Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Comparing changes

Choose two branches to see what's changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
base fork: npm/npm
head fork: npm/npm
Checking mergeability… Don't worry, you can still create the pull request.
This comparison is big! We're only showing the most recent 250 commits
Commits on Feb 13, 2015
@marr marr Fix npm link documentation typo. 899e270
@bengl bengl install man pages correctly
* use full path as the link source, instead of just the file name
* also tests!
@isaacs isaacs test: Clean folders on start for add-remote-git-fake-windows 8e6a824
@isaacs isaacs outdated: fix occasional 'property of undefined' error 8a78653
@amZotti amZotti Fix spelling error in README
Line 176 uses the word "warrantee" where the word "warranty" should be used instead. 

According to, "A warrantee is someone to whom a warranty is given. A warranty is a guarantee given by a company to a purchaser stating that a product will meet certain requirements during a given time."

It may seem like I am nitpicking, but I believe this is worth attention considering this word misuse is occurring in the legal section of the README, which can potentially open this open source project up to legal loop holes in the future is someone were so inclined.
@karlhorky karlhorky doc: switch http to https in examples when possible 3568764
@ljharb ljharb config: ensure etc dir exists before writing to it
When editing config, if the `globalconfig` directory doesn't exist,
create it so that the editor doesn't explode when trying to edit a file
in a nonexistent path.
@othiym23 othiym23 semver@4.3.0
Adds new functions to extract the {major,minor,patch} parts from a
version (no changes to npm).
@othiym23 othiym23 update semver docs to match version in package 7857712
@othiym23 othiym23 ini@1.3.3
allow embedded, quoted equals signs
@othiym23 othiym23 npm-registry-client@6.1.0
Support logging out of token-based sessions (a registry-2 endpoint).
@othiym23 othiym23 npm-registry-client@6.1.1
Fix typo in log message.
@othiym23 othiym23 config: clear credentials by nerf dart d0790dc
@othiym23 othiym23 logout: add new command
Make it do something useful on both bearer-based and basic-based authed
@othiym23 othiym23 src: deprecate engineStrict in package.json 7c81a5f
@othiym23 othiym23 doc: document deprecation of engineStrict 3ae967e
@othiym23 othiym23 src: warn that peerDependency behavior is changing
...and also document it.
@othiym23 othiym23 update changelog for npm@2.6.0 a2cf224
@othiym23 othiym23 2.6.0 6e7063b
@othiym23 othiym23 update AUTHORS 02d4081
@othiym23 othiym23 changelog: credit where credit is due 765c082
Commits on Feb 20, 2015
@othiym23 othiym23 utils: selectively warn on deprecation
You can either print one deprecation warning for a whole class of
deprecated behavior, or print one deprecation warning for each instance
of that behavior.
@othiym23 othiym23 deprecation: say where engineStrict is being used. 5fa067f
@othiym23 othiym23 deprecation: peerDependencie deprecation tweaks aa79194
@othiym23 othiym23 glob@4.4.0
Adds ignoring matches.
@smikes smikes npm outdated: have default depth=0
interpret Infinity as 0 for `outdated`
remove depth: 0 from outdated-depth unit test
add child package with outdated dependency to outdated-depth test
new unit test outdated-depth-deep to confirm that
  npm outdated --depth=9999 works as expected
@othiym23 othiym23 update changelog for npm@2.6.1 ef65fd0
@othiym23 othiym23 2.6.1 d083809
Commits on Feb 26, 2015
@stefaneg stefaneg Update
Add documentation for NODE_ENV=production environment variable effect.
@othiym23 othiym23 docs: drop misleading & obsolete docs; reorganized
`env` doesn't need to be right up top like that.
@othiym23 othiym23 test: override globalconfig setting for test 38e013d
@smikes smikes make npm commands configurable by default bd2b2dd
@smikes smikes doc, test: document update action
first draft of update examples
verify examples from
fix style bugs
@othiym23 othiym23 doc: small note about suprising update behavior
Also tweaked update API documentation.
Commits on Feb 27, 2015
@deestan deestan completion: install completion on folders and urls d7b7853
@othiym23 othiym23 completion: remove registry calls to -/short 628fcdb
@othiym23 othiym23 completion: -/all stragglers 84b7b80
@pshevtsov pshevtsov Adding handling of compressed man pages 50f461d
@othiym23 othiym23 help: tweaks to compressed filename matching d3cb6e1
@ackalker ackalker node-gyp: enable overriding node-gyp binary
Enable overriding the node-gyp binary used by npm by specifying
a config option, similar to specifying the python interpreter.

