Changelog

Table of contents

Changelog

9.6.7 (2023-05-17)

Bug Fixes

Documentation

Dependencies

9.6.6 (2023-05-03)

Dependencies

9.6.5 (2023-04-19)

Bug Fixes

  • 33dc428 #6374 account for npx package-name with no spec (@wraithgar)
  • 82879f6 #6225 lazy loading of arborist and pacote (#6225) (@wraithgar)
  • f4e73ab #6322 remove incompatible params from ci (#6322) (@wraithgar)
  • c7fe1c7 #6328 save raw data to file, not parsed data (@wraithgar)

Documentation

  • 31214a6 #6381 Update description for publish --provenance flag (#6381) (@feelepxyz)
  • 997bcdf #6329 fix npm cache folder location for windows (#6329) (@charlie-wong)

Dependencies

9.6.4 (2023-04-05)

Documentation

  • 54795a3 #6312 filter archives out of version manager search (#6312) (@ljharb)
  • 530c285 #6306 remove reference to npm-packlist (#6306) (@staff0rd)

Dependencies

9.6.3 (2023-03-30)

Bug Fixes

  • 829503b #6304 don't break up log message across lines (@wraithgar)
  • 1435fcf #6304 do less work loading ./lib/npm.js (@wraithgar)
  • 09b58e4 #6284 make all color output use an npm instance of chalk (#6284) (@lukekarrys)
  • e252532 #6283 do less work looking up commands (#6283) (@wraithgar)
  • 6a4bcba #6275 clean up man sorting (@wraithgar)
  • 8a96b65 #6275 ignore ts and map files (@wraithgar)
  • 94d2b39 #6271 Do not log warnings about log cleanup when logs_max=0 (#6271) (@jmealo)
  • 2def359 #6277 updated ebadplatform messaging to be generated based on the error (#6277) (@nlf)

Documentation

  • 1e2eb81 #6311 replace version manager list with a github search (#6311) (@wraithgar)
  • 9d2be4e #6289 remove npm bin link (#6289) (@KevinRouchut)

Dependencies

9.6.2 (2023-03-14)

Bug Fixes

  • 4622b42 #6247 add provenance publish notice (#6247) (@bdehamer)

Dependencies

9.6.1 (2023-03-08)

Bug Fixes

  • e455e3f #6211 send options with grant/revoke requests (#6211) (@DavidTanner)
  • e4de224 #6220 clean uri from audit error (#6220) (@wraithgar)

Dependencies

9.6.0 (2023-03-02)

Features

  • 84fbaf2 #6216 add preliminary fish shell completion (@wraithgar)

Bug Fixes

  • c4c8754 audit: add signatures to completion (@wraithgar)
  • fc46489 access: only complete once (@wraithgar)
  • b43961a cmd-list: alias only to real commands (@wraithgar)

Documentation

  • 2695e1f #6187 npm v9 creates package-lock.json v3 (#6187) (@tuukka)

Dependencies

9.5.1 (2023-02-22)

Documentation

Dependencies

9.5.0 (2023-02-14)

Features

  • 79bfd03 #6153 audit signatures verifies attestations (@feelepxyz)
  • 5fc6473 add provenance attestation (@bdehamer)

Bug Fixes

  • 53f75a4 #6158 gracefully fallback from auth-type=web (#6158) (@MylesBorins)
  • ed59aae #6162 refactor error reporting in audit command (@bdehamer)

Dependencies

9.4.2 (2023-02-07)

Bug Fixes

  • d02da52 #6142 revert install-links default back to false (#6142) (@nlf)

Documentation

  • 6ea2cd7 #6134 update references to OTP to be accurate (#6134) (@MylesBorins)

Dependencies

9.4.1 (2023-02-01)

Bug Fixes

Dependencies

9.4.0 (2023-01-25)

Features

  • 8d6d851 #6078 added --install-strategy=linked (#6078) (@fritzy)

Dependencies

9.3.1 (2023-01-13)

Bug Fixes

  • 8be672b #6050 don't try to deprecate nonexistant versions (#6050) (@wraithgar)
  • 1c3612c #6054 use recursive rm in ci command (#6054) (@jamesshaw1987, @burkel24)

