The npm blog has been discontinued.
Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog.
v6.0.1-next.0
CTRL-C OUT DURING PACKAGE EXTRACTION AS MUCH AS YOU WANT!
b267bbbb9npm/lockfile#29lockfile@1.0.4: Switches tosignal-exitto detect abnormal exits and remove locks. (@Redsandro)
SHRONKWRAPS AND LACKFILES
If a published modules had legacy npm-shrinkwrap.json we were saving ordinary registry dependencies (name@version) to your package-lock.json as https:// URLs instead of versions.
89102c0d9When saving the lock-file compute how the dependency is being required instead of using_resolvedin thepackage.json. This fixes the bug that was converting registry dependencies intohttps://dependencies. (@iarna)676f1239aWhen encountering ahttps://URL in our lockfiles that point at our default registry, extract the version and use them as registry dependencies. This lets us healpackage-lock.jsonfiles produced by 6.0.0 (@iarna)
AUDIT AUDIT EVERYWHERE
You can’t use it quite yet, but we do have a few last moment patches to npm audit to make it even better when it is turned on!
b2e4f48f5Make sure we hide stream errors on background audit submissions. Previously some classes of error could end up being displayed (harmlessly) during installs. (@iarna)1fe0c7feaInclude session and scope in requests (as we do in other requests to the registry). (@iarna)d04656461Exit with non-zero status when vulnerabilities are found. So you can havenpm auditas a test or prepublish step! (@iarna)fcdbcbaccVerify lockfile integrity before running. You’d get an error either way, but this way it’s faster and can give you more concrete instructions on how to fix it. (@iarna)2ac8edd42Refuse to run in global mode. Audits require a lockfile and globals don’t have one. Yet. (@iarna)
DOCUMENTATION IMPROVEMENTS
b7fca1084#20407 Update the lock-file spec doc to mention that we now generate the from field forgit-type dependencies. (@watilde)7a6555e61#20408 Describe what the colors in outdated mean. (@teameh)
DEPENDENCY UPDATES
5e56b3209npm-audit-report@1.0.8(@evilpacket)58a0b31b4lock-verify@2.0.2(@iarna)e7a8c364fzkat/pacote#148pacote@8.1.1(@redonkulus)46c0090a5tar@4.4.2(@isaacs)8a16db3e3update-notifier@2.5.0(@alexccl)696375903safe-buffer@5.1.2(@feross)c949eb26aquery-string@6.1.0(@sindresorhus)