Example usage:

    npm install --node-gyp=<path-to-custom-node-gyp>
@mmalecki mmalecki test: expect sanity from Linux
Do not expect Linux to return 1 as error code and no signal indication
when child is killed by SIGSEGV.
@smikes smikes doc: add note about git-tag-version ebe3b37
@KenanY KenanY doc: document `git-tag-version` in `npm version`
Since `git-tag-version` affects the behavior of `npm version`, it should be
documented as a configuration option in the documentation of `npm version`.
@othiym23 othiym23 doc: clarify git-tag-version docs 13b4121
@watilde watilde run-script: only run restart lifecyle when no script
Fixes #1999, #2716.
@scien scien run-script: test run-script restart defaults d3df7c7
@watilde watilde run-scripts: group scripts in list output a0a8777
@othiym23 othiym23 run-script: tweak wording of output, add tests
Also make tests conform to `standard` while I'm here, to make merging
less painful later.
@othiym23 othiym23 doc: `npm `run-script`` groups scripts 687117a
@thriqon thriqon git: log full git command line on error 44da664
@smikes smikes test: fix typo 53a47ba
@smikes smikes test: rescue test from disabled; generate fixtures 536b2b6
@watilde watilde ls: allow filtering by --dev / --prod[uction] 448efd0
@jussi-kalliokoski jussi-kalliokoski Added an --if-present flag for not erroring on unspecified scripts.
Fixes #7354.
@twhid twhid cache: don't add 'git+' when it's already there
Fixes #7294.
@othiym23 othiym23 cache: add-remote-git expects no 'git+' on URLs 0f87f5e
@othiym23 othiym23 cache: test add-remote-git's URL normalization 5334207
@othiym23 othiym23 completion: make separator a local 3f6061d
@isaacs isaacs rm: npm rm <noargs> globally removes (unlinks) '.'
Fixes #4005, #6248.

What's interesting is that the comment in the code seems to indicate
that this was *always* the intent.  But somewhere along the line, that
seems to have broken.

This makes 'npm link' be un-done by running 'npm unlink'.
@zeke zeke doc: soften warning against using install scripts
Keep some of the “don’t use install for compilation” verbiage, but
relegate it to bottom-of-the-page status.
@davglass davglass error-handler: added er.parent to ETARGET error 9748d5c
@othiym23 othiym23 init-package-json@1.3.0
Closes #6749.

