This repository has been archived by the owner on Aug 11, 2022. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(cache): rewrite package fetching and caching on top of pacote
Fixes: #2568 Fixes: #2649 Fixes: #3141 Fixes: #4042 Fixes: #4652 Fixes: #5357 Fixes: #5509 Fixes: #5622 Fixes: #5941 All fetching-related networking is now done through pacote, and the old cache has been entirely replaced by a cacache-based one. Features: * npm now supports a variety of hash algorithms for tarball storage. On registries that support it, npm is able to use sha512sum for verification. * An `integrity` field has been added to `npm-shrinkwrap.json`. * Package integrity will be fully verified on both cache insert and extraction -- if npm installs something, it's going to be exactly what you downloaded, byte-for-byte, or it will fail. * If `npm-shrinkwrap.json` is used, npm will bypass checking package manifests and go straight to the tarball, fetching it by content address if locally cached. * Checksum integrity failures will now retry downloading on error, instead of failing on a single check. * A new npm command, `npm cache verify`, can now be used to verify and garbage collect your local cache. * npm now supports arbitrarily large tarball downloads: tarballs will no longer be loaded entirely into memory before extraction. * packages whose names only differ in casing, and packages from different sources/registries/etc will now correctly be cached separately from each other. * Some performance improvements. * Improved fetch retry logic will try harder to download your packages. BREAKING CHANGE: many shrinkwrap and cache-related things have changed. * Previously-created caches will no longer be used. They will be left in place, but data will need to be re-cached. There is no facility for rebuilding a cache based on an existing one. * `npm cache ls` has been removed for now * `npm cache rm` now always removes the entire cache. There is no granular removal available for now. * git dependencies can now use semver resolution using `#semver:^1.2.3` * `--cache-min` and `--cache-max` have been deprecated. Use `--offline`, `--prefer-offline`, and `--prefer-online instead. `--cache-min=9999+` and `--cache-max=0` have been aliased to `--prefer-offline` and `--prefer-online`, respectively. * npm will now obey HTTP caching headers sent from registries and other remote HTTP hosts, and will use standard HTTP caching rules for its local cache. * `prepublishOnly` now runs *before* packing the tarball. * npm no longer supports node@<4.
- Loading branch information