Permalink
Switch branches/tags
Commits on Nov 25, 2010
  1. version 0.2.9

    isaacs committed Nov 24, 2010
Commits on Nov 24, 2010
  1. changelog

    isaacs committed Nov 24, 2010
  2. make doc

    isaacs committed Nov 24, 2010
  3. Version command. Fix #394

    isaacs committed Nov 24, 2010
  4. Added listopts. Fixes #396

    davglass committed with isaacs Nov 24, 2010
    This forces additional filters to npm ls, without highlighting them in
    the outpu.
    
    Added ls docs and casting of the argument to a string plus slimmed the code
  5. Nested bundle testing

    isaacs committed Nov 24, 2010
  6. Don't allow adding the npm dir into the cache.

    isaacs committed Nov 24, 2010
    This prevents bundles from inadvertently installing themselves into
    themselves making Exibit's head explode inside an explosion, dawg.
Commits on Nov 22, 2010
  1. Docs for bundle changes.

    isaacs committed Nov 22, 2010
  2. Proxy support for all other npm commands to bundle

    isaacs committed Nov 22, 2010
    This lets you run *any* npm command on the bundle, by doing
    `npm bundle <cmd>`, so you can use it to list bundled packages, remove
    them, put things in the bundle cache, etc.
  3. make doc

    isaacs committed Nov 22, 2010
  4. Better bundle command.

    isaacs committed Nov 22, 2010
    To install all deps locally, it's just `npm bundle`
    To install a specific package locally, it's `npm bundle <pkg>`
    
    Todo: maybe it'd be better to be more explicit here?
    
        npm bundle all
        npm bundle add <pkg>
        npm bundle rm <pkg>
Commits on Nov 21, 2010
  1. When logging to stderr, do so synchronously.

    isaacs committed Nov 21, 2010
    This way, timing issues and such are easier to detect.  In node, stderr
    is generally blocking anyway.  Additionally, this seems to avoid the
    repeated kernel panics on Mac OS X when doing a lot of log calls and
    stdout writing mixed together.
  2. More portable install script.

    isaacs committed Nov 21, 2010
Commits on Nov 20, 2010
  1. bump version to 0.2.8-1

    isaacs committed Nov 15, 2010
  2. reduce logging a bit

    isaacs committed Nov 20, 2010
  3. Treat bundled dependencies as first-class citizens

    isaacs committed Nov 20, 2010
    Don't install stuff that's already bundled, because that's silly and
    pointless.
  4. ignore bundled test stuff.

    isaacs committed Nov 20, 2010
  5. Updates to make it work with writev

    isaacs committed Nov 20, 2010
    When writing to stdout, and then calling process.exit right after, the
    write never happens.
    
    Probably a bug in node.
  6. Calculate shasums of tarballs

    isaacs committed Nov 20, 2010
    This adds two things:
    
    1. When creating a tarball in the cache at
    .npm/.cache/name/version/package.tgz, also calculate a shasum of the
    data, and add it to the cached data.  This is what is used when
    publishing, so that's what ends up in the registry, and is based on the
    actual tarball which is uploaded.
    
    2. When downloading a tarball from the registry, and saving it to a
    temporary location, validate that the temporary tarball file's shasum
    matches what is stored in the registry.
    
    It is possible to make this much more efficient, simpler, and more
    secure, in the following ways:
    
    1. Whenever unpacking a tarball in the unpackTar function, the bytes are
    being passed from the FileReadStream into a gzip child process.  Those
    bytes could be forked to the sha1 Hash at that time.
    2. When a package is uploaded, the bytes are pumped to an http request.
    They could be hashed at that time, and then added to the published json
    data right before the second write.
    3. When a tarball is downloaded, the bytes are pumped from the http
    request to a (manual) FileWriteStream.  They could be hashed there and
    tested at the end of the download.
    
    Ideally, there should be some checksumming pump function that npm used
    internally that would capture the state of every pump action, and
    provide the shasum to the callback.  Then, it would even be possible to
    shasum the gzipped tarball, as well as the tar file itself, and
    eventually perhaps even all of the files within.
Commits on Nov 19, 2010
  1. Add the stupid dash.

    isaacs committed Nov 19, 2010
Commits on Nov 18, 2010
  1. Docs for new npm view command

    isaacs committed Nov 18, 2010
  2. New fancy view

    isaacs committed Nov 18, 2010