9.3.0 (2023-01-12)

Features

  • 753b98e #5261 rootless workspace init provides suggestion (@fritzy)

Bug Fixes

  • cf175fb #6044 default auth-type to legacy if otp is configured (#6044) (@wraithgar)
  • 2383deb #6037 clean urls from arborist, owner, and ping commands (#6037) (@lukekarrys)
  • 69f5ff8 view: convert command to use output instead of console (@lukekarrys)
  • dc52222 init: write package.json workspaces paths with / separators (@lukekarrys)
  • 31af1aa refactor help to use @npmcli/promise-spawn (@lukekarrys)
  • 669ef94 fund: correctly parse and use which config (@lukekarrys)
  • 72e6d6f generate workspace support for docs pages (@lukekarrys)
  • 450e50f evaluate configs in command class (@lukekarrys)
  • 28ec922 #5946 replace rimraf with fs.rm (@lukekarrys)

Documentation

  • f0038e5 #6048 missing backtick in synopsis of npm init (#5837) (#6048) (@Peallyz)
  • ca8ff00 #6045 update outdated file path to definitions.js (@ericmutta)
  • fe9debd #6038 fix typos in definitions.js (#6038) (@lukekarrys, @ericmutta)
  • fa27aca #6018 fix typo in removal.md (@ericmutta)
  • 82f69d9 #6026 fix typo in registry.md (@ericmutta)

Dependencies

9.2.0 (2022-12-07)

Features

  • cf57ffa #5888 discrete npm doctor commands (#5888) (@wraithgar)

Bug Fixes

  • dfd5d46 #5932 ignore implicit workspaces for completion (#5932) (@wraithgar)

Dependencies

9.1.3 (2022-11-30)

Bug Fixes

  • ffbdea2 #5894 npm pack filename on scoped packages (#5894) (@HenryNguyen5)
  • c26d708 #5884 validate username at get-identity (#5884) (@sosoba, @nlf)

Documentation

  • ea948dc #5881 update description of npm exec (#5881) (@styfle, @wraithgar)
  • 40f2c21 #5865 ci-info url (#5865) (@wraithgar)
  • 681a45b #5875 run the comand for directory workspaces (#5875) (@1aron)
  • 681a45b #5875 add workspace directory example (#5875) (@1aron)

Dependencies

9.1.2 (2022-11-16)

Bug Fixes

  • d9654cf #5861 remove unwanted package.json entries (#5861) (@wraithgar)

Dependencies

9.1.1 (2022-11-09)

Documentation

  • 1bff064 #5819 config: document npm config fix (#5819) (@wraithgar)

Dependencies

9.1.0 (2022-11-02)

Features

  • 706b3d3 #5779 set --no-audit when installing outside of a project (like --global) (@fritzy)

Bug Fixes

  • 1f5382d #5789 don't set stdioString for any spawn/run-script calls (@lukekarrys)
  • 8fd614a use promiseSpawn.open instead of opener (@nlf)
  • 41843ad use an absolute path to notepad.exe by default, correct docs (@nlf)
  • 0c5834e #5758 use hosted-git-info to parse registry urls (#5758) (@lukekarrys)

Documentation

Dependencies

9.0.1 (2022-10-26)

Documentation

Dependencies

9.0.0 (2022-10-19)

Features

  • e3b004c #5727 move cli and all workspaces out of prerelease mode (@lukekarrys)

Dependencies

9.0.0-pre.6 (2022-10-19)

⚠️ BREAKING CHANGES

  • npm now outputs some json errors on stdout. Previously npm would output all json formatted errors on stderr, making it difficult to parse as the stderr stream usually has logs already written to it. In the future, npm will differentiate between errors and crashes. Errors, such as E404 and ERESOLVE, will be handled and will continue to be output on stdout. In the case of a crash, npm will log the error as usual but will not attempt to display it as json, even in --json mode. Moving a case from the category of an error to a crash will not be considered a breaking change. For more information see npm/rfcs#482.
  • npm config set will no longer accept deprecated or invalid config options.
  • timing and loglevel changes
    • timing has been removed as a value for --loglevel
    • --timing will show timing information regardless of --loglevel, except when --silent
  • deprecate boolean install flags in favor of --install-strategy
    • deprecate --global-style, --global now sets --install-strategy=shallow
    • deprecate --legacy-bundling, now sets --install-strategy=nested
  • npm will no longer attempt to modify ownership of files it creates
  • this package no longer attempts to change file ownership automatically
  • this package no longer attempts to change file ownership automatically

