npm
Version:
a package manager for JavaScript
997 lines (825 loc) • 232 kB
Markdown
### v3.1.1
#### RED EYE RELEASE
Rebecca's up too late writing tests, so you can have npm@3 bug fixes! Lots
of great new issues from you all! ❤️️ Keep it up!
#### YUP STILL BETA, PLEASE PAY ATTENTION
**_THIS IS BETA SOFTWARE_**. Yes, we're still reminding you of this. No,
you can't be excused. `npm@3` will remain in beta until we're confident
that it's stable and have assessed the effect of the breaking changes on the
community. During that time we will still be doing `npm@2` releases, with
`npm@2` tagged as `latest` and `next`. We'll _also_ be publishing new
releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest` alongside those
versions until we're ready to switch everyone over to `npm@3`. We need your
help to find and fix its remaining bugs. It's a significant rewrite, so we
are _sure_ there still significant bugs remaining. So do us a solid and
deploy it in non-critical CI environments and for day-to-day use, but maybe
don't use it for production maintenance or frontline continuous deployment
just yet.
#### BOOGS
* [`9badfd6`](https://github.com/npm/npm/commit/9babfd63f19f2d80b2d2624e0963b0bdb0d76ef4)
[#8608](https://github.com/npm/npm/issues/8608)
Make global installs and uninstalls MUCH faster by only reading the directories of
modules referred to by arguments.
([@iarna](https://github.com/iarna)
* [`075a5f0`](https://github.com/npm/npm/commit/075a5f046ab6837f489b08d44cb601e9fdb369b7)
[#8660](https://github.com/npm/npm/issues/8660)
Failed optional deps would still result in the optional deps own
dependencies being installed. We now find them and fail them out of the
tree.
([@iarna](https://github.com/iarna)
* [`c9fbbb5`](https://github.com/npm/npm/commit/c9fbbb540083396ea58fd179d81131d959d8e049)
[#8863](https://github.com/npm/npm/issues/8863)
The "no compatible version found" error message was including only the
version requested, not the name of the package we wanted. Ooops!
([@iarna](https://github.com/iarna)
* [`32e6bbd`](https://github.com/npm/npm/commit/32e6bbd21744dcbe8c0720ab53f60caa7f2a0588)
[#8806](https://github.com/npm/npm/issues/8806)
The "uninstall" lifecycle was being run after all of a module's dependencies has been
removed. This reverses that order-- this means "uninstall" lifecycles can make use
of the package's dependencies.
([@iarna](https://github.com/iarna)
#### MERGED FORWARD
* Check out the [v2.13.1 release notes](https://github.com/npm/npm/releases/tag/v2.13.1)
and see all the changes we ported from npm@2.
### v2.13.1 (2015-07-09):
#### KAUAI WAS NICE. I MISS IT.
But Forrest's still kinda on vacation, and not just mentally, because he's
hanging out with the fine meatbags at CascadiaFest. Enjoy this small bug
release.
#### MAKE OURSELVES HAPPY
* [`40981f2`](https://github.com/npm/npm/commit/40981f2e0c9c12bb003ccf188169afd1d201f5af)
[#8862](https://github.com/npm/npm/issues/8862) Make the lifecycle's safety
check work with scoped packages. ([@tcort](https://github.com/tcort))
* [`5125856`](https://github.com/npm/npm/commit/512585622481dbbda9a0306932468d59efaff658)
[#8855](https://github.com/npm/npm/issues/8855) Make dependency versions of
`"*"` match `"latest"` when all versions are prerelease.
([@iarna](https://github.com/iarna))
* [`22fdc1d`](https://github.com/npm/npm/commit/22fdc1d52602ba7098af978c75fca8f7d1060141)
Visually emphasize the correct way to write lifecycle scripts.
([@josh-egan](https://github.com/josh-egan))
#### MAKE TRAVIS HAPPY
* [`413c3ac`](https://github.com/npm/npm/commit/413c3ac2ab2437f3011c6ca0d1630109ec14e604)
Use npm's `2.x` branch for testing its `2.x` branch.
([@iarna](https://github.com/iarna))
* [`7602f64`](https://github.com/npm/npm/commit/7602f64826f7a465d9f3a20bd87a376d992607e6)
Don't prompt for GnuPG passphrase in version lifecycle tests.
([@othiym23](https://github.com/othiym23))
#### MAKE `npm outdated` HAPPY
* [`d338668`](https://github.com/npm/npm/commit/d338668601d1ebe5247a26237106e80ea8cd7f48)
[#8796](https://github.com/npm/npm/issues/8796) `fstream-npm@1.0.4`: When packing the
package tarball, npm no longer crashes for packages with certain combinations of
`.npmignore` entries, `.gitignore` entries, and lifecycle scripts.
([@iarna](https://github.com/iarna))
* [`dbe7c9c`](https://github.com/npm/npm/commit/dbe7c9c74734be870d16dd61b9e7f746123011f6)
`nock@2.7.0`: Add matching based on query strings.
([@othiym23](https://github.com/othiym23))
There are new versions of `strip-ansi` and `ansi-regex`, but npm only uses them
indirectly, so we pushed them down into their dependencies where they can get
updated at their own pace.
* [`06b6ca5`](https://github.com/npm/npm/commit/06b6ca5b5333025f10c8d901628859bd4678e027)
undeduplicate `ansi-regex` ([@othiym23](https://github.com/othiym23))
* [`b168e33`](https://github.com/npm/npm/commit/b168e33ad46faf47020a45f72ba8cec8c644bdb9)
undeduplicate `strip-ansi` ([@othiym23](https://github.com/othiym23))
### v3.1.0 (2015-07-02):
This has been a brief week of bug fixes, plus some fun stuff merged forward
from this weeks 2.x release. See the
[2.13.0 release notes](https://github.com/npm/npm/releases/tag/v2.13.0)
for details on that.
