Pre-release

v4.1.0

@iarna iarna released this Dec 16, 2016 · 13 commits to latest since this release

v4.1.0 (2016-12-15)

I'm really excited about npm@4.1.0. I know, I know, I'm kinda overexcited in my changelogs, but this one is GREAT. We've got a WHOLE NEW subcommand, I mean, when was the last time you saw that? YEARS! And we have the beginnings of usage metrics reporting. Then there's a fix for a really subtle bug that resulted in shasum errors. And then we also have a few more bug fixes and other improvements.

ANONYMOUS METRIC REPORTING

We're adding the ability for you all to help us track the quality of your experiences using npm. Metrics will be sent if you run:

npm config set send-metrics true

Then npm will report to registry.npmjs.org the number of successful and failed installations you've had. The data contains no identifying information and npm will not attempt to correlate things like IP address with the metrics being submitted.

Currently we only track number of successful and failed installations. In the future we would like to find additional metrics to help us better quantify the quality of the npm experience.

NPM DOCTOR

Check                               Value                        Recommendation
npm ping                            ok
npm -v                              v4.0.5
node -v                             v4.6.1                       Use node v6.9.2
npm config get registry             https://registry.npmjs.org/
which git                           /Users/rebecca/bin/git
Perms check on cached files         ok
Perms check on global node_modules  ok
Perms check on local node_modules   ok
Checksum cached files               ok

It's a rare day that we add a new command to npm, so I'm excited to present to you npm doctor. It checks for a number of common problems and provides some recommended solutions. It was put together through the hard work of @watilde.

FIX MAJOR SOURCE OF SHASUM ERRORS

If you've been getting intermittent shasum errors then you'll be pleased to know that we've tracked down at least one source of them, if not THE source of them.

  • 87afc8b #14626 npm/npm-registry-client#148 npm-registry-client@7.4.5: Fix a bug where an ECONNRESET while fetching a package file would result in a partial download that would be reported as a "shasum mismatch". It now throws away the partial download and retries it. (@iarna)

FILE URLS AND NODE.JS 7

When npm was formatting file URLs we took advantage of url.format to construct them. Node.js 7 changed the behavior in such a way that our use of url.format stopped producing URLs that we could make use of.

The reasons for this have to do with the file URL specification and how invalid (according to the specification) URLs are handled. How this changed is most easily explained with a table:

URLNode.js <= 6npm's understandingNode.js 7npm's understanding
VALIDfile:///abc/deffile:///abc/def/abc/deffile:///abc/def/abc/def
invalidfile:/abc/deffile:/abc/def/abc/deffile:///abc/def/abc/def
invalidfile:abc/deffile:abc/def$CWD/abc/deffile://abc/def/def on the abc host
invalidfile:../abc/deffile:../abc/def$CWD/../abc/deffile://../abc/def/abc/def on the .. host

So the result was that passing a file URL that npm had received that used through Node.js 7's url.format changed its meaning as far as npm was concerned. As those kinds of URLs are, per the specification, invalid, how they should be handled is undefined and so the change in Node.js wasn't a bug per se.

Our solution is to stop using url.format when constructing this kind of URL.

EXTRANEOUS LIFECYCLE SCRIPT EXECUTION WHEN REMOVING

REFACTORING AND INTERNALS

  • c9b279a #15205 #15196 Only have one function that determines which version of a package to use given a specifier and a list of versions. (@iarna, @zkat)
  • 981ce63 #15090 Rewrite prune to use modern npm plumbing. (@iarna)
  • bc4b739 #15089 Rename functions and variables in the module that computes what changes to make to your installation.
    (@iarna)
  • 2449f74 #15089 When computing changes to make to your installation, use a function to add new actions to take instead of just
    pushing on a list. (@iarna)

IMPROVED LOGGING

DOCUMENTATION

DEPENDENCY UPDATES

Downloads