diff options
author | Kat Marchán <kzm@sykosomatic.org> | 2017-05-26 05:25:41 +0300 |
---|---|---|
committer | Kat Marchán <kzm@sykosomatic.org> | 2017-05-26 06:21:58 +0300 |
commit | 8a173da28fffc1b1b45f6900ed9c7bac7cda821e (patch) | |
tree | 61ab2fa41e841f49db306d95a3bb4ca2cafa957e /changelogs | |
parent | 794c10e689634cbb85133f8de2b25411f374436b (diff) |
docs: END OF AN ERA OF CHANGELOGS 😭
Diffstat (limited to 'changelogs')
-rw-r--r-- | changelogs/CHANGELOG-4.md | 1566 |
1 files changed, 1566 insertions, 0 deletions
diff --git a/changelogs/CHANGELOG-4.md b/changelogs/CHANGELOG-4.md new file mode 100644 index 000000000..e55bcab3d --- /dev/null +++ b/changelogs/CHANGELOG-4.md @@ -0,0 +1,1566 @@ +## v4.6.1 (2017-04-21) + +A little release to tide you over while we hammer out the last bits for npm@5. + +### FEATURES + +* [`d13c9b2f2`](https://github.com/npm/npm/commit/d13c9b2f24b6380427f359b6e430b149ac8aaa79) + `init-package-json@1.10.0`: + The `name:` prompt is now `package name:` to make this less ambiguous for new users. + + The default package name is now a valid package name. For example: If your package directory + has mixed case, the default package name will be all lower case. +* [`f08c66323`](https://github.com/npm/npm/commit/f08c663231099f7036eb82b92770806a3a79cdf1) + [#16213](https://github.com/npm/npm/pull/16213) + Add `--allow-same-version` option to `npm version` so that you can use `npm version` to run + your version lifecycles and tag your git repo without actually changing the version number in + your `package.json`. + ([@lucastheisen](https://github.com/lucastheisen)) +* [`f5e8becd0`](https://github.com/npm/npm/commit/f5e8becd05e0426379eb0c999abdbc8e87a7f6f2) + Timing has been added throughout the install implementation. You can see it by running + a command with `--loglevel=timing`. You can also run commands with `--timing` which will write + an `npm-debug.log` even on success and add an entry to `_timing.json` in your cache with + the timing information from that run. + ([@iarna](https://github.com/iarna)) + +### BUG FIXES + +* [`9c860f2ed`](https://github.com/npm/npm/commit/9c860f2ed3bdea1417ed059b019371cd253db2ad) + [#16021](https://github.com/npm/npm/pull/16021) + Fix a crash in `npm doctor` when used with a registry that does not support + the `ping` API endpoint. + ([@watilde](https://github.com/watilde)) +* [`65b9943e9`](https://github.com/npm/npm/commit/65b9943e9424c67547b0029f02b0258e35ba7d26) + [#16364](https://github.com/npm/npm/pull/16364) + Shorten the ELIFECYCLE error message. The shorter error message should make it much + easier to discern the actual cause of the error. + ([@j-f1](https://github.com/j-f1)) +* [`a87a4a835`](https://github.com/npm/npm/commit/a87a4a8359693518ee41dfeb13c5a8929136772a) + `npmlog@4.0.2`: + Fix flashing of the progress bar when your terminal is very narrow. + ([@iarna](https://github.com/iarna)) +* [`41c10974f`](https://github.com/npm/npm/commit/41c10974fe95a2e520e33e37725570c75f6126ea) + `write-file-atomic@1.3.2`: + Wait for `fsync` to complete before considering our file written to disk. + This will improve certain sorts of Windows diagnostic problems. +* [`2afa9240c`](https://github.com/npm/npm/commit/2afa9240ce5b391671ed5416464f2882d18a94bc) + [#16336](https://github.com/npm/npm/pull/16336) + Don't ham-it-up when expecting JSON. + ([@bdukes](https://github.com/bdukes)) + +### DOCUMENTATION FIXES + +* [`566f3eebe`](https://github.com/npm/npm/commit/566f3eebe741f935b7c1e004bebf19b8625a1413) + [#16296](https://github.com/npm/npm/pull/16296) + Use a single convention when referring to the `<command>` you're running. + ([@desfero](https://github.com/desfero)) +* [`ccbb94934`](https://github.com/npm/npm/commit/ccbb94934d4f677f680c3e2284df3d0ae0e65758) + [#16267](https://github.com/npm/npm/pull/16267) + Fix a missing space in the example package.json. + ([@famousgarkin](https://github.com/famousgarkin)) + +### DEPENDENCY UPDATES + +* [`ebde4ea33`](https://github.com/npm/npm/commit/ebde4ea3363dfc154c53bd537189503863c9b3a4) + `hosted-git-info@2.4.2` +* [`c46ad71bb`](https://github.com/npm/npm/commit/c46ad71bbe27aaa9ee10e107d8bcd665d98544d7) + `init-package-json@1.9.6` +* [`d856d570d`](https://github.com/npm/npm/commit/d856d570d2df602767c039cf03439d647bba2e3d) + `npm-registry-client@8.1.1` +* [`4a2e14436`](https://github.com/npm/npm/commit/4a2e1443613a199665e7adbda034d5b9d10391a2) + `readable-stream@2.2.9` +* [`f0399138e`](https://github.com/npm/npm/commit/f0399138e6d6f1cd7f807d523787a3b129996301) + `normalize-package-data@2.3.8` + +### v4.5.0 (2017-03-24) + +Welcome a wrinkle on npm's registry API! + +Codename: Corgi + +![corgi-meme](https://cloud.githubusercontent.com/assets/757502/24126107/64c14268-0d89-11e7-871b-d457e6d0082b.jpg) + +This release has some bug fixes, but it's mostly about bringing support for +MUCH smaller package metadata. How much smaller? Well, for npm itself it +reduces 416K of gzip compressed JSON to 24K. + +As a user, all you have to do is update to get to use the new API. If +you're interested in the details we've [documented the +changes](https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md) +in detail. + +#### CORGUMENTS + +Package metadata: now smaller. This means a smaller cache and less to download. + +* [`86dad0d74`](https://github.com/npm/npm/commit/86dad0d747f288eab467d49c9635644d3d44d6f0) + Add support for filtered package metadata. + ([@iarna](https://github.com/iarna)) +* [`41789cffa`](https://github.com/npm/npm/commit/41789cffac9845603f4bdf3f5b03f412144a0e9f) + `npm-registry-client@8.1.0` + ([@iarna](https://github.com/iarna)) + +#### NO SHRINKWRAP, NO PROBLEM + +Previously we needed to extract every package's tarball to look for an +`npm-shrinkwrap.json` before we could begin working through what its +dependencies were. This was one of the things stopping npm's network +accesses from happening more concurrently. The new filtered package +metadata provides a new key, `_hasShrinkwrap`. When that's set to `false` +then we know we don't have to look for one. + +* [`4f5060eb3`](https://github.com/npm/npm/commit/4f5060eb31b9091013e1d6a34050973613a294a3) + [#15969](https://github.com/npm/npm/pull/15969) + Add support for skipping `npm-shrinkwrap.json` extraction when the + registry can affirm that one doesn't exist. + ([@iarna](https://github.com/iarna)) + +#### INTERRUPTING SCRIPTS + +* [`878aceb25`](https://github.com/npm/npm/commit/878aceb25e6d6052dac15da74639ce274c8e62c5) + [#16129](https://github.com/npm/npm/pull/16129) + Better handle Ctrl-C while running scripts. `npm` will now no longer exit + until the script it is running has exited. If you press Ctrl-C a second + time it kill the script rather than just forwarding the Ctrl-C. + ([@jaridmargolin](https://github.com/jaridmargolin)) + +#### DEPENDENCY UPDATES: + +* [`def75eebf`](https://github.com/npm/npm/commit/def75eebf1ad437bf4fd3f5e103cc2d963bd2a73) + `hosted-git-info@2.4.1`: + Preserve case of the user name part of shortcut specifiers, previously they were lowercased. + ([@iarna](https://github.com/iarna)) +* [`eb3789fd1`](https://github.com/npm/npm/commit/eb3789fd18cfb063de9e6f80c3049e314993d235) + `node-gyp@3.6.0`: Add support for VS2017 and Chakracore improvements. + ([@refack](https://github.com/refack)) + ([@kunalspathak](https://github.com/kunalspathak)) +* [`245e25315`](https://github.com/npm/npm/commit/245e25315524b95c0a71c980223a27719392ba75) + `readable-stream@2.2.6` ([@mcollina](https://github.com/mcollina)) +* [`30357ebc5`](https://github.com/npm/npm/commit/30357ebc5691d7c9e9cdc6e0fe7dc6253220c9c2) + `which@1.2.14` ([@isaacs](https://github.com/isaacs)) + +### v4.4.4 (2017-03-16) + +😩😤😅 Okay! We have another `next` +release for ya today. So, yes! With v4.4.3 we fixed the bug that made +bundled scoped modules uninstallable. But somehow I overlooked the fact +that we: A) were using these and B) that made upgrading to v4.4.3 impossible. 😭 + +So I've renamed those two scoped modules to no longer use scopes and we now +have a shiny new test to ensure that scoped modules don't creep into our +transitive deps and make it impossible to upgrade to `npm`. + +(None of our woes applies to most of you all because most of you all don't +use bundled dependencies. `npm` does because we want the published artifact to be +installable without having to already have `npm`.) + +* [`2a7409fcb`](https://github.com/npm/npm/commit/2a7409fcba6a8fab716c80f56987b255983e048e) + [#16066](https://github.com/npm/npm/pull/16066) + Ensure we aren't using any scoped modules + Because `npm`s prior 4.4.3 can't install dependencies that have bundled scoped + modules. This didn't show up sooner because they ALSO had a bug that caused + bundled scoped modules to not be included in the bundle. + ([@iarna](https://github.com/iarna)) +* [`eb4c70796`](https://github.com/npm/npm/commit/eb4c70796c38f24ee9357f5d4a0116db582cc7a9) + [#16066](https://github.com/npm/npm/pull/16066) + Switch to move-concurrently to remove scoped dependency + ([@iarna](https://github.com/iarna)) + +### v4.4.3 (2017-03-15) + +This is a small patch release, mostly because the published tarball for +v4.4.2 was missing a couple of modules, due to a bug involving scoped +modules, bundled dependencies and legacy tree layouts. + +There are a couple of other things here that happened to be ready to go. So +without further ado… + +#### BUG FIXES + +* [`3d80f8f70`](https://github.com/npm/npm/commit/3d80f8f70679ad2b8ce7227d20e8dbce257a47b9) + [npm/fs-vacuum#6](https://github.com/npm/fs-vacuum/pull/6) + `fs-vacuum@1.2.1`: Make sure we never, ever remove home directories. Previously if your + home directory was entirely empty then we might `rmdir` it. + ([@helio-frota](https://github.com/helio-frota)) +* [`1af85ca9f`](https://github.com/npm/npm/commit/1af85ca9f4d625f948e85961372de7df3f3774e2) + [#16040](https://github.com/npm/npm/pull/16040) + Fix bug where bundled transitive dependencies that happened to be + installed under bundled scoped dependencies wouldn't be included in the + tarball when building a package. + ([@iarna](https://github.com/iarna)) +* [`13c7fdc2e`](https://github.com/npm/npm/commit/13c7fdc2e87456a87b1c9385a3daeae228ed7c95) + [#16040](https://github.com/npm/npm/pull/16040) + Fix a bug where bundled