Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/npm/cli.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/changelogs
diff options
context:
space:
mode:
authorKat Marchán <kzm@sykosomatic.org>2017-05-26 05:25:41 +0300
committerKat Marchán <kzm@sykosomatic.org>2017-05-26 06:21:58 +0300
commit8a173da28fffc1b1b45f6900ed9c7bac7cda821e (patch)
tree61ab2fa41e841f49db306d95a3bb4ca2cafa957e /changelogs
parent794c10e689634cbb85133f8de2b25411f374436b (diff)
docs: END OF AN ERA OF CHANGELOGS 😭
Diffstat (limited to 'changelogs')
-rw-r--r--changelogs/CHANGELOG-4.md1566
1 files changed, 1566 insertions, 0 deletions
diff --git a/changelogs/CHANGELOG-4.md b/changelogs/CHANGELOG-4.md
new file mode 100644
index 000000000..e55bcab3d
--- /dev/null
+++ b/changelogs/CHANGELOG-4.md
@@ -0,0 +1,1566 @@
+## v4.6.1 (2017-04-21)
+
+A little release to tide you over while we hammer out the last bits for npm@5.
+
+### FEATURES
+
+* [`d13c9b2f2`](https://github.com/npm/npm/commit/d13c9b2f24b6380427f359b6e430b149ac8aaa79)
+ `init-package-json@1.10.0`:
+ The `name:` prompt is now `package name:` to make this less ambiguous for new users.
+
+ The default package name is now a valid package name. For example: If your package directory
+ has mixed case, the default package name will be all lower case.
+* [`f08c66323`](https://github.com/npm/npm/commit/f08c663231099f7036eb82b92770806a3a79cdf1)
+ [#16213](https://github.com/npm/npm/pull/16213)
+ Add `--allow-same-version` option to `npm version` so that you can use `npm version` to run
+ your version lifecycles and tag your git repo without actually changing the version number in
+ your `package.json`.
+ ([@lucastheisen](https://github.com/lucastheisen))
+* [`f5e8becd0`](https://github.com/npm/npm/commit/f5e8becd05e0426379eb0c999abdbc8e87a7f6f2)
+ Timing has been added throughout the install implementation. You can see it by running
+ a command with `--loglevel=timing`. You can also run commands with `--timing` which will write
+ an `npm-debug.log` even on success and add an entry to `_timing.json` in your cache with
+ the timing information from that run.
+ ([@iarna](https://github.com/iarna))
+
+### BUG FIXES
+
+* [`9c860f2ed`](https://github.com/npm/npm/commit/9c860f2ed3bdea1417ed059b019371cd253db2ad)
+ [#16021](https://github.com/npm/npm/pull/16021)
+ Fix a crash in `npm doctor` when used with a registry that does not support
+ the `ping` API endpoint.
+ ([@watilde](https://github.com/watilde))
+* [`65b9943e9`](https://github.com/npm/npm/commit/65b9943e9424c67547b0029f02b0258e35ba7d26)
+ [#16364](https://github.com/npm/npm/pull/16364)
+ Shorten the ELIFECYCLE error message. The shorter error message should make it much
+ easier to discern the actual cause of the error.
+ ([@j-f1](https://github.com/j-f1))
+* [`a87a4a835`](https://github.com/npm/npm/commit/a87a4a8359693518ee41dfeb13c5a8929136772a)
+ `npmlog@4.0.2`:
+ Fix flashing of the progress bar when your terminal is very narrow.
+ ([@iarna](https://github.com/iarna))
+* [`41c10974f`](https://github.com/npm/npm/commit/41c10974fe95a2e520e33e37725570c75f6126ea)
+ `write-file-atomic@1.3.2`:
+ Wait for `fsync` to complete before considering our file written to disk.
+ This will improve certain sorts of Windows diagnostic problems.
+* [`2afa9240c`](https://github.com/npm/npm/commit/2afa9240ce5b391671ed5416464f2882d18a94bc)
+ [#16336](https://github.com/npm/npm/pull/16336)
+ Don't ham-it-up when expecting JSON.
+ ([@bdukes](https://github.com/bdukes))
+
+### DOCUMENTATION FIXES
+
+* [`566f3eebe`](https://github.com/npm/npm/commit/566f3eebe741f935b7c1e004bebf19b8625a1413)
+ [#16296](https://github.com/npm/npm/pull/16296)
+ Use a single convention when referring to the `<command>` you're running.
+ ([@desfero](https://github.com/desfero))
+* [`ccbb94934`](https://github.com/npm/npm/commit/ccbb94934d4f677f680c3e2284df3d0ae0e65758)
+ [#16267](https://github.com/npm/npm/pull/16267)
+ Fix a missing space in the example package.json.
+ ([@famousgarkin](https://github.com/famousgarkin))
+
+### DEPENDENCY UPDATES
+
+* [`ebde4ea33`](https://github.com/npm/npm/commit/ebde4ea3363dfc154c53bd537189503863c9b3a4)
+ `hosted-git-info@2.4.2`
+* [`c46ad71bb`](https://github.com/npm/npm/commit/c46ad71bbe27aaa9ee10e107d8bcd665d98544d7)
+ `init-package-json@1.9.6`
+* [`d856d570d`](https://github.com/npm/npm/commit/d856d570d2df602767c039cf03439d647bba2e3d)
+ `npm-registry-client@8.1.1`
+* [`4a2e14436`](https://github.com/npm/npm/commit/4a2e1443613a199665e7adbda034d5b9d10391a2)
+ `readable-stream@2.2.9`
+* [`f0399138e`](https://github.com/npm/npm/commit/f0399138e6d6f1cd7f807d523787a3b129996301)
+ `normalize-package-data@2.3.8`
+
+### v4.5.0 (2017-03-24)
+
+Welcome a wrinkle on npm's registry API!
+
+Codename: Corgi
+
+![corgi-meme](https://cloud.githubusercontent.com/assets/757502/24126107/64c14268-0d89-11e7-871b-d457e6d0082b.jpg)
+
+This release has some bug fixes, but it's mostly about bringing support for
+MUCH smaller package metadata. How much smaller? Well, for npm itself it
+reduces 416K of gzip compressed JSON to 24K.
+
+As a user, all you have to do is update to get to use the new API. If
+you're interested in the details we've [documented the
+changes](https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md)
+in detail.
+
+#### CORGUMENTS
+
+Package metadata: now smaller. This means a smaller cache and less to download.
+
+* [`86dad0d74`](https://github.com/npm/npm/commit/86dad0d747f288eab467d49c9635644d3d44d6f0)
+ Add support for filtered package metadata.
+ ([@iarna](https://github.com/iarna))
+* [`41789cffa`](https://github.com/npm/npm/commit/41789cffac9845603f4bdf3f5b03f412144a0e9f)
+ `npm-registry-client@8.1.0`
+ ([@iarna](https://github.com/iarna))
+
+#### NO SHRINKWRAP, NO PROBLEM
+
+Previously we needed to extract every package's tarball to look for an
+`npm-shrinkwrap.json` before we could begin working through what its
+dependencies were. This was one of the things stopping npm's network
+accesses from happening more concurrently. The new filtered package
+metadata provides a new key, `_hasShrinkwrap`. When that's set to `false`
+then we know we don't have to look for one.
+
+* [`4f5060eb3`](https://github.com/npm/npm/commit/4f5060eb31b9091013e1d6a34050973613a294a3)
+ [#15969](https://github.com/npm/npm/pull/15969)
+ Add support for skipping `npm-shrinkwrap.json` extraction when the
+ registry can affirm that one doesn't exist.
+ ([@iarna](https://github.com/iarna))
+
+#### INTERRUPTING SCRIPTS
+
+* [`878aceb25`](https://github.com/npm/npm/commit/878aceb25e6d6052dac15da74639ce274c8e62c5)
+ [#16129](https://github.com/npm/npm/pull/16129)
+ Better handle Ctrl-C while running scripts. `npm` will now no longer exit
+ until the script it is running has exited. If you press Ctrl-C a second
+ time it kill the script rather than just forwarding the Ctrl-C.
+ ([@jaridmargolin](https://github.com/jaridmargolin))
+
+#### DEPENDENCY UPDATES:
+
+* [`def75eebf`](https://github.com/npm/npm/commit/def75eebf1ad437bf4fd3f5e103cc2d963bd2a73)
+ `hosted-git-info@2.4.1`:
+ Preserve case of the user name part of shortcut specifiers, previously they were lowercased.
+ ([@iarna](https://github.com/iarna))
+* [`eb3789fd1`](https://github.com/npm/npm/commit/eb3789fd18cfb063de9e6f80c3049e314993d235)
+ `node-gyp@3.6.0`: Add support for VS2017 and Chakracore improvements.
+ ([@refack](https://github.com/refack))
+ ([@kunalspathak](https://github.com/kunalspathak))
+* [`245e25315`](https://github.com/npm/npm/commit/245e25315524b95c0a71c980223a27719392ba75)
+ `readable-stream@2.2.6` ([@mcollina](https://github.com/mcollina))
+* [`30357ebc5`](https://github.com/npm/npm/commit/30357ebc5691d7c9e9cdc6e0fe7dc6253220c9c2)
+ `which@1.2.14` ([@isaacs](https://github.com/isaacs))
+
+### v4.4.4 (2017-03-16)
+
+😩😤😅 Okay! We have another `next`
+release for ya today. So, yes! With v4.4.3 we fixed the bug that made
+bundled scoped modules uninstallable. But somehow I overlooked the fact
+that we: A) were using these and B) that made upgrading to v4.4.3 impossible. 😭
+
+So I've renamed those two scoped modules to no longer use scopes and we now
+have a shiny new test to ensure that scoped modules don't creep into our
+transitive deps and make it impossible to upgrade to `npm`.
+
+(None of our woes applies to most of you all because most of you all don't
+use bundled dependencies. `npm` does because we want the published artifact to be
+installable without having to already have `npm`.)
+
+* [`2a7409fcb`](https://github.com/npm/npm/commit/2a7409fcba6a8fab716c80f56987b255983e048e)
+ [#16066](https://github.com/npm/npm/pull/16066)
+ Ensure we aren't using any scoped modules
+ Because `npm`s prior 4.4.3 can't install dependencies that have bundled scoped
+ modules. This didn't show up sooner because they ALSO had a bug that caused
+ bundled scoped modules to not be included in the bundle.
+ ([@iarna](https://github.com/iarna))
+* [`eb4c70796`](https://github.com/npm/npm/commit/eb4c70796c38f24ee9357f5d4a0116db582cc7a9)
+ [#16066](https://github.com/npm/npm/pull/16066)
+ Switch to move-concurrently to remove scoped dependency
+ ([@iarna](https://github.com/iarna))
+
+### v4.4.3 (2017-03-15)
+
+This is a small patch release, mostly because the published tarball for
+v4.4.2 was missing a couple of modules, due to a bug involving scoped
+modules, bundled dependencies and legacy tree layouts.
+
+There are a couple of other things here that happened to be ready to go. So
+without further ado…
+
+#### BUG FIXES
+
+* [`3d80f8f70`](https://github.com/npm/npm/commit/3d80f8f70679ad2b8ce7227d20e8dbce257a47b9)
+ [npm/fs-vacuum#6](https://github.com/npm/fs-vacuum/pull/6)
+ `fs-vacuum@1.2.1`: Make sure we never, ever remove home directories. Previously if your
+ home directory was entirely empty then we might `rmdir` it.
+ ([@helio-frota](https://github.com/helio-frota))
+* [`1af85ca9f`](https://github.com/npm/npm/commit/1af85ca9f4d625f948e85961372de7df3f3774e2)
+ [#16040](https://github.com/npm/npm/pull/16040)
+ Fix bug where bundled transitive dependencies that happened to be
+ installed under bundled scoped dependencies wouldn't be included in the
+ tarball when building a package.
