v11.0.0

11.0.0 (2026-05-15)

⚠️ BREAKING CHANGES

• npm-packlist now supports node ^22.22.2 || ^24.15.0 || >=26.0.0
• template-oss-apply
• Entries in files[] are now interpreted as glob patterns anchored to the package root, with no special-case overrides. Slashless negations like !readme.md only match at the root — use !**/readme.md to remove at every depth. An exact file path in files[] no longer overrides a nested .npmignore rule that excludes it; remove the rule from .npmignore if you need such a file to ship. Listing a default-ignored file (e.g. .npmignore, .npmrc) in files[] no longer forces it to be packed.
• npm-shrinkwrap.json is no longer included in published tarballs by default. Publishers who need to ship a locked dependency tree should use bundleDependencies; publishers with a legitimate reason to include a file literally named npm-shrinkwrap.json can still opt back in with a negated files entry.
• bun.lock is now excluded from package contents by default. If you need to include it, add "bun.lock" to the "files" array in your package.json.

Features

• da9502e #286 bump to new node engine range (@owlstronaut)
• 943b8ec #286 template-oss-apply (@owlstronaut)
• 2ec1c00 #281 exclude npm-shrinkwrap.json from package contents (@owlstronaut)
• 59a8d0f #279 exclude bun.lock from package contents (@owlstronaut)

Bug Fixes

• 8e8d6ee #282 use real glob semantics for package.json files array (@owlstronaut)

Dependencies

• cda441f #286 proc-log@7.0.0
• 356d0b6 #286 ignore-walk@9.0.0

Chores

• e768b3a #286 template-oss-apply (@owlstronaut)
• b1c2c16 #286 bumping @npmcli/template-oss from 4.30.0 to 5.1.0 (@owlstronaut)
• 13f4e2b #279 template-oss-apply (@owlstronaut)
• 261224f #278 bump @npmcli/template-oss from 4.29.0 to 4.30.0 (#278) (@dependabot[bot], @npm-cli-bot)