v3.5.1
THE npm CLI !== THE npm REGISTRY !== npm, INC.
npm-the-CLI is licensed under the terms of the Artistic License 2.0, which is a liberal open-source license that allows you to take this code and do pretty much whatever you like with it (that is, of course, not legal language, and if you're doing anything with npm that leaves you in doubt about your legal rights, please seek the review of qualified counsel, which is to say, not members of the CLI team, none of whom have passed the bar, to my knowledge). At the same time the primary registry the CLI uses when looking up and downloading packages is a commercial service run by npm, Inc., and it has its own Terms of Use.
Aside from clarifying the terms of use (and trying to make sure they're more widely known), the only recent changes to npm's licenses have been making the split between the CLI and registry clearer. You are still free to do whatever you like with the CLI's source, and you are free to view, download, and publish packages to and from registry.npmjs.org
, but now the existing terms under which you can do so are more clearly documented. Aside from the two commits below, see also the release notes for npm@3.4.1
, which is where the split between the CLI's code and the terms of use for the registry was first made more clear.
35a5dd5
#10532 Clarify thatregistry.npmjs.org
is the default, but that you're free to use the npm CLI with whatever registry you wish. (@kemitchell)fa6b013
#10532 Having semi-duplicate release information inREADME.md
was confusing and potentially inaccurate, so remove it. (@kemitchell)
EASE UP ON WINDOWS BASH USERS
It turns out that a fair number of us use bash on Windows (through MINGW or bundled with Git, plz – Cygwin is still a bridge too far, for both npm and Node.js). @jakub-g did us all a favor and relaxed the check for npm completion to support MINGW bash. Thanks, Jakub!
THE ONGOING SAGA OF BUNDLED DEPENDENCIES
npm@3.5.0
fixed up a serious issue with how npm@3.4.1
(and potentially npm@3.4.0
and npm@3.3.12
) handled the case in which dependencies bundled into a package tarball are handled improperly when one or more of their own dependencies are older than what's latest on the registry. Unfortunately, in fixing that (quite severe) regression (see npm@3.5.0
's release notes' for details), we introduced a new (small, and fortunately cosmetic) issue where npm superfluously warns you about bundled dependencies being stale. We have now fixed that, and hope that we haven't introduced any other regressions in the process. :D
MAKE NODE-GYP A LITTLE BLUER
1d14d88
node-gyp@3.2.0
: Support AIX, usewhich
to find Python, updated to a newer version ofgyp
, and more! (@bnoordhuis)
A BOUNTEOUS THANKSGIVING CORNUCOPIA OF DOC TWEAKS
These are great! Keep them coming! Sorry for letting them pile up so deep, everybody. Also, a belated Thanksgiving to our Canadian friends, and a happy Thanksgiving to all our friends in the USA.
4659f1c
#10244 Innpm@3
,npm dedupe
doesn't take any arguments, so update documentation to reflect that. (@bengotow)625a7ee
#10250 Correct order oforg:team
innpm team
documentation. (@louislarry)bea7f87
#10371 Remove broken / duplicate link to tag. (@WickyNilliams)0a25e29
#10419 Remove references to nonexistentnpm-rm(1)
documentation. (@KenanY)19b94e1
#10474 Clarify that install finds dependencies inpackage.json
. (@sleekweasel)b25efc8
#9948 Encourage users to file an issue, rather than emailing authors. (@trodrigues)24f4ced
#10497 Clarify what a package is slightly. (@aredridel)e8168d4
#10539 Remove an extra, spuriously capitalized letter. (@alexlukin-softgrad)