Features

  • d3543e9 output json formatted errors on stdout (#5716) (@lukekarrys)
  • be642c6 refuse to set deprecated/invalid config (#5719) (@wraithgar)
  • 332914b separate configs for --timing and --loglevel (@lukekarrys)
  • f653785 deprecated key, cert config options and updated registry scoped auth docs (@fritzy)
  • de2d33f add --install-strategy=hoisted|nested|shallow, deprecate --global-style, --legacy-bundling (#5709) (@fritzy)
  • 58065bc #5704 do not alter file ownership (@nlf)
  • 475e9b6 #5703 do not alter file ownership (@nlf)

Bug Fixes

  • 6ffa5b7 npm hook ls duplicates hook name prefixes (#5295) (@gennadiygashev)
  • 1afe5ba account for new npm-package-arg behavior (@wraithgar)
  • 353b5bb #5710 remove chownr and mkdirp-infer-owner (@nlf)

Documentation

  • 9e74d3e update supported engines in readme (#5725) (@lukekarrys)

Dependencies

9.0.0-pre.5 (2022-10-13)

⚠️ BREAKING CHANGES

  • the presence of auth related settings that are not scoped to a specific registry found in a config file is no longer supported and will throw errors
  • the node-version and npm-version configs have been removed.
  • links generated from git urls will now use HEAD instead of master as the default ref

Features

  • a09e19d #5696 introduce the npm config fix command (@nlf)
  • d2963c6 explicitly validate config within the cli (@nlf)
  • a5fec08 rewrite docs generation (@lukekarrys)

Bug Fixes

  • a35c784 #5691 config: remove node-version and npm-version (@wraithgar)

Documentation

  • a8532eb #5661 typo missing parentheses (@hbrls)
  • 542efdb update folders page for modern npm (@shalvah)

Dependencies

9.0.0-pre.4 (2022-10-05)

Features

Bug Fixes

  • e4e8ae2 libnpmpack: obey foregroundScripts (@winterqt)
  • 07fabc9 #5633 npm link should override --install-links (#5633) (@fritzy)
  • 02fcbb6 #5634 ensure Arborist constructor gets passed around everywhere for pacote (#5634) (@nlf)

Documentation

  • f37caad #5606 accurately describe install-links effect on relative paths (#5606) (@lukekarrys)
  • 97c32ed #5637 remove link to cache command (#5637) (@wraithgar)
  • 130bc9f #5626 Remove circular reference (#5626) (@giovanniPepi)

Dependencies

9.0.0-pre.3 (2022-09-30)

⚠️ BREAKING CHANGES

  • npm pack now follows a strict order of operations when applying ignore rules. If a files array is present in the package.json, then rules in .gitignore and .npmignore files from the root will be ignored.
  • --timing file changes:
    • When run with the --timing flag, npm now writes timing data to a file alongside the debug log data, respecting the logs-dir option and falling back to <CACHE\>/_logs/ dir, instead of directly inside the cache directory.
    • The timing file data is no longer newline delimited JSON, and instead each run will create a uniquely named <ID\>-timing.json file, with the <ID\> portion being the same as the debug log.
    • Finally, the data inside the file now has three top level keys, metadata, timers, and unfinishedTimers` instead of everything being a top level key.

Features

  • 3ae796d implement new npm-packlist behavior (@lukekarrys)
  • e64d69a #5581 write eresolve error files to the logs directory (@lukekarrys)
  • 3445da0 timings are now written alongside debug log files (@lukekarrys)

Documentation

  • f0e7584 #5601 update docs/logging for new --access default (@wraithgar)

Dependencies

9.0.0-pre.2 (2022-09-23)

⚠️ BREAKING CHANGES

  • the default auth-type config value is now web
  • login, adduser, and auth-type changes
    • This removes all auth-type configs except web and legacy.
    • login and adduser are now separate commands that send different data to the registry.
    • auth-type config values web and legacy only try their respective methods, npm no longer tries them all and waits to see which one doesn't fail.

