm exec
under the hood.npm audit
output is tightened up, and prettified. Audit can also now fix a few more classes of problems, sends far less data over the wire, and doesn't place blame on the wrong maintainers. (Technically this is a breaking change if you depend on the specific audit output, but it's also a big improvement!)npm install
got faster. Like a lot faster. "So fast you'll think it's broken" faster.npm ls
got even fasterer. A lot of stuff sped up, is what we're saying.- Support has been dropped for Node.js versions less than v10.
The Semantic Versioning specification precisely defines what constitutes a "breaking" change. In a nutshell, it's any change that causes a you to change your code in order to start using our code. We hasten to point this out, because a "breaking change" does not mean that something about the update is "broken", necessarily.
We're sure that some things likely are broken in this beta, because beta software, and a healthy pessimism about things. But nothing is "broken" on purpose here, and if you find a bug, we'd love for you to let us know.
It's beta software!
We have not yet gotten to 100% test coverage of the npm CLI codebase. As such, there are almost certainly bugs lying in wait. We do have 100% test coverage of most of the commands, and all recently-updated dependencies in the npm stack, so it's certainly more well-tested than any version of npm before.
The documentation is incorrect and out of date in most places. Prior to a GA release, we'll be going through all of our documentation with a fine-toothed comb to minimize the lies that it tells.
There are a few cases where this release will just say something failed, and not give you as much help as we'd like. We know, and we'll fix that prior to the GA 7.0.0 release.
In particular, if you install a project that has conflicting
peerDependencies
in the tree, it'll just say "Unable to resolve package
tree". Prior to GA release, it'll tell you how to fix it. (For the time
being, just run it again with --legacy-peer-deps
, and that'll make it
operate like npm v6.)
There is a known performance issue in some cases that we've identified
where npm audit
can spin wildly out of control like a dancer gripped by a
fever, heating up your laptop with fires of passion and CPU work. This
happens when a vulnerability is in a tree with a lot of cross-linked
dependencies that all depend on one another.
We have a fix for it, but if you run into this issue, you can run with
--no-audit
to tell npm to chill out a little bit.
That's about it! It's ready to use, and you should try it out.
Now on to the list of BREAKING CHANGES!
- RFC
20
The CLI and its dependencies no longer use the
figgy-pudding
library for configs. Configuration is done using a flat plain old JavaScript object. - The
lib/fetch-package-metadata.js
module is removed. Usepacote
to fetch package metadata. @npmcli/arborist
should be used to do most things programmatically involving dependency trees.- The
onload-script
option is no longer supported. - The
log-stream
option is no longer supported. npm.load()
MUST be called with two arguments (the parsed cli options and a callback).npm.root
alias fornpm.dir
removed.- The
package.json
in npm now defines anexports
field, making it no longer possible torequire()
npm's internal modules. (This was always a bad idea, but now it won't work.)
The following affect all commands that contact the npm registry.
referer
header no longer sentnpm-command
header added
The environment for lifecycle scripts (eg, build scripts, npm test
, etc.)
has changed.
-
RFC 21 Environment no longer includes
npm_package_*
fields, ornpm_config_*
fields for default configs.npm_package_json
,npm_package_integrity
,npm_package_resolved
, andnpm_command
environment variables added. -
RFC 22 Scripts run during the normal course of installation are silenced unless they exit in error (ie, with a signal or non-zero exit status code), and are for a non-optional dependency.
-
RFC 24
PATH
environment variable includes allnode_modules/.bin
folders, even if found outside of an existingnode_modules
folder hierarchy. -
The
user
,group
,uid
,gid
, andunsafe-perms
configurations are no longer relevant. When npm is run as root, scripts are always run with the effectiveuid
andgid
of the working directory owner. -
Commands that just run a single script (
npm test
,npm start
,npm stop
, andnpm restart
) will now run their script even if--ignore-scripts
is set. Prior to the GA v7.0.0 release, they will not run the pre/post scripts, however. (So, it'll be possible to runnpm test --ignore-scripts
to run your test but not your linter, for example.)
The npx
binary was rewritten in npm v7, and the standalone npx
package
deprecated when v7.0.0 hits GA. npx
uses the new npm exec
command
instead of a separate argument parser and install process, with some
affordances to maintain backwards compatibility with the arguments it
accepted in previous versions.
This resulted in some shifts in its functionality:
- Any
npm
config value may be provided. - To prevent security and user-experience problems from mistyping package
names,
npx
prompts before installing anything. Suppress this prompt with the-y
or--yes
option. - The
--no-install
option is deprecated, and will be converted to--no
. - Shell fallback functionality is removed, as it is not advisable.
