This repository has been archived by the owner. It is now read-only.

@iarna iarna released this Oct 7, 2016 · 1259 commits to latest since this release

Assets 2

Hi everyone! This is the last of our monthly releases. We're going to give an every-two-weeks schedule a try starting with our next release. We'll reevaluate in a quarter, but we suspect that will be what we'll stick with. You might be wondering why we've been fiddling with the release cadence? Well, we've been trying to tune it to to minimize the overhead for our little team.

This is ALSO the ULTIMATE release of npm version 3. That's right, in just two weeks' time (October 20th for you fans of calendar time), our dear npm will be hitting the big 4.0.


This is gonna be a much, MUCH smaller major version than 3.x was. Maybe even smaller than 2.x was. I can't tell you everything that'll be in there just yet, but at the very least it's going to have what's in our 4.x milestone, PLUS, the first steps in making prepublish work the way people expect it to.


This release sees a whole slew of bug fixes. Notably a bunch of lifecycle fixes and a really important shrinkwrap fix.


  • d388f90 #13942 Fix current working directory while running shrinkwrap lifecycle scripts. Previously if you ran a shrinkwrap from another lifecycle script AND node_modules existed (and if you're running npm shrinkwrap it probably should) then npm would run the shrinkwrap lifecycle from the node_modules folder instead of the package folder. (@evocateur) (@iarna)
  • c3b6cdf #13964 Fix bug where the uninstall lifecycles weren't being run when you reinstalled/updated an existing module. (@iarna)
  • 72bb89c #13344 When running lifecycles use TMPDIR if it's writable and fall back to the current working directory if not. Previously we just assumed TMPDIR wouldn't be writable (as we might have been running as nobody and nobody on some systems can't write to TMPDIR). (@aaronjensen)


  • 3b5eee0 #13941 Fix git and tagged dependency matching with shrinkwraps. Previously git and tag (ie foo@latest) dependencies installed from a shrinkwrap would always be flagged as invalid. (@iarna)


  • bf3bd1e #14143 Fix bug in npm version where npm-shrinkwrap.json wouldn't be updated if you ran npm version from outside of your project root. (@lholmquist)
  • 1089878 #13613 Log 'skipping action' as 'verbose' instead of 'warn'. This removes a lot of clutter when there are links in your node_modules. The long term plan is to entirely blind npm to what's inside links, which will make this code go away entirely. (@timoxley)
  • 952f1e1 #13999 Fix a bug where setting bin to null in your package.json would result in npm crashing. (@IonicaBizau)
  • fcf8b11 #14032 When using npm view, if you specified a version that didn't exist it would previously print undefined (even if you asked for JSON output). It now prints nothing in this situation. This brings npm@3's behavior in line with npm@2. (@roblg)
  • 93c689f #14032 When using npm view --json with a version range that matches multiple versions we now return a list of all of the metadata for all of those versions. Previously we picked one and only returned that. This brings npm@3's behavior in line with npm@2. (@roblg)
  • 2411728 #14045 Fix a Windows-only bug in the git tests. The tests had rather particular ideas about what arguments would be passed to git and on Windows they got this wrong. (@watilde)