Support for passing scopes to `npm init` so packages are initialized as part
of that scope / organization / team.
@othiym23 othiym23 semver@4.3.1
Document the move from isaacs → npm orgs.
@othiym23 othiym23 tap@0.7.1 64b07f6
@othiym23 othiym23 glob@4.4.1
More informative error messages when calling sync versions of functions
with a callback.
@othiym23 othiym23 which@1.0.9
Test for being run as root, as well as the current user.
@othiym23 othiym23 update changelog for npm@2.7.0 dabb46b
@othiym23 othiym23 2.7.0 a87ed5c
@othiym23 othiym23 update AUTHORS 91db20b
@othiym23 othiym23 read-package-json@1.3.2
Provide more helpful error messages when JSON parse errors are
encountered by using a more forgiving JSON parser than JSON.parse.
@watilde watilde doc: fix typo in contributor link dea9bb2
Commits on Mar 02, 2015
@othiym23 othiym23 error-handler: FreeBSD does EAI_FAIL,not ENOTFOUND bcd4722
@functino functino Adds function call to gitEnv in checkGitDir
In checkGitDir when executing `git config --get remote.origin.url` the gitEnv function is passed to git.whichAndExec instead of the result of that function.
@watilde watilde error-handler: update support url to https from http 21c1ac4
@othiym23 othiym23 Windows doesn't know what rm is.
Commits on Mar 03, 2015
@smikes smikes publish, config: move tag-semver test
add usage info to publish
move tag-semver check to publish
test publish instead of config
@othiym23 othiym23 config: remove redundant validator 7691d82
Commits on Mar 04, 2015
@othiym23 othiym23 `npm stars` don't send bogus auth when not authed
Fixes #7531.
Commits on Mar 05, 2015
@othiym23 othiym23 restore order to caching git remotes
Also, update code coments to be accurate, and extirpate single-letter
variable names. And introduce a params object because those argument
lists were completely ridiculous.
@KidkArolis KidkArolis dedupe: Handle scoped packages c56cfcd
@othiym23 othiym23 dedupe: test/tap/dedupe-scoped.js uses find-dupes
Test is now self-contained as well.
@adrianblynch adrianblynch changelog: fixed typo 42c605c
@RichardLitt RichardLitt doc: add note about package name
In case anyone doesn't know that `node-redis` is called `redis`. Also
added a period that was missing.
@olizilla olizilla doc: properly close code block in
Swap quote-mark for back-tick to fix inline code block that was
otherwise unterminated.
@quarterto quarterto doc: add note about node_modules/.bin c9bd58d
@othiym23 othiym23 update: only update when current !== wanted
Fixes #6441.
@othiym23 othiym23 install: engineStrict only warns for this package b6bd99a
@othiym23 othiym23 update: a completely uncontroversial change 2abc3ee
Commits on Mar 06, 2015
@othiym23 othiym23 rimraf@2.3.1
* Glob arguments for better Windows support.
* Handle bad symlinks properly.
* Make maxBusyTries and emfileWait configurable
* Also upgrade to glob@4.4.1
@othiym23 othiym23 nock@1.1.0
Better Node.js 0.12 / io.js 1.x support.
@smikes smikes install: don't try to --link git dependencies
test sets up git repo & mock registry -- fragile
test of install --link=false
test of install --link=true
@othiym23 othiym23 install: tweak install --link for git
`_resolved` isn't guaranteed to be set on the package metadata by this
point in the installation process, and we probably shouldn't
automatically assume that `_from` is set, either.
@othiym23 othiym23 update changelog for npm@2.7.1 4bde0e0
@othiym23 othiym23 2.7.1 4962c7a
@othiym23 othiym23 update AUTHORS 07350a8
Commits on Mar 11, 2015
@othiym23 othiym23 gently-rm: npm.globalRoot is not a thing
I also sorted the order of the npm-controlled directories to sort prefix
and globalPrefix up to the top, because those are the two most likely
candidates to match.
Commits on Mar 12, 2015
@othiym23 othiym23 gently-rm: swap checks & match target, not source
Fixes #7579.

We want to know two things with gently-rm:

1. Is the parent directory under npm's control?
(1a. Is the thing to be deleted under that parent directory if so?)
2. Is the thing to be deleted under npm's control?

There are some additional complications, but that's the core of it, so
to make clearer what was going on, I rearranged the code to prioritize
answering those two questions, and added a bunch of comments explaining
what's happening in an effort that that would make clearer *why* the
code is written the way it is.

When npm removes a file or directory, it verifies whether the thing
being removed is under npm's control. This isn't something that can be
ascertained directly, so gentlyRm checks to see if there's a plausible
case that this file was something that was originally installed by npm.
Mostly it just verifies whether either the deletion target or the parent
directory (which could be passed in as the base, or could be the prefix
otherwise) is under one of the paths that npm might have reason to mess