+ ([@iarna](https://github.com/iarna))
+* [`13c7fdc2e`](https://github.com/npm/npm/commit/13c7fdc2e87456a87b1c9385a3daeae228ed7c95)
+ [#16040](https://github.com/npm/npm/pull/16040)
+ Fix a bug where bundled scoped dependencies couldn't be extracted.
+ ([@iarna](https://github.com/iarna))
+* [`d6cde98c2`](https://github.com/npm/npm/commit/d6cde98c2513fe160eab41e31c3198dfde993207)
+ [#16040](https://github.com/npm/npm/pull/16040)
+ Stop printing `ENOENT` errors more than once.
+ ([@iarna](https://github.com/iarna))
+* [`722fbf0f6`](https://github.com/npm/npm/commit/722fbf0f6cf4413cdc24b610bbd60a7dbaf2adfe)
+ [#16040](https://github.com/npm/npm/pull/16040)
+ Rewrite the `extract` action for greater clarity.
+ Specifically, this involves moving things around structurally to do the same
+ thing [`d0c6d194`](https://github.com/npm/npm/commit/d0c6d194) did, but in a more comprehensive manner.
+ This also fixes a long standing bug where errors from the move step would be
+ eaten during this phase and as a result we would get mysterious crashes in
+ the finalize phase when finalize tried to act on them.
+ ([@iarna](https://github.com/iarna))
+* [`6754dabb6`](https://github.com/npm/npm/commit/6754dabb6bd3301504efb3b62f36d3fe70958c19)
+ [#16040](https://github.com/npm/npm/pull/16040)
+ Flatten out `@npmcorp/move`'s deps for backwards compatibility reasons. Versions prior to this
+ one will fail to install any package that bundles a scoped dependency. This was responsible
+ for `ENOENT` errors during the `finalize` phase.
+ ([@iarna](https://github.com/iarna))
+
+#### DOC UPDATES
+
+* [`fba51c582`](https://github.com/npm/npm/commit/fba51c582d1d08dd4aa6eb27f9044dddba91bb18)
+ [#15960](https://github.com/npm/npm/pull/15960)
+ Update troubleshooting and contribution guide links.
+ ([@watilde](https://github.com/watilde))
+
+
+### v4.4.2 (2017-03-09):
+
+This week, the focus on the release was mainly going through [all of npm's deps
+that we manage
+ourselves](https://github.com/npm/npm/wiki/npm-maintained-dependencies), and
+making sure all their PRs and versions were up to date. That means there's a few
+fixes here and there. Nothing too big codewise, though.
+
+The most exciting part of this release is probably our [shiny new
+Contributing](https://github.com/npm/npm/blob/latest/CONTRIBUTING.md) and
+[Troubleshooting](https://github.com/npm/npm/blob/latest/TROUBLESHOOTING.md)
+docs! [@snopeks](https://github.com/snopeks) did some ✨fantastic✨ work hashing it
+out, and we're really hoping this is a nice big step towards making contributing
+to npm easier. The troubleshooting doc will also hopefully solve common issues
+for people! Do you think something is missing from it? File a PR and we'll add
+it! The current document is just a baseline for further editing and additions.
+
+Also there's maybe a bit of an easter egg in this release. 'Cause those are fun and I'm a huge nerd. 😉
+
+#### DOCUMENTATION AHOY
+
+* [`07e997a`](https://github.com/npm/npm/commit/07e997a7ecedba7b29ad76ffb2ce990d5c0200fc)
+ [#15756](https://github.com/npm/npm/pull/15756)
+ Overhaul `CONTRIBUTING.md` and add new `TROUBLESHOOTING.md` files. 🙌🏼
+ ([@snopeks](https://github.com/snopeks))
+* [`2f3e4b6`](https://github.com/npm/npm/commit/2f3e4b645cdc268889cf95ba24b2aae572d722ad)
+ [#15833](https://github.com/npm/npm/pull/15833)
+ Mention the [24-hour unpublish
+ policy](http://blog.npmjs.org/post/141905368000/changes-to-npms-unpublish-policy)
+ on the main registry.
+ ([@carols10cents](https://github.com/carols10cents))
+
+#### NOT REALLY FEATURES, NOT REALLY BUGFIXES. MORE LIKE TWEAKS? 🤔
+
+* [`84be534`](https://github.com/npm/npm/commit/84be534aedb78c65cd8012427fc04871ceeccf90)
+ [#15888](https://github.com/npm/npm/pull/15888)
+ Stop flattening `ls`-tree output. From now on, deduped deps will be marked as
+ such in the place where they would've been before getting hoisted by the
+ installer.
+ ([@iarna](https://github.com/iarna))
+* [`e9a5dca`](https://github.com/npm/npm/commit/e9a5dca369ead646ab5922326cede1406c62bd3b)
+ [#15967](https://github.com/npm/npm/pull/15967)
+ Limit metadata fetches to 10 concurrent requests.
+ ([@iarna](https://github.com/iarna))
+* [`46aa9bc`](https://github.com/npm/npm/commit/46aa9bcae088740df86234fc199f7aef53b116df)
+ [#15967](https://github.com/npm/npm/pull/15967)
+ Limit concurrent installer actions to 10.
+ ([@iarna](https://github.com/iarna))
+
+#### BUGFIXES
+
+* [`c3b994b`](https://github.com/npm/npm/commit/c3b994b71565eb4f943cce890bb887d810e6e2d4)
+ [#15901](https://github.com/npm/npm/pull/15901)
+ Use EXDEV aware move instead of rename. This will allow moving across devices
+ and moving when filesystems don't support renaming directories full of files. It might make folks using Docker a bit happier.
+ ([@iarna](https://github.com/iarna))
+* [`0de1a9c`](https://github.com/npm/npm/commit/0de1a9c1db90e6705c65c068df1fe82899e60d68)
+ [#15735](https://github.com/npm/npm/pull/15735)
+ Autocomplete support for npm scripts with `:` colons in the name.
+ ([@beyondcompute](https://github.com/beyondcompute))
+* [`84b0b92`](https://github.com/npm/npm/commit/84b0b92e7f78ec4add42e8161c555325c99b7f98)
+ [#15874](https://github.com/npm/npm/pull/15874)
+ Stop using [undocumented](https://github.com/nodejs/node/pull/11355)
+ `res.writeHeader` alias for `res.writeHead`.
+ ([@ChALkeR](https://github.com/ChALkeR))
+* [`895ffe4`](https://github.com/npm/npm/commit/895ffe4f3eecd674796395f91c30eda88aca6b36)
+ [#15824](https://github.com/npm/npm/pull/15824)
+ Fix empty versions column in `npm search` output.
+ ([@bcoe](https://github.com/bcoe))
+* [`38c8d7a`](https://github.com/npm/npm/commit/38c8d7adc1f43ab357d1e729ae7cd5d801a26e68)
+ `init-package-json@1.9.5`: [npm/init-package-json#61](https://github.com/npm/init-package-json/pull/61) Exclude existing `devDependencies` from being added to `dependencies`. Fixes [#12260](https://github.com/npm/npm/issues/12260).
+ ([@addaleax](https://github.com/addaleax))
+
+### v4.4.1 (2017-03-06):
+
+This is a quick little patch release to forgo the update notification
+checker if you're on an unsuported (but not otherwise broken) version of
+Node.js. Right now that means 0.10 or 0.12.
+
+* [`56ac249`](https://github.com/npm/npm/commit/56ac249ef8ede1021f1bc62a0e4fe1e9ba556af2)
+ [#15864](https://github.com/npm/npm/pull/15864)
+ Only use `update-notifier` on supported versions.
+ ([@legodude17](https://github.com/legodude17))
+
+### v4.4.0 (2017-02-23):
+
+Aaaah, [@iarna](https://github.com/iarna) here, it's been a little while
+since I did one of these! This is a nice little release, we've got an
+update notifier, vastly less verbose error messages, new warnings on package
+metadata that will probably give you a bad day, and a sprinkling of bug
+fixes.
+
+#### UPDATE NOTIFICATIONS
+
+We now have a little nudge to update your `npm`, courtesy of
+[update-notifier](https://www.npmjs.com/package/update-notifier).
+
+* [`148ee66`](https://github.com/npm/npm/commit/148ee663740aa05877c64f16cdf18eba33fbc371)
+ [#15774](https://github.com/npm/npm/pull/15774)
+ `npm` will now check at start up to see if a newer version is available.
+ It will check once a day. If you want to disable this, set `optOut` to `true` in
+ `~/.config/configstore/update-notifier-npm.json`.
+ ([@ceejbot](https://github.com/ceejbot))
+
+#### LESS VERBOSE ERROR MESSAGES
+
+`npm` has, for a long time, had very verbose error messages. There was a
+lot of info in there, including the cause of the error you were seeing but
+without a lot of experience reading them pulling that out was time consuming
+and difficult.
+
+With this change the output is cut down substantially, centering the error
+message. So, for example if you try to `npm run sdlkfj` then the entire
+error you'll get will be:
+
+```
+npm ERR! missing script: sldkfj
+
+npm ERR! A complete log of this run can be found in:
+npm ERR! /Users/rebecca/.npm/_logs/2017-02-24T00_41_36_988Z-debug.log
+```
+
+The CLI team has discussed cutting this down even further and stripping the
+`npm ERR!` prefix off those lines too. We'd appreciate your feedback on
+this!
+
+* [`e544124`](https://github.com/npm/npm/commit/e544124592583654f2970ec332003cfd00d04f2b)
+ [#15716](https://github.com/npm/npm/pull/15716)
+ Make error output less verbose.
+ ([@iarna](https://github.com/iarna))
+* [`166bda9`](https://github.com/npm/npm/commit/166bda97410d0518b42ed361020ade1887e684af)
+ [#15716](https://github.com/npm/npm/pull/15716)
+ Stop encouraging users to visit the issue tracker unless we know for
+ certain that it's an npm bug.
+ ([@iarna](https://github.com/iarna))
+
+#### OTHER NEW FEATURES
+
+* [`53412eb`](https://github.com/npm/npm/commit/53412eb22c1c75d768e30f96d69ed620dfedabde)
+ [#15772](https://github.com/npm/npm/pull/15772)
+ We now warn if you have a module listed in both dependencies and
+ devDependencies.
+ ([@TedYav](https://github.com/TedYav))
+* [`426b180`](https://github.com/npm/npm/commit/426b1805904a13bdc5c0dd504105ba037270cbee)
+ [#15757](https://github.com/npm/npm/pull/15757)
+ Default reporting metrics to default registry. Previously it defaulted to using
+ `https://registry.npmjs.org`, now it will default to the result of
+ `npm config get registry`. For most folks this won't actually change anything, but it
+ means that folks who use a private registry will have metrics routed there by default.
+ This has the potential to be interesting because it means that in the
+ future private registry products ([npme](https://npme.npmjs.com/docs/)!)
+ will be able to report on these metrics.
+ ([@iarna](https://github.com/iarna))
+
+#### BUG FIXES
+
+* [`8ea0de9`](https://github.com/npm/npm/commit/8ea0de98563648ba0db032acd4d23d27c4a50a66)
+ [#15716](https://github.com/npm/npm/pull/15716)
+ Write logs for `cb() never called` errors.
+* [`c4e83dc`](https://github.com/npm/npm/commit/c4e83dca830b24305e3cb3201a42452d56d2d864)
+ Make it so that errors while reading the existing node_modules tree can't
+ result in installer crashes.