Features

  • 66ed584 #5551 default auth-type to web (#5551) (@wraithgar)
  • 6ee5b32 query: display queryContext in results (@nlf)
  • 314311c #5550 separate login/adduser, remove auth types (#5550) (@wraithgar)

Bug Fixes

  • 0d90a01 #5480 audit: add a condition to allow third-party registries returning E400 (#5480) (@juanheyns, Juan Heyns)

Documentation

  • 2d756cb #5527 add instruction to query objects with npm view (#5527) (@moonith)
  • 8743366 #5519 add hash to "tag" config link (#5519) (@mrienstra, @lukekarrys)
  • 5645c51 #5521 link mentions of config parameters (#5521) (@mrienstra)
  • 19762b4 #5529 modify Misleading doc about bins (@Hafizur046)
  • 19762b4 #5529 modify misleading doc about package.json:bin (#5529) (@Hafizur046)
  • 8402fd8 #5547 add :outdated pseudo selector to docs (@nlf)

Dependencies

9.0.0-pre.1 (2022-09-14)

⚠️ BREAKING CHANGES

  • renames most of the npm access subcommands
  • the api for libnpmaccess is different now

Features

  • 9c32c6c rewrite: rewrite npm access (@wraithgar)
  • 854521b rewrite: Rewrite libnpmaccess (@wraithgar)

Bug Fixes

  • c3d7549 add tag to publish log message (@wraithgar)

Documentation

  • fd0eebe update registry docs header (@hughlilly)

Dependencies

9.0.0-pre.0 (2022-09-08)

⚠ BREAKING CHANGES

  • workspaces: all workspace packages are now compatible with the following semver range for node: ^14.17.0 || ^16.13.0 || \>=18.0.0
  • this removes the npm birthday command
  • this removes npm set-script
  • this changes the default value of install-links to true
  • this removes the npm bin command
  • npm is now compatible with the following semver range for node: ^14.17.0 || ^16.13.0 || \>=18.0.0

Features

  • e95017a #5485 feat(workspaces): update supported node engines in package.json (@lukekarrys)
  • 49bbb2f #5455 feat: remove npm birthday (@wraithgar)
  • 926f0ad #5456 feat: remove npm set-script (@wraithgar)
  • 2a8c2fc #5458 feat: default install-links to true (@wraithgar)
  • 2e92800 #5459 feat: remove npm bin (@wraithgar)
  • 457d388 #5475 feat: update supported node engines in package.json (@wraithgar)

Bug Fixes

  • 41481f8 #5475 fix: attempt more graceful failure in older node versions (@wraithgar)

Documentation

  • 7fc2b6f #5468 docs: remove duplicate description for prepare script (@kidonng)
  • 285b39f #5324 docs: add documentation for expanded :semver selector (@nlf)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @npmcli/arborist bumped from ^5.6.1 to ^6.0.0-pre.0
      • libnpmaccess bumped from ^6.0.4 to ^7.0.0-pre.0
      • libnpmdiff bumped from ^4.0.5 to ^5.0.0-pre.0
      • libnpmexec bumped from ^4.0.12 to ^5.0.0-pre.0
      • libnpmfund bumped from ^3.0.3 to ^4.0.0-pre.0
      • libnpmhook bumped from ^8.0.4 to ^9.0.0-pre.0
      • libnpmorg bumped from ^4.0.4 to ^5.0.0-pre.0
      • libnpmpack bumped from ^4.1.3 to ^5.0.0-pre.0
      • libnpmpublish bumped from ^6.0.5 to ^7.0.0-pre.0
      • libnpmsearch bumped from ^5.0.4 to ^6.0.0-pre.0
      • libnpmteam bumped from ^4.0.4 to ^5.0.0-pre.0
      • libnpmversion bumped from ^3.0.7 to ^4.0.0-pre.0