It will also deal with a certain amount of symbolic link trickery, but
symlink verification was overly aggressive before, and has been eased up
@othiym23 othiym23 gently-rm: always resolve against a base directory
The amount that resolve() is used is probably overly cautious as-is, but
if we're going to use it, don't use it bare, or it will assume a base of
`process.cwd()`, which is often incorrect.
@othiym23 othiym23 gently-rm: more context on failure
The log messages are more useful than the generic error emitted by
clobberFail, so make sure they're almost always visible to end users who
might be otherwise confused. Also make them more consistent, and make
the whole file comply with `standard`'s style rules.'
@othiym23 othiym23 link: rm rm
`lib/utils/link.js` already removes the existing paths, so at the very
least this was leading to some redundant logging.
@RichardLitt RichardLitt install: removed obsolete comment
This is obviously no longer experimental, and I'm not sure this comment
belongs here anymore.
@jeffbski jeffbski node-gyp@1.0.3
Upgrade bundled node-gyp from v1.0.2 to v1.0.3 which fixes the warning

customFds option is deprecated, use stdio instead.
@KenanY KenanY doc: use perl in instead of awk
As a consequence of the various implementations of AWK across platforms,
the use of AWK in `scripts/` might result in different
sorting behavior on different platforms (i.e. BSD awk on OS X does not
maintain the desired sort- by-first-contribution). So, let's use Perl
@othiym23 othiym23 update AUTHORS 6d081cf
@othiym23 othiym23 doc: update Git .mailmap
* can't have more than one proper and one to-be-corrected address per line
* can remap author name as well as email address
Commits on Mar 13, 2015
@othiym23 othiym23 install: track bundled dependencies in context
Fixes #7552.

The npm@<3 installer uses an elaborate data tree built in-memory as the
install process runs to track which dependencies have already been seen
in the tree. This allows the installer to determine whether a parent
dependency satisfies the current semver requirement.

However, if one version of a dependency is specified at one level of the
tree, and then a child of that level includes that same dependency
bundled at a different version, and one of *that dependency's* children
depends on this same dependency at yet another version, it will end up
matching against the version _above_ the bundled dependency.  This can
lead anyone trying to figure out what's going on into a phantasmagorical
wonderland where nothing is real, and can also produce an inconsistent
installed tree.

The solution is to ensure that the bundled dependency versions are added
to the tree, but in order to do this, we need to know exactly which
version got bundled. This requires a call to readInstalled, because the
version that was bundled isn't included anywhere in the package
metadata. Since readInstalled is slow, installMany will only call it if
it knows there are bundledDependencies for the current package.
@othiym23 othiym23 rimraf@2.3.2
Handle globbing paths with valid glob metacharacters in the path.
@othiym23 othiym23 minimatch@2.0.4
Bug fixes.
@othiym23 othiym23 graceful-fs@3.0.6
A small bug fix.
@othiym23 othiym23 update changelog for npm@2.7.2 85fdd0c
@othiym23 othiym23 2.7.2 61915a8
Commits on Mar 17, 2015
@othiym23 othiym23 shrinkwrap: npm shrinkwrap --dev means prod too
Due to 448efd0, running `npm shrinkwrap
--dev` caused production dependencies to no longer be included in
npm-shrinkwrap-.json. Whoopsie! Added a regression test to go with the

Fixes #7641.
@othiym23 othiym23 update changelog for npm@2.7.3 9896ef3
@othiym23 othiym23 2.7.3 11e1f69
Commits on Mar 18, 2015
@dannyfritz dannyfritz version: regression test 'message' from .npmrc
The message in `npm version -m <message>` is mapped to the `message`
config parameter in `.npmrc`. Add a test to make sure that behavior
doesn't unintentionally go away.
@othiym23 othiym23 test: rework version-message-config for Travis e013d31
Commits on Mar 19, 2015
@othiym23 othiym23 npm-registry-client@3.1.2
* Use `certificate` instead of `cert` when creating HTTPS agent (fixes
* Convert code style to match `standard`.
@othiym23 othiym23 nock@1.2.0
Whew! All our expectations were strict enough! I guess it helps that
we're only using nock in like two tests.
@othiym23 othiym23 npm-registry-couchapp@2.6.7
Need to ensure that CLI works with latest changes to registry 2
@KenanY KenanY doc: add a few .mailmap entries 1e3cb30
@othiym23 othiym23 npm-package-arg@3.1.1
Do the minimal upgrade necessary to get tests passing with new hosted
repo metadata. I anticipate the realize-package-specifier update will be
a little more invasive.
Commits on Mar 20, 2015
@othiym23 othiym23 realize-package-specifier@2.2.0
Push the new npm-package-arg logic further into the caching logic.
Doesn't quite handle GitHub URLs correctly yet. That will require
depending on hosted-git-info directly.
@othiym23 othiym23 hosted-git-info@1.5.3
Use `hosted-git-info` directly to ensure that all GitHub URLs are being
run through the same cloning strategy for caching. Fixes #7630.
@othiym23 othiym23 adduser: explicit registry on command line wins
It turns out that config-chain allows you to query a specific config
source by type, which allows us to see whether specific config values
were set explicitly on the command line. Who knew? (Aside from @isaacs
and @dominictarr.)