+ ([@iarna](https://github.com/iarna))
+* [`2690dc2`](https://github.com/npm/npm/commit/2690dc2684a975109ef44953c2cf0746dbe343bb)
+ Update `npm doctor` to not treat broken symlinks in your global modules as
+ a permission failure. This is particularly important if you link modules and your text
+ editor uses the convention of creating symlinks from `.#filename.js` to a
+ machine name and pid to lock files (eg emacs and compatible things).
+ ([@iarna](https://github.com/iarna))
+* [`f4c3f48`](https://github.com/npm/npm/commit/f4c3f489aa5787cf0d60e8436be2190e4b0d0ff7)
+ [#15777](https://github.com/npm/npm/pull/15777)
+ Not exactly a bug, but change a parameterless `.apply` to `.call`.
+ ([@notarseniy](https://github.com/notarseniy))
+
+#### DEPENDENCY UPDATES
+
+* [`549dcff`](https://github.com/npm/npm/commit/549dcff58c7aaa1e7ba71abaa14008fdf2697297)
+ `rimraf@2.6.0`:
+ Retry EBUSY, ENOTEMPTY and EPERM on non-Windows platforms too.
+ More reliable `rimraf.sync` on Windows.
+ ([@isaacs](https://github.com/isaacs))
+* [`052dfb6`](https://github.com/npm/npm/commit/052dfb623da508f2b5f681da0258125552a18a4a)
+ `validate-npm-package-name@3.0.0`:
+ Remove ableist language in README.
+ Stop allowing ~'!()* in package names.
+ ([@tomdale](https://github.com/tomdale))
+ ([@chrisdickinson](https://github.com/chrisdickinson))
+* [`6663ea6`](https://github.com/npm/npm/commit/6663ea6ac0f0ecec5a3f04a3c01a71499632f4dc)
+ `abbrev@1.1.0` ([@isaacs](https://github.com/isaacs))
+* [`be6de9a`](https://github.com/npm/npm/commit/be6de9aab9e20b6eac70884e8626161eebf8721a)
+ `opener@1.4.3` ([@dominic](https://github.com/dominic))
+* [`900a5e3`](https://github.com/npm/npm/commit/900a5e3e3411ec221306455f99b24b9ce35757c0)
+ `readable-stream@2.2.3` ([@RangerMauve](https://github.com/RangerMauve)) ([@mcollina](https://github.com/mcollina))
+* [`c972a8b`](https://github.com/npm/npm/commit/c972a8b0f20a61a79c45b6642f870bea8c55c7e4)
+ `tacks@1.2.6`
+ ([@iarna](https://github.com/iarna))
+* [`85a36ef`](https://github.com/npm/npm/commit/85a36efdac0c24501876875cb9ad40292024e0b0)
+ [`7ac9265`](https://github.com/npm/npm/commit/7ac9265c56b4d9eeaca6fcfb29513f301713e7bb)
+ `tap@10.2.0`
+ ([@isaacs](https://github.com/saacs))
+
+### v4.3.0 (2017-02-09):
+
+Yay! Release time! It's a rainy day, and we have another smallish release for
+y'all. These things are not necessarily related. Or are they 🌧🤔
+
+As far as news go, you may have noticed that the CLI team dropped support for
+`node@0.12` when that version went out of maintenance. Still, we've avoided
+explicitly breaking it and `node@0.10` so far -- but not much longer.
+
+Sometime soon, the CLI team plans on switching over to language features only
+available as of `node@4 LTS`, and will likely start dropping old versions of node
+as they go out of maintenance. The new features are exciting! We're really
+looking forward to using them in the core CLI (and its dependencies) as we keep up
+with our current feature work.
+
+And speaking of features, this release is a minor bump due to a small change in
+how `npm login` works for the sake of supporting OAuth-based login for npm
+Enterprise users. But we won't leave the rest of y'all out -- we're working on a
+larger version of this feature. Soon enough, you'll be able to log in to npm
+with, say, GitHub -- and use some shiny features that come from the integration.
+Or turn on 2FA and other such security features. Keep your eyes peeled for new
+on this in the next few releases and our weekly newsletter!
+
+#### NEW AUTH TYPES
+
+There's a new command line option: `--auth-type`, which can be used to log in to
+a supporting registry with OAuth2 or SAML. The current implementation is mainly
+meant to support npmE customers, so if you're one of those: ask us about using
+it! If not, just hold off cause we'll have a much more complete version of this
+feature out soon.
+
+* [`ac8595e`](https://github.com/npm/npm/commit/ac8595e3c9b615ff95abc3301fac1262c434792c) [`bcf2dd8`](https://github.com/npm/npm/commit/bcf2dd8a165843255c06515fa044c6e4d3b71ca4) [`9298d20`](https://github.com/npm/npm/commit/9298d20af58b92572515bfa9cf7377bd4221dc7d) [`66b61bc`](https://github.com/npm/npm/commit/66b61bc42e81ee8a1ee00fc63517f62284140688) [`dc85de7`](https://github.com/npm/npm/commit/dc85de7df6bb61f7788611813ee82ae695a18f1f)
+ [#13389](https://github.com/npm/npm/pull/13389)
+ Implement single-sign-on support with `--auth-type` option.
+ ([@zkat](https://github.com/zkat))
+
+#### FASTER STARTUP. SOMETIMES!
+
+`request` is pretty heavy. And it loads a bunch of things. It's actually a
+pretty big chunk of npm's load time. This small patch by Rebecca will make it so
+npm only loads that module when we're actually intending to make network
+requests. Those of you who use npm commands that run offline might see a small
+speedup in startup time.
+
+* [`ac73568`](https://github.com/npm/npm/commit/ac735682e666e8724549d56146821f3b8b018e25)
+ [#15631](https://github.com/npm/npm/pull/15631)
+ Lazy load `caching-registry-client`.
+ ([@iarna](https://github.com/iarna))
+
+#### DOCUMENTATION
+
+* [`4ad9247`](https://github.com/npm/npm/commit/4ad9247aa82f7553c9667ee93c74ec7399d6ceec)
+ [#15630](https://github.com/npm/npm/pull/15630)
+ Fix formatting/rendering for root npm README.
+ ([@ungoldman](https://github.com/ungoldman))
+
+#### DEPENDENCY UPDATES
+
+* [`8cc1112`](https://github.com/npm/npm/commit/8cc1112958638ff88ac2c24c4a065acacb93d64b)
+ [npm/hosted-git-info#21](https://github.com/npm/hosted-git-info/pull/21)
+ `hosted-git-info@2.2.0`:
+ Add support for `.tarball()` URLs.
+ ([@zkat](https://github.com/zkat))
+* [`6eacc1b`](https://github.com/npm/npm/commit/6eacc1bc1925fe3cc79fc97bdc3194d944fce55e)
+ `npm-registry-mock@1.1.0`
+ ([@addaleax](https://github.com/addaleax))
+* [`a9b6d77`](https://github.com/npm/npm/commit/a9b6d775e61cf090df0e13514c624f99bf31d1e7)
+ `aproba@1.1.1`
+ ([@iarna](https://github.com/iarna))
+
+### v4.2.0 (2017-01-26):
+
+Hi all! I'm Kat, and I'm currently sitting in a train traveling at ~300km/h
+through Spain. So clearly, this release should have *something* to do with
+speed. And it does! Heck, with this release, you could say we're really
+_blazing_, even. 🌲🔥😏
+
+#### IMPROVED CLI SEARCH~
+
+You might recall if you've been keeping up that one of the reasons for a
+semver-major bump to `npm@4` was an improved CLI search (read: no longer blowing
+up Node). The work done for that new search system, while still relying on a
+full metadata download and local search, was also meant to act as groundwork for
+then-ongoing work on a brand-new, smarter search system for npm. Shortly after
+`npm@4` came out, the bulk of the server-side work was done, and with this
+release, the npm CLI has integrated use of the new endpoint for high-quality,
+fast-turnaround searches.
+
+No, seriously, it's *fast*. And *relevant*:
+
+[![GOTTA GO FAST! This is a gif of the new npm search returning results in around a second for `npm search web framework`.](https://cloud.githubusercontent.com/assets/17535/21954136/f007e8be-d9fd-11e6-9231-f899c12790e0.gif)](https://github.com/npm/npm/pull/15481)
+
+Give it a shot! And remember to check out the new website version of the search,
+too, which uses the same backend as the CLI now. 🎉
+
+Incidentally, the backend is a public service, so you can write your own search
+tools, be they web-based, CLI, or GUI-based. You can read up on the [full
+documentation for the search
+endpoint](https://github.com/npm/registry/blob/master/docs/REGISTRY-API.md#get-v1search),
+and let us know about the cool things you come up with!
+
+* [`ce3ca51`](https://github.com/npm/npm/commit/ce3ca51ca2d60e15e901c8bf6256338e53e1eca2)
+ [#15481](https://github.com/npm/npm/pull/15481)
+ Add an internal `gunzip-maybe` utility for optional gunzipping.
+ ([@zkat](https://github.com/zkat))
+* [`e322932`](https://github.com/npm/npm/commit/e3229324d507fda10ea9e94fd4de8a4ae5025c75) [`a53055e`](https://github.com/npm/npm/commit/a53055e423f1fe168f05047aa0dfec6d963cb211) [`a1f4365`](https://github.com/npm/npm/commit/a1f436570730c6e4a173ca92d1967a87c29b7f2d) [`c56618c`](https://github.com/npm/npm/commit/c56618c62854ea61f6f716dffe7bcac80b5f4144)
+ [#15481](https://github.com/npm/npm/pull/15481)
+ Add support for using the new npm search endpoint for fast, quality search
+ results. Includes a fallback to "classic" search.
+ ([@zkat](https://github.com/zkat))
+
+#### WHERE DID THE DEBUG LOGS GO
+
+This is another pretty significant change: Usually, when the npm process
+crashed, you would get an `npm-debug.log` in your current working directory.
+This debug log would get cleared out as soon as you ran npm again. This was a
+bit annoying because 1) you would get a random file in your `git status` that
+you might accidentally commit, and 2) if you hit a hard-to-reproduce bug and
+instinctually tried again, you would no longer have access to the repro
+`npm-debug.log`.
+
+So now, any time a crash happens, we'll save your debug logs to your cache
+folder, under `_logs` (`~/.npm` on *nix, by default -- use `npm config get
+cache` to see what your current value is). The cache will now hold a
+(configurable) number of `npm-debug.log` files, which you can access in the
+future. Hopefully this will help clean stuff up and reduce frustration from
+missed repros! In the future, this will also be used by `npm report` to make it
+super easy to put up issues about crashes you run into with npm. 💃🕺🏿👯‍♂️
+
+* [`04fca22`](https://github.com/npm/npm/commit/04fca223a0f704b69340c5f81b26907238fad878)
+ [#11439](https://github.com/npm/npm/pull/11439)
+ Put debug logs in `$(npm get cache)/_logs` and store multiple log files.
+ ([@KenanY](https://github.com/KenanY))
+ ([@othiym23](https://github.com/othiym23))
+ ([@isaacs](https://github.com/isaacs))
+ ([@iarna](https://github.com/iarna))
+
+#### DOCS
+
+* [`ae8e71c`](https://github.com/npm/npm/commit/ae8e71c2b7d64d782af287a21e146d7cea6e5273)
+ [#15402](https://github.com/npm/npm/pull/15402)
+ Add missing backtick in one of the `npm doctor` messages.
+ ([@watilde](https://github.com/watilde), [@charlotteis](https://github.com/charlotteis))
+* [`821fee6`](https://github.com/npm/npm/commit/821fee6d0b12a324e035c397ae73904db97d07d2)
+ [#15480](https://github.com/npm/npm/pull/15480)
+ Clarify that unscoped packages can depend on scoped packages and vice-versa.
