| Age | Commit message (Collapse) | Author |
|---|
|
|
|
We bundle our deps, but we don't need to bundle docs, changelogs,
editorconfigs, test coverage reports, .github workflow definitions,
lint configurations, and all the rest, which we never use.
This cuts about 10% off of our publish artifact file size.
```
$ ls -laF npm-7.16.0-*.tgz
-rw-r--r-- 1 isaacs staff 7174497 Jun 3 13:01 npm-7.16.0-release-next.tgz
-rw-r--r-- 1 isaacs staff 6782377 Jun 3 13:00 npm-7.16.0-trim-node-modules.tgz
$ ls -laF npm-7.16.0-*.tar
-rw-r--r-- 1 isaacs staff 19020288 Jun 3 13:01 npm-7.16.0-release-next.tar
-rw-r--r-- 1 isaacs staff 17474048 Jun 3 13:00 npm-7.16.0-trim-node-modules.tar
```
PR-URL: https://github.com/npm/cli/pull/3362
Credit: @isaacs
Close: #3362
Reviewed-by: @nlf
|
|
make-fetch-happen@9.0.1
* breaking: complete refactor of caching. cache will no longer grow
endlessly with duplicate requests. cache will be used in cases where
it should have been but wasn't before. it will cache multiple
content-types of the same url. it will dedupe existing caches of
their unused entries.
* fix: support url-encoded proxy authorization
* fix: do not lazy-load proxy agents or agentkeepalive. fixes the
intermittent failures to update npm on slower connections.
npm-registry-fetch@11.0.0
* breaking: drop handling of deprecated warning headers
* docs: fix header type for npm-command
* docs: update registry param
* feat: improved logging of cache status
|
|
* fix(registry): normalize manfest
|
|
|
|
|
|
|
|
|
|
|
|
This pulls in, installs, and de-dupes our subdependencies.
Notable updates are promise-retry and @npmcli/move-file which
had new versions but we had no way to update and/or dedupe
We also manually removed uuid from our package.json which was
only added in the past to try to get around this same deduping
issue
|
|
|
|
|
|
|
|
* Properly raise ERESOLVE errors on root dev dependencies
* Ignore ERESOLVE errors when performing git dep 'prepare' scripts
* Always reinstall packages that are explicitly requested
* fix global update all so it actually updates things
* Install bins properly when global root is a link
|
|
|
|
|
|
|
|
* Properly set the installation command for `prepare` scripts when
installing git/dir deps
Fixes: #1865
Fixes: #2106
Fixes: #2084
|
|
|
|
This causes a lot of duplicates which will be removed in subsequent
commits.
|
|
|
|
First self-install!
|
|
Reinstall everything from a clean node_modules and package-lock.json
state.
Re-generate list of bundleDependencies and node_modules/.gitignore with
a script that does the right thing based on actual dependency state.
|
|
This removes a lot of very outdated dependencies, updates many to
their modern (usually promisified) versions, and updates (or removes)
code to account for the change.
Several dependencies have been completely removed, and others a bit
shuffled around, so that the node_modules folder can be bundled somewhat
more optimally than it would have otherwise.
|
|
Also some hand-crafted deduping of various deps that got nested as a
result.
Really excited to start self-installing again soon. @npmcli/arborist is
a whole lot smarter about pruning unnecessary duplicate modules in the
normal course of installation.
|
|
|
|
This adds support for Arborist.audit()
|
|
- Stop sending an HTTP Referer header to the registry
- Install global packages properly
- Save added packages in the appropriate dep type in package.json
- Dedupe npm-registry-fetch and pacote to top level
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Infer the ownership of all unpacked files in node_modules, so that we
never have user-owned files in root-owned folders, or root-owned files
in user-owned folders.
This prevents one of the last remaining issues that bites users who use
`sudo` unnecessarily. The only remaining issue is to no longer drop
perms when running scripts as root, but that is a breaking change which
will come in v7.
|
|
|
|
|
|
|
|
|
|
|