Anyway, doing this required a small, noninvasive change to
test/tap/config-meta.js so that it didn't try to match the entire set of
parameters passed to `config.get` when doing its metaprogramming thing.

Fixes #7661.
@othiym23 othiym23 outdated: remove incredibly noisy logging
@othiym23 othiym23 npmlog@1.2.0
Getting caught up with where npmlog is, preparatory to npm@3.
@othiym23 othiym23 glob@5.0.3 bd72c47
@KenanY KenanY fstream-npm@1.0.2
Error out with a more descriptive message when `bundledDependencies`
isn't an array. Includes a test for npm. Also converted to `standard` style.
@othiym23 othiym23 update changelog for npm@2.7.4 70dada6
@othiym23 othiym23 update AUTHORS 6a4590e
@othiym23 othiym23 2.7.4 df29dda
Commits on Mar 21, 2015
@e-jigsaw e-jigsaw Fix typo in CHANGELOG 6a858e3
@e-jigsaw e-jigsaw Fix typo in CHANGELOG
Commits on Mar 25, 2015
@othiym23 othiym23 search: request correct URLs (fixes #7443) f35aa93
@othiym23 othiym23 cache: don't test missing strings (fixes #7746) a840a13
Commits on Mar 27, 2015
@othiym23 othiym23 semver@4.3.2
256 characters ought to be enough for anybody.
@othiym23 othiym23 tar@2.0.0
Normalize symbolic links with targets that point outside the extraction
@othiym23 othiym23 opener@1.4.1
Proper escaping for `start` under Windows.
@othiym23 othiym23 request@2.54.0
Among many other things, a number of fixes for Node.js 0.12 and io.js.
@iarna iarna github: fix the ssh fallback for private github modules
This only impacts github modules installed via github shortcuts, eg

    npm install project/module

When the module is marked as private.
@iarna iarna require-inject@1.2.0
@snuggs snuggs Update string example to have closing quotes
  Discovered when using example.
  Created syntax error when running npm install
MEDDAH Julien Switching minutes and months f87c728
@KenanY KenanY npmconf: don't open a deleted cafile 5d7f704
@msikma msikma doc: mention node_modules\npm on Windows
Add a reference to the `node_modules\npm` directory (which is where
npm's files end up after installing node), and remove the reference to
v1.4.28 since all latest releases also come in a zip file. See #7636.
@hokaccha hokaccha link: use absolute links when `npm link`ing. 3cf3b0c
@watilde watilde test: add link and link-install test 5811468
@othiym23 othiym23 test: don't interfere with dev's global root
Also make test self-contained.
@othiym23 othiym23 update changelog for npm@2.7.5 940cd1b
@othiym23 othiym23 2.7.5 29039e1
@othiym23 othiym23 update AUTHORS 1517960
@othiym23 othiym23 update AUTHORS b75420a
@othiym23 othiym23 doc: sorted mailmap and added a few mappings b3e92c2
@othiym23 othiym23 doc: minor booboo a713b9c
Commits on Apr 02, 2015
@othiym23 othiym23 git: revert 44da664
It turns out that git commands do now log their output
appropriately, and this change was causing misleading output when using
`maybeGithub`, which was exposed by
89ce829, which fixed #7630. npm's git
functionality is maybe a little overcomplicated at this point.
@othiym23 othiym23 git: don't assume stdout exists on error
When checking the remote URL for a repo, if it errors out, stdout may
not be set.