+ ([@chocolateboy](https://github.com/chocolateboy))
+* [`2ee45a8`](https://github.com/npm/npm/commit/2ee45a884137ae0706b7c741c671fef2cb3bac96)
+ [#15515](https://github.com/npm/npm/pull/15515)
+ Update minimum supported Node version number in the README to `node@>=4`.
+ ([@watilde](https://github.com/watilde))
+* [`af06aa9`](https://github.com/npm/npm/commit/af06aa9a357578a8fd58c575f3dbe55bc65fc376)
+ [#15520](https://github.com/npm/npm/pull/15520)
+ Add section to `npm-scope` docs to explain that scope owners will own scoped
+ packages with that scope. That is, user `@alice` is not allowed to publish to
+ `@bob/my-package` unless explicitly made an owner by user (or org) `@bob`.
+ ([@hzoo](https://github.com/hzoo))
+* [`bc892e6`](https://github.com/npm/npm/commit/bc892e6d07a4c6646480703641a4d71129c38b6d)
+ [#15539](https://github.com/npm/npm/pull/15539)
+ Replace `http` with `https` and fix typos in some docs.
+ ([@watilde](https://github.com/watilde))
+* [`1dfe875`](https://github.com/npm/npm/commit/1dfe875b9ac61a0ab9f61a2eab02bacf6cce583c)
+ [#15545](https://github.com/npm/npm/pull/15545)
+ Update Node.js download link to point to the right place.
+ ([@watilde](https://github.com/watilde))
+
+#### DEPENDENCIES
+
+ * [`b824bfb`](https://github.com/npm/npm/commit/b824bfbeb2d89c92762e9170b026af98b5a3668a)
+ `ansi-regex@2.1.1`
+ * [`81ea3e8`](https://github.com/npm/npm/commit/81ea3e8e4ea34cd9c2b418512dcb508abcee1380)
+ `mississippi@1.3.0`
+
+#### MISC
+
+* [`98df212`](https://github.com/npm/npm/commit/98df212a91fd6ff4a02b9cd247f4166f93d3977a)
+ [#15492](https://github.com/npm/npm/pull/15492)
+ Update the "master" node version used for AppVeyor to `node@7`.
+ ([@watilde](https://github.com/watilde))
+* [`d75fc03`](https://github.com/npm/npm/commit/d75fc03eda5364f12ac266fa4f66e31c2e44e864)
+ [#15413](https://github.com/npm/npm/pull/15413)
+ `npm run-script` now exits with the child process' exit code on exit.
+ ([@kapals](https://github.com/kapals))
+
+### v4.1.2 (2017-01-12)
+
+We have a twee little release this week as we come back from the holidays.
+
+#### 0.12 IS UNSUPPORTED NOW (really)
+
+After [jumping the gun a
+little](https://github.com/npm/npm/releases/tag/v4.0.2), we can now
+officially remove 0.12 from our supported versions list. The Node.js
+project has now officially ended even maintenance support for 0.12 and thus,
+so will we. To reiterate from the last time we did this:
+
+What this means:
+
+* Your contributions will no longer block on the tests passing on 0.12.
+* We will no longer block dependency upgrades on working with 0.12.
+* Bugs filed on the npm CLI that are due to incompatibilities with 0.12
+ (and older versions) will be closed with a strong urging to upgrade to a
+ supported version of Node.
+* On the flip side, we'll continue to (happily!) accept patches that
+ address regressions seen when running the CLI with Node.js 0.12.
+
+What this doesn't mean:
+
+* The CLI is going to start depending on ES2015+ features. npm continues
+ to work, in almost all cases, all the way back to Node.js 0.8, and our
+ long history of backwards compatibility is a source of pride for the
+ team.
+* We aren't concerned about the problems of users who, for whatever
+ reason, can't update to newer versions of npm. As mentioned above, we're
+ happy to take community patches intended to address regressions.
+
+We're not super interested in taking sides on what version of Node.js
+you "should" be running. We're a workflow tool, and we understand that
+you all have a diverse set of operational environments you need to be
+able to support. At the same time, we _are_ a small team, and we need
+to put some limits on what we support. Tracking what's supported by our
+runtime's own team seems most practical, so that's what we're doing.
+
+* [`c7bbba8`](https://github.com/npm/npm/commit/c7bbba8744b62448103a1510c65d9751288abb5d)
+ Remove 0.12 from our supported versions list.
+ ([@iarna](https://github.com/iarna))
+
+#### WRITING TO SYMLINKED `package.json` (AND OTHER FILES)
+
+If your `package.json`, `npm-shrinkwrap.json` or `.npmrc` were a symlink and
+you used an `npm` command that modified one of these (eg `npm config set` or
+`npm install --save`) then previously we would have removed your symlink and
+replaced it with an ordinary file. While making these files symlinks is pretty
+uncommon, this was still surprising behavior. With this fix we now overwrite
+the _destination_ of the symlink and preserve the symlink itself.
+
+* [`a583983`](https://github.com/npm/npm/commit/a5839833d3de7072be06884b91902c093aff1aed)
+ [write-file-atomic/#5](https://github.com/npm/write-file-atomic/issues/5)
+ [#10223](https://github.com/npm/npm/10223)
+ `write-file-atomic@1.3.1`:
+ When the target is a symlink, write-file-atomic now overwrites the
+ _destination_ of the symlink, instead of replacing the symlink itself. This
+ makes it's behavior match `fs.writeFile`.
+
+ Fixed a bug where it would ALWAYS fs.stat to look up default mode and chown
+ values even if you'd passed them in. (It still used the values you passed
+ in, but did a needless stat.)
+ ([@iarna](https://github.com/iarna))
+
+#### DEPENDENCY UPDATES
+
+* [`521f230`](https://github.com/npm/npm/commit/521f230dd57261e64ac9613b3db62f5312971dca)
+ `node-gyp@3.5.0`:
+ Improvements to how Python is located. New `--devdir` flag.
+ ([@bnoordhuis](https://github.com/bnoordhuis))
+ ([@mhart](https://github.com/mhart))
+* [`ccd83e8`](https://github.com/npm/npm/commit/ccd83e8a70d35fb0904f8a9adb2ff7ac8a6b2706)
+ `JSONStream@1.3.0`:
+ Add new emitPath option.
+ ([@nathanwills](https://github.com/nathanwills))
+
+#### TEST IMPROVEMENTS
+
+* [`d76e084`](https://github.com/npm/npm/commit/d76e08463fd65705217624b861a1443811692f34)
+ Disable metric reporting for test suite even if the user has it enabled.
+ ([@iarna](https://github.com/iarna))
+
+### v4.1.1 (2016-12-16)
+
+This fixes a bug in the metrics reporting where, if you had enabled it then
+installs would create a metrics reporting process, that would create a
+metrics reporting process, that would… well, you get the idea. The only
+way to actually kill these processes is to turn off your networking, then
+on MacOS/Linux kill them with `kill -9`. Alternatively you can just reboot.
+
+Anyway, this is a quick release to fix that bug:
+
+* [`51c393f`](https://github.com/npm/npm/commit/51c393feff5f4908c8a9fb02baef505b1f2259be)
+ [#15237](https://github.com/npm/npm/pull/15237)
+ Don't launch a metrics sender process if we're running from a metrics
+ sender process.
+ ([@iarna](https://github.com/iarna))
+
+### v4.1.0 (2016-12-15)
+
+I'm really excited about `npm@4.1.0`. I know, I know, I'm kinda overexcited
+in my changelogs, but this one is GREAT. We've got a WHOLE NEW subcommand, I
+mean, when was the last time you saw that? YEARS! And we have the beginnings
+of usage metrics reporting. Then there's a fix for a really subtle bug that
+resulted in `shasum` errors. And then we also have a few more bug fixes and
+other improvements.
+
+#### ANONYMOUS METRIC REPORTING
+
+We're adding the ability for you all to help us track the quality of your
+experiences using `npm`. Metrics will be sent if you run:
+
+```
+npm config set send-metrics true
+```
+
+Then `npm` will report to `registry.npmjs.org` the number of successful and
+failed installations you've had. The data contains no identifying
+information and npm will not attempt to correlate things like IP address
+with the metrics being submitted.
+
+Currently we only track number of successful and failed installations. In
+the future we would like to find additional metrics to help us better
+quantify the quality of the `npm` experience.
+
+* [`190a658`](https://github.com/npm/npm/commit/190a658c4222f6aa904cbc640fc394a5c875e4db)
+ [#15084](https://github.com/npm/npm/pull/15084)
+ Add facility for recording and reporting success metrics.
+ ([@iarna](https://github.com/iarna))
+* [`87afc8b`](https://github.com/npm/npm/commit/87afc8b466f553fb49746c932c259173de48d0a4)
+ [npm/npm-registry-client#147](https://github.com/npm/npm-registry-client/pull/148)
+ `npm-registry-client@7.4.5`:
+ Add support for sending anonymous CLI metrics.
+ ([@iarna](https://github.com/iarna),
+ [@sisidovski](https://github.com/sisidovski))
+
+### NPM DOCTOR
+
+<pre>
+<u>Check</u> <u>Value</u> <u>Recommendation</u>
+npm ping ok
+npm -v v4.0.5
+node -v v4.6.1 Use node v6.9.2
+npm config get registry https://registry.npmjs.org/
+which git /Users/rebecca/bin/git
+Perms check on cached files ok
+Perms check on global node_modules ok
+Perms check on local node_modules ok
+Checksum cached files ok
+</pre>
+
+It's a rare day that we add a new command to `npm`, so I'm excited to
+present to you `npm doctor`. It checks for a number of common problems and
+provides some recommended solutions. It was put together through the hard
+work of [@watilde](https://github.com/watilde).
+
+* [`2359505`](https://github.com/npm/npm/commit/23595055669f76c9fe8f5f1cf4a705c2e794f0dc)
+ [`0209ee5`](https://github.com/npm/npm/commit/0209ee50448441695fbf9699019d34178b69ba73)
+ [#14582](https://github.com/npm/npm/pull/14582)
+ Add new `npm doctor` to give your project environment a health check.
+ ([@watilde](https://github.com/watilde))
+
+#### FIX MAJOR SOURCE OF SHASUM ERRORS
+
+If you've been getting intermittent shasum errors then you'll be pleased to
+know that we've tracked down at least one source of them, if not THE source
+of them.
+
+* [`87afc8b`](https://github.com/npm/npm/commit/87afc8b466f553fb49746c932c259173de48d0a4)
+ [#14626](https://github.com/npm/npm/issues/14626)
+ [npm/npm-registry-client#148](https://github.com/npm/npm-registry-client/pull/148)
+ `npm-registry-client@7.4.5`:
+ Fix a bug where an `ECONNRESET` while fetching a package file would result
+ in a partial download that would be reported as a "shasum mismatch". It
+ now throws away the partial download and retries it.
+ ([@iarna](https://github.com/iarna))
+
+#### FILE URLS AND NODE.JS 7
+
+When `npm` was formatting `file` URLs we took advantage of `url.format` to
+construct them. Node.js 7 changed the behavior in such a way that our use of
+`url.format` stopped producing URLs that we could make use of.
