The npm blog has been discontinued.
CTRL-C OUT DURING PACKAGE EXTRACTION AS MUCH AS YOU WANT!
email@example.com: Switches to
signal-exitto detect abnormal exits and remove locks. (@Redsandro)
SHRONKWRAPS AND LACKFILES
If a published modules had legacy
npm-shrinkwrap.json we were saving ordinary registry dependencies (
name@version) to your
https:// URLs instead of versions.
89102c0d9When saving the lock-file compute how the dependency is being required instead of using
package.json. This fixes the bug that was converting registry dependencies into
676f1239aWhen encountering a
https://URL in our lockfiles that point at our default registry, extract the version and use them as registry dependencies. This lets us heal
package-lock.jsonfiles produced by 6.0.0 (@iarna)
AUDIT AUDIT EVERYWHERE
You can’t use it quite yet, but we do have a few last moment patches to
npm audit to make it even better when it is turned on!
b2e4f48f5Make sure we hide stream errors on background audit submissions. Previously some classes of error could end up being displayed (harmlessly) during installs. (@iarna)
1fe0c7feaInclude session and scope in requests (as we do in other requests to the registry). (@iarna)
d04656461Exit with non-zero status when vulnerabilities are found. So you can have
npm auditas a test or prepublish step! (@iarna)
fcdbcbaccVerify lockfile integrity before running. You’d get an error either way, but this way it’s faster and can give you more concrete instructions on how to fix it. (@iarna)
2ac8edd42Refuse to run in global mode. Audits require a lockfile and globals don’t have one. Yet. (@iarna)
b7fca1084#20407 Update the lock-file spec doc to mention that we now generate the from field for
git-type dependencies. (@watilde)
7a6555e61#20408 Describe what the colors in outdated mean. (@teameh)