You all have been AWESOME with
[all](https://github.com/npm/npm/milestones/3.x)
[the](https://github.com/npm/npm/milestones/3.2.0)
npm@3 bug reports! Thank you and keep up the great work!
#### NEW PLACE, SAME CODE
Remember how last week we said `npm@3` would go to `3.0-next` and latest
tags? Yeaaah, no, please use `npm@v3.x-next` and `npm@v3.x-latest` going forward.
I dunno why we said "suuure, we'll never do a feature release till we're out
of beta" when we're still forward porting `npm@2.x` features. `¯\_(ツ)_/¯`
If you do accidentally use the old tag names, I'll be maintaining them
for a few releases, but they won't be around forever.
#### YUP STILL BETA, PLEASE PAY ATTENTION
**_THIS IS BETA SOFTWARE_**. `npm@3` will remain in beta until we're
confident that it's stable and have assessed the effect of the breaking
changes on the community. During that time we will still be doing `npm@2`
releases, with `npm@2` tagged as `latest` and `next`. We'll _also_ be
publishing new releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest`
alongside those versions until we're ready to switch everyone over to
`npm@3`. We need your help to find and fix its remaining bugs. It's a
significant rewrite, so we are _sure_ there still significant bugs
remaining. So do us a solid and deploy it in non-critical CI environments
and for day-to-day use, but maybe don't use it for production maintenance
or frontline continuous deployment just yet.
#### BUGS ON THE WINDOWS
* [`0030ade`](https://github.com/npm/npm/commit/0030ade)
[#8685](https://github.com/npm/npm/issues/8685)
Windows would hang when trying to clone git repos
([@euprogramador](https://github.com/npm/npm/pull/8777))
* [`b259bcc`](https://github.com/npm/npm/commit/b259bcc)
[#8786](https://github.com/npm/npm/pull/8786)
Windows permissions checks would cause installations to fail under some
circumstances. We're disabling the checks entirely for this release.
I'm hoping to check back with this next week to get a Windows friendly
fix in.
([@iarna](https://github.com/iarna))
#### SO MANY BUGS SQUASHED, JUST CALL US RAID
* [`0848698`](https://github.com/npm/npm/commit/0848698)
[#8686](https://github.com/npm/npm/pull/8686)
Stop leaving progress bar cruft on the screen during publication
([@ajcrites](https://github.com/ajcrites))
* [`57c3cea`](https://github.com/npm/npm/commit/57c3cea)
[#8695](https://github.com/npm/npm/pull/8695)
Remote packages with shrinkwraps made npm cause node + iojs to explode
and catch fire. NO MORE.
([@iarna](https://github.com/iarna))
* [`2875ba3`](https://github.com/npm/npm/commit/2875ba3)
[#8723](https://github.com/npm/npm/pull/8723)
I uh, told you that engineStrict checking had gone away last week.
TURNS OUT I LIED. So this is making that actually be true.
([@iarna](https://github.com/iarna))
* [`28064e5`](https://github.com/npm/npm/commit/28064e5)
[#3358](https://github.com/npm/npm/issues/3358)
Consistently allow Unicode BOMs at the start of package.json files.
Previously this was allowed some of time, like when you were installing
modules, but not others, like running npm version or installing w/
`--save`.
([@iarna](https://github.com/iarna))
* [`3cb6ad2`](https://github.com/npm/npm/commit/3cb6ad2)
[#8736](https://github.com/npm/npm/issues/8766)
npm@3 wasn't running the "install" lifecycle in your current (toplevel)
module. This broke modules that relied on C compilation. BOO.
([@iarna](https://github.com/iarna))
* [`68da583`](https://github.com/npm/npm/commit/68da583)
[#8766](https://github.com/npm/npm/issues/8766)
To my great shame, `npm link package` wasn't working AT ALL if you
didn't have `package` already installed.
([@iarna](https://github.com/iarna))
* [`edd7448`](https://github.com/npm/npm/commit/edd7448)
read-package-tree@5.0.0: This update makes read-package-tree not explode
when there's bad data in your node_modules folder. npm@2 silently
ignores this sort of thing.
([@iarna](https://github.com/iarna))
* [`0bb08c8`](https://github.com/npm/npm/commit/0bb08c8)
[#8778](https://github.com/npm/npm/pull/8778)
RELATEDLY, we now show any errors from your node_modules folder after
your installation completes as warnings. We're also reporting these in
`npm ls` now.
([@iarna](https://github.com/iarna))
* [`6c248ff`](https://github.com/npm/npm/commit/6c248ff)
[#8779](https://github.com/npm/npm/pull/8779)
Hey, you know how we used to complain if your `package.json` was
missing stuff? Well guess what, we are again. I know, I know, you can
thank me later.
([@iarna](https://github.com/iarna))
* [`d6f7c98`](https://github.com/npm/npm/commit/d6f7c98)
So, when we were rolling back after errors we had untested code that
tried to undo moves. Being untested it turns out it was very broken.
I've removed it until we have time to do this right.
([@iarna](https://github.com/iarna))
#### NEW VERSION
Just the one. Others came in via the 2.x release. Do check out its
changelog, immediately following this message.
* [`4e602c5`](https://github.com/npm/npm/commit/4e602c5) lodash@3.2.2
### v2.13.0 (2015-07-02):
#### FORREST IS OUT! LET'S SNEAK IN ALL THE THINGS!
Well, not _everything_. Just a couple of goodies, like the new `npm ping`
command, and the ability to add files to the commits created by `npm version`
with the new version hooks. There's also a couple of bugfixes in `npm` itself
and some of its dependencies. Here we go!
#### YES HELLO THIS IS NPM REGISTRY SORRY NO DOG HERE
Yes, that's right! We now have a dedicated `npm ping` command. It's super simple
and super easy. You ping. We tell you whether you pinged right by saying hello
right back. This should help out folks dealing with things like proxy issues or
other registry-access debugging issues. Give it a shot!
This addresses [#5750](https://github.com/npm/npm/issues/5750), and will help
with the `npm doctor` stuff descripbed in
[#6756](https://github.com/npm/npm/issues/6756).