+
+The reasons for this have to do with the `file` URL specification and how
+invalid (according to the specification) URLs are handled. How this changed
+is most easily explained with a table:
+
+<table>
+<tr><th></th><th>URL</th><th>Node.js &lt;= 6</th><th><tt>npm</tt>'s understanding</th><th>Node.js 7</th><th><tt>npm</tt>'s understanding</th></tr>
+<tr><td>VALID</td><td><tt>file:///abc/def</tt></td><td><tt>file:///abc/def</tt></td><td><tt>/abc/def</tt></td><td><tt>file:///abc/def</tt></td><td><tt>/abc/def</tt></td></tr>
+<tr><td>invalid</td><td><tt>file:/abc/def</tt></td><td><tt>file:/abc/def</tt></td><td><tt>/abc/def</tt></td><td><tt>file:///abc/def</tt></td><td><tt>/abc/def</tt></td></tr>
+<tr><td>invalid</td><td><tt>file:abc/def</tt></td><td><tt>file:abc/def</tt></td><td><tt>$CWD/abc/def</tt></td><td><tt>file://abc/def</tt></td><td><tt>/def</tt> on the <tt>abc</tt> host</td></tr>
+<tr><td>invalid</td><td><tt>file:../abc/def</tt></td><td><tt>file:../abc/def</tt></td><td><tt>$CWD/../abc/def</tt></td><td><tt>file://../abc/def</tt></td><td><tt>/abc/def</tt> on the <tt>..</tt> host</td></tr>
+</table>
+
+So the result was that passing a `file` URL that npm had received that used
+through Node.js 7's `url.format` changed its meaning as far as `npm` was
+concerned. As those kinds of URLs are, per the specification, invalid, how
+they should be handled is undefined and so the change in Node.js wasn't a
+bug per se.
+
+Our solution is to stop using `url.format` when constructing this kind of
+URL.
+
+* [`173935b`](https://github.com/npm/npm/commit/173935b4298e09c4fdcb8f3a44b06134d5aff181)
+ [#15114](https://github.com/npm/npm/issues/15114)
+ Stop using `url.format` for relative local dep paths.
+ ([@zkat](https://github.com/zkat))
+
+#### EXTRANEOUS LIFECYCLE SCRIPT EXECUTION WHEN REMOVING
+
+* [`afb1dfd`](https://github.com/npm/npm/commit/afb1dfd944e57add25a05770c0d52d983dc4e96c)
+ [#15090](https://github.com/npm/npm/pull/15090)
+ Skip top level lifecycles when uninstalling.
+ ([@iarna](https://github.com/iarna))
+
+#### REFACTORING AND INTERNALS
+
+* [`c9b279a`](https://github.com/npm/npm/commit/c9b279aca0fcb8d0e483e534c7f9a7250e2a9392)
+ [#15205](https://github.com/npm/npm/pull/15205)
+ [#15196](https://github.com/npm/npm/pull/15196)
+ Only have one function that determines which version of a package to use
+ given a specifier and a list of versions.
+ ([@iarna](https://github.com/iarna),
+ [@zkat](https://github.com/zkat))
+
+* [`981ce63`](https://github.com/npm/npm/commit/981ce6395e7892dde2591b44e484e191f8625431)
+ [#15090](https://github.com/npm/npm/pull/15090)
+ Rewrite prune to use modern npm plumbing.
+ ([@iarna](https://github.com/iarna))
+
+* [`bc4b739`](https://github.com/npm/npm/commit/bc4b73911f58a11b4a2d28b49e24b4dd7365f95b)
+ [#15089](https://github.com/npm/npm/pull/15089)
+ Rename functions and variables in the module that computes what changes to
+ make to your installation.
+ ([@iarna](https://github.com/iarna))
+
+* [`2449f74`](https://github.com/npm/npm/commit/2449f74a202b3efdb1b2f5a83356a78ea9ecbe35)
+ [#15089](https://github.com/npm/npm/pull/15089)
+ When computing changes to make to your installation, use a function to add
+ new actions to take instead of just pushing on a list.
+ ([@iarna](https://github.com/iarna))
+
+#### IMPROVED LOGGING
+
+* [`335933a`](https://github.com/npm/npm/commit/335933a05396258eead139d27eea3f7668ccdfab)
+ [#15089](https://github.com/npm/npm/pull/15089)
+ Log when we remove obsolete dependencies in the tree.
+ ([@iarna](https://github.com/iarna))
+
+#### DOCUMENTATION
+
+* [`33ca4e6`](https://github.com/npm/npm/commit/33ca4e6db3c1878cbc40d5e862ab49bb0e82cfb2)
+ [#15157](https://github.com/npm/npm/pull/15157)
+ Update `npm cache` docs to use more consistent language
+ ([@JonahMoses](https://github.com/JonahMoses))
+
+#### DEPENDENCY UPDATES
+
+* [`c2d22fa`](https://github.com/npm/npm/commit/c2d22faf916e8260136a1cc95913ca474421c0d3)
+ [#15215](https://github.com/npm/npm/pull/15215)
+ `nopt@4.0.1`:
+ The breaking change is a small tweak to how empty string values are
+ handled. See the brand-new
+ [CHANGELOG.md for nopt](https://github.com/npm/nopt/blob/v4.0.1/CHANGELOG.md) for further
+ details about what's changed in this release!
+ ([@adius](https://github.com/adius),
+ [@samjonester](https://github.com/samjonester),
+ [@elidoran](https://github.com/elidoran),
+ [@helio](https://github.com/helio),
+ [@silkentrance](https://github.com/silkentrance),
+ [@othiym23](https://github.com/othiym23))
+* [`54d949b`](https://github.com/npm/npm/commit/54d949b05adefffeb7b5b10229c5fe0ccb929ac3)
+ [npm/lockfile#24](https://github.com/npm/lockfile/pull/24)
+ `lockfile@1.0.3`:
+ Handled case where callback was not passed in by the user.
+ ([@ORESoftware](https://github.com/ORESoftware))
+* [`54acc03`](https://github.com/npm/npm/commit/54acc0389b39850c0725d0868cb5e61317b57503)
+ `npmlog@4.0.2`:
+ Documentation update.
+ ([@helio-frota](https://github.com/helio-frota))
+* [`57f4bc1`](https://github.com/npm/npm/commit/57f4bc1150322294c1ea0a287ad0a8e457c151e6)
+ `osenv@0.1.4`:
+ Test changes.
+ ([@isaacs](https://github.com/isaacs))
+* [`bea1a2d`](https://github.com/npm/npm/commit/bea1a2d0db566560e13ecc1d5f42e55811269c88)
+ `retry@0.10.1`:
+ No changes.
+ ([@tim-kos](https://github.com/tim-kos))
+* [`6749e39`](https://github.com/npm/npm/commit/6749e395f868109afd97f79d36507e6567dd48fb)
+ [kapouer/marked-man#9](https://github.com/kapouer/marked-man/pull/9)
+ `marked-man@0.2.0`:
+ Add table support.
+ ([@gholk](https://github.com/gholk))
+
+### v4.0.5 (2016-12-01)
+
+It's that time of year! December is upon us, which means y'all are just going to
+be doing a lot less, in general, for the next month or so. The "Xmas Chasm", as
+we like to call it, has already begun. So for those of you reading it from the
+other side: Hi! Welcome back!
+
+This week's release is a relatively small one, involving just a few bugfixes and
+dependency upgrades. The CLI team has been busy recently with scoping out
+`npm@5`, and starting to do initial spec work for in-scope stuff.
+
+#### BUGFIXES
+
+On to the actual changes!
+
+* [`9776d8f`](https://github.com/npm/npm/commit/9776d8f70a0ea8d921cbbcab7a54e52c15fc455f)
+ [#15081](https://github.com/npm/npm/pull/15081)
+ `bundledDependencies` are intended to be left untouched by the installer, as
+ much as possible -- if they're bundled, we assume that you want to be
+ particular about the contents of your bundle.
+
+ The installer used to have a corner case where existing dependencies that had
+ bundledDependencies would get clobbered by as the installer moved stuff
+ around, even though the installer already avoided moving deps that were
+ themselves bundled. This is now fixed, along with the connected crasher, and
+ your bundledDeps should be left even more intact than before!
+ ([@iarna](https://github.com/iarna))
+* [`fc61c08`](https://github.com/npm/npm/commit/fc61c082122104031ccfb2a888432c9f809a0e8b)
+ [#15082](https://github.com/npm/npm/pull/15082)
+ Initialize nodes from bundled dependencies. This should address
+ [#14427](https://github.com/npm/npm/issues/14427) and related issues, but it's
+ turned out to be a tremendously difficult issue to reproduce in a test. We
+ decided to include it even pending tests, because we found the root cause of
+ the errors.
+ ([@iarna](https://github.com/iarna))
+* [`d8471a2`](https://github.com/npm/npm/commit/d8471a294ef848fc893f60e17d6ec6695b975d16)
+ [#12811](https://github.com/npm/npm/pull/12811)
+ Consider `devDependencies` when deciding whether to hoist a package. This
+ should resolve a variety of missing dependency issues some folks were seeing
+ when `devDependencies` happened to also be dependencies of your
+ `dependencies`. This often manifested as modules going missing, or only being
+ installed, after `npm install` was called twice.
+ ([@schmod](https://github.com/schmod))
+
+#### DEPENDENCY UPDATES
+
+* [`5978703`](https://github.com/npm/npm/commit/5978703da8669adae464789b1b15ee71d7f8d55d)
+ `graceful-fs@4.1.11`:
+ `EPERM` errors are Windows are now handled more gracefully. Windows users that
+ tended to see these errors due to, say, an antivirus-induced race condition,
+ should see them much more rarely, if at all.
+ ([@zkatr](https://github.com/zkat))
+* [`85b0174`](https://github.com/npm/npm/commit/85b0174ba9842e8e89f3c33d009e4b4a9e877c7d)
+ `request@2.79.0`
+ ([@zkat](https://github.com/zkat))
+* [`9664d36`](https://github.com/npm/npm/commit/9664d36653503247737630440bc2ff657de965c3)
+ `tap@8.0.1`
+ ([@zkat](https://github.com/zkat))
+
+#### MISCELLANEOUS
+
+* [`f0f7b0f`](https://github.com/npm/npm/commit/f0f7b0fd025daa2b69994130345e6e8fdaaa0304)
+ [#15083](https://github.com/npm/npm/pull/15083)
+ Removed dead code.
+ ([@iarna](https://github.com/iarna)) * [`bc32afe`](https://github.com/npm/npm/commit/bc32afe4d12e3760fb5a26466dc9c26a5a2981d5) [`c8a22fe`](https://github.com/npm/npm/commit/c8a22fe5320550e09c978abe560b62ce732686f4) [`db2666d`](https://github.com/npm/npm/commit/db2666d8c078fc69d0c02c6a3de9b31be1e995e9)
+ [#15085](https://github.com/npm/npm/pull/15085)
+ Change some network tests so they can run offline.
+ ([@iarna](https://github.com/iarna))
+* [`744a39b`](https://github.com/npm/npm/commit/744a39b836821b388ad8c848bd898c1d006689a9)
+ [#15085](https://github.com/npm/npm/pull/15085)
+ Make Node.js tests compatible with Windows.
+ ([@iarna](https://github.com/iarna))
+
+### v4.0.3 (2016-11-17)
+
+Hey you all, we've got a couple of bug fixes for you, a slew of
+documentation improvements and some improvements to our CI environment. I
+know we just got v4 out the door, but the CLI team is already busy planning
+v5. We'll have more for you in early December.
+
+#### BUG FIXES
+
+* [`45d40d9`](https://github.com/npm/npm/commit/45d40d96d2cd145f1e36702d6ade8cd033f7f332)
+ [`ba2adc2`](https://github.com/npm/npm/commit/ba2adc2e822d5e75021c12f13e3f74ea2edbde32)
+ [`1dc8908`](https://github.com/npm/npm/commit/1dc890807bd78a1794063688af31287ed25a2f06)
+ [`2ba19ee`](https://github.com/npm/npm/commit/2ba19ee643d612d103cdd8f288d313b00d05ee87)
+ [#14403](https://github.com/npm/npm/pull/14403)
+ Fix a bug where a scoped module could produce crashes when incorrectly
+ computing the paths related to their location. This patch reorganizes how path information
+ is passed in to eliminate the possibility of this sort of bug.
