Skip to content

Update npm to v11 in Node.js v22 #58423

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mcollina opened this issue May 22, 2025 · 5 comments
Open

Update npm to v11 in Node.js v22 #58423

mcollina opened this issue May 22, 2025 · 5 comments
Labels
tsc-agenda Issues and PRs to discuss during the meetings of the TSC.

Comments

@mcollina
Copy link
Member

We should update NPM to v11 in Node.js v22 to work around this bug npm/cli#8184.

It's causing some friction with a lot of users.

What are the breaking changes? According to https://github.com/npm/cli/blob/latest/CHANGELOG.md doesn't look like there are many.

cc @nodejs/npm @nodejs/releasers
@richardlau
Copy link
Member

richardlau commented May 22, 2025
edited
Loading

What are the breaking changes?

Also from #58347 (comment) it sounds like there's some sort of issue on Windows with npm 11.4.0?

@wraithgar
Copy link
Contributor

I'll isolate the (relevant) breaking changes here just to help keep folks on one page:

  • Upon publishing, in order to apply a default "latest" dist tag, the command now retrieves all prior versions of the package. It will require that the version you're trying to publish is above the latest semver version in the registry, not including pre-release tags.
  • npm init now has a type prompt, and sorts the entries the created packages differently
  • bun.lockb files are now included in the strict ignore list during packing
  • When publishing a package with a pre-release version, you must explicitly specify a tag.
  • --ignore-scripts now applies to all lifecycle scripts, include prepare
  • npm will no longer fall back to the old audit endpoint if the bulk advisory request fails.
  • npm will no longer switch to global mode if aliased to "npmg" or "npm-g" etc.
  • The npm hook command has been removed
  • Attestations made by this package will no longer validate in npm versions prior to 10.6.0

The Windows issue is isolated to Powershell users, and is being worked on. The bugs that the new code is trying to fix exists in npm 10 already, and we are waiting on backports till it is all worked out.

@alexsch01
Copy link
Contributor

alexsch01 commented May 22, 2025
edited
Loading

The biggest breaking change / annoyance is the deprecation warning for non-NPM config options in .npmrc files

@wraithgar for that Windows issue, I just finished fixing the redirection

@ljharb
Copy link
Member

ljharb commented May 22, 2025

I agree; all the rest of them are preventing footguns, so even if users are annoyed, they'll figure out the explicit better path easily. That config one, though, might cause some friction.

@alexsch01
Copy link
Contributor

npm/cli#8332

@mcollina mcollina added the tsc-agenda Issues and PRs to discuss during the meetings of the TSC. label May 28, 2025
@mhdawson mhdawson mentioned this issue Jun 1, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
tsc-agenda Issues and PRs to discuss during the meetings of the TSC.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@wraithgar @ljharb @mcollina @richardlau @alexsch01