The npm blog has been discontinued.
Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog.
v5.4.0 (2017-08-22)
Here’s another small big release, with a handful bunch of fixes and a couple of small new features! This release has been incubating rather longer than usual and it’s grown quite a bit in that time. I’m also excited to say that it has contributions from 27 different folks, which is a new record for us. Our previous record was 5.1.0 at 21. Before that the record had been held by 1.3.16 since December of 2013.
If you can’t get enough of the bleeding edge, I encourage you to check out our canary release of npm. Get it with npm install -g npmc
. It’s going to be seeing some exciting stuff in the next couple of weeks, starting with a rewriten npm dedupe
, but moving on to… well, you’ll just have to wait and find out.
PERFORMANCE
d080379f6
pacote@6.0.1
Updates extract to use tar@4, which is much faster than the older tar@2. It reduces install times by as much as 10%. (@zkat)4cd6a1774
0195c0a8c
#16804tar@4.0.1
Update publish to use tar@4. tar@4 brings many advantages over tar@2: It’s faster, better tested and easier to work with. It also produces exactly the same byte-for-byte output when producing tarballs from the same set of files. This will have some nice carry on effects for things like caching builds from git. And finally, last but certainly not least, upgrading to it also let’s us finally eliminatefstream
—if you know what that is you’ll know why we’re so relieved. (@isaacs)
FEATURES
1ac470dd2
#10382 If you make a typo when writing a command now, npm will print a brief “did you mean…” message with some possible alternatives to what you meant. (@watilde)20c46228d
#12356 When running lifecycle scripts,INIT_CWD
will now contain the original working directory that npm was executed from. Remember that you can usenpm run-script
even if you’re not inside your package root directory! (@MichaelQQ)be91e1726
4e7c41f4a
libnpx@9.6.0
: Fixes a number of issues on Windows and adds support for several more languages: Korean, Norwegian (bokmål and nynorsk), Ukrainian, Serbian, Bahasa Indonesia, Polish, Dutch and Arabic. (@zkat)2dec601c6
#17142 Add the newcommit-hooks
option tonpm version
so that you can disable commit hooks when committing the version bump. (@faazshift)bde151902
#14461 Make output fromnpm ping
clear as to its success or failure. (@legodude17)
BUGFIXES
b6d5549d2
#17844 Make package-lock.json sorting locale-agnostic. Previously, sorting would vary by locale, due to usinglocaleCompare
for key sorting. This’ll give you a little package-lock.json churn as it reshuffles things, sorry! (@LotharSee)44b98b9dd
#17919 Fix a crash wherenpm prune --production
would fail while removing.bin
. (@fasterthanlime)c3d1d3ba8
#17816 Fail more smoothly when attempting to install an invalid package name. (@SamuelMarks)55ac2fca8
#12784 Guard against stack overflows when marking packages as failed. (@vtravieso)597cc0e4b
#15087 Stop outputting progressbars or using color on dumb terminals. (@iarna)7a7710ba7
#15088 Don’t exclude modules that are both dev & prod when usingnpm ls --production
. (@iarna)867df2b02
#18164 Only do multiple procs on OSX for now. We’ve seen a handful of issues relating to this in Docker and in on Windows with antivirus. (@zkat)23540af7b
#18117 Some package managers would write spaces to the _from field in package.json’s in the form ofname @spec
. This was causing npm to fail to interpret them. We now handle that correctly and doubly make sure we don’t do that ourselves. (@IgorNadj)0ef320cb4
#16634 Convert any bin script with a shbang a the start to Unix line-endings. (These sorts of scripts are not compatible with Windows line-endings even on Windows.) (@ScottFreeCode)71191ca22
#16476npm-lifecycle@1.0.2
Running an install with--ignore-scripts
was resulting in the the package object being mutated to have the lifecycle scripts removed from it and that in turn was being written out to disk, causing further problems. This fixes that: No more mutation, no more unexpected changes. (@addaleax)459fa9d51
npm/read-package-json#74 #17802read-package-json@2.0.1
Use unix-style slashes for generated bin entries, which lets them be cross platform even when produced on Windows. (@iarna)5ec72ab5b
#18229 Make install.sh find nodejs on debian. (@cebe)
DOCUMENTATION
b019680db
#10846 Remind users that they have to install missingpeerDependencies
manually. (@ryanflorence)3aee5986a
#17898 Minor punctuation fixes to the README. (@AndersDJohnson)e0d0a7e1d
#17832 Fix grammar, format, and spelling in documentation forrun-script
. (@simonua)3fd6a5f2f
#17897 Add more info about usingfiles
withnpm pack
/npm publish
. (@davidjgoss)f00cdc6eb
#17785 Add a note about filenames for certificates on Windows, which use a different extension and file type. (@lgp1985)0cea6f974
#18022 Clarify usage for thefiles
field inpackage.json
. (@xcambar)a0fdd1571
#15234 Clarify the behavior of thefiles
array in the package-json docs. (@jbcpollak)cecd6aa5d
#18137 Clarify interaction between npmignore and files in package.json. (@supertong)6b8972039
#18044 Corrected the typo in package-locks docs. (@vikramnr)6e012924f
#17667 Fix description of package.json in npm-scripts docs. (@tripu)
POSSIBLY INTERESTING DEPENDENCY UPDATES
48d84171a
f60b05d63
semver@5.4.1
Perf improvements. (@zkat)f4650b5d4
write-file-atomic@2.3.0
: Serialize writes to the same file so that results are deterministic. Cleanup tempfiles when process is interrupted or killed. (@ferm10n) (@iarna)
CHORES
96d78df98
80e2f4960
4f49f687b
07d2296b1
a267ab430
#18176 #18025 Move the lifecycle code out of npm into a separate library,npm-lifecycle
. Shh, I didn’t tell you this, but this portends to some pretty cool stuff to come very soon now. (@mikesherov)0933c7eaf
#18025 Force Travis to use Precise instead of Trusty. We have issues with our couchdb setup and Trusty. =/ (@mikesherov)afb086230
#18138 Fix typos in files-and-ignores test. (@supertong)3e6d11cde
#18175 Update dependencies to eliminate transitive dependencies with the WTFPL license, which some more serious corporate lawyery types aren’t super comfortable with. (@zkat)ee4c9bd8a
#16474 The tests intest/tap/lifecycle-signal.js
, as well as the features they are testing, are partially broken. This moves them from being skipped in CI to being disabled only for certain platforms. In particular, becausenpm
spawns its lifecycle scripts in a shell, signals are not necessarily forwarded by the shell and won’t cause scripts to exit; also, shells may report the signal they receive using their exit status, rather than terminating themselves with a signal. (@addaleax)9462e5d9c
#16547 Remove unused file: bin/read-package-json.js (@metux)0756d687d
#16550 The build tools for the documentation need to be built/installed before the documents, even with parallel builds. Make has a simple mechanism which was made exactly for that: target dependencies. (@metux)