+ ([@iarna](https://github.com/iarna))
+ ([@NatalieWolfe](https://github.com/NatalieWolfe))
+* [`1011ec6`](https://github.com/npm/npm/commit/1011ec61230288c827a1c256735c55cf03d6228f)
+ [npm/npmlog#46](https://github.com/npm/npmlog/pull/46)
+ `npmlog@4.0.1`: Fix a bug where the progress bar would still display even if
+ you passed in `--no-progress`.
+ ([@iarna](https://github.com/iarna))
+
+#### DOCUMENTATION UPDATES
+
+* [`c3ac177`](https://github.com/npm/npm/commit/c3ac177236124c80524c5f252ba8f6670f05dcd8)
+ [#14406](https://github.com/npm/npm/pull/14406)
+ Sync up the dispute policy included with the CLI with the [current official text](https://www.npmjs.com/policies/disputes).
+ ([@mike-engel](https://github.com/mike-engel))
+* [`9c663b2`](https://github.com/npm/npm/commit/9c663b2dd8552f892dc0205330bbc73a484ecd81)
+ [#14627](https://github.com/npm/npm/pull/14627)
+ Update build status branch in README.
+ ([@cameronroe](https://github.com/cameronroe))
+* [`8a8a0a3`](https://github.com/npm/npm/commit/8a8a0a3d490fc767def208f925cdff57e16e565b)
+ [#14609](https://github.com/npm/npm/pull/14609)
+ Update examples URLs of GitHub repos where those repos have moved to new URLs.
+ ([@dougwilson](https://github.com/dougwilson))
+* [`7a6425b`](https://github.com/npm/npm/commit/7a6425bcd4decde5d4b0af8b507e98723a07c680)
+ [#14472](https://github.com/npm/npm/pull/14472)
+ Document `sign-git-tag` in
+ [npm-version(1)](https://github.com/npm/npm/blob/release-next/doc/cli/npm-version.md)'s
+ configuration section.
+ ([@strugee](https://github.com/strugee))
+* [`f3087cc`](https://github.com/npm/npm/commit/f3087cc58c903d9a70275be805ebaf0eadbcbe1b)
+ [#14546](https://github.com/npm/npm/pull/14546)
+ Add a note about the dangers of configuring npm via uppercase env vars.
+ ([@tuhoojabotti](https://github.com/tuhoojabotti))
+* [`50e51b0`](https://github.com/npm/npm/commit/50e51b04a143959048cf9e1e4c8fe15094f480b0)
+ [#14559](https://github.com/npm/npm/pull/14559)
+ Remove documentation that incorrectly stated that we check `.npmrc` permissions.
+ ([@iarna](https://github.com/iarna))
+
+##### OH UH, HELLO AGAIN NODE.JS 0.12
+
+* [`6f0c353`](https://github.com/npm/npm/commit/6f0c353e4e89b0378a4c88c829ccf9a1c5ae829d)
+ [`f78bde6`](https://github.com/npm/npm/commit/f78bde6983bdca63d5fcb9c220c87e8f75ffb70e)
+ [#14591](https://github.com/npm/npm/pull/14591)
+ Reintroduce Node.js 0.12 to our support matrix. We jumped the gun when
+ removing it. We won't drop support for it till the Node.js project does
+ so at the end of December 2016.
+ ([@othiym23](https://github.com/othiym23))
+
+#### TEST/CI UPDATES
+
+* [`aa73d1c`](https://github.com/npm/npm/commit/aa73d1c1cc22608f95382a35b33da252addff38e)
+ [`c914e80`](https://github.com/npm/npm/commit/c914e80f5abcb16c572fe756c89cf0bcef4ff991)
+* [`58fe064`](https://github.com/npm/npm/commit/58fe064dcc80bc08c677647832f2adb4a56b538a)
+ [#14602](https://github.com/npm/npm/pull/14602)
+ When running tests with coverage, use nyc's cache. This provides an 8x speedup!
+ ([@bcoe](https://github.com/bcoe))
+* [`ba091ce`](https://github.com/npm/npm/commit/ba091ce843af5d694f4540e825b095435b3558d8)
+ [#14435](https://github.com/npm/npm/pull/14435)
+ Remove an unused zero byte `package.json` found in the test fixtures.
+ ([@baderbuddy](https://github.com/baderbuddy))
+
+#### DEPENDENCY UPDATES
+
+* [`442e01e`](https://github.com/npm/npm/commit/442e01e42d8a439809f6726032e3b73ac0d2b2f8)
+ `readable-stream@2.2.2`:
+ Bring in latest changes from Node.js 7.x.
+ ([@calvinmetcalf](https://github.com/calvinmetcalf))
+* [`bfc4a1c`](https://github.com/npm/npm/commit/bfc4a1c0c17ef0a00dfaa09beba3389598a46535)
+ `which@1.2.12`:
+ Remove unused require.
+ ([@isaacs](https://github.com/isaacs))
+
+#### DEV DEPENDENCY UPDATES
+
+* [`7075b05`](https://github.com/npm/npm/commit/7075b054d8d2452bb53bee9b170498a48a0dc4e9)
+ `marked-man@0.1.6`
+ ([@kapouer](https://github.com/kapouer))
+* [`3e13fea`](https://github.com/npm/npm/commit/3e13fea907ee1141506a6de7d26cbc91c28fdb80)
+ `tap@8.0.0`
+ ([@isaacs](https://github.com/isaacs))
+
+### v4.0.2 (2016-11-03)
+
+Hola, amigxs. I know it's been a long time since I rapped at ya, but I
+been spending a lotta time quietly reflecting on all the things going on
+in my life. I was, like, [in Japan for a while](https://gist.github.com/othiym23/c98bd4ef5d9fb3f496835bd481ef40ae),
+and before that my swell colleagues [@zkat](https://github.com/zkat) and
+[@iarna](https://github.com/iarna) have been very capably managing the release
+process for quite a while. But I returned from Japan somewhat refreshed, very
+jetlagged, and filled with a burning urge to get `npm@4` as stable as possible
+before we push it out to the user community at large, so I decided to do this
+release myself. (Also, huge thanks to Kat and Rebecca for putting out `npm@4`
+so capably while I was on vacation! So cool to return to a major release having
+gone so well without my involvement!)
+
+That said...
+
+#### NEVER TRUST AN X.0.0 RELEASE
+
+Even though 4.0.1 came out hard on the heels of 4.0.0 with a couple
+critical fixes, we've found a couple other major issues that we want to
+see fixed before making `npm@4` into `npm@latest`. Some of these are
+arguably breaking changes on their own, so now is the time to get them
+out if we're going to do so before `npm@5`, and all of them are pretty
+significant blockers for a substantial number of users, so now is the
+best time to fix them.
+
+##### PREPUBLISHONLY WHOOPS
+
+The code running the `publish*` lifecycle events was very confusingly written.
+In fact, we didn't really figure out what it was doing until we added the new
+`prepublishOnly` event and it was running people's scripts from the wrong
+directory. We made it simpler. See the [commit
+message](https://github.com/npm/npm/commit/8b32d67aa277fd7e62edbed886387a855f58387f)
+for details.
+
+Because the change is no longer running publish events when publishing prebuilt
+artifacts, it's technically a breaking / semver-major change. In the off chance
+that the new behavior breaks any of y'all's workflows, let us know, and we can
+roll some or all of this change back until `npm@5` (or forever, if that works
+better for you).
+
+* [`8b32d67`](https://github.com/npm/npm/commit/8b32d67aa277fd7e62edbed886387a855f58387f)
+ [#14502](https://github.com/npm/npm/pull/14502)
+ Simplify lifecycle invocation and fix `prepublishOnly`.
+ ([@othiym23](https://github.com/othiym23))
+
+##### G'BYE NODE.JS 0.10, 0.12, and 5.X; HI THERE, NODE 7
+
+With the advent of the second official Node.js LTS release, Node 6.x
+'Boron', the Node.js project has now officially dropped versions 0.10
+and 0.12 out of the maintenance phase of LTS. (Also, Node 5 was never
+part of LTS, and will see no further support now that Node 7 has been
+released.) As a small team with limited resources, the npm CLI team is
+following suit and dropping those versions of Node from its CI test
+matrix.
+
+What this means:
+
+* Your contributions will no longer block on the tests passing on 0.10 and 0.12.
+* We will no longer block dependency upgrades on working with 0.10 and 0.12.
+* Bugs filed on the npm CLI that are due to incompatibilities with 0.10
+ or 0.12 (and older versions) will be closed with a strong urging to
+ upgrade to a supported version of Node.
+* On the flip side, we'll continue to (happily!) accept patches that
+ address regressions seen when running the CLI with Node.js 0.10 and
+ 0.12.
+
+What this doesn't mean:
+
+* The CLI is going to start depending on ES2015+ features. npm continues
+ to work, in almost all cases, all the way back to Node.js 0.8, and our
+ long history of backwards compatibility is a source of pride for the
+ team.
+* We aren't concerned about the problems of users who, for whatever
+ reason, can't update to newer versions of npm. As mentioned above, we're
+ happy to take community patches intended to address regressions.
+
+We're not super interested in taking sides on what version of Node.js
+you "should" be running. We're a workflow tool, and we understand that
+you all have a diverse set of operational environments you need to be
+able to support. At the same time, we _are_ a small team, and we need
+to put some limits on what we support. Tracking what's supported by our
+runtime's own team seems most practical, so that's what we're doing.
+
+* [`ab630c9`](https://github.com/npm/npm/commit/ab630c9a7a1b40cdd4f1244be976c25ab1525907)
+ [#14503](https://github.com/npm/npm/pull/14503)
+ Node 6 is LTS; 5.x, 0.10, and 0.12 are unsupported.
+ ([@othiym23](https://github.com/othiym23))
+* [`731ae52`](https://github.com/npm/npm/commit/731ae526fb6e9951c43d82a26ccd357b63cc56c2)
+ [#14503](https://github.com/npm/npm/pull/14503)
+ Update supported version expression.
+ ([@othiym23](https://github.com/othiym23))
+
+##### DISENTANGLING SCOPE
+
+The new `Npm-Scope` header was previously reusing the `scope`
+configuration option to pass the current scope back to your current
+registry (which, as [described
+previously](https://github.com/npm/npm/blob/release-next/CHANGELOG.md#send-extra-headers-to-registry), is meant to set up some upcoming
+registry features). It turns out that had some [seriously weird
+consequences](https://github.com/npm/npm/issues/14412) in the case where
+you were already configuring `scope` in your own environment. The CLI
+now uses separate configuration for this.
+
+* [`39358f7`](https://github.com/npm/npm/commit/39358f732ded4aa46d86d593393a0d6bca5dc12a)
+ [#14477](https://github.com/npm/npm/pull/14477)
+ Differentiate registry scope from project scope in configuration.
+ ([@zkat](https://github.com/zkat))
+
+#### SMALLER CHANGES
+
+* [`7f41295`](https://github.com/npm/npm/commit/7f41295775f28b958a926f9cb371cb37b05771dd)
+ [#14519](https://github.com/npm/npm/pull/14519)
+ Document that as of `npm@4.0.1`, `npm shrinkwrap` now includes `devDependencies` unless
+ instructed otherwise.
+ ([@iarna](https://github.com/iarna))
+* [`bdc2f9e`](https://github.com/npm/npm/commit/bdc2f9e255ddf1a47fd13ec8749d17ed41638b2c)
+ [#14501](https://github.com/npm/npm/pull/14501)
+ The `ENOSELF` error message is tricky to word. It's also an error that
+ normally bites new users. Clean it up in an effort to make it easier
+ to understand what's going on.