* [`f1f7a85`](https://github.com/npm/npm/commit/f1f7a85)
Add ping command to CLI
([@michaelnisi](https://github.com/michaelnisi))
* [`8cec629`](https://github.com/npm/npm/commit/8cec629)
Add ping command to npm-registry-client
([@michaelnisi](https://github.com/michaelnisi))
* [`0c0c92d`](https://github.com/npm/npm/0c0c92d)
Fixed ping command issues (added docs, tests, fixed minor bugs, etc)
([@zkat](https://github.com/zkat))
#### I'VE WANTED THIS FOR `version` SINCE LIKE LITERALLY FOREVER AND A DAY
Seriously! This patch lets you add files to the `version` commit before it's
made, So you can add additional metadata files, more automated changes to
`package.json`, or even generate `CHANGELOG.md` automatically pre-commit if
you're into that sort of thing. I'm so happy this is there I can't even. Do you
have other fun usecases for this? Tell
[npmbot (@npmjs)](http://twitter.com/npmjs) about it!
* [`582f170`](https://github.com/npm/npm/commit/582f170)
[#8620](https://github.com/npm/npm/issues/8620) version: Allow scripts to add
files to the commit.
([@jamestalmage](https://github.com/jamestalmage))
#### ALL YOUR FILE DESCRIPTORS ARE BELONG TO US
We've had problems in the past with things like `EMFILE` errors popping up when
trying to install packages with a bunch of dependencies. Isaac patched up
[`graceful-fs`](https://github.com/isaacs/node-graceful-fs) to handle this case
better, so we should be seeing fewer of those.
* [`022691a`](https://github.com/npm/npm/commit/022691a)
`graceful-fs@4.1.2`: Updated so we can monkey patch globally.
([@isaacs](https://github.com/isaacs))
* [`c9fb0fd`](https://github.com/npm/npm/commit/c9fb0fd)
Globally monkey-patch graceful-fs. This should fix some errors when installing
packages with lots of dependencies.
([@isaacs](https://github.com/isaacs))
#### READ THE FINE DOCS. THEY'VE IMPROVED
* [`5587d0d`](https://github.com/npm/npm/commit/5587d0d)
Nice clarification for `directories.bin`
([@ujane](https://github.com/ujane))
* [`20673c7`](https://github.com/npm/npm/commit/20673c7)
Hey, Windows folks! Check out
[`nvm-windows`](https://github.com/coreybutler/nvm-windows)
([@ArtskydJ](https://github.com/ArtskydJ))
#### MORE NUMBERS! MORE VALUE!
* [`5afa2d5`](https://github.com/npm/npm/commit/5afa2d5)
`validate-npm-package-name@2.2.2`: Documented package name rules in README
([@zeusdeux](https://github.com/zeusdeux))
* [`021f4d9`](https://github.com/npm/npm/commit/021f4d9)
`rimraf@2.4.1`: [#74](https://github.com/isaacs/rimraf/issues/74) Use async
function for bin (to better handle Window's `EBUSY`)
([@isaacs](https://github.com/isaacs))
* [`5223432`](https://github.com/npm/npm/commit/5223432)
`osenv@0.1.3`: Use `os.homedir()` polyfill for more reliable output. io.js
added the function and the polyfill does a better job than the prior solution.
([@sindresorhus](https://github.com/sindresorhus))
* [`8ebbc90`](https://github.com/npm/npm/commit/8ebbc90)
`npm-cache-filename@1.0.2`: Make sure different git references get different
cache folders. This should prevent `foo/bar#v1.0` and `foo/bar#master` from
sharing the same cache folder.
([@tomekwi](https://github.com/tomekwi))
* [`367b854`](https://github.com/npm/npm/commit/367b854)
`lru-cache@2.6.5`: Minor test/typo changes
([@isaacs](https://github.com/isaacs))
* [`9fcae61`](https://github.com/npm/npm/commit/9fcae61)
`glob@5.0.13`: Tiny doc change + stop firing 'match' events for ignored items.
([@isaacs](https://github.com/isaacs))
#### OH AND ONE MORE THING
* [`7827249`](https://github.com/npm/npm/commit/7827249)
`PeerDependencies` errors now include the package version.
([@NickHeiner](https://github.com/NickHeiner))
### v2.12.1 (2015-06-25):
#### HEY WHERE DID EVERYBODY GO
I keep [hearing some commotion](https://github.com/npm/npm/releases/tag/v3.0.0).
Is there something going on? Like, a party or something? Anyway, here's a small
release with at least two significant bug fixes, at least one of which some of
you have been waiting for for quite a while.
#### REMEMBER WHEN I SAID "REMEMBER WHEN I SAID THAT THING ABOUT PERMISSIONS?"?
`npm@2.12.0` has a change that introduces a fix for a permissions problem
whereby the `_locks` directory in the cache directory can up being owned by
root. The fix in 2.12.0 takes care of that problem, but introduces a new
problem for Windows users where npm tries to call `process.getuid()`, which
doesn't exist on Windows. It was easy enough to fix (but more or less
impossible to test, thanks to all the external dependencies involved with
permissions and platforms and whatnot), but as a result, Windows users might
want to skip `npm@2.12.0` and go straight to `npm@2.12.1`. Sorry about that!
* [`7e5da23`](https://github.com/npm/npm/commit/7e5da238ee869201fdb9027c27b79b0f76b440a8)
When using the new, "fixed" cache directory creator, be extra-careful to not
call `process.getuid()` on platforms that lack it.
([@othiym23](https://github.com/othiym23))
#### WHEW! ALL DONE FIXING GIT FOREVER!
New npm CLI team hero [@zkat](https://github.com/zkat) has finally (FINALLY)
fixed the regression somebody (hi!) introduced a couple months ago whereby git
URLs of the format `git+ssh://user@githost.com:org/repo.git` suddenly stopped
working, and also started being saved (and cached) incorrectly. I am 100% sure
there are absolutely no more bugs in the git caching code at all ever. Mm hm.