- The
-p
argument is a shorthand for--parseable
in npm, but shorthand for--package
in npx. This is maintained, but only for thenpx
executable. (Ie, runningnpm exec -p foo
will be different from runningnpx -p foo
.) - The
--ignore-existing
option is removed. Locally installed bins are always present in the executed processPATH
. - The
--npm
option is removed.npx
will always use thenpm
it ships with. - The
--node-arg
and-n
options are removed. - The
--always-spawn
option is redundant, and thus removed. - The
--shell
option is replaced with--script-shell
, but maintained in thenpx
executable for backwards compatibility.
We do intend to continue supporting the npx
that npm ships; just not the
npm install -g npx
library that is out in the wild today.
- RFC
13
Installed
package.json
files no longer are mutated to include extra metadata. (This extra metadata is stored in the lockfile.) package-lock.json
is updated to a newer format, using"lockfileVersion": 2
. This format is backwards-compatible with npm CLI versions using"lockfileVersion": 1
, but older npm clients will print a warning about the version mismatch.yarn.lock
files used as source of package metadata and resolution guidance, if available. (Prior to v7, they were ignored.)
These changes affect install
, ci
, install-test
, install-ci-test
,
update
, prune
, dedupe
, uninstall
, link
, and audit fix
.
-
RFC 25
peerDependencies
are installed by default. This behavior can be disabled by setting thelegacy-peer-deps
configuration flag.BREAKING CHANGE: this can cause some packages to not be installable, if they have unresolveable peer dependency conflicts. While the correct solution is to fix the conflict, this was not forced upon users for several years, and some have come to rely on this lack of correctness. Use the
--legacy-peer-deps
config flag if impacted. -
RFC 23 Support for
acceptDependencies
is added. This can result in dependency resolutions that previous versions of npm will incorrectly flag as invalid. -
Git dependencies on known git hosts (GitHub, BitBucket, etc.) will always attempt to fetch package contents from the relevant tarball CDNs if possible, falling back to
git+ssh
for private packages.resolved
value inpackage-lock.json
will always reflect thegit+ssh
url value. Saved value inpackage.json
dependencies will always reflect the canonical shorthand value. -
Support for the
--link
flag (to install a link to a globall-installed copy of a module if present, otherwise install locally) has been removed. Local installs are always local, andnpm link <pkg>
must be used explicitly if desired. -
Installing a dependency with the same name as the root project no longer requires
--force
. (That is, theENOSELF
error is removed.)
- RFC
26
First phase of
workspaces
support is added. This changes npm's behavior when a root project'spackage.json
file contains aworkspaces
field.
- RFC
19
Update all dependencies when
npm update
is run without any arguments. As it is no longer relevant,--depth
config flag removed fromnpm update
.
- RFC
27
Remove
--depth
config fromnpm outdated
. Only top-level dependencies are shown, unless--all
config option is set.
- The
--sso
options are deprecated, and will print a warning.
-
Output and data structure is significantly refactored to call attention to issues, identify classes of fixes not previously available, and remove extraneous data not used for any purpose.
BREAKING CHANGE: Any tools consuming the output of
npm audit
will almost certainly need to be updated, as this has changed significantly, both in the readable and--json
output styles.
-
Performs a full dependency tree reification to disk. As a result,
npm dedupe
can cause missing or invalid packages to be installed or updated, though it will only do this if required by the stated dependency semantics. -
Note that the
--prefer-dedupe
flag has been added, so that you may install in a maximally deduplicated state from the outset.
- Human readable output updated, reinstating depth level to the printed output.
- Extraneous dependencies are listed based on their location in the
node_modules
tree. npm ls
only prints the first level of dependencies by default. You can make it print more of the tree by using--depth=<n>
to set a specific depth, or--all
to print all of them.
- Generated gzipped tarballs no longer contain the zlib OS indicator. As a result, they are truly dependent only on the contents of the package, and fully reproducible. However, anyone relying on this byte to identify the operating system of a package's creation may no longer rely on it.
- Runs package installation scripts as well as re-creating links to bins.
Properly respects the
--ignore-scripts
and--bin-links=false
configuration options.
- These two internal commands were removed, as they are no longer needed.
- When no test is specified, will fail with
missing script: test
rather than injecting a syntheticecho 'Error: no test specified'
test script into thepackage.json
data.
Huge thanks to the people who wrote code for this update, as well as our group of dedicated Open RFC call participants. Your participation has contributed immeasurably to the quality and design of npm.