@zkat zkat released this Aug 29, 2018

Assets 2

BUGFIXES

  • 4bd40f543 #42 Prevent blowing up on malformed responses from the npm audit endpoint, such as with third-party registries. (@framp)
  • 0e576f0aa #46 Fix NO_PROXY support by renaming npm-side config to --noproxy. The environment variable should still work. (@SneakyFish5)
  • d8e811d6a #33 Disable update-notifier checks when a CI environment is detected. (@Sibiraj-S)
  • 1bc5b8cea #47 Fix issue where postpack scripts would break if pack was used with --dry-run. (@larsgw)

DEPENDENCY BUMPS

DOCUMENTATION

Pre-release
Pre-release

@zkat zkat released this Aug 23, 2018 · 1 commit to latest since this release

Assets 2

This release became npm@6.4.1.

@zkat zkat released this Aug 15, 2018 · 33 commits to latest since this release

Assets 2

NEW FEATURES

  • 6e9f04b0b npm/cli#8 Search for authentication token defined by environment variables by preventing the translation layer from env variable to npm option from breaking :_authToken. (@mkhl)
  • 84bfd23e7 npm/cli#35 Stop filtering out non-IPv4 addresses from local-addrs, making npm actually use IPv6 addresses when it must. (@valentin2105)
  • 792c8c709 npm/cli#31 configurable audit level for non-zero exit npm audit currently exits with exit code 1 if any vulnerabilities are found of any level. Add a flag of --audit-level to npm audit to allow it to pass if only vulnerabilities below a certain level are found. Example: npm audit --audit-level=high will exit with 0 if only low or moderate level vulns are detected. (@lennym)

BUGFIXES

DEPENDENCY UPDATES

A very special dependency update event! Since the release of node-gyp@3.8.0, an awkward version conflict that was preventing request from begin flattened was resolved. This means two things:

  1. We've cut down the npm tarball size by another 200kb, to 4.6MB
  2. npm audit now shows no vulnerabilities for npm itself!

Thanks, @rvagg!

DOCUMENTATION

Pre-release
Pre-release

@zkat zkat released this Aug 9, 2018 · 34 commits to latest since this release

Assets 2

This release became npm@6.4.0.

@zkat zkat released this Aug 2, 2018 · 53 commits to latest since this release

Assets 2

This is basically the same as the prerelease, but two dependencies have been bumped due to bugs that had been around for a while.

Pre-release
Pre-release

@zkat zkat released this Jul 25, 2018 · 58 commits to latest since this release

Assets 2

NEW FEATURES

  • ad0dd226f npm/cli#26 npm version now supports a --preid option to specify the preid for prereleases. For example, npm version premajor --preid rc will tag a version like 2.0.0-rc.0. (@dwilches)

MESSAGING IMPROVEMENTS

  • c1dad1e99 npm/cli#6 Make npm audit fix message provide better instructions for vulnerabilities that require manual review. (@bradsk88)
  • 15c1130fe Fix missing colon next to tarball url in new npm view output. (@zkat)
  • 21cf0ab68 npm/cli#24 Use the defaut OTP explanation everywhere except when the context is "OTP-aware" (like when setting double-authentication). This improves the overall CLI messaging when prompting for an OTP code. (@jdeniau)

MISC

DOCUMENTATION

@zkat zkat released this Jul 14, 2018 · 74 commits to latest since this release

Assets 2

In case you missed it, we moved!. We look forward to seeing future PRs landing in npm/cli in the future, and we'll be chatting with you all in npm.community. Go check it out!

This final release of npm@6.2.0 includes a couple of features that weren't quite ready on time but that we'd still like to include. Enjoy!

FEATURES

FIXES

DEPENDENCY BUMPS

  • d9b2712a6 request@2.81.0: Downgraded to allow better deduplication. This does introduce a bunch of hoek-related audit reports, but they don't affect npm itself so we consider it safe. We'll upgrade request again once node-gyp unpins it. (@simov)
  • 2ac48f863 node-gyp@3.7.0 (@MylesBorins)
  • 8dc6d7640 cli-table3@0.5.0: cli-table2 is unmaintained and required lodash. With this dependency bump, we've removed lodash from our tree, which cut back tarball size by another 300kb. (@Turbo87)
  • 90c759fee npm-audit-report@1.3.1 (@zkat)
  • 4231a0a1e Add cli-table3 to bundleDeps. (@iarna)
  • 322d9c2f1 Make standard happy. (@iarna)

DOCS

Jul 5, 2018
6.2.0-next.1
Jun 29, 2018
6.2.0-next.0
May 24, 2018
6.1.0