scoped dependencies couldn't be extracted. + ([@iarna](https://github.com/iarna)) +* [`d6cde98c2`](https://github.com/npm/npm/commit/d6cde98c2513fe160eab41e31c3198dfde993207) + [#16040](https://github.com/npm/npm/pull/16040) + Stop printing `ENOENT` errors more than once. + ([@iarna](https://github.com/iarna)) +* [`722fbf0f6`](https://github.com/npm/npm/commit/722fbf0f6cf4413cdc24b610bbd60a7dbaf2adfe) + [#16040](https://github.com/npm/npm/pull/16040) + Rewrite the `extract` action for greater clarity. + Specifically, this involves moving things around structurally to do the same + thing [`d0c6d194`](https://github.com/npm/npm/commit/d0c6d194) did, but in a more comprehensive manner. + This also fixes a long standing bug where errors from the move step would be + eaten during this phase and as a result we would get mysterious crashes in + the finalize phase when finalize tried to act on them. + ([@iarna](https://github.com/iarna)) +* [`6754dabb6`](https://github.com/npm/npm/commit/6754dabb6bd3301504efb3b62f36d3fe70958c19) + [#16040](https://github.com/npm/npm/pull/16040) + Flatten out `@npmcorp/move`'s deps for backwards compatibility reasons. Versions prior to this + one will fail to install any package that bundles a scoped dependency. This was responsible + for `ENOENT` errors during the `finalize` phase. + ([@iarna](https://github.com/iarna)) + +#### DOC UPDATES + +* [`fba51c582`](https://github.com/npm/npm/commit/fba51c582d1d08dd4aa6eb27f9044dddba91bb18) + [#15960](https://github.com/npm/npm/pull/15960) + Update troubleshooting and contribution guide links. + ([@watilde](https://github.com/watilde)) + + +### v4.4.2 (2017-03-09): + +This week, the focus on the release was mainly going through [all of npm's deps +that we manage +ourselves](https://github.com/npm/npm/wiki/npm-maintained-dependencies), and +making sure all their PRs and versions were up to date. That means there's a few +fixes here and there. Nothing too big codewise, though. + +The most exciting part of this release is probably our [shiny new +Contributing](https://github.com/npm/npm/blob/latest/CONTRIBUTING.md) and +[Troubleshooting](https://github.com/npm/npm/blob/latest/TROUBLESHOOTING.md) +docs! [@snopeks](https://github.com/snopeks) did some ✨fantastic✨ work hashing it +out, and we're really hoping this is a nice big step towards making contributing +to npm easier. The troubleshooting doc will also hopefully solve common issues +for people! Do you think something is missing from it? File a PR and we'll add +it! The current document is just a baseline for further editing and additions. + +Also there's maybe a bit of an easter egg in this release. 'Cause those are fun and I'm a huge nerd. 😉 + +#### DOCUMENTATION AHOY + +* [`07e997a`](https://github.com/npm/npm/commit/07e997a7ecedba7b29ad76ffb2ce990d5c0200fc) + [#15756](https://github.com/npm/npm/pull/15756) + Overhaul `CONTRIBUTING.md` and add new `TROUBLESHOOTING.md` files. 🙌🏼 + ([@snopeks](https://github.com/snopeks)) +* [`2f3e4b6`](https://github.com/npm/npm/commit/2f3e4b645cdc268889cf95ba24b2aae572d722ad) + [#15833](https://github.com/npm/npm/pull/15833) + Mention the [24-hour unpublish + policy](http://blog.npmjs.org/post/141905368000/changes-to-npms-unpublish-policy) + on the main registry. + ([@carols10cents](https://github.com/carols10cents)) + +#### NOT REALLY FEATURES, NOT REALLY BUGFIXES. MORE LIKE TWEAKS? 🤔 + +* [`84be534`](https://github.com/npm/npm/commit/84be534aedb78c65cd8012427fc04871ceeccf90) + [#15888](https://github.com/npm/npm/pull/15888) + Stop flattening `ls`-tree output. From now on, deduped deps will be marked as + such in the place where they would've been before getting hoisted by the + installer. + ([@iarna](https://github.com/iarna)) +* [`e9a5dca`](https://github.com/npm/npm/commit/e9a5dca369ead646ab5922326cede1406c62bd3b) + [#15967](https://github.com/npm/npm/pull/15967) + Limit metadata fetches to 10 concurrent requests. + ([@iarna](https://github.com/iarna)) +* [`46aa9bc`](https://github.com/npm/npm/commit/46aa9bcae088740df86234fc199f7aef53b116df) + [#15967](https://github.com/npm/npm/pull/15967) + Limit concurrent installer actions to 10. + ([@iarna](https://github.com/iarna)) + +#### BUGFIXES + +* [`c3b994b`](https://github.com/npm/npm/commit/c3b994b71565eb4f943cce890bb887d810e6e2d4) + [#15901](https://github.com/npm/npm/pull/15901) + Use EXDEV aware move instead of rename. This will allow moving across devices + and moving when filesystems don't support renaming directories full of files. It might make folks using Docker a bit happier. + ([@iarna](https://github.com/iarna)) +* [`0de1a9c`](https://github.com/npm/npm/commit/0de1a9c1db90e6705c65c068df1fe82899e60d68) + [#15735](https://github.com/npm/npm/pull/15735) + Autocomplete support for npm scripts with `:` colons in the name. + ([@beyondcompute](https://github.com/beyondcompute)) +* [`84b0b92`](https://github.com/npm/npm/commit/84b0b92e7f78ec4add42e8161c555325c99b7f98) + [#15874](https://github.com/npm/npm/pull/15874) + Stop using [undocumented](https://github.com/nodejs/node/pull/11355) + `res.writeHeader` alias for `res.writeHead`. + ([@ChALkeR](https://github.com/ChALkeR)) +* [`895ffe4`](https://github.com/npm/npm/commit/895ffe4f3eecd674796395f91c30eda88aca6b36) + [#15824](https://github.com/npm/npm/pull/15824) + Fix empty versions column in `npm search` output. + ([@bcoe](https://github.com/bcoe)) +* [`38c8d7a`](https://github.com/npm/npm/commit/38c8d7adc1f43ab357d1e729ae7cd5d801a26e68) + `init-package-json@1.9.5`: [npm/init-package-json#61](https://github.com/npm/init-package-json/pull/61) Exclude existing `devDependencies` from being added to `dependencies`. Fixes [#12260](https://github.com/npm/npm/issues/12260). + ([@addaleax](https://github.com/addaleax)) + +### v4.4.1 (2017-03-06): + +This is a quick little patch release to forgo the update notification +checker if you're on an unsuported (but not otherwise broken) version of +Node.js. Right now that means 0.10 or 0.12. + +* [`56ac249`](https://github.com/npm/npm/commit/56ac249ef8ede1021f1bc62a0e4fe1e9ba556af2) + [#15864](https://github.com/npm/npm/pull/15864) + Only use `update-notifier` on supported versions. + ([@legodude17](https://github.com/legodude17)) + +### v4.4.0 (2017-02-23): + +Aaaah, [@iarna](https://github.com/iarna) here, it's been a little while +since I did one of these! This is a nice little release, we've got an +update notifier, vastly less verbose error messages, new warnings on package +metadata that will probably give you a bad day, and a sprinkling of bug +fixes. + +#### UPDATE NOTIFICATIONS + +We now have a little nudge to update your `npm`, courtesy of +[update-notifier](https://www.npmjs.com/package/update-notifier). + +* [`148ee66`](https://github.com/npm/npm/commit/148ee663740aa05877c64f16cdf18eba33fbc371) + [#15774](https://github.com/npm/npm/pull/15774) + `npm` will now check at start up to see if a newer version is available. + It will check once a day. If you want to disable this, set `optOut` to `true` in + `~/.config/configstore/update-notifier-npm.json`. + ([@ceejbot](https://github.com/ceejbot)) + +#### LESS VERBOSE ERROR MESSAGES + +`npm` has, for a long time, had very verbose error messages. There was a +lot of info in there, including the cause of the error you were seeing but +without a lot of experience reading them pulling that out was time consuming +and difficult. + +With this change the output is cut down substantially, centering the error +message. So, for example if you try to `npm run sdlkfj` then the entire +error you'll get will be: + +``` +npm ERR! missing script: sldkfj + +npm ERR! A complete log of this run can be found in: +npm ERR! /Users/rebecca/.npm/_logs/2017-02-24T00_41_36_988Z-debug.log +``` + +The CLI team has discussed cutting this down even further and stripping the +`npm ERR!` prefix off those lines too. We'd appreciate your feedback on +this! + +* [`e544124`](https://github.com/npm/npm/commit/e544124592583654f2970ec332003cfd00d04f2b) + [#15716](https://github.com/npm/npm/pull/15716) + Make error output less verbose. + ([@iarna](https://github.com/iarna)) +* [`166bda9`](https://github.com/npm/npm/commit/166bda97410d0518b42ed361020ade1887e684af) + [#15716](https://github.com/npm/npm/pull/15716) + Stop encouraging users to visit the issue tracker unless we know for + certain that it's an npm bug. + ([@iarna](https://github.com/iarna)) + +#### OTHER NEW FEATURES + +* [`53412eb`](https://github.com/npm/npm/commit/53412eb22c1c75d768e30f96d69ed620dfedabde) + [#15772](https://github.com/npm/npm/pull/15772) + We now warn if you have a module listed in both dependencies and + devDependencies. + ([@TedYav](https://github.com/TedYav)) +* [`426b180`](https://github.com/npm/npm/commit/426b1805904a13bdc5c0dd504105ba037270cbee) + [#15757](https://github.com/npm/npm/pull/15757) + Default reporting metrics to default registry. Previously it defaulted to using + `https://registry.npmjs.org`, now it will default to the result of + `npm config get registry`. For most folks this won't actually change anything, but it + means that folks who use a private registry will have metrics routed there by default. + This has the potential to be interesting because it means that in the + future private registry products ([npme](https://npme.npmjs.com/docs/)!) + will be able to report on these metrics. + ([@iarna](https://github.com/iarna)) + +#### BUG FIXES + +* [`8ea0de9`](https://github.com/npm/npm/commit/8ea0de98563648ba0db032acd4d23d27c4a50a66) + [#15716](https://github.com/npm/npm/pull/15716) + Write logs for `cb() never called` errors. +* [`c4e83dc`](https://github.com/npm/npm/commit/c4e83dca830b24305e3cb3201a42452d56d2d864) + Make it so that errors while reading the existing node_modules tree can't + result in installer crashes. + ([@iarna](https://github.com/iarna)) +* [`2690dc2`](https://github.com/npm/npm/commit/2690dc2684a975109ef44953c2cf0746dbe343bb) + Update `npm doctor` to not treat broken symlinks in your global modules as + a permission failure. This is particularly important if you link modules and your text + editor uses the convention of creating symlinks from `.