Fixes #7829.
@SonicHedgehog SonicHedgehog are-we-there-yet@1.0.4
Now compatible with Node.js v0.8, see iarna/are-we-there-yet#2.
@othiym23 othiym23 dedupe ansi-regex up to top level 8ee646c
@othiym23 othiym23 dedupe strip-ansi up to top level e51fde5
@othiym23 othiym23 dedupe async within request 63f0282
@othiym23 othiym23 deps: bundle deduped top-level dependencies e7de396
@othiym23 othiym23 semver@4.3.3
Don't throw on parse(null), handle numeric version strings better.
@othiym23 othiym23 nock@1.4.0
Tests all still pass!
@othiym23 othiym23 git: stderr can also potentially be null on error
Another fix for #7829. Tip of the keyboard to @leopoldfreeman for
pointing out the missing check.
@othiym23 othiym23 doc: -> 1349e27
Commits on Apr 03, 2015
@othiym23 othiym23 read-package-json@1.3.3
Eliminates caching of package.json files, which in turn eliminates a
class of liveness problems / incomplete cache invalidation bugs / race
conditions. Also took this opportunity to standardize the file.
Closes #7074.
@othiym23 othiym23 install: better logging, no more readJSON caching
A bunch of the tests are now getting more complete from / resolved
information because the contents of rewritten package.json files on disk
are no longer masked by `read-package-json` memoizing fs reads of
package.json files. Part of fixing #7074.
@othiym23 othiym23 test: travis should use npm HEAD for tests f5bac24
@charmander charmander npmconf: add braces missing from 5d7f704 91f5cb1
@mantoni mantoni run-script: always quote args
Fixes #7743.
@othiym23 othiym23 init-package-json@1.3.2
* only add `@` to scopes if they're missing
* validate package names inside promzard
@othiym23 othiym23 doc: provide details about security fixes in 2.7.5 755ff79
@othiym23 othiym23 update changelog for npm@2.7.6 bd1f184
@othiym23 othiym23 2.7.6 6c22e33
@othiym23 othiym23 update AUTHORS d32eb86
@SonicHedgehog SonicHedgehog Pass -e to node when using -p
Under Node.js v0.8, `node -p` alone does nothing, see joyent/node#3938.
Commits on Apr 04, 2015
@othiym23 othiym23 test: standardize / rearrange test file 891379f
Commits on Apr 08, 2015
@linclark linclark doc: --tag prevents setting "latest" on publish
@othiym23 othiym23 test: monkeypatch setImmediate globally for nock
This is probably a sign that we shouldn't be using new versions of
`nock` in these tests if 0.8 is a concern.
@SonicHedgehog SonicHedgehog spawn: map exit code 127 to ENOENT for node@0.8
Node.js v0.8 will not emit a separate `error` event if the command
could not be found. Exit code 127 is reserved for “command not found”,
Commits on Apr 09, 2015
@othiym23 othiym23 tar@2.0.1
Normalize symlinks less aggressively -- only convert to absolute paths
if they would actually point outside the extraction root, not all
symlinks with relative paths.
@iarna iarna hosted-git-info@2.0.2 23a1d5a
@iarna iarna normalize-package-data@2.0.0 eaf75ac
@iarna iarna read-package-json@2.0.0 254b887
@iarna iarna read-installed@4.0.0 63254bb
@iarna iarna init-package-json@1.4.0 6dd1e03
@iarna iarna npm-package-arg@4.0.0 95e0535
@iarna iarna npm-registry-client@6.3.0 0b9f8be
@iarna iarna realize-package-specifier@3.0.0
@othiym23 othiym23 test: add common.makeGitRepo for DRYness f40ecaa
@othiym23 othiym23 test: standardize test/tap/ls-l-depth-0.js
Commits on Apr 10, 2015
@othiym23 othiym23 hosted-git-info@2.1.0
Add support for auth embedded directly in Git URLs.
@othiym23 othiym23 git: use paths as presented by user
* Save the lightest-possibly normalized URL into `package.json` and
  package.json _from fields, because read-package-json, read-installed,
  and the cache all know how to handle them now.
* Add support for github:, gist:, bitbucket:, and gitlab: shortcut
  syntax. GitHub shortcuts will continue to be normalized to org/repo
  instead of being saved with a github: prefix (for now).
* If presented with shortcuts, try cloning via git, SSH, and HTTPS (in
  that order, skipping any methods that aren't supported by a given
  hosting provider).
* No longer prompt for credentials -- it didn't work right with the
  spinner, and wasn't guaranteed to work anyway. We may experiment with
  doing this a better way in the future. Users can override this by
  setting GIT_ASKPASS in their environment if they want to experiment
  with interactive cloning, but should also set --no-spin on the npm
  command line (or run `npm config set spin=false`).
@othiym23 othiym23 hosted-git-info@2.1.1
Support round-tripping gist: shortcuts. gist: shorthand gets normalized
to remove the username (because all you need is the ID to clone). This
confuses url.parse(), which is used to parse out the git URL.
@othiym23 othiym23 git: test all the shorthands a05e993
@othiym23 othiym23 git: save non-normalized shorthand to package.json
Instead of checking if from is just a URL, use npm-package-arg to figure
out what kind of URL or shorthand it might be, and save that to
@othiym23 othiym23 test: ensure map-to-registry.js uses common config c8faf12
@othiym23 othiym23 doc: document new hosted git shortcut syntax
@othiym23 othiym23 git: --save-exact saves fully-resolved git URL 7d92c75
@othiym23 othiym23 update changelog for npm@2.8.0 e930466
@othiym23 othiym23 2.8.0 8767113
@othiym23 othiym23 columnify@1.5.1
Switch to using babel from 6to5.
@othiym23 othiym23 request@2.55.0
BUg fixes and some simplification.
@othiym23 othiym23 glob@5.0.5
Move platform-specific shim from one place to another.
@othiym23 othiym23 nock@1.6.0 03cce83
Commits on Apr 11, 2015
@othiym23 othiym23 hosted-git-info@2.1.2
`git+https:` and `git+http:` are authed protocols.
@othiym23 othiym23 git: ensure Bitbucket with auth passes on creds 15efe12
@ewie ewie install: scoped packages with peerDependencies
Package scopes cause an additional level in the tree structure which
must be considered when resolving the target folders of a package's

