The npm blog has been discontinued.
Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog.
v6.0.1-next.0
CTRL-C OUT DURING PACKAGE EXTRACTION AS MUCH AS YOU WANT!
b267bbbb9
npm/lockfile#29lockfile@1.0.4
: Switches tosignal-exit
to detect abnormal exits and remove locks. (@Redsandro)
SHRONKWRAPS AND LACKFILES
If a published modules had legacy npm-shrinkwrap.json
we were saving ordinary registry dependencies (name@version
) to your package-lock.json
as https://
URLs instead of versions.
89102c0d9
When saving the lock-file compute how the dependency is being required instead of using_resolved
in thepackage.json
. This fixes the bug that was converting registry dependencies intohttps://
dependencies. (@iarna)676f1239a
When encountering ahttps://
URL in our lockfiles that point at our default registry, extract the version and use them as registry dependencies. This lets us healpackage-lock.json
files produced by 6.0.0 (@iarna)
AUDIT AUDIT EVERYWHERE
You can’t use it quite yet, but we do have a few last moment patches to npm audit
to make it even better when it is turned on!
b2e4f48f5
Make sure we hide stream errors on background audit submissions. Previously some classes of error could end up being displayed (harmlessly) during installs. (@iarna)1fe0c7fea
Include session and scope in requests (as we do in other requests to the registry). (@iarna)d04656461
Exit with non-zero status when vulnerabilities are found. So you can havenpm audit
as a test or prepublish step! (@iarna)fcdbcbacc
Verify lockfile integrity before running. You’d get an error either way, but this way it’s faster and can give you more concrete instructions on how to fix it. (@iarna)2ac8edd42
Refuse to run in global mode. Audits require a lockfile and globals don’t have one. Yet. (@iarna)
DOCUMENTATION IMPROVEMENTS
b7fca1084
#20407 Update the lock-file spec doc to mention that we now generate the from field forgit
-type dependencies. (@watilde)7a6555e61
#20408 Describe what the colors in outdated mean. (@teameh)
DEPENDENCY UPDATES
5e56b3209
npm-audit-report@1.0.8
(@evilpacket)58a0b31b4
lock-verify@2.0.2
(@iarna)e7a8c364f
zkat/pacote#148pacote@8.1.1
(@redonkulus)46c0090a5
tar@4.4.2
(@isaacs)8a16db3e3
update-notifier@2.5.0
(@alexccl)696375903
safe-buffer@5.1.2
(@feross)c949eb26a
query-string@6.1.0
(@sindresorhus)