Yep. Pretty sure. Maybe. Hmm... I hope.
*Sighs audibly.*
[Let us know](http://github.com/npm/npm/issues/new) if we broke something else
with this fix.
* [`94ca4a7`](https://github.com/npm/npm/commit/94ca4a711619ba8e40ce3d20bc42b13cdb7611b7)
[#8031](https://github.com/npm/npm/issues/8031) Even though
`git+ssh://user@githost.com:org/repo.git` isn't a URL, treat it like one for
the purposes of npm. ([@zkat](https://github.com/zkat))
* [`e7f56e5`](https://github.com/npm/npm/commit/e7f56e5a97fcf1c52d5c5bee71303b0126129815)
[#8031](https://github.com/npm/npm/issues/8031) `normalize-git-url@2.0.0`:
Handle git URLs (and URL-like remote refs) in a manner consistent with npm's
docs. ([@zkat](https://github.com/zkat))
#### YEP, THERE ARE STILL DEPENDENCY UPGRADES
* [`679bf47`](https://github.com/npm/npm/commit/679bf4745ac2cfbb01c9ce273e189807fd04fa33)
[#40](http://github.com/npm/read-installed/issues/40) `read-installed@4.0.1`:
Handle prerelease versions in top-level dependencies not in `package.json`
without marking those packages as invalid.
([@benjamn](https://github.com/benjamn))
* [`3a67410`](https://github.com/npm/npm/commit/3a6741068c9119174c920496778aeee870ebdac0)
`tap@1.3.1` ([@isaacs](https://github.com/isaacs))
* [`151904a`](https://github.com/npm/npm/commit/151904af39dc24567f8c98529a2a64a4dbcc960a)
`nopt@3.0.3` ([@isaacs](https://github.com/isaacs))
### v3.0.0 (2015-06-25):
Wow, it's finally here! This has been a long time coming. We are all
delighted and proud to be getting this out into the world, and are looking
forward to working with the npm user community to get it production-ready
as quickly as possible.
`npm@3` constitutes a nearly complete rewrite of npm's installer to be
easier to maintain, and to bring a bunch of valuable new features and
design improvements to you all.
[@othiym23](https://github.com/othiym23) and
[@isaacs](https://github.com/isaacs) have been
[talking about the changes](http://blog.npmjs.org/post/91303926460/npm-cli-roadmap-a-periodic-update)
in this release for well over a year, and it's been the primary focus of
[@iarna](https://github.com/iarna) since she joined the team.
Given that this is a near-total rewrite, all changes listed here are
[@iarna](https://github.com/iarna)'s work unless otherwise specified.
#### NO, REALLY, READ THIS PARAGRAPH. IT'S THE IMPORTANT ONE.
**_THIS IS BETA SOFTWARE_**. `npm@3` will remain in beta until we're
confident that it's stable and have assessed the effect of the breaking
changes on the community. During that time we will still be doing `npm@2`
releases, with `npm@2` tagged as `latest` and `next`. We'll _also_ be
publishing new releases of `npm@3` as `npm@3.0-next` and `npm@3.0-latest`
alongside those versions until we're ready to switch everyone over to
`npm@3`. We need your help to find and fix its remaining bugs. It's a
significant rewrite, so we are _sure_ there still significant bugs
remaining. So do us a solid and deploy it in non-critical CI environments
and for day-to-day use, but maybe don't use it for production maintenance
or frontline continuous deployment just yet.
#### BREAKING CHANGES
##### `peerDependencies`
`grunt`, `gulp`, and `broccoli` plugin maintainers take note! You will be
affected by this change!
* [#6930](https://github.com/npm/npm/issues/6930)
([#6565](https://github.com/npm/npm/issues/6565))
`peerDependencies` no longer cause _anything_ to be implicitly installed.
Instead, npm will now warn if a packages `peerDependencies` are missing,
but it's up to the consumer of the module (i.e. you) to ensure the peers
get installed / are included in `package.json` as direct `dependencies`
or `devDependencies` of your package.
* [#3803](https://github.com/npm/npm/issues/3803)
npm also no longer checks `peerDependencies` until after it has fully
resolved the tree.
This shifts the responsibility for fulfilling peer dependencies from library
/ framework / plugin maintainers to application authors, and is intended to
get users out of the dependency hell caused by conflicting `peerDependency`
constraints. npm's job is to keep you _out_ of dependency hell, not put you
in it.
##### `engineStrict`
* [#6931](https://github.com/npm/npm/issues/6931) The rarely-used
`package.json` option `engineStrict` has been deprecated for several
months, producing warnings when it was used. Starting with `npm@3`, the
value of the field is ignored, and engine violations will only produce
warnings. If you, as a user, want strict `engines` field enforcement,
just run `npm config set engine-strict true`.
As with the peer dependencies change, this is about shifting control from
module authors to application authors. It turns out `engineStrict` was very
difficult to understand even harder to use correctly, and more often than
not just made modules using it difficult to deploy.
##### `npm view`
* [`77f1aec`](https://github.com/npm/npm/commit/77f1aec) With `npm view` (aka
`npm info`), always return arrays for versions, maintainers, etc. Previously
npm would return a plain value if there was only one, and multiple values if
there were more. ([@KenanY](https://github.com/KenanY))
#### KNOWN BUGS
Again, this is a _**BETA RELEASE**_, so not everything is working just yet.
Here are the issues that we already know about. If you run into something
that isn't on this list,
[let us know](https://github.com/npm/npm/issues/new)!
* [#8575](https://github.com/npm/npm/issues/8575)
Circular deps will never be removed by the prune-on-uninstall code.
* [#8588](https://github.com/npm/npm/issues/8588)
Local deps where the dep name and the name in the package.json differ
don't result in an error.
* [#8637](https://github.com/npm/npm/issues/8637)
Modules can install themselves as direct dependencies. npm@2 declined to
do this.