+ ([@snopeks](https://github.com/snopeks), [@zkat](https://github.com/zkat))
+
+#### DEPENDENCY UPGRADES
+
+* [`a52d0f0`](https://github.com/npm/npm/commit/a52d0f0c9cf2de5caef77e12eabd7dca9e89b49c)
+ `glob@7.1.1`:
+ - Handle files without associated perms on Windows.
+ - Fix failing case with `absolute` option.
+ ([@isaacs](https://github.com/isaacs), [@phated](https://github.com/phated))
+* [`afda66d`](https://github.com/npm/npm/commit/afda66d9afcdcbae1d148f589287583c4182d124)
+ [isaacs/node-graceful-fs#97](https://github.com/isaacs/node-graceful-fs/pull/97)
+ `graceful-fs@4.1.10`: Better backoff for EPERM on Windows.
+ ([@sam-github](https://github.com/sam-github))
+* [`e0023c0`](https://github.com/npm/npm/commit/e0023c089ded9161fbcbe544f12b07e12e3e5729)
+ [npm/inflight#3](https://github.com/npm/inflight/pull/3)
+ `inflight@1.0.6`: Clean up even if / when a callback throws.
+ ([@phated](https://github.com/phated))
+* [`1d91594`](https://github.com/npm/npm/commit/1d9159440364d2fe21e8bc15e08e284aaa118347)
+ `request@2.78.0`
+ ([@othiym23](https://github.com/othiym23))
+
+### v4.0.1 (2016-10-24)
+
+Ayyyy~ 🌊
+
+So thanks to folks who were running on `npm@next`, we managed to find a few
+issues of notes in that preview version, and we're rolling out a small patch
+change to fix them. Most notably, anyone who was using a symlinked `node` binary
+(for example, if they installed Node.js through `homebrew`), was getting a very
+loud warning every time they ran scripts. Y'all should get warnings in a more
+useful way, now that we're resolving those path symlinks.
+
+Another fairly big change that we decided to slap into this version, since
+`npm@4.0.0` is never going to be `latest`, is to make it so `devDependencies`
+are included in `npm-shrinkwrap.json` by default -- if you do not want this, use
+`--production` with `npm shrinkwrap`.
+
+#### BIG FIXES/CHANGES
+
+* [`eff46dd`](https://github.com/npm/npm/commit/eff46dd498ed007bfa77ab7782040a3a828b852d)
+ [#14374](https://github.com/npm/npm/pull/14374)
+ Fully resolve the path for `node` executables in both `$PATH` and
+ `process.execPath` to avoid issues with symlinked `node`.
+ ([@addaleax](https://github.com/addaleax))
+* [`964f2d3`](https://github.com/npm/npm/commit/964f2d3a0675584267e6ece95b0115a53c6ca6a9)
+ [#14375](https://github.com/npm/npm/pull/14375)
+ Make including `devDependencies` in `npm-shrinkwrap.json` the default. This
+ should help make the transition to `npm@5` smoother in the future.
+ ([@iarna](https://github.com/iarna))
+
+#### BUGFIXES
+
+* [`a5b0a8d`](https://github.com/npm/npm/commit/a5b0a8db561916086fc7dbd6eb2836c952a42a7e)
+ [#14400](https://github.com/npm/npm/pull/14400)
+ Recently, we've had some consistent timeout failures while running the test
+ suite under Travis. This tweak to tests should take care of those issues and
+ Travis should go back to being reliably green.
+ ([@iarna](https://github.com/iarna))
+
+#### DOC PATCHES
+
+* [`c5907b2`](https://github.com/npm/npm/commit/c5907b2fc1a82ec919afe3b370ecd34d8895c7a2)
+ [#14251](https://github.com/npm/npm/pull/14251)
+ Update links to Node.js downloads. They previously pointed to 404 pages.😬
+ ([@ArtskydJ](https://github.com/ArtskydJ))
+* [`0c122f2`](https://github.com/npm/npm/commit/0c122f24ff1d4d400975edda2b7262aaaf6f7d69)
+ [#14380](https://github.com/npm/npm/pull/14380)
+ Add note and clarification on when `prepare` script is run. Make it more
+ consistent with surrounding descriptions.
+ ([@SimenB](https://github.com/SimenB))
+* [`51a62ab`](https://github.com/npm/npm/commit/51a62abd88324ba3dad18e18ca5e741f1d60883c)
+ [#14359](https://github.com/npm/npm/pull/14359)
+ Fixes typo in `npm@4` changelog.
+ ([@kimroen](https://github.com/kimroen))
+
+### v4.0.0 (2016-10-20)
+
+Welcome to `npm@4`, friends!
+
+This is our first semver major release since the release of `npm@3` just over a
+year ago. Back then, `@3` turned out to be a bit of a ground-shaking release,
+with a brand-new installer with significant structural changes to how npm set up
+your tree. This is the end of an era, in a way. `npm@4` also marks the release
+when we move *both* `npm@2` and `npm@3` into maintenance: We will no longer be
+updating those release branches with anything except critical bugfixes and
+security patches.
+
+While its predecessor had some pretty serious impaact, `npm@4` is expected to
+have a much smaller effect on your day-to-day use of npm. Over the past year,
+we've collected a handful of breaking changes that we wanted to get in which are
+only breaking under a strict semver interpretation (which we follow). Some of
+these are simple usability improvements, while others fix crashes and serious
+issues that required a major release to include.
+
+We hope this release sees you well, and you can look forward to an accelerated
+release pace now that the CLI team is done focusing on sustaining work -- our
+Windows fixing and big bugs pushes -- and we can start focusing again on
+usability, features, and performance. Keep an eye out for `npm@5` in Q1 2017,
+too: We're planning a major overhaul of `shrinkwrap` as well as various speed
+and usability fixes for that release. It's gonna be a fun ride. I promise. 😘
+
+#### BRIEF OVERVIEW OF **BREAKING** CHANGES
+
+The following breaking changes are included in this release:
+
+* `npm search` rewritten to stream results, and no longer supports sorting.
+* `npm scripts` no longer prepend the path of the node executable used to run
+ npm before running scripts. A `--scripts-prepend-node-path` option has been
+ added to configure this behavior.
+* `npat` has been removed.
+* `prepublish` has been deprecated, replaced by `prepare`. A `prepublishOnly`
+ script has been temporarily added, which will *only* run on `npm publish`.
+* `npm outdated` exits with exit code `1` if it finds any outdated packages.
+* `npm tag` has been removed after a deprecation cycle. Use `npm dist-tag`.
+* Partial shrinkwraps are no longer supported. `npm-shrinkwrap.json` is
+ considered a complete installation manifest except for `devDependencies`.
+* npm's default git branch is no longer `master`. We'll be using `latest` from
+ now on.
+
+#### SEARCH REWRITE (**BREAKING**)
+
+Let's face it -- `npm search` simply doesn't work anymore. Apart from the fact
+that it grew slower over the years, it's reached a point where we can no longer
+fit the entire registry metadata in memory, and anyone who tries to use the
+command now sees a really awful memory overflow crash from node.
+
+It's still going to be some time before the CLI, registry, and web team are able
+to overhaul `npm search` altogether, but until then, we've rewritten the
+previous `npm search` implementation to *stream* results on the fly, from both
+the search endpoint and a local cache. In absolute terms, you won't see a
+performance increase and this patch *does* come at the cost of sorting
+capabilities, but what it does do is start outputting results as it finds them.
+This should make the experience much better, overall, and we believe this is an
+acceptable band-aid until we have that search endpoint in place.
+
+Incidentally, if you want a really nice search experience, we recommend checking
+out [npms.io](http://npms.io), which includes a handy-dandy
+[`npms-cli`](https://npm.im/npms-cli) for command-line usage -- it's an npm
+search site that returns high-quality results quickly and is operated by members
+of the npm community.
+
+* [`cfd43b4`](https://github.com/npm/npm/commit/cfd43b49aed36d0e8ea6c35b07ed8b303b69be61) [`2b8057b`](https://github.com/npm/npm/commit/2b8057be2e1b51e97b1f8f38d7f58edf3ce2c145)
+ [#13746](https://github.com/npm/npm/pull/13746)
+ Stream search process end-to-end.
+ ([@zkat](https://github.com/zkat) and [@aredridel](https://github.com/aredridel))
+* [`50f4ec8`](https://github.com/npm/npm/commit/50f4ec8e8ce642aa6a58cb046b2b770ccf0029db) [`70b4bc2`](https://github.com/npm/npm/commit/70b4bc22ec8e81cd33b9448f5b45afd1a50d50ba) [`8fb470f`](https://github.com/npm/npm/commit/8fb470fe755c4ad3295cb75d7b4266f8e67f8d38) [`ac3a6e0`](https://github.com/npm/npm/commit/ac3a6e0eba61fb40099b1370c74ad1598777def4) [`bad54dd`](https://github.com/npm/npm/commit/bad54dd9f1119fe900a8d065f8537c6f1968b589) [`87d504e`](https://github.com/npm/npm/commit/87d504e0a61bccf09f5e975007d018de3a1c5f50)
+ [#13746](https://github.com/npm/npm/pull/13746)
+ Updated search-related tests.
+ ([@zkat](https://github.com/zkat))
+* [`3596de8`](https://github.com/npm/npm/commit/3596de88598c69eb5bae108703c8e74ca198b20c)
+ [#13746](https://github.com/npm/npm/pull/13746)
+ `JSONStream@1.2.1`
+ ([@zkat](https://github.com/zkat))
+* [`4b09209`](https://github.com/npm/npm/commit/4b09209bb605f547243065032a8b37772669745f)
+ [#13746](https://github.com/npm/npm/pull/13746)
+ `mississippi@1.2.0`
+ ([@zkat](https://github.com/zkat))
+* [`b650b39`](https://github.com/npm/npm/commit/b650b39d42654abb9eed1c7cd463b1c595ca2ef9)
+ [#13746](https://github.com/npm/npm/pull/13746)
+ `sorted-union-stream@2.1.3`
+ ([@zkat](https://github.com/zkat))
+
+#### SCRIPT NODE PATH (**BREAKING**)
+
+Thanks to some great work by [@addaleax](https://github.com/addaleax), we've
+addressed a fairly tricky issue involving the node process used by `npm
+scripts`.
+
+Previously, npm would prefix the path of the node executable to the script's
+`PATH`. This had the benefit of making sure that the node process would be the
+same for both npm and `scripts` unless you had something like
+[`node-bin`](https://npm.im/node-bin) in your `node_modules`. And it turns out
+lots of people relied on this behavior being this way!
+
+It turns out that this had some unintended consequences: it broke systems like
+[`nyc`](https://npm.im/nyc), but also completely broke/defeated things like
+[`rvm`](https://rvm.io/) and
+[`virtualenv`](https://virtualenv.pypa.io/en/stable/) by often causing things
+that relied on them to fall back to the global system versions of ruby and
+python.
+
+In the face of two perfectly valid, and used alternatives, we decided that the
+second case was much more surprising for users, and that we should err on the
+side of doing what those users expect. Anna put some hard work in and managed to
+put together a patch that changes npm's behavior such that we no longer prepend
+the node executable's path *by default*, and adds a new option,
+`--scripts-prepend-node-path`, to allow users who rely on this behavior to have
+it add the node path for them.
+
+This patch also makes it so this feature is discoverable by people who might run
+into the first case above, by warning if the node executable is either missing
+or shadowed by another one in `PATH`. This warning can also be disabled with the
+`--scripts-prepend-node-path` option as needed.
+
+* [`3fb1eb3`](https://github.com/npm/npm/commit/3fb1eb3e00b5daf37f14e437d2818e9b65a43392) [`6a7d375`](https://github.com/npm/npm/commit/6a7d375d779ba5416fd5df154c6da673dd745d9d) [`378ae08`](https://github.com/npm/npm/commit/378ae08851882d6d2bc9b631b16b8c875d0b9704)
+ [#13409](https://github.com/npm/npm/pull/13409)
+ Add a `--scripts-prepend-node-path` option to configure whether npm prepends
+ the current node executable's path to `PATH`.