Fixes #7454.
@othiym23 othiym23 install: use a more robust method for testing for scope 649e31a
@othiym23 othiym23 test: set a timeout for tap tests for test-all 8299b5f
@watilde watilde test: Sync timeout time of test-all to test and tap in scripts 756a3fb
@watilde watilde test: Use an alias of scripts and run-scripts in test-all
Commits on Apr 13, 2015
@robertkowalski robertkowalski remove child-process-close
npm doesn't support Node 0.6 any more.
@othiym23 othiym23 doc: stop slaughtering the CPU on doc rebuild e925deb
@othiym23 othiym23 test: move fixtures from test/tap to test/fixtures
Some fixtures are necessary, but they should all be combined into one
place to signpost what they're for.

Part of #7929.
@othiym23 othiym23 test: eliminate fixture directories from test/tap
It's too difficult for npm contributors to figure out what the
conventional style is for tests. Part of the problem is that the
documentation in is inadequate, but another important
factor is that the tests themselves are written in a variety of styles.
One of the most notable examples of this is the fact that many tests use
fixture directories to store precooked test scenarios and package.json

This had some negative consequences:

  * tests weren't idempotent
  * subtle dependencies between tests existed
  * new tests get written in this deprecated style because it's not
    obvious that the style is out of favor
  * it's hard to figure out why a lot of those directories existed,
    because they served a variety of purposes, so it was difficult to
    tell when it was safe to remove them