* [#8660](https://github.com/npm/npm/issues/8660)
Dependencies of failed optional dependencies aren't rolled back when the
optional dependency is, and then are reported as extraneous thereafter.
#### NEW FEATURES
##### The multi-stage installer!
* [#5919](https://github.com/npm/npm/issues/5919)
Previously the installer had a set of steps it executed for each package
and it would immediately start executing them as soon as it decided to
act on a package.
But now it executes each of those steps at the same time for all
packages, waiting for all of one stage to complete before moving on. This
eliminates many race conditions and makes the code easier to reason
about.
This fixes, for instance:
* [#6926](https://github.com/npm/npm/issues/6926)
([#5001](https://github.com/npm/npm/issues/5001),
[#6170](https://github.com/npm/npm/issues/6170))
`install` and `postinstall` lifecycle scripts now only execute `after`
all the module with the script's dependencies are installed.
##### Install: it looks different!
You'll now get a tree much like the one produced by `npm ls` that
highlights in orange the packages that were installed. Similarly, any
removed packages will have their names prefixed by a `-`.
Also, `npm outdated` used to include the name of the module in the
`Location` field:
```
Package Current Wanted Latest Location
deep-equal MISSING 1.0.0 1.0.0 deep-equal
glob 4.5.3 4.5.3 5.0.10 rimraf > glob
```
Now it shows the module that required it as the final point in the
`Location` field:
```
Package Current Wanted Latest Location
deep-equal MISSING 1.0.0 1.0.0 npm
glob 4.5.3 4.5.3 5.0.10 npm > rimraf
```
Previously the `Location` field was telling you where the module was on
disk. Now it tells you what requires the module. When more than one thing
requires the module you'll see it listed once for each thing requiring it.
##### Install: it works different!
* [#6928](https://github.com/npm/npm/issues/6928)
([#2931](https://github.com/npm/npm/issues/2931)
[#2950](https://github.com/npm/npm/issues/2950))
`npm install` when you have an `npm-shrinkwrap.json` will ensure you have
the modules specified in it are installed in exactly the shape specified
no matter what you had when you started.
* [#6913](https://github.com/npm/npm/issues/6913)
([#1341](https://github.com/npm/npm/issues/1341)
[#3124](https://github.com/npm/npm/issues/3124)
[#4956](https://github.com/npm/npm/issues/4956)
[#6349](https://github.com/npm/npm/issues/6349)
[#5465](https://github.com/npm/npm/issues/5465))
`npm install` when some of your dependencies are missing sub-dependencies
will result in those sub-dependencies being installed. That is, `npm
install` now knows how to fix broken installs, most of the time.
* [#5465](https://github.com/npm/npm/issues/5465)
If you directly `npm install` a module that's already a subdep of
something else and your new version is incompatible, it will now install
the previous version nested in the things that need it.
* [`a2b50cf`](https://github.com/npm/npm/commit/a2b50cf)
[#5693](https://github.com/npm/npm/issues/5693)
When installing a new module, if it's mentioned in your
`npm-shrinkwrap.json` or your `package.json` use the version specifier
from there if you didn't specify one yourself.
##### Flat, flat, flat!
Your dependencies will now be installed *maximally flat*. Insofar as is
possible, all of your dependencies, and their dependencies, and THEIR
dependencies will be installed in your project's `node_modules` folder with no
nesting. You'll only see modules nested underneath one another when two (or
more) modules have conflicting dependencies.
* [#3697](https://github.com/npm/npm/issues/3697)
This will hopefully eliminate most cases where windows users ended up
with paths that were too long for Explorer and other standard tools to
deal with.
* [#6912](https://github.com/npm/npm/issues/6912)
([#4761](https://github.com/npm/npm/issues/4761)
[#4037](https://github.com/npm/npm/issues/4037))
This also means that your installs will be deduped from the start.
* [#5827](https://github.com/npm/npm/issues/5827)
This deduping even extends to git deps.
* [#6936](https://github.com/npm/npm/issues/6936)
([#5698](https://github.com/npm/npm/issues/5698))
Various commands are dedupe aware now.
This has some implications for the behavior of other commands:
* `npm uninstall` removes any dependencies of the module that you specified
that aren't required by any other module. Previously, it would only
remove those that happened to be installed under it, resulting in left
over cruft if you'd ever deduped.
* `npm ls` now shows you your dependency tree organized around what
requires what, rather than where those modules are on disk.
* [#6937](https://github.com/npm/npm/issues/6937)
`npm dedupe` now flattens the tree in addition to deduping.
And bundling of dependencies when packing or publishing changes too:
* [#2442](https://github.com/npm/npm/issues/2442)
bundledDependencies no longer requires that you specify deduped sub deps.
npm can now see that a dependency is required by something bundled and
automatically include it. To put that another way, bundledDependencies
should ONLY include things that you included in dependencies,
optionalDependencies or devDependencies.
* [#5437](https://github.com/npm/npm/issues/5437)
When bundling a dependency that's both a `devDependency` and the child of
a regular `dependency`, npm bundles the child dependency.
As a demonstration of our confidence in our own work, npm's own
dependencies are now flattened, deduped, and bundled in the `npm@3` style.
This means that `npm@3` can't be packed or published by `npm@2`, which is
something to be aware of if you're hacking on npm.
##### Shrinkwraps: they are a-changin'!
First of all, they should be idempotent now
([#5779](https://github.com/npm/npm/issues/5779)). No more differences
because the first time you install (without `npm-shrinkwrap.json`) and the
second time (with `npm-shrinkwrap.json`).
* [#6781](https://github.com/npm/npm/issues/6781)
Second, if you save your changes to `package.json` and you have
`npm-shrinkwrap.json`, then it will be updated as well. This applies to
all of the commands that update your tree:
* `npm install --save`
* `npm update --save`
* `npm dedupe --save` ([#6410](https://github.com/npm/npm/issues/6410))
* `npm uninstall --save`
* [#4944](https://github.com/npm/npm/issues/4944)
([#5161](https://github.com/npm/npm/issues/5161)
[#5448](https://github.com/npm/npm/issues/5448))
Third, because `node_modules` folders are now deduped and flat,
shrinkwrap has to also be smart enough to handle this.
