ยซ Changelog History


npm v6.0.1-next.0 Release Notes

Release Date: 2018-05-04 // almost 6 years ago

  • ๐Ÿ“ฆ CTRL-C OUT DURING PACKAGE EXTRACTION AS MUCH AS YOU WANT!

    SHRONKWRAPS AND LACKFILES

    ๐Ÿ”’ If a published modules had legacy npm-shrinkwrap.json we were saving ordinary registry dependencies (name@version) to your package-lock.json as https:// URLs instead of versions.

    • ๐Ÿ”’ 89102c0d9 When saving the lock-file compute how the dependency is being required instead of using _resolved in the package.json. This fixes the bug that was converting registry dependencies into https:// dependencies. (@iarna)
    • ๐Ÿ”’ 676f1239a When encountering a https:// URL in our lockfiles that point at our default registry, extract the version and use them as registry dependencies. This lets us heal package-lock.json files produced by 6.0.0 (@iarna)

    AUDIT AUDIT EVERYWHERE

    You can't use it quite yet, but we do have a few last moment patches to npm audit to make it even better when it is turned on!

    • b2e4f48f5 Make sure we hide stream errors on background audit submissions. Previously some classes of error could end up being displayed (harmlessly) during installs. (@iarna)
    • 1fe0c7fea Include session and scope in requests (as we do in other requests to the registry). (@iarna)
    • โœ… d04656461 Exit with non-zero status when vulnerabilities are found. So you can have npm audit as a test or prepublish step! (@iarna)
    • fcdbcbacc Verify lockfile integrity before running. You'd get an error either way, but this way it's faster and can give you more concrete instructions on how to fix it. (@iarna)
    • 2ac8edd42 Refuse to run in global mode. Audits require a lockfile and globals don't have one. Yet. (@iarna)

    ๐Ÿ“š DOCUMENTATION IMPROVEMENTS

    โšก๏ธ DEPENDENCY UPDATES