Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Tag: v0.2.10
Commits on Nov 25, 2010
  1. @isaacs

    v0.2.10

    isaacs authored
  2. @isaacs

    Edit command

    isaacs authored
  3. @isaacs

    version 0.2.9

    isaacs authored
  4. @isaacs
Commits on Nov 24, 2010
  1. @isaacs

    changelog

    isaacs authored
  2. @isaacs

    make doc

    isaacs authored
  3. @isaacs

    Version command. Fix #394

    isaacs authored
  4. @isaacs
  5. @davglass @isaacs

    Added listopts. Fixes #396

    davglass authored isaacs committed
    This forces additional filters to npm ls, without highlighting them in
    the outpu.
    
    Added ls docs and casting of the argument to a string plus slimmed the code
  6. @isaacs
  7. @isaacs
  8. @isaacs
  9. @isaacs
  10. @isaacs

    Nested bundle testing

    isaacs authored
  11. @isaacs
  12. @isaacs

    Don't allow adding the npm dir into the cache.

    isaacs authored
    This prevents bundles from inadvertently installing themselves into
    themselves making Exibit's head explode inside an explosion, dawg.
Commits on Nov 22, 2010
  1. @isaacs
  2. @isaacs

    Docs for bundle changes.

    isaacs authored
  3. @isaacs

    Proxy support for all other npm commands to bundle

    isaacs authored
    This lets you run *any* npm command on the bundle, by doing
    `npm bundle <cmd>`, so you can use it to list bundled packages, remove
    them, put things in the bundle cache, etc.
  4. @isaacs

    make doc

    isaacs authored
  5. @isaacs

    Better bundle command.

    isaacs authored
    To install all deps locally, it's just `npm bundle`
    To install a specific package locally, it's `npm bundle <pkg>`
    
    Todo: maybe it'd be better to be more explicit here?
    
        npm bundle all
        npm bundle add <pkg>
        npm bundle rm <pkg>
Commits on Nov 21, 2010
  1. @isaacs

    When logging to stderr, do so synchronously.

    isaacs authored
    This way, timing issues and such are easier to detect.  In node, stderr
    is generally blocking anyway.  Additionally, this seems to avoid the
    repeated kernel panics on Mac OS X when doing a lot of log calls and
    stdout writing mixed together.
  2. @isaacs

    More portable install script.

    isaacs authored
Commits on Nov 20, 2010
  1. @isaacs

    bump version to 0.2.8-1

    isaacs authored
  2. @isaacs

    reduce logging a bit

    isaacs authored
  3. @isaacs

    Treat bundled dependencies as first-class citizens

    isaacs authored
    Don't install stuff that's already bundled, because that's silly and
    pointless.
  4. @isaacs
  5. @isaacs

    ignore bundled test stuff.

    isaacs authored
  6. @isaacs

    Updates to make it work with writev

    isaacs authored
    When writing to stdout, and then calling process.exit right after, the
    write never happens.
    
    Probably a bug in node.
  7. @isaacs
  8. @isaacs

    Calculate shasums of tarballs

    isaacs authored
    This adds two things:
    
    1. When creating a tarball in the cache at
    .npm/.cache/name/version/package.tgz, also calculate a shasum of the
    data, and add it to the cached data.  This is what is used when
    publishing, so that's what ends up in the registry, and is based on the
    actual tarball which is uploaded.
    
    2. When downloading a tarball from the registry, and saving it to a
    temporary location, validate that the temporary tarball file's shasum
    matches what is stored in the registry.
    
    It is possible to make this much more efficient, simpler, and more
    secure, in the following ways:
    
    1. Whenever unpacking a tarball in the unpackTar function, the bytes are
    being passed from the FileReadStream into a gzip child process.  Those
    bytes could be forked to the sha1 Hash at that time.
    2. When a package is uploaded, the bytes are pumped to an http request.
    They could be hashed at that time, and then added to the published json
    data right before the second write.
    3. When a tarball is downloaded, the bytes are pumped from the http
    request to a (manual) FileWriteStream.  They could be hashed there and
    tested at the end of the download.
    
    Ideally, there should be some checksumming pump function that npm used
    internally that would capture the state of every pump action, and
    provide the shasum to the callback.  Then, it would even be possible to
    shasum the gzipped tarball, as well as the tar file itself, and
    eventually perhaps even all of the files within.
Commits on Nov 19, 2010
  1. @isaacs
  2. @isaacs

    Add the stupid dash.

    isaacs authored
  3. @isaacs
Commits on Nov 18, 2010
  1. @isaacs
Something went wrong with that request. Please try again.