#filename.js` to a + machine name and pid to lock files (eg emacs and compatible things). + ([@iarna](https://github.com/iarna)) +* [`f4c3f48`](https://github.com/npm/npm/commit/f4c3f489aa5787cf0d60e8436be2190e4b0d0ff7) + [#15777](https://github.com/npm/npm/pull/15777) + Not exactly a bug, but change a parameterless `.apply` to `.call`. + ([@notarseniy](https://github.com/notarseniy)) + +#### DEPENDENCY UPDATES + +* [`549dcff`](https://github.com/npm/npm/commit/549dcff58c7aaa1e7ba71abaa14008fdf2697297) + `rimraf@2.6.0`: + Retry EBUSY, ENOTEMPTY and EPERM on non-Windows platforms too. + More reliable `rimraf.sync` on Windows. + ([@isaacs](https://github.com/isaacs)) +* [`052dfb6`](https://github.com/npm/npm/commit/052dfb623da508f2b5f681da0258125552a18a4a) + `validate-npm-package-name@3.0.0`: + Remove ableist language in README. + Stop allowing ~'!()* in package names. + ([@tomdale](https://github.com/tomdale)) + ([@chrisdickinson](https://github.com/chrisdickinson)) +* [`6663ea6`](https://github.com/npm/npm/commit/6663ea6ac0f0ecec5a3f04a3c01a71499632f4dc) + `abbrev@1.1.0` ([@isaacs](https://github.com/isaacs)) +* [`be6de9a`](https://github.com/npm/npm/commit/be6de9aab9e20b6eac70884e8626161eebf8721a) + `opener@1.4.3` ([@dominic](https://github.com/dominic)) +* [`900a5e3`](https://github.com/npm/npm/commit/900a5e3e3411ec221306455f99b24b9ce35757c0) + `readable-stream@2.2.3` ([@RangerMauve](https://github.com/RangerMauve)) ([@mcollina](https://github.com/mcollina)) +* [`c972a8b`](https://github.com/npm/npm/commit/c972a8b0f20a61a79c45b6642f870bea8c55c7e4) + `tacks@1.2.6` + ([@iarna](https://github.com/iarna)) +* [`85a36ef`](https://github.com/npm/npm/commit/85a36efdac0c24501876875cb9ad40292024e0b0) + [`7ac9265`](https://github.com/npm/npm/commit/7ac9265c56b4d9eeaca6fcfb29513f301713e7bb) + `tap@10.2.0` + ([@isaacs](https://github.com/saacs)) + +### v4.3.0 (2017-02-09): + +Yay! Release time! It's a rainy day, and we have another smallish release for +y'all. These things are not necessarily related. Or are they 🌧🤔 + +As far as news go, you may have noticed that the CLI team dropped support for +`node@0.12` when that version went out of maintenance. Still, we've avoided +explicitly breaking it and `node@0.10` so far -- but not much longer. + +Sometime soon, the CLI team plans on switching over to language features only +available as of `node@4 LTS`, and will likely start dropping old versions of node +as they go out of maintenance. The new features are exciting! We're really +looking forward to using them in the core CLI (and its dependencies) as we keep up +with our current feature work. + +And speaking of features, this release is a minor bump due to a small change in +how `npm login` works for the sake of supporting OAuth-based login for npm +Enterprise users. But we won't leave the rest of y'all out -- we're working on a +larger version of this feature. Soon enough, you'll be able to log in to npm +with, say, GitHub -- and use some shiny features that come from the integration. +Or turn on 2FA and other such security features. Keep your eyes peeled for new +on this in the next few releases and our weekly newsletter! + +#### NEW AUTH TYPES + +There's a new command line option: `--auth-type`, which can be used to log in to +a supporting registry with OAuth2 or SAML. The current implementation is mainly +meant to support npmE customers, so if you're one of those: ask us about using +it! If not, just hold off cause we'll have a much more complete version of this +feature out soon. + +* [`ac8595e`](https://github.com/npm/npm/commit/ac8595e3c9b615ff95abc3301fac1262c434792c) [`bcf2dd8`](https://github.com/npm/npm/commit/bcf2dd8a165843255c06515fa044c6e4d3b71ca4) [`9298d20`](https://github.com/npm/npm/commit/9298d20af58b92572515bfa9cf7377bd4221dc7d) [`66b61bc`](https://github.com/npm/npm/commit/66b61bc42e81ee8a1ee00fc63517f62284140688) [`dc85de7`](https://github.com/npm/npm/commit/dc85de7df6bb61f7788611813ee82ae695a18f1f) + [#13389](https://github.com/npm/npm/pull/13389) + Implement single-sign-on support with `--auth-type` option. + ([@zkat](https://github.com/zkat)) + +#### FASTER STARTUP. SOMETIMES! + +`request` is pretty heavy. And it loads a bunch of things. It's actually a +pretty big chunk of npm's load time. This small patch by Rebecca will make it so +npm only loads that module when we're actually intending to make network +requests. Those of you who use npm commands that run offline might see a small +speedup in startup time. + +* [`ac73568`](https://github.com/npm/npm/commit/ac735682e666e8724549d56146821f3b8b018e25) + [#15631](https://github.com/npm/npm/pull/15631) + Lazy load `caching-registry-client`. + ([@iarna](https://github.com/iarna)) + +#### DOCUMENTATION + +* [`4ad9247`](https://github.com/npm/npm/commit/4ad9247aa82f7553c9667ee93c74ec7399d6ceec) + [#15630](https://github.com/npm/npm/pull/15630) + Fix formatting/rendering for root npm README. + ([@ungoldman](https://github.com/ungoldman)) + +#### DEPENDENCY UPDATES + +* [`8cc1112`](https://github.com/npm/npm/commit/8cc1112958638ff88ac2c24c4a065acacb93d64b) + [npm/hosted-git-info#21](https://github.com/npm/hosted-git-info/pull/21) + `hosted-git-info@2.2.0`: + Add support for `.tarball()` URLs. + ([@zkat](https://github.com/zkat)) +* [`6eacc1b`](https://github.com/npm/npm/commit/6eacc1bc1925fe3cc79fc97bdc3194d944fce55e) + `npm-registry-mock@1.1.0` + ([@addaleax](https://github.com/addaleax)) +* [`a9b6d77`](https://github.com/npm/npm/commit/a9b6d775e61cf090df0e13514c624f99bf31d1e7) + `aproba@1.1.1` + ([@iarna](https://github.com/iarna)) + +### v4.2.0 (2017-01-26): + +Hi all! I'm Kat, and I'm currently sitting in a train traveling at ~300km/h +through Spain. So clearly, this release should have *something* to do with +speed. And it does! Heck, with this release, you could say we're really +_blazing_, even. 🌲🔥😏 + +#### IMPROVED CLI SEARCH~ + +You might recall if you've been keeping up that one of the reasons for a +semver-major bump to `npm@4` was an improved CLI search (read: no longer blowing +up Node). The work done for that new search system, while still relying on a +full metadata download and local search, was also meant to act as groundwork for +then-ongoing work on a brand-new, smarter search system for npm. Shortly after +`npm@4` came out, the bulk of the server-side work was done, and with this +release, the npm CLI has integrated use of the new endpoint for high-quality, +fast-turnaround searches. + +No, seriously, it's *fast*. And *relevant*: + +[![GOTTA GO FAST! This is a gif of the new npm search returning results in around a second for `npm search web framework`.](https://cloud.githubusercontent.com/assets/17535/21954136/f007e8be-d9fd-11e6-9231-f899c12790e0.gif)](https://github.com/npm/npm/pull/15481) + +Give it a shot! And remember to check out the new website version of the search, +too, which uses the same backend as the CLI now. 🎉 + +Incidentally, the backend is a public service, so you can write your own search +tools, be they web-based, CLI, or GUI-based. You can read up on the [full +documentation for the search +endpoint](https://github.com/npm/registry/blob/master/docs/REGISTRY-API.md#get-v1search), +and let us know about the cool things you come up with! + +* [`ce3ca51`](https://github.com/npm/npm/commit/ce3ca51ca2d60e15e901c8bf6256338e53e1eca2) + [#15481](https://github.com/npm/npm/pull/15481) + Add an internal `gunzip-maybe` utility for optional gunzipping. + ([@zkat](https://github.com/zkat)) +* [`e322932`](https://github.com/npm/npm/commit/e3229324d507fda10ea9e94fd4de8a4ae5025c75) [`a53055e`](https://github.com/npm/npm/commit/a53055e423f1fe168f05047aa0dfec6d963cb211) [`a1f4365`](https://github.com/npm/npm/commit/a1f436570730c6e4a173ca92d1967a87c29b7f2d) [`c56618c`](https://github.com/npm/npm/commit/c56618c62854ea61f6f716dffe7bcac80b5f4144) + [#15481](https://github.com/npm/npm/pull/15481) + Add support for using the new npm search endpoint for fast, quality search + results. Includes a fallback to "classic" search. + ([@zkat](https://github.com/zkat)) + +#### WHERE DID THE DEBUG LOGS GO + +This is another pretty significant change: Usually, when the npm process +crashed, you would get an `npm-debug.log` in your current working directory. +This debug log would get cleared out as soon as you ran npm again. This was a +bit annoying because 1) you would get a random file in your `git status` that +you might accidentally commit, and 2) if you hit a hard-to-reproduce bug and +instinctually tried again, you would no longer have access to the repro +`npm-debug.log`. + +So now, any time a crash happens, we'll save your debug logs to your cache +folder, under `_logs` (`~/.npm` on *nix, by default -- use `npm config get +cache` to see what your current value is). The cache will now hold a +(configurable) number of `npm-debug.log` files, which you can access in the +future. Hopefully this will help clean stuff up and reduce frustration from +missed repros! In the future, this will also be used by `npm report` to make it +super easy to put up issues about crashes you run into with npm. 