v3.10.8
Monthly releases are so big! Just look at all this stuff!
Our quarter of monthly releases is almost over. The next one, in October, might very well be our last one as we move to trying something different and learning lessons from our little experiment.
You may also want to keep an eye our for npm@4 next month, since we're planning on finally releasing it then and including a (small) number of breaking changes we've been meaning to do for a long time. Don't worry, though: npm@3 will still be around for a bit and will keep getting better and better, and is most likely going to be the version that node@6 uses once it goes to LTS.
As some of us have mentioned before, npm is likely to start doing more regular semver-major bumps, while keeping those bumps significantly smaller than the huge effort that was npm@3 -- we're not very likely to do a world-shaking thing like that for a while, if ever.
All that said, let's move on to the patches included in v3.10.8!
SHRINKWRAP LEVEL UP
The most notable part of this release is a series of commits meant to make npm shrinkwrap more consistent. By itself, shrinkwrap seems like a fairly straightforward thing to implement, but things get complicated when it starts interacting with devDependencies, optionalDependencies, and bundledDependencies. These commits address some corner cases related to these.
a7eca32#10073 Record if a dependency is only used as a devDependency 6B2E and exclude it from the shrinkwrap file. (@bengl)1eabcd1#10073 Record if a dependency is optional to shrinkwrap. (@bengl)03efc89#13692 We were doing a weird thing where we used apackage.jsonfieldinstallableto check to see if we'd checked for platform compatibility, and if not did so. But this was the only place that was ever done so there was no reason to implement it in such an obfuscated manner. Instead it now just directly checks and then records that its done so on the node object withknownInstallable. This is useful to know because modules expanded via shrinkwrap don't go through this–inflateShrinkwrapdoes not currently have any rollback semantics and so checking this sort of thing there is unhelpful. (@iarna)ff87938#11735 Runningnpm install --save-devwill now update shrinkwrap file, but only if there already are devDependencies in it. (@szimek)c00ca3a#13394 Check installability of modules from shrinkwrap, since modules that came into the tree vie shrinkwrap won't already have this information recorded in advance. (@iarna)
INSTALLER ERROR REPORTING LEVEL UP
As part of the shrinkwrap push, there were also a lot of error-reporting improvements. Some to add more detail to error objects, others to fix bugs and inconsistencies.
2cdd713Consistently set code onETARGETwhen fetching package metadata if no compatible version is found. (@iarna)cabcd17#13692 Include installer warning details at theverboselog level. (@iarna)95a4044dbb14c299943837417000f45f85de79cc1b146ee39#13692 Improve various bits of error reporting, adding more error information and some related refactoring. (@iarna)
MISCELLANEOUS BUGS LEVEL UP
116b6c6#13456 In lifecycle scripts, anynode_modules/.binexisting in the hierarchy should be turned into an entry in the PATH environment variable. However, prior to this commit, it was splitting based on the stringnode_modules, rather than restricting it to only path portions like/node_modules/or\node_modules\. So, a path containing an entry likemy_node_moduleswould be improperly split. (@isaacs)0a28dd0npm/fstream-npm#23fstream-npm@1.2.0: Always ignore*.origfiles, which are generated by git when usinggit mergetool, by default. (@zkat)a3a2fb9#13708 Always ignore*.origfiles, which are generated by git when usinggit mergetool, by default. (@boneskull)
TOOLING LEVEL UP
e1d7e6cAdd helper for generating test skeletons. (@iarna)4400b35Fix fixture creation and cleanup inmaketest. (@iarna)
DOCUMENTATION LEVEL UP
8eb9460#13717 Document thatnpm linkwill link the files specified in thebinfield ofpackage.jsonto{prefix}/bin/{name}. (@legodude17)a66e5e9#13682 Minor grammar fix in documentation fornpm scripts. (@Ajedi32)74b8043#13655 Document line comment syntax for.npmrc. (@mdjasper)b352a84#12438 Remind folks to use#!/usr/bin/env nodein theirbinscripts to make files executable directly. (@mxstbr)b82fd83#13493 Document that the user config file can itself be configured either through the$NPM_CONFIG_USERCONFIGenvironment variable, or--userconfigcommand line flag. (@jasonkarns)8a02699#13911 Minor documentation reword and cleanup. (@othiym23)
DEPENDENCY LEVEL UP
2818fb0glob@7.0.6(@isaacs)d88ec81graceful-fs@4.1.6(@francescoinfante)4727f86lodash.clonedeep@4.5.0(@jdalton)c347678lodash.union@4.6.0(@jdalton)530bd4dlodash.uniq@4.5.0(@jdalton)483d56alodash.without@4.4.0(@jdalton)6c934dfinherits@2.0.3(@isaacs)a65ed7cnpm-registry-client@7.2.1(@othiym23)- npm/npm-registry-client#142 Fix
EventEmitterwarning spam from error handlers on socket. (@addaleax) - npm/npm-registry-client#131 Adds support for streaming request bodies. (@aredridel)
- Fixes #13656.
- Dependency updates.
- Documentation improvements.
- npm/npm-registry-client#142 Fix
2b88d62npm/npmlog#34npmlog@4.0.0: Allows creating log levels that are empty strings or 0 (@rwaldron)242babbonce@1.4.0(@zkochan)6d8ba2breadable-stream@2.1.5(@calvinmetcalf)855c099retry@0.10.0(@tim-kos)80540c5semver@5.3.0(@isaacs)- Add
minSatisfying - Add
prerelease(v)
- Add
8aaac52which@1.2.1(@isaacs)85108a2write-file-atomic@1.2.0: Preserve chmod and chown from the overwritten file (@iarna)291a377Update npm documentation to reflect documentation forsemver@5.3.0. (@zkat)