And finally, enjoy this shrinkwrap bug fix:
* [#3675](https://github.com/npm/npm/issues/3675)
When shrinkwrapping a dependency that's both a `devDependency` and the
child of a regular `dependency`, npm now correctly includes the child.
##### The Age of Progress (Bars)!
* [#6911](https://github.com/npm/npm/issues/6911)
([#1257](https://github.com/npm/npm/issues/1257)
[#5340](https://github.com/npm/npm/issues/5340)
[#6420](https://github.com/npm/npm/issues/6420))
The spinner is gone (yay? boo? will you miss it?), and in its place npm
has _progress bars_, so you actually have some sense of how long installs
will take. It's provided in Unicode and non-Unicode variants, and Unicode
support is automatically detected from your environment.
#### TINY JEWELS
The bottom is where we usually hide the less interesting bits of each
release, but each of these are small but incredibly useful bits of this
release, and very much worth checking out:
* [`9ebe312`](https://github.com/npm/npm/commit/9ebe312)
Build system maintainers, rejoice: npm does a better job of cleaning up
after itself in your temporary folder.
* [#6942](https://github.com/npm/npm/issues/6942)
Check for permissions issues prior to actually trying to install
anything.
* Emit warnings at the end of the installation when possible, so that
they'll be on your screen when npm stops.
* [#3505](https://github.com/npm/npm/issues/3505)
`npm --dry-run`: You can now ask that npm only report what it _would have
done_ with the new `--dry-run` flag. This can be passed to any of the
commands that change your `node_modules` folder: `install`, `uninstall`,
`update` and `dedupe`.
* [`81b46fb`](https://github.com/npm/npm/commit/81b46fb)
npm now knows the correct URLs for `npm bugs` and `npm repo` for
repositories hosted on Bitbucket and GitLab, just like it does for GitHub
(and GitHub support now extends to projects hosted as gists as well as
traditional repositories).
* [`5be4008a`](https://github.com/npm/npm/commit/5be4008a09730cfa3891d9f145e4ec7f2accd144)
npm has been cleaned up to pass the [`standard`](http://npm.im/standard)
style checker. Forrest and Rebecca both feel this makes it easier to read
and understand the code, and should also make it easier for new
contributors to put merge-ready patches.
([@othiym23](https://github.com/othiym23))
#### ZARRO BOOGS
* [`6401643`](https://github.com/npm/npm/commit/6401643)
Make sure the global install directory exists before installing to it.
([@thefourtheye](https://github.com/thefourtheye))
* [#6158](https://github.com/npm/npm/issues/6158)
When we remove modules we do so inside-out running unbuild for each one.
* [`960a765`](https://github.com/npm/npm/commit/960a765)
The short usage information for each subcommand has been brought in sync
with the documentation. ([@smikes](https://github.com/smikes))
### v2.12.0 (2015-06-18):
#### REMEMBER WHEN I SAID THAT THING ABOUT PERMISSIONS?
About [a million people](https://github.com/npm/npm/issues?utf8=%E2%9C%93&q=is%3Aissue+EACCES+_locks)
have filed issues related to having a tough time using npm after they've run
npm once or twice with sudo. "Don't worry about it!" I said. "We've fixed all
those permissions problems ages ago! Use this one weird trick and you'll never
have to deal with this again!"
Well, uh, if you run npm with root the first time you run npm on a machine, it
turns out that the directory npm uses to store lockfiles ends up being owned by
the wrong user (almost always root), and that can, well, it can cause problems
sometimes. By which I mean every time you run npm without being root it'll barf
with `EACCES` errors. Whoops!
This is an obnoxious regression, and to prevent it from recurring, we've made
it so that the cache, cached git remotes, and the lockfile directories are all
created and maintained using the same utilty module, which not only creates the
relevant paths with the correct permissions, but will fix the permissions on
those directories (if it can) when it notices that they're broken. An `npm
install` run as root ought to be sufficient to fix things up (and if that
doesn't work, first tell us about it, and then run `sudo chown -R $(whoami)
$HOME/.npm`)
Also, I apologize for inadvertently gaslighting any of you by claiming this bug
wasn't actually a bug. I do think we've got this permanently dealt with now,
but I'll be paying extra-close attention to permissions issues related to the
cache for a while.
* [`85d1a53`](https://github.com/npm/npm/commit/85d1a53d7b5e0fc04823187e522ae3711ede61fa)
Set permissions on lock directory to the owner of the process.
([@othiym23](https://github.com/othiym23))
#### I WENT TO NODECONF AND ALL I GOT WAS THIS LOUSY SPDX T-SHIRT
That's not literally true. We spent very little time discussing SPDX,
[@kemitchell](https://github.com/kemitchell) is a champ, and I had a lot of fun
playing drum & bass to a mostly empty Boogie Barn and only ended up with one
moderately severe cold for my pains. Another winner of a NodeConf! (I would
probably wear a SPDX T-shirt if somebody gave me one, though.)
A bunch of us did have a spirited discussion of the basics of open-source
intellectual property, and the convergence of me,
[@kemitchell](https://github.com/kemitchell), and
[@jandrieu](https://github.com/jandrieu) in one place allowed us to hammmer out
a small but significant issue that had been bedeviling early adopters of the
new SPDX expression syntax in `package.json` license fields: how to deal with
packages that are left without a license on purpose.
Refer to [the docs](https://github.com/npm/npm/blob/16a3dd545b10f8a2464e2037506ce39124739b41/doc/files/package.json.md#license)
for the specifics, but the short version is that instead of using
`LicenseRef-LICENSE` for proprietary licenses, you can now use either
`UNLICENSED` if you want to make it clear that you don't _want_ your software
to be licensed (and want npm to stop warning you about this), or `SEE LICENSE
IN <filename>` if there's a license with custom text you want to use. At some
point in the near term, we'll be updating npm to verify that the mentioned
file actually exists, but for now you're all on the honor system.