💃🕺🏿👯♂️ + +* [`04fca22`](https://github.com/npm/npm/commit/04fca223a0f704b69340c5f81b26907238fad878) + [#11439](https://github.com/npm/npm/pull/11439) + Put debug logs in `$(npm get cache)/_logs` and store multiple log files. + ([@KenanY](https://github.com/KenanY)) + ([@othiym23](https://github.com/othiym23)) + ([@isaacs](https://github.com/isaacs)) + ([@iarna](https://github.com/iarna)) + +#### DOCS + +* [`ae8e71c`](https://github.com/npm/npm/commit/ae8e71c2b7d64d782af287a21e146d7cea6e5273) + [#15402](https://github.com/npm/npm/pull/15402) + Add missing backtick in one of the `npm doctor` messages. + ([@watilde](https://github.com/watilde), [@charlotteis](https://github.com/charlotteis)) +* [`821fee6`](https://github.com/npm/npm/commit/821fee6d0b12a324e035c397ae73904db97d07d2) + [#15480](https://github.com/npm/npm/pull/15480) + Clarify that unscoped packages can depend on scoped packages and vice-versa. + ([@chocolateboy](https://github.com/chocolateboy)) +* [`2ee45a8`](https://github.com/npm/npm/commit/2ee45a884137ae0706b7c741c671fef2cb3bac96) + [#15515](https://github.com/npm/npm/pull/15515) + Update minimum supported Node version number in the README to `node@>=4`. + ([@watilde](https://github.com/watilde)) +* [`af06aa9`](https://github.com/npm/npm/commit/af06aa9a357578a8fd58c575f3dbe55bc65fc376) + [#15520](https://github.com/npm/npm/pull/15520) + Add section to `npm-scope` docs to explain that scope owners will own scoped + packages with that scope. That is, user `@alice` is not allowed to publish to + `@bob/my-package` unless explicitly made an owner by user (or org) `@bob`. + ([@hzoo](https://github.com/hzoo)) +* [`bc892e6`](https://github.com/npm/npm/commit/bc892e6d07a4c6646480703641a4d71129c38b6d) + [#15539](https://github.com/npm/npm/pull/15539) + Replace `http` with `https` and fix typos in some docs. + ([@watilde](https://github.com/watilde)) +* [`1dfe875`](https://github.com/npm/npm/commit/1dfe875b9ac61a0ab9f61a2eab02bacf6cce583c) + [#15545](https://github.com/npm/npm/pull/15545) + Update Node.js download link to point to the right place. + ([@watilde](https://github.com/watilde)) + +#### DEPENDENCIES + + * [`b824bfb`](https://github.com/npm/npm/commit/b824bfbeb2d89c92762e9170b026af98b5a3668a) + `ansi-regex@2.1.1` + * [`81ea3e8`](https://github.com/npm/npm/commit/81ea3e8e4ea34cd9c2b418512dcb508abcee1380) + `mississippi@1.3.0` + +#### MISC + +* [`98df212`](https://github.com/npm/npm/commit/98df212a91fd6ff4a02b9cd247f4166f93d3977a) + [#15492](https://github.com/npm/npm/pull/15492) + Update the "master" node version used for AppVeyor to `node@7`. + ([@watilde](https://github.com/watilde)) +* [`d75fc03`](https://github.com/npm/npm/commit/d75fc03eda5364f12ac266fa4f66e31c2e44e864) + [#15413](https://github.com/npm/npm/pull/15413) + `npm run-script` now exits with the child process' exit code on exit. + ([@kapals](https://github.com/kapals)) + +### v4.1.2 (2017-01-12) + +We have a twee little release this week as we come back from the holidays. + +#### 0.12 IS UNSUPPORTED NOW (really) + +After [jumping the gun a +little](https://github.com/npm/npm/releases/tag/v4.0.2), we can now +officially remove 0.12 from our supported versions list. The Node.js +project has now officially ended even maintenance support for 0.12 and thus, +so will we. To reiterate from the last time we did this: + +What this means: + +* Your contributions will no longer block on the tests passing on 0.12. +* We will no longer block dependency upgrades on working with 0.12. +* Bugs filed on the npm CLI that are due to incompatibilities with 0.12 + (and older versions) will be closed with a strong urging to upgrade to a + supported version of Node. +* On the flip side, we'll continue to (happily!) accept patches that + address regressions seen when running the CLI with Node.js 0.12. + +What this doesn't mean: + +* The CLI is going to start depending on ES2015+ features. npm continues + to work, in almost all cases, all the way back to Node.js 0.8, and our + long history of backwards compatibility is a source of pride for the + team. +* We aren't concerned about the problems of users who, for whatever + reason, can't update to newer versions of npm. As mentioned above, we're + happy to take community patches intended to address regressions. + +We're not super interested in taking sides on what version of Node.js +you "should" be running. We're a workflow tool, and we understand that +you all have a diverse set of operational environments you need to be +able to support. At the same time, we _are_ a small team, and we need +to put some limits on what we support. Tracking what's supported by our +runtime's own team seems most practical, so that's what we're doing. + +* [`c7bbba8`](https://github.com/npm/npm/commit/c7bbba8744b62448103a1510c65d9751288abb5d) + Remove 0.12 from our supported versions list. + ([@iarna](https://github.com/iarna)) + +#### WRITING TO SYMLINKED `package.json` (AND OTHER FILES) + +If your `package.json`, `npm-shrinkwrap.json` or `.npmrc` were a symlink and +you used an `npm` command that modified one of these (eg `npm config set` or +`npm install --save`) then previously we would have removed your symlink and +replaced it with an ordinary file. While making these files symlinks is pretty +uncommon, this was still surprising behavior. With this fix we now overwrite +the _destination_ of the symlink and preserve the symlink itself. + +* [`a583983`](https://github.com/npm/npm/commit/a5839833d3de7072be06884b91902c093aff1aed) + [write-file-atomic/#5](https://github.com/npm/write-file-atomic/issues/5) + [#10223](https://github.com/npm/npm/10223) + `write-file-atomic@1.3.1`: + When the target is a symlink, write-file-atomic now overwrites the + _destination_ of the symlink, instead of replacing the symlink itself. This + makes it's behavior match `fs.writeFile`. + + Fixed a bug where it would ALWAYS fs.stat to look up default mode and chown + values even if you'd passed them in. (It still used the values you passed + in, but did a needless stat.) + ([@iarna](https://github.com/iarna)) + +#### DEPENDENCY UPDATES + +* [`521f230`](https://github.com/npm/npm/commit/521f230dd57261e64ac9613b3db62f5312971dca) + `node-gyp@3.5.0`: + Improvements to how Python is located. New `--devdir` flag. + ([@bnoordhuis](https://github.com/bnoordhuis)) + ([@mhart](https://github.com/mhart)) +* [`ccd83e8`](https://github.com/npm/npm/commit/ccd83e8a70d35fb0904f8a9adb2ff7ac8a6b2706) + `JSONStream@1.3.0`: + Add new emitPath option. + ([@nathanwills](https://github.com/nathanwills)) + +#### TEST IMPROVEMENTS + +* [`d76e084`](https://github.com/npm/npm/commit/d76e08463fd65705217624b861a1443811692f34) + Disable metric reporting for test suite even if the user has it enabled. + ([@iarna](https://github.com/iarna)) + +### v4.1.1 (2016-12-16) + +This fixes a bug in the metrics reporting where, if you had enabled it then +installs would create a metrics reporting process, that would create a +metrics reporting process, that would… well, you get the idea. The only +way to actually kill these processes is to turn off your networking, then +on MacOS/Linux kill them with `kill -9`. Alternatively you can just reboot. + +Anyway, this is a quick release to fix that bug: + +* [`51c393f`](https://github.com/npm/npm/commit/51c393feff5f4908c8a9fb02baef505b1f2259be) + [#15237](https://github.com/npm/npm/pull/15237) + Don't launch a metrics sender process if we're running from a metrics + sender process. + ([@iarna](https://github.com/iarna)) + +### v4.1.0 (2016-12-15) + +I'm really excited about `npm@4.1.0`. I know, I know, I'm kinda overexcited +in my changelogs, but this one is GREAT. We've got a WHOLE NEW subcommand, I +mean, when was the last time you saw that? YEARS! And we have the beginnings +of usage metrics reporting. Then there's a fix for a really subtle bug that +resulted in `shasum` errors. And then we also have a few more bug fixes and +other improvements. + +#### ANONYMOUS METRIC REPORTING + +We're adding the ability for you all to help us track the quality of your +experiences using `npm`. Metrics will be sent if you run: + +``` +npm config set send-metrics true +``` + +Then `npm` will report to `registry.npmjs.org` the number of successful and +failed installations you've had. The data contains no identifying +information and npm will not attempt to correlate things like IP address +with the metrics being submitted. + +Currently we only track number of successful and failed installations. In +the future we would like to find additional metrics to help us better +quantify the quality of the `npm` experience. + +* [`190a658`](https://github.com/npm/npm/commit/190a658c4222f6aa904cbc640fc394a5c875e4db) + [#15084](https://github.com/npm/npm/pull/15084) + Add facility for recording and reporting success metrics. + ([@iarna](https://github.com/iarna)) +* [`87afc8b`](https://github.com/npm/npm/commit/87afc8b466f553fb49746c932c259173de48d0a4) + [npm/npm-registry-client#147](https://github.com/npm/npm-registry-client/pull/148) + `npm-registry-client@7.4.5`: + Add support for sending anonymous CLI metrics. + ([@iarna](https://github.com/iarna), + [@sisidovski](https://github.com/sisidovski)) + +### NPM DOCTOR + +<pre> +<u>Check</u> <u>Value</u> <u>Recommendation</u> +npm ping ok +npm -v v4.0.5 +node -v v4.6.1 Use node v6.9.2 +npm config get registry https://registry.npmjs.org/ +which git /Users/rebecca/bin/git +Perms check on cached files ok +Perms check on global node_modules ok +Perms check on local node_modules ok +Checksum cached files ok +</pre> + +It's a rare day that we add a new command to `npm`, so I'm excited to +present to you `npm doctor`. It checks for a number of common problems and +provides some recommended solutions. It was put together through the hard +work of [@watilde](https://github.com/watilde). + +* [`2359505`](https://github.com/npm/npm/commit/23595055669f76c9fe8f5f1cf4a705c2e794f0dc) + [`0209ee5`](https://github.com/npm/npm/commit/0209ee50448441695fbf9699019d34178b69ba73) + [#14582](https://github.com/npm/npm/pull/14582) + Add new `npm doctor` to give your project environment a health check. + ([@watilde](https://github.com/watilde)) + +#### FIX MAJOR SOURCE OF SHASUM ERRORS + +If you've been getting intermittent shasum errors then you'll be pleased to +know that we've tracked down at least one source of them, if not THE source +of them. + +* [`87afc8b`](https://github.com/npm/npm/commit/87afc8b466f553fb49746c932c259173de48d0a4) + [#14626](https://github.com/npm/npm/issues/14626) + [npm/npm-registry-client#148](https://github.com/npm/npm-registry-client/pull/148) + `npm-registry-client@7.4.5`: + Fix a bug where an `ECONNRESET` while fetching a package file would result + in a partial download that would be reported as a "shasum mismatch". It + now throws away the partial download and retries it. + ([@iarna](https://github.com/iarna)) + +#### FILE URLS AND NODE.JS 7 + +When `npm` was formatting `file` URLs we took advantage of `url.format` to +construct them. Node.js 7 changed the behavior in such a way that our use of +`url.format` stopped producing URLs that we could make use of. + +The reasons for this have to do with the `file` URL specification and how +invalid (according to the specification) URLs are handled. How this changed +is most easily explained with a table: + +<table> +<tr><th></th><th>URL</th><th>Node.js <= 6</th><th><tt>npm</tt>'s understanding</th><th>Node.js 7</th><th><tt>npm</tt>'s understanding</th></tr> +<tr><td>VALID</td><td><tt>file:///abc/def</tt></td><td><tt>file:///abc/def</tt></td><td><tt>/abc/def</tt></td><td><tt>file:///abc/def</tt></td><td><tt>/abc/def</tt></td></tr> +<tr><td>invalid</td><td><tt>file:/abc/def</tt></td><td><tt>file:/abc/def</tt></td><td><tt>/abc/def</tt></td><td><tt>file:///abc/def</tt></td><td><tt>/abc/def</tt></td></tr> +<tr><td>invalid</td><td><tt>file:abc/def</tt></td><td><tt>file:abc/def</tt></td><td><tt>$CWD/abc/def</tt></td><td><tt>file://abc/def</tt></td><td><tt>/def</tt> on the <tt>abc</tt> host</td></tr> +<tr><td>invalid</td><td><tt>file:../abc/def</tt></td><td><tt>file:../abc/def</tt></td><td><tt>$CWD/../abc/def</tt></td><td><tt>file://../abc/def</tt></td><td><tt>/abc/def</tt> on the <tt>..