This repository has been archived by the owner. It is now read-only.

@iarna iarna released this Aug 23, 2017 · 463 commits to latest since this release

Assets 2

Here's another small big release, with a handful bunch of fixes and a couple of small new features! This release has been incubating rather longer than usual and it's grown quite a bit in that time. I'm also excited to say that it has contributions from 27 different folks, which is a new record for us. Our previous record was 5.1.0 at 21. Before that the record had been held by 1.3.16 since December of 2013.

chart of contributor counts by version, showing an increasing rate over time and spikes mid in the 1.x series and later at 5.x

If you can't get enough of the bleeding edge, I encourage you to check out our canary release of npm. Get it with npm install -g npmc. It's going to be seeing some exciting stuff in the next couple of weeks, starting with a rewriten npm dedupe, but moving on to… well, you'll just have to wait and find out.

PERFORMANCE

  • d080379f6 pacote@6.0.1 Updates extract to use tar@4, which is much faster than the older tar@2. It reduces install times by as much as 10%. (@zkat)
  • 4cd6a1774 0195c0a8c #16804 tar@4.0.1 Update publish to use tar@4. tar@4 brings many advantages over tar@2: It's faster, better tested and easier to work with. It also produces exactly the same byte-for-byte output when producing tarballs from the same set of files. This will have some nice carry on effects for things like caching builds from git. And finally, last but certainly not least, upgrading to it also let's us finally eliminate fstream—if you know what that is you'll know why we're so relieved. (@isaacs)

FEATURES

  • 1ac470dd2 #10382 If you make a typo when writing a command now, npm will print a brief "did you mean..." message with some possible alternatives to what you meant. (@watilde)
  • 20c46228d #12356 When running lifecycle scripts, INIT_CWD will now contain the original working directory that npm was executed from. Remember that you can use npm run-script even if you're not inside your package root directory! (@MichaelQQ)
  • be91e1726 4e7c41f4a libnpx@9.6.0: Fixes a number of issues on Windows and adds support for several more languages: Korean, Norwegian (bokmål and nynorsk), Ukrainian, Serbian, Bahasa Indonesia, Polish, Dutch and Arabic. (@zkat)
  • 2dec601c6 #17142 Add the new commit-hooks option to npm version so that you can disable commit hooks when committing the version bump. (@faazshift)
  • bde151902 #14461 Make output from npm ping clear as to its success or failure. (@legodude17)

BUGFIXES

  • b6d5549d2 #17844 Make package-lock.json sorting locale-agnostic. Previously, sorting would vary by locale, due to using localeCompare for key sorting. This'll give you a little package-lock.json churn as it reshuffles things, sorry! (@LotharSee)
  • 44b98b9dd #17919 Fix a crash where npm prune --production would fail while removing .bin. (@fasterthanlime)
  • c3d1d3ba8 #17816 Fail more smoothly when attempting to install an invalid package name. (@SamuelMarks)
  • 55ac2fca8 #12784 Guard against stack overflows when marking packages as failed. (@vtravieso)
  • 597cc0e4b #15087 Stop outputting progressbars or using color on dumb terminals. (@iarna)
  • 7a7710ba7 #15088 Don't exclude modules that are both dev & prod when using npm ls --production. (@iarna)
  • 867df2b02 #18164 Only do multiple procs on OSX for now. We've seen a handful of issues relating to this in Docker and in on Windows with antivirus. (@zkat)
  • 23540af7b #18117 Some package managers would write spaces to the _from field in package.json's in the form of name @spec. This was causing npm to fail to interpret them. We now handle that correctly and doubly make sure we don't do that ourselves. (@IgorNadj)
  • 0ef320cb4 #16634 Convert any bin script with a shbang a the start to Unix line-endings. (These sorts of scripts are not compatible with Windows line-endings even on Windows.) (@ScottFreeCode)
  • 71191ca22 #16476 npm-lifecycle@1.0.2 Running an install with --ignore-scripts was resulting in the the package object being mutated to have the lifecycle scripts removed from it and that in turn was being written out to disk, causing further problems. This fixes that: No more mutation, no more unexpected changes. (@addaleax)
  • 459fa9d51 npm/read-package-json#74 #17802 read-package-json@2.0.1 Use unix-style slashes for generated bin entries, which lets them be cross platform even when produced on Windows. (@iarna)
  • 5ec72ab5b #18229 Make install.sh find nodejs on debian. (@cebe)

DOCUMENTATION

POSSIBLY INTERESTING DEPENDENCY UPDATES

  • 48d84171a f60b05d63 semver@5.4.1 Perf improvements. (@zkat)
  • f4650b5d4 write-file-atomic@2.3.0: Serialize writes to the same file so that results are deterministic. Cleanup tempfiles when process is interrupted or killed. (@ferm10n) (@iarna)

CHORES

  • 96d78df98 80e2f4960 4f49f687b 07d2296b1 a267ab430 #18176 #18025 Move the lifecycle code out of npm into a separate library, npm-lifecycle. Shh, I didn't tell you this, but this portends to some pretty cool stuff to come very soon now. (@mikesherov)
  • 0933c7eaf #18025 Force Travis to use Precise instead of Trusty. We have issues with our couchdb setup and Trusty. =/ (@mikesherov)
  • afb086230 #18138 Fix typos in files-and-ignores test. (@supertong)
  • 3e6d11cde #18175 Update dependencies to eliminate transitive dependencies with the WTFPL license, which some more serious corporate lawyery types aren't super comfortable with. (@zkat)
  • ee4c9bd8a #16474 The tests in test/tap/lifecycle-signal.js, as well as the features they are testing, are partially broken. This moves them from being skipped in CI to being disabled only for certain platforms. In particular, because npm spawns its lifecycle scripts in a shell, signals are not necessarily forwarded by the shell and won’t cause scripts to exit; also, shells may report the signal they receive using their exit status, rather than terminating themselves with a signal. (@addaleax)
  • 9462e5d9c #16547 Remove unused file: bin/read-package-json.js (@metux)
  • 0756d687d #16550 The build tools for the documentation need to be built/installed before the documents, even with parallel builds. Make has a simple mechanism which was made exactly for that: target dependencies. (@metux)