* [`4827fc7`](https://github.com/npm/npm/commit/4827fc784117c17f35dd9b51b21d1eff6094f661)
[#8557](https://github.com/npm/npm/issues/8557)
`normalize-package-data@2.2.1`: Allow `UNLICENSED` and `SEE LICENSE IN
<filename>` in "license" field of `package.json`.
([@kemitchell](https://github.com/kemitchell))
* [`16a3dd5`](https://github.com/npm/npm/commit/16a3dd545b10f8a2464e2037506ce39124739b41)
[#8557](https://github.com/npm/npm/issues/8557) Document the new accepted
values for the "license" field.
([@kemitchell](https://github.com/kemitchell))
* [`8155311`](https://github.com/npm/npm/commit/81553119350deaf199e79e38e35b52a5c8ad206c)
[#8557](https://github.com/npm/npm/issues/8557) `init-package-json@1.7.0`:
Support new "license" field values at init time.
([@kemitchell](https://github.com/kemitchell))
#### SMALLISH BUG FIXES
* [`9d8cac9`](https://github.com/npm/npm/commit/9d8cac94a258db648a2b1069b1c8c6529c79d013)
[#8548](https://github.com/npm/npm/issues/8548) Remove extraneous newline
from `npm view` output, making it easier to use in shell scripts.
([@eush77](https://github.com/eush77))
* [`765fd4b`](https://github.com/npm/npm/commit/765fd4bfca8ea3e2a4a399765b17eec40a3d893d)
[#8521](https://github.com/npm/npm/issues/8521) When checking for outdated
packages, or updating packages, raise an error when the registry is
unreachable instead of silently "succeeding".
([@ryantemple](https://github.com/ryantemple))
#### SMALLERISH DOCUMENTATION TWEAKS
* [`5018335`](https://github.com/npm/npm/commit/5018335ce1754a9f771954ecbc1a93acde9b8c0a)
[#8365](https://github.com/npm/npm/issues/8365) Add details about which git
environment variables are whitelisted by npm.
([@nmalaguti](https://github.com/nmalaguti))
* [`bed9edd`](https://github.com/npm/npm/commit/bed9edddfdcc6d22a80feab33b53e4ef9172ec72)
[#8554](https://github.com/npm/npm/issues/8554) Fix typo in version docs.
([@rainyday](https://github.com/rainyday))
#### WELL, I GUESS THERE ARE MORE DEPENDENCY UPGRADES
* [`7ce2f06`](https://github.com/npm/npm/commit/7ce2f06f6f34d469b1d2e248084d4f3fef10c05e)
`request@2.58.0`: Refactor tunneling logic, and use `extend` instead of
abusing `util._extend`. ([@simov](https://github.com/simov))
* [`e6c6195`](https://github.com/npm/npm/commit/e6c61954aad42e20eec49745615c7640b2026a6c)
`nock@2.6.0`: Refined interception behavior.
([@pgte](https://github.com/pgte))
* [`9583cc3`](https://github.com/npm/npm/commit/9583cc3cb192c2fced006927cfba7cd37b588605)
`fstream-npm@1.0.3`: Ensure that `main` entry in `package.json` is always
included in the bundled package tarball.
([@coderhaoxin](https://github.com/coderhaoxin))
* [`df89493`](https://github.com/npm/npm/commit/df894930f2716adac28740b29b2e863170919990)
`fstream@1.0.7` ([@isaacs](https://github.com/isaacs))
* [`9744049`](https://github.com/npm/npm/commit/974404934758124aa8ae5b54f7d5257c3bd6b588)
`dezalgo@1.0.3`: `dezalgo` should be usable in the browser, and can be now
that `asap` has been upgraded to be browserifiable.
([@mvayngrib](https://github.com/mvayngrib))
### v2.11.3 (2015-06-11):
This was a very quiet week. This release was done by
[@iarna](https://github.com/iarna), while the rest of the team hangs out at
NodeConf Adventure!
#### TESTS IN 0.8 FAIL LESS
* [`5b3b3c2`](https://github.com/npm/npm/commit/5b3b3c2)
[#8491](//github.com/npm/npm/pull/8491)
Updates a test to use only 0.8 compatible features
([@watilde](https://github.com/watilde))
#### THE TREADMILL OF UPDATES NEVER CEASES
* [`9f439da`](https://github.com/npm/npm/commit/9f439da)
`spdx@0.4.1`: License range updates
([@kemitchell](https://github.com/kemitchell))
* [`2dd055b`](https://github.com/npm/npm/commit/2dd055b)
`normalize-package-data@2.2.1`: Fixes a crashing bug when the package.json
`scripts` property is not an object.
([@iarna](https://github.com/iarna))
* [`e02e85d`](https://github.com/npm/npm/commit/e02e85d)
`osenv@0.1.2`: Switches to using the `os-tmpdir` module instead of
`os.tmpdir()` for greate consistency in behavior between node versions.
([@iarna](https://github.com/iarna))
* [`a6f0265`](https://github.com/npm/npm/commit/a6f0265)
`ini@1.3.4` ([@isaacs](https://github.com/isaacs))
* [`7395977`](https://github.com/npm/npm/commit/7395977)
`rimraf@2.4.0` ([@isaacs](https://github.com/isaacs))
### v2.11.2 (2015-06-04):
Another small release this week, brought to you by the latest addition to the
CLI team, [@zkat](https://github.com/zkat) (Hi, all!)
Mostly small documentation tweaks and version updates. Oh! And `npm outdated`
is actually sorted now. Rejoice!