</tt> host</td></tr> +</table> + +So the result was that passing a `file` URL that npm had received that used +through Node.js 7's `url.format` changed its meaning as far as `npm` was +concerned. As those kinds of URLs are, per the specification, invalid, how +they should be handled is undefined and so the change in Node.js wasn't a +bug per se. + +Our solution is to stop using `url.format` when constructing this kind of +URL. + +* [`173935b`](https://github.com/npm/npm/commit/173935b4298e09c4fdcb8f3a44b06134d5aff181) + [#15114](https://github.com/npm/npm/issues/15114) + Stop using `url.format` for relative local dep paths. + ([@zkat](https://github.com/zkat)) + +#### EXTRANEOUS LIFECYCLE SCRIPT EXECUTION WHEN REMOVING + +* [`afb1dfd`](https://github.com/npm/npm/commit/afb1dfd944e57add25a05770c0d52d983dc4e96c) + [#15090](https://github.com/npm/npm/pull/15090) + Skip top level lifecycles when uninstalling. + ([@iarna](https://github.com/iarna)) + +#### REFACTORING AND INTERNALS + +* [`c9b279a`](https://github.com/npm/npm/commit/c9b279aca0fcb8d0e483e534c7f9a7250e2a9392) + [#15205](https://github.com/npm/npm/pull/15205) + [#15196](https://github.com/npm/npm/pull/15196) + Only have one function that determines which version of a package to use + given a specifier and a list of versions. + ([@iarna](https://github.com/iarna), + [@zkat](https://github.com/zkat)) + +* [`981ce63`](https://github.com/npm/npm/commit/981ce6395e7892dde2591b44e484e191f8625431) + [#15090](https://github.com/npm/npm/pull/15090) + Rewrite prune to use modern npm plumbing. + ([@iarna](https://github.com/iarna)) + +* [`bc4b739`](https://github.com/npm/npm/commit/bc4b73911f58a11b4a2d28b49e24b4dd7365f95b) + [#15089](https://github.com/npm/npm/pull/15089) + Rename functions and variables in the module that computes what changes to + make to your installation. + ([@iarna](https://github.com/iarna)) + +* [`2449f74`](https://github.com/npm/npm/commit/2449f74a202b3efdb1b2f5a83356a78ea9ecbe35) + [#15089](https://github.com/npm/npm/pull/15089) + When computing changes to make to your installation, use a function to add + new actions to take instead of just pushing on a list. + ([@iarna](https://github.com/iarna)) + +#### IMPROVED LOGGING + +* [`335933a`](https://github.com/npm/npm/commit/335933a05396258eead139d27eea3f7668ccdfab) + [#15089](https://github.com/npm/npm/pull/15089) + Log when we remove obsolete dependencies in the tree. + ([@iarna](https://github.com/iarna)) + +#### DOCUMENTATION + +* [`33ca4e6`](https://github.com/npm/npm/commit/33ca4e6db3c1878cbc40d5e862ab49bb0e82cfb2) + [#15157](https://github.com/npm/npm/pull/15157) + Update `npm cache` docs to use more consistent language + ([@JonahMoses](https://github.com/JonahMoses)) + +#### DEPENDENCY UPDATES + +* [`c2d22fa`](https://github.com/npm/npm/commit/c2d22faf916e8260136a1cc95913ca474421c0d3) + [#15215](https://github.com/npm/npm/pull/15215) + `nopt@4.0.1`: + The breaking change is a small tweak to how empty string values are + handled. See the brand-new + [CHANGELOG.md for nopt](https://github.com/npm/nopt/blob/v4.0.1/CHANGELOG.md) for further + details about what's changed in this release! + ([@adius](https://github.com/adius), + [@samjonester](https://github.com/samjonester), + [@elidoran](https://github.com/elidoran), + [@helio](https://github.com/helio), + [@silkentrance](https://github.com/silkentrance), + [@othiym23](https://github.com/othiym23)) +* [`54d949b`](https://github.com/npm/npm/commit/54d949b05adefffeb7b5b10229c5fe0ccb929ac3) + [npm/lockfile#24](https://github.com/npm/lockfile/pull/24) + `lockfile@1.0.3`: + Handled case where callback was not passed in by the user. + ([@ORESoftware](https://github.com/ORESoftware)) +* [`54acc03`](https://github.com/npm/npm/commit/54acc0389b39850c0725d0868cb5e61317b57503) + `npmlog@4.0.2`: + Documentation update. + ([@helio-frota](https://github.com/helio-frota)) +* [`57f4bc1`](https://github.com/npm/npm/commit/57f4bc1150322294c1ea0a287ad0a8e457c151e6) + `osenv@0.1.4`: + Test changes. + ([@isaacs](https://github.com/isaacs)) +* [`bea1a2d`](https://github.com/npm/npm/commit/bea1a2d0db566560e13ecc1d5f42e55811269c88) + `retry@0.10.1`: + No changes. + ([@tim-kos](https://github.com/tim-kos)) +* [`6749e39`](https://github.com/npm/npm/commit/6749e395f868109afd97f79d36507e6567dd48fb) + [kapouer/marked-man#9](https://github.com/kapouer/marked-man/pull/9) + `marked-man@0.2.0`: + Add table support. + ([@gholk](https://github.com/gholk)) + +### v4.0.5 (2016-12-01) + +It's that time of year! December is upon us, which means y'all are just going to +be doing a lot less, in general, for the next month or so. The "Xmas Chasm", as +we like to call it, has already begun. So for those of you reading it from the +other side: Hi! Welcome back! + +This week's release is a relatively small one, involving just a few bugfixes and +dependency upgrades. The CLI team has been busy recently with scoping out +`npm@5`, and starting to do initial spec work for in-scope stuff. + +#### BUGFIXES + +On to the actual changes! + +* [`9776d8f`](https://github.com/npm/npm/commit/9776d8f70a0ea8d921cbbcab7a54e52c15fc455f) + [#15081](https://github.com/npm/npm/pull/15081) + `bundledDependencies` are intended to be left untouched by the installer, as + much as possible -- if they're bundled, we assume that you want to be + particular about the contents of your bundle. + + The installer used to have a corner case where existing dependencies that had + bundledDependencies would get clobbered by as the installer moved stuff + around, even though the installer already avoided moving deps that were + themselves bundled. This is now fixed, along with the connected crasher, and + your bundledDeps should be left even more intact than before! + ([@iarna](https://github.com/iarna)) +* [`fc61c08`](https://github.com/npm/npm/commit/fc61c082122104031ccfb2a888432c9f809a0e8b) + [#15082](https://github.com/npm/npm/pull/15082) + Initialize nodes from bundled dependencies. This should address + [#14427](https://github.com/npm/npm/issues/14427) and related issues, but it's + turned out to be a tremendously difficult issue to reproduce in a test. We + decided to include it even pending tests, because we found the root cause of + the errors. + ([@iarna](https://github.com/iarna)) +* [`d8471a2`](https://github.com/npm/npm/commit/d8471a294ef848fc893f60e17d6ec6695b975d16) + [#12811](https://github.com/npm/npm/pull/12811) + Consider `devDependencies` when deciding whether to hoist a package. This + should resolve a variety of missing dependency issues some folks were seeing + when `devDependencies` happened to also be dependencies of your + `dependencies`. This often manifested as modules going missing, or only being + installed, after `npm install` was called twice. + ([@schmod](https://github.com/schmod)) + +#### DEPENDENCY UPDATES + +* [`5978703`](https://github.com/npm/npm/commit/5978703da8669adae464789b1b15ee71d7f8d55d) + `graceful-fs@4.1.11`: + `EPERM` errors are Windows are now handled more gracefully. Windows users that + tended to see these errors due to, say, an antivirus-induced race condition, + should see them much more rarely, if at all. + ([@zkatr](https://github.com/zkat)) +* [`85b0174`](https://github.com/npm/npm/commit/85b0174ba9842e8e89f3c33d009e4b4a9e877c7d) + `request@2.79.0` + ([@zkat](https://github.com/zkat)) +* [`9664d36`](https://github.com/npm/npm/commit/9664d36653503247737630440bc2ff657de965c3) + `tap@8.0.1` + ([@zkat](https://github.com/zkat)) + +#### MISCELLANEOUS + +* [`f0f7b0f`](https://github.com/npm/npm/commit/f0f7b0fd025daa2b69994130345e6e8fdaaa0304) + [#15083](https://github.com/npm/npm/pull/15083) + Removed dead code. + ([@iarna](https://github.com/iarna))
* [`bc32afe`](https://github.com/npm/npm/commit/bc32afe4d12e3760fb5a26466dc9c26a5a2981d5) [`c8a22fe`](https://github.com/npm/npm/commit/c8a22fe5320550e09c978abe560b62ce732686f4) [`db2666d`](https://github.com/npm/npm/commit/db2666d8c078fc69d0c02c6a3de9b31be1e995e9) + [#15085](https://github.com/npm/npm/pull/15085) + Change some network tests so they can run offline. + ([@iarna](https://github.com/iarna)) +* [`744a39b`](https://github.com/npm/npm/commit/744a39b836821b388ad8c848bd898c1d006689a9) + [#15085](https://github.com/npm/npm/pull/15085) + Make Node.js tests compatible with Windows. + ([@iarna](https://github.com/iarna)) + +### v4.0.3 (2016-11-17) + +Hey you all, we've got a couple of bug fixes for you, a slew of +documentation improvements and some improvements to our CI environment. I +know we just got v4 out the door, but the CLI team is already busy planning +v5. We'll have more for you in early December. + +#### BUG FIXES + +* [`45d40d9`](https://github.com/npm/npm/commit/45d40d96d2cd145f1e36702d6ade8cd033f7f332) + [`ba2adc2`](https://github.com/npm/npm/commit/ba2adc2e822d5e75021c12f13e3f74ea2edbde32) + [`1dc8908`](https://github.com/npm/npm/commit/1dc890807bd78a1794063688af31287ed25a2f06) + [`2ba19ee`](https://github.com/npm/npm/commit/2ba19ee643d612d103cdd8f288d313b00d05ee87) + [#14403](https://github.com/npm/npm/pull/14403) + Fix a bug where a scoped module could produce crashes when incorrectly + computing the paths related to their location. This patch reorganizes how path information + is passed in to eliminate the possibility of this sort of bug. + ([@iarna](https://github.com/iarna)) + ([@NatalieWolfe](https://github.com/NatalieWolfe)) +* [`1011ec6`](https://github.com/npm/npm/commit/1011ec61230288c827a1c256735c55cf03d6228f) + [npm/npmlog#46](https://github.com/npm/npmlog/pull/46) + `npmlog@4.0.1`: Fix a bug where the progress bar would still display even if + you passed in `--no-progress`. + ([@iarna](https://github.com/iarna)) + +#### DOCUMENTATION UPDATES + +* [`c3ac177`](https://github.com/npm/npm/commit/c3ac177236124c80524c5f252ba8f6670f05dcd8) + [#14406](https://github.com/npm/npm/pull/14406) + Sync up the dispute policy included with the CLI with the [current official text](https://www.npmjs.com/policies/disputes). + ([@mike-engel](https://github.com/mike-engel)) +* [`9c663b2`](https://github.com/npm/npm/commit/9c663b2dd8552f892dc0205330bbc73a484ecd81) + [#14627](https://github.com/npm/npm/pull/14627) + Update build status branch in README. + ([@cameronroe](https://github.com/cameronroe)) +* [`8a8a0a3`](https://github.com/npm/npm/commit/8a8a0a3d490fc767def208f925cdff57e16e565b) + [#14609](https://github.com/npm/npm/pull/14609) + Update examples URLs of GitHub repos where those repos have moved to new URLs. + ([@dougwilson](https://github.com/dougwilson)) +* [`7a6425b`](https://github.com/npm/npm/commit/7a6425bcd4decde5d4b0af8b507e98723a07c680) + [#14472](https://github.com/npm/npm/pull/14472) + Document `sign-git-tag` in + [npm-version(1)](https://github.com/npm/npm/blob/release-next/doc/cli/npm-version.md)'s + configuration section. + ([@strugee](https://github.com/strugee)) +* [`f3087cc`](https://github.com/npm/npm/commit/f3087cc58c903d9a70275be805ebaf0eadbcbe1b) + [#14546](https://github.com/npm/npm/pull/14546) + Add a note about the dangers of configuring npm via uppercase env vars. + ([@tuhoojabotti](https://github.com/tuhoojabotti)) +* [`50e51b0`](https://github.com/npm/npm/commit/50e51b04a143959048cf9e1e4c8fe15094f480b0) + [#14559](https://github.com/npm/npm/pull/14559) + Remove documentation that incorrectly stated that we check `.npmrc` permissions. + ([@iarna](https://github.com/iarna)) + +##### OH UH, HELLO AGAIN NODE.JS 0.12 + +* [`6f0c353`](https://github.com/npm/npm/commit/6f0c353e4e89b0378a4c88c829ccf9a1c5ae829d) + [`f78bde6`](https://github.com/npm/npm/commit/f78bde6983bdca63d5fcb9c220c87e8f75ffb70e) + [#14591](https://github.com/npm/npm/pull/14591) + Reintroduce Node.js 0.12 to our support matrix. We jumped the gun when + removing it. We won't drop support for it till the Node.js project does + so at the end of December 2016. + ([@othiym23](https://github.com/othiym23)) + +#### TEST/CI UPDATES + +* [`aa73d1c`](https://github.com/npm/npm/commit/aa73d1c1cc22608f95382a35b33da252addff38e) + [`c914e80`](https://github.com/npm/npm/commit/c914e80f5abcb16c572fe756c89cf0bcef4ff991) +* [`58fe064`](https://github.com/npm/npm/commit/58fe064dcc80bc08c677647832f2adb4a56b538a) + [#14602](https://github.com/npm/npm/pull/14602) + When running tests with coverage, use nyc's cache. This provides an 8x speedup! + ([@bcoe](https://github.com/bcoe)) +* [`ba091ce`](https://github.com/npm/npm/commit/ba091ce843af5d694f4540e825b095435b3558d8) + [#14435](https://github.com/npm/npm/pull/14435) + Remove an unused zero byte `package.json` found in the test fixtures. + ([@baderbuddy](https://github.com/baderbuddy)) + +#### DEPENDENCY UPDATES + +* [`442e01e`](https://github.com/npm/npm/commit/442e01e42d8a439809f6726032e3b73ac0d2b2f8) + `readable-stream@2.2.2`: + Bring in latest changes from Node.js 7.x. + ([@calvinmetcalf](https://github.com/calvinmetcalf)) +* [`bfc4a1c`](https://github.com/npm/npm/commit/bfc4a1c0c17ef0a00dfaa09beba3389598a46535) + `which@1.2.12`: + Remove unused require. + ([@isaacs](https://github.com/isaacs)) + +#### DEV DEPENDENCY UPDATES + +* [`7075b05`](https://github.com/npm/npm/commit/7075b054d8d2452bb53bee9b170498a48a0dc4e9) + `marked-man@0.1.6` + ([@kapouer](https://github.com/kapouer)) +* [`3e13fea`](https://github.com/npm/npm/commit/3e13fea907ee1141506a6de7d26cbc91c28fdb80) + `tap@8.0.0` + ([@isaacs](https://github.com/isaacs)) + +### v4.0.2 (2016-11-03) + +Hola, amigxs. I know it's been a long time since I rapped at ya, but I +been spending a lotta time quietly reflecting on all the things going on +in my life. I was, like, [in Japan for a while](https://gist.github.com/othiym23/c98bd4ef5d9fb3f496835bd481ef40ae), +and before that my swell colleagues [@zkat](https://github.com/zkat) and +[@iarna](https://github.com/iarna) have been very capably managing the release +process for quite a while. But I returned from Japan somewhat refreshed, very +jetlagged, and filled with a burning urge to get `npm@4` as stable as possible +before we push it out to the user community at large, so I decided to do this +release myself. (Also, huge thanks to Kat and Rebecca for putting out `npm@4` +so capably while I was on vacation! So cool to return to a major release having +gone so well without my involvement!) + +That said... + +#### NEVER TRUST AN X.0.0 RELEASE + +Even though 4.0.1 came out hard on the heels of 4.0.0 with a couple +critical fixes, we've found a couple other major issues that we want to +see fixed before making `npm@4` into `npm@latest`. Some of these are +arguably breaking changes on their own, so now is the time to get them +out if we're going to do so before `npm@5`, and all of them are pretty +significant blockers for a substantial number of users, so now is the +best time to fix them. + +##### PREPUBLISHONLY WHOOPS + +The code running the `publish*` lifecycle events was very confusingly written. +In fact, we didn't really figure out what it was doing until we added the new +`prepublishOnly` event and it was running people's scripts from the wrong +directory. We made it simpler. See the [commit +message](https://github.com/npm/npm/commit/8b32d67aa277fd7e62edbed886387a855f58387f) +for details. + +Because the change is no longer running publish events when publishing prebuilt +artifacts, it's technically a breaking / semver-major change. In the off chance +that the new behavior breaks any of y'all's workflows, let us know, and we can +roll some or all of this change back until `npm@5` (or forever, if that works +better for you). + +* [`8b32d67`](https://github.com/npm/npm/commit/8b32d67aa277fd7e62edbed886387a855f58387f) + [#14502](https://github.com/npm/npm/pull/14502) + Simplify lifecycle invocation and fix `prepublishOnly`. + ([@othiym23](https://github.com/othiym23)) + +##### G'BYE NODE.JS 0.10, 0.12, and 5.X; HI THERE, NODE 7 + +With the advent of the second official Node.js LTS release, Node 6.x +'Boron', the Node.js project has now officially dropped versions 0.10 +and 0.12 out of the maintenance phase of LTS. (Also, Node 5 was never +part of LTS, and will see no further support now that Node 7 has been +released.) As a small team with limited resources, the npm CLI team is +following suit and dropping those versions of Node from its CI test +matrix. + +What this means: + +* Your contributions will no longer block on the tests passing on 0.10 and 0.12. +* We will no longer block dependency upgrades on working with 0.10 and 0.12. +* Bugs filed on the npm CLI that are due to incompatibilities with 0.10 + or 0.12 (and older versions) will be closed with a strong urging to + upgrade to a supported version of Node. +* On the flip side, we'll continue to (happily!) accept patches that + address regressions seen when running the CLI with Node.js 0.10 and + 0.12. + +What this doesn't mean: + +* The CLI is going to start depending on ES2015+ features. npm continues + to work, in almost all cases, all the way back to Node.js 0.8, and our + long history of backwards compatibility is a source of pride for the + team. +* We aren't concerned about the problems of users who, for whatever + reason, can't update to newer versions of npm. As mentioned above, we're + happy to take community patches intended to address regressions. + +We're not super interested in taking sides on what version of Node.js +you "should" be running. We're a workflow tool, and we understand that +you all have a diverse set of operational environments you need to be +able to support. At the same time, we _are_ a small team, and we need +to put some limits on what we support. Tracking what's supported by our +runtime's own team seems most practical, so that's what we're doing. + +* [`ab630c9`](https://github.com/npm/npm/commit/ab630c9a7a1b40cdd4f1244be976c25ab1525907) + [#14503](https://github.com/npm/npm/pull/14503) + Node 6 is LTS; 5.x, 0.10, and 0.12 are unsupported. + ([@othiym23](https://github.com/othiym23)) +* [`731ae52`](https://github.com/npm/npm/commit/731ae526fb6e9951c43d82a26ccd357b63cc56c2) + [#14503](https://github.com/npm/npm/pull/14503) + Update supported version expression. + ([@othiym23](https://github.com/othiym23)) + +##### DISENTANGLING SCOPE + +The new `Npm-Scope` header was previously reusing the `scope` +configuration option to pass the current scope back to your current +registry (which, as [described +previously](https://github.com/npm/npm/blob/release-next/CHANGELOG.md#send-extra-headers-to-registry), is meant to set up some upcoming +registry features). It turns out that had some [seriously weird +consequences](https://github.com/npm/npm/issues/14412) in the case where +you were already configuring `scope` in your own environment. The CLI +now uses separate configuration for this. + +* [`39358f7`](https://github.com/npm/npm/commit/39358f732ded4aa46d86d593393a0d6bca5dc12a) + [#14477](https://github.com/npm/npm/pull/14477) + Differentiate registry scope from project scope in configuration. + ([@zkat](https://github.com/zkat)) + +#### SMALLER CHANGES + +* [`7f41295`](https://github.com/npm/npm/commit/7f41295775f28b958a926f9cb371cb37b05771dd) + [#14519](https://github.com/npm/npm/pull/14519) + Document that as of `npm@4.0.1`, `npm shrinkwrap` now includes `devDependencies` unless + instructed otherwise. + ([@iarna](https://github.com/iarna)) +* [`bdc2f9e`](https://github.com/npm/npm/commit/bdc2f9e255ddf1a47fd13ec8749d17ed41638b2c) + [#14501](https://github.com/npm/npm/pull/14501) + The `ENOSELF` error message is tricky to word. It's also an error that + normally bites new users. Clean it up in an effort to make it easier + to understand what's going on. + ([@snopeks](https://github.com/snopeks), [@zkat](https://github.com/zkat)) + +#### DEPENDENCY UPGRADES + +* [`a52d0f0`](https://github.com/npm/npm/commit/a52d0f0c9cf2de5caef77e12eabd7dca9e89b49c) + `glob@7.1.1`: + - Handle files without associated perms on Windows. + - Fix failing case with `absolute` option. + ([@isaacs](https://github.com/isaacs), [@phated](https://github.com/phated)) +* [`afda66d`](https://github.com/npm/npm/commit/afda66d9afcdcbae1d148f589287583c4182d124) + [isaacs/node-graceful-fs#97](https://github.com/isaacs/node-graceful-fs/pull/97) + `graceful-fs@4.1.10`: Better backoff for EPERM on Windows. + ([@sam-github](https://github.com/sam-github)) +* [`e0023c0`](https://github.com/npm/npm/commit/e0023c089ded9161fbcbe544f12b07e12e3e5729) + [npm/inflight#3](https://github.com/npm/inflight/pull/3) + `inflight@1.0.6`: Clean up even if / when a callback throws. + ([@phated](https://github.com/phated)) +* [`1d91594`](https://github.com/npm/npm/commit/1d9159440364d2fe21e8bc15e08e284aaa118347) + `request@2.78.0` + ([@othiym23](https://github.com/othiym23)) + +### v4.0.1 (2016-10-24) + +Ayyyy~ 🌊 + +So thanks to folks who were running on `npm@next`, we managed to find a few +issues of notes in that preview version, and we're rolling out a small patch +change to fix them. Most notably, anyone who was using a symlinked `node` binary +(for example, if they installed Node.js through `homebrew`), was getting a very +loud warning every time they ran scripts. Y'all should get warnings in a more +useful way, now that we're resolving those path symlinks. + +Another fairly big change that we decided to slap into this version, since +`npm@4.0.0` is never going to be `latest`, is to make it so `devDependencies` +are included in `npm-shrinkwrap.json` by default -- if you do not want this, use +`--production` with `npm shrinkwrap`. + +#### BIG FIXES/CHANGES + +* [`eff46dd`](https://github.com/npm/npm/commit/eff46dd498ed007bfa77ab7782040a3a828b852d) + [#14374](https://github.com/npm/npm/pull/14374) + Fully resolve the path for `node` executables in both `$PATH` and + `process.execPath` to avoid issues with symlinked `node`. + ([@addaleax](https://github.com/addaleax)) +* [`964f2d3`](https://github.com/npm/npm/commit/964f2d3a0675584267e6ece95b0115a53c6ca6a9) + [#14375](https://github.com/npm/npm/pull/14375) + Make including `devDependencies` in `npm-shrinkwrap.json` the default. This + should help make the transition to `npm@5` smoother in the future. + ([@iarna](https://github.com/iarna)) + +#### BUGFIXES + +* [`a5b0a8d`](https://github.com/npm/npm/commit/a5b0a8db561916086fc7dbd6eb2836c952a42a7e) + [#14400](https://github.com/npm/npm/pull/14400) + Recently, we've had some consistent timeout failures while running the test + suite under Travis. This tweak to tests should take care of those issues and + Travis should go back to being reliably green. + ([@iarna](https://github.com/iarna)) + +#### DOC PATCHES + +* [`c5907b2`](https://github.com/npm/npm/commit/c5907b2fc1a82ec919afe3b370ecd34d8895c7a2) + [#14251](https://github.com/npm/npm/pull/14251) + Update links to Node.js downloads. They previously pointed to 404 pages.😬 + ([@ArtskydJ](https://github.com/ArtskydJ)) +* [`0c122f2`](https://github.com/npm/npm/commit/0c122f24ff1d4d400975edda2b7262aaaf6f7d69) + [#14380](https://github.com/npm/npm/pull/14380) + Add note and clarification on when `prepare` script is run. Make it more + consistent with surrounding descriptions. + ([@SimenB](https://github.com/SimenB)) +* [`51a62ab`](https://github.com/npm/npm/commit/51a62abd88324ba3dad18e18ca5e741f1d60883c) + [#14359](https://github.com/npm/npm/pull/14359) + Fixes typo in `npm@4` changelog. + ([@kimroen](https://github.com/kimroen)) + +### v4.0.0 (2016-10-20) + +Welcome to `npm@4`, friends! + +This is our first semver major release since the release of `npm@3` just over a +year ago. Back then, `@3` turned out to be a bit of a ground-shaking release, +with a brand-new installer with significant structural changes to how npm set up +your tree. This is the end of an era, in a way. `npm@4` also marks the release +when we move *both* `npm@2` and `npm@3` into maintenance: We will no longer be +updating those release branches with anything except critical bugfixes and +security patches. + +While its predecessor had some pretty serious impaact, `npm@4` is expected to +have a much smaller effect on your day-to-day use of npm. Over the past year, +we've collected a handful of breaking changes that we wanted to get in which are +only breaking under a strict semver interpretation (which we follow). Some of +these are simple usability improvements, while others fix crashes and serious +issues that required a major release to include. + +We hope this release sees you well, and you can look forward to an accelerated +release pace now that the CLI team is done focusing on sustaining work -- our +Windows fixing and big bugs pushes -- and we can start focusing again on +usability, features, and performance. Keep an eye out for `npm@5` in Q1 2017, +too: We're planning a major overhaul of `shrinkwrap` as well as various speed +and usability fixes for that release. It's gonna be a fun ride. I promise. 😘 + +#### BRIEF OVERVIEW OF **BREAKING** CHANGES + +The following breaking changes are included in this release: + +* `npm search` rewritten to stream results, and no longer supports sorting. +* `npm scripts` no longer prepend the path of the node executable used to run + npm before running scripts. A `--scripts-prepend-node-path` option has been + added to configure this behavior. +* `npat` has been removed. +* `prepublish` has been deprecated, replaced by `prepare`. A `prepublishOnly` + script has been temporarily added, which will *only* run on `npm publish`. +* `npm outdated` exits with exit code `1` if it finds any outdated packages. +* `npm tag` has been removed after a deprecation cycle. Use `npm dist-tag`. +* Partial shrinkwraps are no longer supported. `npm-shrinkwrap.json` is + considered a complete installation manifest except for `devDependencies`. +* npm's default git branch is no longer `master`. We'll be using `latest` from + now on. + +#### SEARCH REWRITE (**BREAKING**) + +Let's face it -- `npm search` simply doesn't work anymore. Apart from the fact +that it grew slower over the years, it's reached a point where we can no longer +fit the entire registry metadata in memory, and anyone who tries to use the +command now sees a really awful memory overflow crash from node. + +It's still going to be some time before the CLI, registry, and web team are able +to overhaul `npm search` altogether, but until then, we've rewritten the +previous `npm search` implementation to *stream* results on the fly, from both +the search endpoint and a local cache. In absolute terms, you won't see a +performance increase and this patch *does* come at the cost of sorting +capabilities, but what it does do is start outputting results as it finds them. +This should make the experience much better, overall, and we believe this is an +acceptable band-aid until we have that search endpoint in place. + +Incidentally, if you want a really nice search experience, we recommend checking +out [npms.io](http://npms.io), which includes a handy-dandy +[`npms-cli`](https://npm.im/npms-cli) for command-line usage -- it's an npm +search site that returns high-quality results quickly and is operated by members +of the npm community. + +* [`cfd43b4`](https://github.com/npm/npm/commit/cfd43b49aed36d0e8ea6c35b07ed8b303b69be61) [`2b8057b`](https://github.com/npm/npm/commit/2b8057be2e1b51e97b1f8f38d7f58edf3ce2c145) + [#13746](https://github.com/npm/npm/pull/13746) + Stream search process end-to-end. + ([@zkat](https://github.com/zkat) and [@aredridel](https://github.com/aredridel)) +* [`50f4ec8`](https://github.com/npm/npm/commit/50f4ec8e8ce642aa6a58cb046b2b770ccf0029db) [`70b4bc2`](https://github.com/npm/npm/commit/70b4bc22ec8e81cd33b9448f5b45afd1a50d50ba) [`8fb470f`](https://github.com/npm/npm/commit/8fb470fe755c4ad3295cb75d7b4266f8e67f8d38) [`ac3a6e0`](https://github.com/npm/npm/commit/ac3a6e0eba61fb40099b1370c74ad1598777def4) [`bad54dd`](https://github.com/npm/npm/commit/bad54dd9f1119fe900a8d065f8537c6f1968b589) [`87d504e`](https://github.com/npm/npm/commit/87d504e0a61bccf09f5e975007d018de3a1c5f50) + [#13746](https://github.com/npm/npm/pull/13746) + Updated search-related tests. + ([@zkat](https://github.com/zkat)) +* [`3596de8`](https://github.com/npm/npm/commit/3596de88598c69eb5bae108703c8e74ca198b20c) + [#13746](https://github.com/npm/npm/pull/13746) + `JSONStream@1.2.1` + ([@zkat](https://github.com/zkat)) +* [`4b09209`](https://github.com/npm/npm/commit/4b09209bb605f547243065032a8b37772669745f) + [#13746](https://github.com/npm/npm/pull/13746) + `mississippi@1.2.0` + ([@zkat](https://github.com/zkat)) +* [`b650b39`](https://github.com/npm/npm/commit/b650b39d42654abb9eed1c7cd463b1c595ca2ef9) + [#13746](https://github.com/npm/npm/pull/13746) + `sorted-union-stream@2.1.3` + ([@zkat](https://github.com/zkat)) + +#### SCRIPT NODE PATH (**BREAKING**) + +Thanks to some great work by [@addaleax](https://github.com/addaleax), we've +addressed a fairly tricky issue involving the node process used by `npm +scripts`. + +Previously, npm would prefix the path of the node executable to the script's +`PATH`. This had the benefit of making sure that the node process would be the +same for both npm and `scripts` unless you had something like +[`node-bin`](https://npm.im/node-bin) in your `node_modules`. And it turns out +lots of people relied on this behavior being this way! + +It turns out that this had some unintended consequences: it broke systems like +[`nyc`](https://npm.im/nyc), but also completely broke/defeated things like +[`rvm`](https://rvm.io/) and +[`virtualenv`](https://virtualenv.pypa.io/en/stable/) by often causing things +that relied on them to fall back to the global system versions of ruby and +python. + +In the face of two perfectly valid, and used alternatives, we decided that the +second case was much more surprising for users, and that we should err on the +side of doing what those users expect. Anna put some hard work in and managed to +put together a patch that changes npm's behavior such that we no longer prepend +the node executable's path *by default*, and adds a new option, +`--scripts-prepend-node-path`, to allow users who rely on this behavior to have +it add the node path for them. + +This patch also makes it so this feature is discoverable by people who might run +into the first case above, by warning if the node executable