+ ([@addaleax](https://github.com/addaleax))
+* [`70b352c`](https://github.com/npm/npm/commit/70b352c6db41533b9a4bfaa9d91f7a2a1178f74e)
+ [#13409](https://github.com/npm/npm/pull/13409)
+ Change the default behaviour of npm to never prepending the current node
+ executable’s directory to `PATH` but printing a warning in the cases in which
+ it previously did.
+ ([@addaleax](https://github.com/addaleax))
+
+#### REMOVE `npat` (**BREAKING**)
+
+Let's be real here -- almost no one knows this feature ever existed, and it's a
+vestigial feature of the days when the ideal for npm was to distribute full
+packages that could be directly developed on, even from the registry.
+
+It turns out the npm community decided to go a different way: primarily
+publishing packages in a production-ready format, with no tests, build tools,
+etc. And so, we say goodbye to `npat`.
+
+* [`e16c14a`](https://github.com/npm/npm/commit/e16c14afb6f52cb8b7adf60b2b26427f76773f2e)
+ [#14329](https://github.com/npm/npm/pull/14329)
+ Remove the npat feature.
+ ([@iarna](https://github.com/iarna))
+
+#### NEW `prepare` SCRIPT. `prepublish` DEPRECATED (**BREAKING**)
+
+If there's anything that really seemed to confuse users, it's that the
+`prepublish` script ran when invoking `npm install` without any arguments.
+
+Turns out many, many people really expected that it would only run on `npm
+publish`, even if it actually did what most people expected: prepare the package
+for publishing on the registry.
+
+And so, we've added a `prepare` command that runs in the exact same cases where
+`prepublish` ran, and we've begun a deprecation cycle for `prepublish` itself
+**only when run by `npm install`**, which will now include a warning any time
+you use it that way.
+
+We've also added a `prepublishOnly` script which will execute **only** when `npm
+publish` is invoked. Eventually, `prepublish` will stop executing on `npm
+install`, and `prepublishOnly` will be removed, leaving `prepare` and
+`prepublish` as two distinct lifecycles.
+
+* [`9b4a227`](https://github.com/npm/npm/commit/9b4a2278cee0a410a107c8ea4d11614731e0a943) [`bc32078`](https://github.com/npm/npm/commit/bc32078fa798acef0e036414cb448645f135b570)
+ [#14290](https://github.com/npm/npm/pull/14290)
+ Add `prepare` and `prepublishOnly` lifecyle events.
+ ([@othiym23](https://github.com/othiym23))
+* [`52fdefd`](https://github.com/npm/npm/commit/52fdefddb48f0c39c6e8eb4c118eb306c9436117)
+ [#14290](https://github.com/npm/npm/pull/14290)
+ Warn when running `prepublish` on `npm pack`.
+ ([@othiym23](https://github.com/othiym23))
+* [`4c2a948`](https://github.com/npm/npm/commit/4c2a9481b564cae3df3f4643766db4b987018a7b) [`a55bd65`](https://github.com/npm/npm/commit/a55bd651284552b93f7d972a2e944f65c1aa6c35)
+ [#14290](https://github.com/npm/npm/pull/14290)
+ Added `prepublish` warnings to `npm install`.
+ ([@zkat](https://github.com/zkat))
+* [`c27412b`](https://github.com/npm/npm/commit/c27412bb9fc7b09f7707c7d9ad23128959ae1abc)
+ [#14290](https://github.com/npm/npm/pull/14290)
+ Replace `prepublish` with `prepare` in `npm help package.json` documentation.
+ ([@zkat](https://github.com/zkat))
+
+#### NO MORE PARTIAL SHRINKWRAPS (**BREAKING**)
+
+That's right. No more partial shrinkwraps. That means that if you have an
+`npm-shrinkwrap.json` in your project, npm will no longer install anything that
+isn't explicitly listed there, unless it's a `devDependency`. This will open
+doors to some nice optimizations and make use of `npm shrinkwrap` just generally
+smoother by removing some awful corner cases. We will also skip `devDependency`
+installation from `package.json` if you added `devDependencies` to your
+shrinkwrap by using `npm shrinkwrap --dev`.
+
+* [`b7dfae8`](https://github.com/npm/npm/commit/b7dfae8fd4dc0456605f7a921d20a829afd50864)
+ [#14327](https://github.com/npm/npm/pull/14327)
+ Use `readShrinkwrap` to read top level shrinkwrap. There's no reason for npm
+ to be doing its own bespoke heirloom-grade artisanal thing here.
+ ([@iarna](https://github.com/iarna))
+* [`0ae1f4b`](https://github.com/npm/npm/commit/0ae1f4b9d83af2d093974beb33f26d77fcc95bb9) [`4a54997`](https://github.com/npm/npm/commit/4a549970dc818d78b6de97728af08a1edb5ae7f0) [`f22a1ae`](https://github.com/npm/npm/commit/f22a1ae54b5d47f1a056a6e70868013ebaf66b79) [`3f61189`](https://github.com/npm/npm/commit/3f61189cb3843fee9f54288fefa95ade9cace066)
+ [#14327](https://github.com/npm/npm/pull/14327)
+ Treat shrinkwrap as canonical. That is, don't try to fill in for partial
+ shrinkwraps. Partial shrinkwraps should produce partial installs. If your
+ shrinkwrap contains NO `devDependencies` then we'll still try to install them
+ from your `package.json` instead of assuming you NEVER want `devDependencies`.
+ ([@iarna](https://github.com/iarna))
+
+#### `npm tag` REMOVED (**BREAKING**)
+
+* [`94255da`](https://github.com/npm/npm/commit/94255da8ffc2d9ed6a0434001a643c1ad82fa483)
+ [#14328](https://github.com/npm/npm/pull/14328)
+ Remove deprecated tag command. Folks must use the `dist-tag` command from now
+ on.
+ ([@iarna](https://github.com/iarna))
+
+#### NON-ZERO EXIT CODE ON OUTDATED DEPENDENCIES (**BREAKING**)
+
+* [`40a04d8`](https://github.com/npm/npm/commit/40a04d888d10a5952d5ca4080f2f5d2339d2038a) [`e2fa18d`](https://github.com/npm/npm/commit/e2fa18d9f7904eb048db7280b40787cb2cdf87b3) [`3ee3948`](https://github.com/npm/npm/commit/3ee39488b74c7d35fbb5c14295e33b5a77578104) [`3fa25d0`](https://github.com/npm/npm/commit/3fa25d02a8ff07c42c595f84ae4821bc9ee908df)
+ [#14013](https://github.com/npm/npm/pull/14013)
+ Do `exit 1` if any outdated dependencies are found by `npm outdated`.
+ ([@watilde](https://github.com/watilde))
+* [`c81838a`](https://github.com/npm/npm/commit/c81838ae96b253f4b1ac66af619317a3a9da418e)
+ [#14013](https://github.com/npm/npm/pull/14013)
+ Log non-zero exit codes at `verbose` level -- this isn't something command
+ line tools tend to do. It's generally the shell's job to display, if at all.
+ ([@zkat](https://github.com/zkat))
+
+#### SEND EXTRA HEADERS TO REGISTRY
+
+For the purposes of supporting shiny new registry features, we've started
+sending `Npm-Scope` and `Npm-In-CI` headers in outgoing requests.
+
+* [`846f61c`](https://github.com/npm/npm/commit/846f61c1dd4a033f77aa736ab01c27ae6724fe1c)
+ [npm/npm-registry-client#145](https://github.com/npm/npm-registry-client/pull/145)
+ [npm/npm-registry-client#147](https://github.com/npm/npm-registry-client/pull/147)
+ `npm-registry-client@7.3.0`:
+ * Allow npm to add headers to outgoing requests.
+ * Add `Npm-In-CI` header that reports whether we're running in CI.
+ ([@iarna](https://github.com/iarna))
+* [`6b6bb08`](https://github.com/npm/npm/commit/6b6bb08af661221224a81df8adb0b72019ca3e11)
+ [#14129](https://github.com/npm/npm/pull/14129)
+ Send `Npm-Scope` header along with requests to registry. `Npm-Scope` is set to
+ the `@scope` of the current top level project. This will allow registries to
+ implement user/scope-aware features and services.
+ ([@iarna](https://github.com/iarna))
+* [`506de80`](https://github.com/npm/npm/commit/506de80dc0a0576ec2aab0ed8dc3eef3c1dabc23)
+ [#14129](https://github.com/npm/npm/pull/14129)
+ Add test to ensure `Npm-In-CI` header is being sent when CI is set in env.
+ ([@iarna](https://github.com/iarna))
+
+#### BUGFIXES
+
+* [`bc84012`](https://github.com/npm/npm/commit/bc84012c2c615024b08868acbd8df53a7ca8d146)
+ [#14117](https://github.com/npm/npm/pull/14117)
+ Fixes a bug where installing a shrinkwrapped package would fail if the
+ platform failed to install an optional dependency included in the shrinkwrap.
+ ([@watilde](https://github.com/watilde))
+* [`a40b32d`](https://github.com/npm/npm/commit/a40b32dc7fe18f007a672219a12d6fecef800f9d)
+ [#13519](https://github.com/npm/npm/pull/13519)
+ If a package has malformed metadata, `node.requiredBy` is sometimes missing.
+ Stop crashing when that happens.
+ ([@creationix](https://github.com/creationix))
+
+#### OTHER PATCHES
+
+* [`643dae2`](https://github.com/npm/npm/commit/643dae2197c56f1c725ecc6539786bf82962d0fe)
+ [#14244](https://github.com/npm/npm/pull/14244)
+ Remove some ancient aliases that we'd rather not have around.
+ ([@zkat](https://github.com/zkat))
+* [`bdeac3e`](https://github.com/npm/npm/commit/bdeac3e0fb226e4777d4be5cd3c3bec8231c8044)
+ [#14230](https://github.com/npm/npm/pull/14230)
+ Detect unsupported Node.js versions and warn about it. Also error on really
+ old versions where we know we can't work.
+ ([@iarna](https://github.com/iarna))
+
+#### DOC UPDATES
+
+* [`9ca18ad`](https://github.com/npm/npm/commit/9ca18ada7cc1c10b2d32bbb59d5a99dd1c743109)
+ [#13746](https://github.com/npm/npm/pull/13746)
+ Updated docs for `npm search` options.
+ ([@zkat](https://github.com/zkat))
+* [`e02a47f`](https://github.com/npm/npm/commit/e02a47f9698ff082488dc2b1738afabb0912793e)
+ Move the `npm@3` changelog into the archived changelogs directory.
+ ([@zkat](https://github.com/zkat))
+* [`c12bbf8`](https://github.com/npm/npm/commit/c12bbf8c5a5dff24a191b66ac638f552bfb76601)
+ [#14290](https://github.com/npm/npm/pull/14290)
+ Document prepublish-on-install deprecation.
+ ([@othiym23](https://github.com/othiym23))
+* [`c246a75`](https://github.com/npm/npm/commit/c246a75ac8697f4ca11d316b7e7db5f24af7972b)
+ [#14129](https://github.com/npm/npm/pull/14129)
+ Document headers added by npm to outgoing registry requests.
+ ([@iarna](https://github.com/iarna))
+
+#### DEPENDENCIES
+
+* [`cb20c73`](https://github.com/npm/npm/commit/cb20c7373a32daaccba2c1ad32d0b7e1fc01a681)
+ [#13953](https://github.com/npm/npm/pull/13953)
+ `signal-exit@3.0.1`
+ ([@benjamincoe](https://github.com/benjamincoe))
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-03 15:53:45 +0300