Be notified of new releases
Create your free GitHub account today to subscribe to this repository for new releases and build software alongside 28 million developers.Sign up
32ec2f54b#20257 Add shasum and integrity to the new
npm viewoutput. (@zkat)
npm citcommand that's equivalent of
npm ci && npm tthat's equivalent of
npm it. (@SimenB)
6eaa860eaEliminate direct use of
npm. While the use of it in
npmwas safe, there are two other reasons for this change:
- Node 10 emits warnings about its use.
- Users who require npm as a library (which they definitely should not do) can call the functions that call
new Bufferin unsafe ways, if they try really hard.
85900a294Starting with 5.8.0 the
requiressection of the lock-file saved version ranges instead of specific versions. Due to a bug, further actions on the same lock-file would result in the range being switched back to a version. This corrects that, keeping ranges when they appear. (@iarna)
59d080a22Restore the ability to bundle dependencies that are uninstallable from the registry. This also eliminates needless registry lookups for bundled dependencies.
Fixed a bug where attempting to install a dependency that is bundled inside another module without reinstalling that module would result in ENOENT errors. (@iarna)
#20029 Allow packages with non-registry specifiers to follow the fast path that the we use with the lock-file for registry specifiers. This will improve install time especially when operating only on the package-lock (
Fix the a bug where
npm i --only=prodcould remove development dependencies from lock-file. (@iarna)
5d17c87d8#20032 Fix bug where unauthenticated errors would get reported as both 404s and 401s, i.e.
npm ERR! 404 Registry returned 401. In these cases the error message will now be much more informative. (@iarna)
firstname.lastname@example.org: Detect binding.gyp for default install lifecycle. Let's
npm ciwork on projects that have their own C code. (@caleblloyd)