is either missing +or shadowed by another one in `PATH`. This warning can also be disabled with the +`--scripts-prepend-node-path` option as needed. + +* [`3fb1eb3`](https://github.com/npm/npm/commit/3fb1eb3e00b5daf37f14e437d2818e9b65a43392) [`6a7d375`](https://github.com/npm/npm/commit/6a7d375d779ba5416fd5df154c6da673dd745d9d) [`378ae08`](https://github.com/npm/npm/commit/378ae08851882d6d2bc9b631b16b8c875d0b9704) + [#13409](https://github.com/npm/npm/pull/13409) + Add a `--scripts-prepend-node-path` option to configure whether npm prepends + the current node executable's path to `PATH`. + ([@addaleax](https://github.com/addaleax)) +* [`70b352c`](https://github.com/npm/npm/commit/70b352c6db41533b9a4bfaa9d91f7a2a1178f74e) + [#13409](https://github.com/npm/npm/pull/13409) + Change the default behaviour of npm to never prepending the current node + executable’s directory to `PATH` but printing a warning in the cases in which + it previously did. + ([@addaleax](https://github.com/addaleax)) + +#### REMOVE `npat` (**BREAKING**) + +Let's be real here -- almost no one knows this feature ever existed, and it's a +vestigial feature of the days when the ideal for npm was to distribute full +packages that could be directly developed on, even from the registry. + +It turns out the npm community decided to go a different way: primarily +publishing packages in a production-ready format, with no tests, build tools, +etc. And so, we say goodbye to `npat`. + +* [`e16c14a`](https://github.com/npm/npm/commit/e16c14afb6f52cb8b7adf60b2b26427f76773f2e) + [#14329](https://github.com/npm/npm/pull/14329) + Remove the npat feature. + ([@iarna](https://github.com/iarna)) + +#### NEW `prepare` SCRIPT. `prepublish` DEPRECATED (**BREAKING**) + +If there's anything that really seemed to confuse users, it's that the +`prepublish` script ran when invoking `npm install` without any arguments. + +Turns out many, many people really expected that it would only run on `npm +publish`, even if it actually did what most people expected: prepare the package +for publishing on the registry. + +And so, we've added a `prepare` command that runs in the exact same cases where +`prepublish` ran, and we've begun a deprecation cycle for `prepublish` itself +**only when run by `npm install`**, which will now include a warning any time +you use it that way. + +We've also added a `prepublishOnly` script which will execute **only** when `npm +publish` is invoked. Eventually, `prepublish` will stop executing on `npm +install`, and `prepublishOnly` will be removed, leaving `prepare` and +`prepublish` as two distinct lifecycles. + +* [`9b4a227`](https://github.com/npm/npm/commit/9b4a2278cee0a410a107c8ea4d11614731e0a943) [`bc32078`](https://github.com/npm/npm/commit/bc32078fa798acef0e036414cb448645f135b570) + [#14290](https://github.com/npm/npm/pull/14290) + Add `prepare` and `prepublishOnly` lifecyle events. + ([@othiym23](https://github.com/othiym23)) +* [`52fdefd`](https://github.com/npm/npm/commit/52fdefddb48f0c39c6e8eb4c118eb306c9436117) + [#14290](https://github.com/npm/npm/pull/14290) + Warn when running `prepublish` on `npm pack`. + ([@othiym23](https://github.com/othiym23)) +* [`4c2a948`](https://github.com/npm/npm/commit/4c2a9481b564cae3df3f4643766db4b987018a7b) [`a55bd65`](https://github.com/npm/npm/commit/a55bd651284552b93f7d972a2e944f65c1aa6c35) + [#14290](https://github.com/npm/npm/pull/14290) + Added `prepublish` warnings to `npm install`. + ([@zkat](https://github.com/zkat)) +* [`c27412b`](https://github.com/npm/npm/commit/c27412bb9fc7b09f7707c7d9ad23128959ae1abc) + [#14290](https://github.com/npm/npm/pull/14290) + Replace `prepublish` with `prepare` in `npm help package.json` documentation. + ([@zkat](https://github.com/zkat)) + +#### NO MORE PARTIAL SHRINKWRAPS (**BREAKING**) + +That's right. No more partial shrinkwraps. That means that if you have an +`npm-shrinkwrap.json` in your project, npm will no longer install anything that +isn't explicitly listed there, unless it's a `devDependency`. This will open +doors to some nice optimizations and make use of `npm shrinkwrap` just generally +smoother by removing some awful corner cases. We will also skip `devDependency` +installation from `package.json` if you added `devDependencies` to your +shrinkwrap by using `npm shrinkwrap --dev`. + +* [`b7dfae8`](https://github.com/npm/npm/commit/b7dfae8fd4dc0456605f7a921d20a829afd50864) + [#14327](https://github.com/npm/npm/pull/14327) + Use `readShrinkwrap` to read top level shrinkwrap. There's no reason for npm + to be doing its own bespoke heirloom-grade artisanal thing here. + ([@iarna](https://github.com/iarna)) +* [`0ae1f4b`](https://github.com/npm/npm/commit/0ae1f4b9d83af2d093974beb33f26d77fcc95bb9) [`4a54997`](https://github.com/npm/npm/commit/4a549970dc818d78b6de97728af08a1edb5ae7f0) [`f22a1ae`](https://github.com/npm/npm/commit/f22a1ae54b5d47f1a056a6e70868013ebaf66b79) [`3f61189`](https://github.com/npm/npm/commit/3f61189cb3843fee9f54288fefa95ade9cace066) + [#14327](https://github.com/npm/npm/pull/14327) + Treat shrinkwrap as canonical. That is, don't try to fill in for partial + shrinkwraps. Partial shrinkwraps should produce partial installs. If your + shrinkwrap contains NO `devDependencies` then we'll still try to install them + from your `package.json` instead of assuming you NEVER want `devDependencies`. + ([@iarna](https://github.com/iarna)) + +#### `npm tag` REMOVED (**BREAKING**) + +* [`94255da`](https://github.com/npm/npm/commit/94255da8ffc2d9ed6a0434001a643c1ad82fa483) + [#14328](https://github.com/npm/npm/pull/14328) + Remove deprecated tag command. Folks must use the `dist-tag` command from now + on. + ([@iarna](https://github.com/iarna)) + +#### NON-ZERO EXIT CODE ON OUTDATED DEPENDENCIES (**BREAKING**) + +* [`40a04d8`](https://github.com/npm/npm/commit/40a04d888d10a5952d5ca4080f2f5d2339d2038a) [`e2fa18d`](https://github.com/npm/npm/commit/e2fa18d9f7904eb048db7280b40787cb2cdf87b3) [`3ee3948`](https://github.com/npm/npm/commit/3ee39488b74c7d35fbb5c14295e33b5a77578104) [`3fa25d0`](https://github.com/npm/npm/commit/3fa25d02a8ff07c42c595f84ae4821bc9ee908df) + [#14013](https://github.com/npm/npm/pull/14013) + Do `exit 1` if any outdated dependencies are found by `npm outdated`. + ([@watilde](https://github.com/watilde)) +* [`c81838a`](https://github.com/npm/npm/commit/c81838ae96b253f4b1ac66af619317a3a9da418e) + [#14013](https://github.com/npm/npm/pull/14013) + Log non-zero exit codes at `verbose` level -- this isn't something command + line tools tend to do. It's generally the shell's job to display, if at all. + ([@zkat](https://github.com/zkat)) + +#### SEND EXTRA HEADERS TO REGISTRY + +For the purposes of supporting shiny new registry features, we've started +sending `Npm-Scope` and `Npm-In-CI` headers in outgoing requests. + +* [`846f61c`](https://github.com/npm/npm/commit/846f61c1dd4a033f77aa736ab01c27ae6724fe1c) + [npm/npm-registry-client#145](https://github.com/npm/npm-registry-client/pull/145) + [npm/npm-registry-client#147](https://github.com/npm/npm-registry-client/pull/147) + `npm-registry-client@7.3.0`: + * Allow npm to add headers to outgoing requests. + * Add `Npm-In-CI` header that reports whether we're running in CI. + ([@iarna](https://github.com/iarna)) +* [`6b6bb08`](https://github.com/npm/npm/commit/6b6bb08af661221224a81df8adb0b72019ca3e11) + [#14129](https://github.com/npm/npm/pull/14129) + Send `Npm-Scope` header along with requests to registry. `Npm-Scope` is set to + the `@scope` of the current top level project. This will allow registries to + implement user/scope-aware features and services. + ([@iarna](https://github.com/iarna)) +* [`506de80`](https://github.com/npm/npm/commit/506de80dc0a0576ec2aab0ed8dc3eef3c1dabc23) + [#14129](https://github.com/npm/npm/pull/14129) + Add test to ensure `Npm-In-CI` header is being sent when CI is set in env. + ([@iarna](https://github.com/iarna)) + +#### BUGFIXES + +* [`bc84012`](https://github.com/npm/npm/commit/bc84012c2c615024b08868acbd8df53a7ca8d146) + [#14117](https://github.com/npm/npm/pull/14117) + Fixes a bug where installing a shrinkwrapped package would fail if the + platform failed to install an optional dependency included in the shrinkwrap. + ([@watilde](https://github.com/watilde)) +* [`a40b32d`](https://github.com/npm/npm/commit/a40b32dc7fe18f007a672219a12d6fecef800f9d) + [#13519](https://github.com/npm/npm/pull/13519) + If a package has malformed metadata, `node.requiredBy` is sometimes missing. + Stop crashing when that happens. + ([@creationix](https://github.com/creationix)) + +#### OTHER PATCHES + +* [`643dae2`](https://github.com/npm/npm/commit/643dae2197c56f1c725ecc6539786bf82962d0fe) + [#14244](https://github.com/npm/npm/pull/14244) + Remove some ancient aliases that we'd rather not have around. + ([@zkat](https://github.com/zkat)) +* [`bdeac3e`](https://github.com/npm/npm/commit/bdeac3e0fb226e4777d4be5cd3c3bec8231c8044) + [#14230](https://github.com/npm/npm/pull/14230) + Detect unsupported Node.js versions and warn about it. Also error on really + old versions where we know we can't work. + ([@iarna](https://github.com/iarna)) + +#### DOC UPDATES + +* [`9ca18ad`](https://github.com/npm/npm/commit/9ca18ada7cc1c10b2d32bbb59d5a99dd1c743109) + [#13746](https://github.com/npm/npm/pull/13746) + Updated docs for `npm search` options. + ([@zkat](https://github.com/zkat)) +* [`e02a47f`](https://github.com/npm/npm/commit/e02a47f9698ff082488dc2b1738afabb0912793e) + Move the `npm@3` changelog into the archived changelogs directory. + ([@zkat](https://github.com/zkat)) +* [`c12bbf8`](https://github.com/npm/npm/commit/c12bbf8c5a5dff24a191b66ac638f552bfb76601) + [#14290](https://github.com/npm/npm/pull/14290) + Document prepublish-on-install deprecation. + ([@othiym23](https://github.com/othiym23)) +* [`c246a75`](https://github.com/npm/npm/commit/c246a75ac8697f4ca11d316b7e7db5f24af7972b) + [#14129](https://github.com/npm/npm/pull/14129) + Document headers added by npm to outgoing registry requests. + ([@iarna](https://github.com/iarna)) + +#### DEPENDENCIES + +* [`cb20c73`](https://github.com/npm/npm/commit/cb20c7373a32daaccba2c1ad32d0b7e1fc01a681) + [#13953](https://github.com/npm/npm/pull/13953) + `signal-exit@3.0.1` + ([@benjamincoe](https://github.com/benjamincoe)) |