All in all, the fixture directories were a major source of technical
debt, and cleaning them up, while time-consuming, makes the whole test
suite much more approachable, and makes it more likely that new tests
written by outside contributors will follow a conventional style. To
support that, all of the tests touched by this changed were cleaned up
to pass the `standard` style checker.
@othiym23 othiym23 lru-cache@2.5.2
More accurate updating of last access time when `maxAge` is set.
@othiym23 othiym23 update changelog for npm@2.8.1 b3e3d54
@othiym23 othiym23 update AUTHORS c39e59c
@othiym23 othiym23 2.8.1 d75e297
Commits on Apr 14, 2015
@othiym23 othiym23 npm-registry-client@6.3.2
Don't send body with HTTP GET requests, which confuses the keep-alive
agent and triggers all kind of weird behavior. Fixes #7699. All glory to
smikes for finding and fixing this issue.
Commits on Apr 15, 2015
@othiym23 othiym23 update changelog for npm@2.8.2 403eebd
@othiym23 othiym23 2.8.2 dcacec9
@othiym23 othiym23 doc: forgot to :w timestamp change 4a97339
Commits on Apr 16, 2015
@othiym23 othiym23 git: resolved git URLs should be in normal form
@othiym23 othiym23 git: git: -> https: -> ssh:
Swapped SSH and HTTPS URLs to make the error messaging make more sense,
and also make it less common for users to be stuck with password prompts
they can't do anything about.
@othiym23 othiym23 update changelog for npm@2.8.3 ab35aa0
@othiym23 othiym23 2.8.3 7bed0d3
Commits on Apr 17, 2015
@othiym23 othiym23 init-package-json@1.4.1
* set a default (empty) value for the author field to make `npm init -y`
  work without user input
* allow at most one scope on a package name, replacing the new scope if
  an existing one is available
@othiym23 othiym23 lru-cache@2.6.1
* more tweaks to maxAge behavior
* length and itemCount added to gauge number of items in cache
@sandfox sandfox Make npm init text a little more friendly
I'm not sure we should use the word "sane" to refer settings etc, it seems a little ableist and there are are nicer and more accurate words we could use instead.
@zeke zeke six was not a useful number
and maybe it wasn't even the right number?
@othiym23 othiym23 tar@2.1.0
* properly error on malformed tar files
* use fromBase property to set extraction root
@othiym23 othiym23 update changelog for 2.8.4 4bf4eef
@othiym23 othiym23 2.8.4 e8d07a4
@othiym23 othiym23 update AUTHORS c36d268
Commits on Apr 21, 2015
@othiym23 othiym23 npm-registry-client@6.3.3
* When the registry returns a scoped package name in error messages,
  renormalize it back out of URLEncoded format. (@mmalecki)
* Clean up the `npm:` example in the README. (@evilpacket)
@othiym23 othiym23 editor@1.0.0
1.0.0 is bigger than 0.1.0. (@substack)
Commits on Apr 23, 2015
@othiym23 othiym23 init-package-json@1.4.2
Handle multiple validation errors better (@MisumiRize). (Also improved
testing tools (@michaelnisi).)
@smikes smikes install: include devDependencies when installing
add unit test
use fn to identify required version
Commits on Apr 24, 2015
@othiym23 othiym23 install: less closure for devDependencies f2fe828
@smikes smikes doc: update npm-scope to note npm private modules
Remove 'as of date' notice.
@kkragenbrink kkragenbrink config: version tag version prefix is configurable
Includes a test and documentation.
@ArnaudRinquin ArnaudRinquin outdated: handle private locale modules
Do not ignore them and read the version from their locale package.json

If the module also exist on the registry, the greatest semver wins
@othiym23 othiym23 test: more robust array testing for outdated
Results aren't guaranteed to be in a particular order (although maybe
they should be).
@watilde watilde unpublish: check the publishConfig field as same behavior as npm publish 18ce0ec
@othiym23 othiym23 unpublish: extract config into function
Also add a test.
@othiym23 othiym23 update changelog for 2.9.0 44b5c6c
@othiym23 othiym23 2.9.0 ae426f9
@othiym23 othiym23 update AUTHORS d725575