It's gonna be a while before we get another palindromic version number. Enjoy it
while it lasts. :3
#### QUALITY OF LIFE HAS NEVER BEEN BETTER
* [`31aada4`](https://github.com/npm/npm/commit/31aada4ccc369c0903ff7f233f464955d12c6fe2)
[#8401](https://github.com/npm/npm/issues/8401) `npm outdated` output is just
that much nicer to consume now, due to sorting by name.
([@watilde](https://github.com/watilde))
* [`458a919`](https://github.com/npm/npm/commit/458a91925d8b20c5e672ba71a86745aad654abaf)
[#8469](https://github.com/npm/npm/pull/8469) Explicitly set `cwd` for
`preversion`, `version`, and `postversion` scripts. This makes the scripts
findable relative to the root dir.
([@alexkwolfe](https://github.com/alexkwolfe))
* [`55d6d71`](https://github.com/npm/npm/commit/55d6d71562e979e745c9db88861cc39f99b9f3ec)
Ensure package name and version are included in display during `npm version`
lifecycle execution. Gets rid of those little `undefined`s in the console.
([@othiym23](https://github.com/othiym23))
#### WORDS HAVE NEVER BEEN QUITE THIS READABLE
* [`3901e49`](https://github.com/npm/npm/commit/3901e4974c800e7f9fba4a5b2ff88da1126d5ef8)
[#8462](https://github.com/npm/npm/pull/8462) English apparently requires
correspondence between indefinite articles and attached nouns.
([@Enet4](https://github.com/Enet4))
* [`5a744e4`](https://github.com/npm/npm/commit/5a744e4b143ef7b2f50c80a1d96fdae4204d452b)
[#8421](https://github.com/npm/npm/pull/8421) The effect of `npm prune`'s
`--production` flag and how to use it have been documented a bit better.
([@foiseworth](https://github.com/foiseworth))
* [`eada625`](https://github.com/npm/npm/commit/eada625993485f0a2c5324b06f02bfa0a95ce4bc)
We've updated our `.mailmap` and `AUTHORS` files to make sure credit is given
where credit is due. ([@othiym23](https://github.com/othiym23))
#### VERSION NUMBERS HAVE NEVER BEEN BIGGER
* [`c929fd1`](https://github.com/npm/npm/commit/c929fd1d0604b5878ed05706447e078d3e41f5b3)
`readable-stream@1.1.13`: Manually deduped `v1.1.13` (streams3) to make
deduping more reliable on `npm@<3`. ([@othiym23](https://github.com/othiym23))
* [`a9b4b78`](https://github.com/npm/npm/commit/a9b4b78dcc85571fd1cdd737903f7f37a5e6a755)
`request@2.57.0`: Replace dependency on IncomingMessage's `.client` with
`.socket` as the former was deprecated in io.js 2.2.0.
([@othiym23](https://github.com/othiym23))
* [`4b5e557`](https://github.com/npm/npm/commit/4b5e557a23cdefd521ad154111e3d4dcc81f1cdb)
`abbrev@1.0.7`: Better testing, with coverage.
([@othiym23](https://github.com/othiym23))
* [`561affe`](https://github.com/npm/npm/commit/561affee21df9bbea5a47298f2452f533be8f359)
`semver@4.3.6`: .npmignore added for less cruft, and better testing, with coverage.
([@othiym23](https://github.com/othiym23))
* [`60aef3c`](https://github.com/npm/npm/commit/60aef3cf5d84d757752db3eb8ede2cb385469e7b)
`graceful-fs@3.0.8`: io.js fixes.
([@zkat](https://github.com/zkat))
* [`f8bd453`](https://github.com/npm/npm/commit/f8bd453b1a1c46ba7666cb166595e8a011eae443)
`config-chain@1.1.9`: Added MIT license to package.json
([@zkat](https://github.com/zkat))
### v2.11.1 (2015-05-28):
This release brought to you from poolside at the Omni Amelia Island Resort and
JSConf 2015, which is why it's so tiny.
#### CONFERENCE WIFI CAN'T STOP THESE BUG FIXES
* [`cf109a6`](https://github.com/npm/npm/commit/cf109a682f38a059a994da953d5c1b4aaece5e2f)
[#8381](https://github.com/npm/npm/issues/8381) Documented a subtle gotcha
with `.npmrc`, which is that it needs to have its permissions set such that
only the owner can read or write the file.
([@colakong](https://github.com/colakong))
* [`180da67`](https://github.com/npm/npm/commit/180da67c9fa53103d625e2f031626c2453c7ebcd)
[#8365](https://github.com/npm/npm/issues/8365) Git 2.3 adds support for
`GIT_SSH_COMMAND`, which allows you to pass an explicit git command (with,
for example, a specific identity passed in on the command line).
([@nmalaguti](https://github.com/nmalaguti))
#### MY (VIRGIN) PINA COLADA IS GETTING LOW, BETTER UPGRADE THESE DEPENDENCIES
* [`b72de41`](https://github.com/npm/npm/commit/b72de41c5cc9f0c46d3fa8f062c75bd273641474)
`node-gyp@2.0.0`: Use a newer version of `gyp`, and generally improve support
for Visual Studios and Windows.
([@TooTallNate](https://github.com/TooTallNate))
* [`8edbe21`](https://github.com/npm/npm/commit/8edbe210af41e8f248f5bb92c72de92f54fda3b1)
`node-gyp@2.0.1`: Don't crash when Python's version doesn't parse as valid
semver. ([@TooTallNate](https://github.com/TooTallNate))
* [`ba0e0a8`](https://github.com/npm/npm/commit/ba0e0a845a4f29717aba566b416a27d1a22f5d08)
`glob@5.0.10`: Add coverage to tests. ([@isaacs](https://github.com/isaacs))
* [`7333701`](https://github.com/npm/npm/commit/7333701b5d4f01673f37d64992c63c4e15864d6d)
`request@2.56.0`: Bug fixes and dependency upgrades.
([@simov](https://github.com/simov))
### v2.11.0 (2015-05-21):
For the first time in a very long time, we've added new events to the life
cycle used by `npm run-script`. Since running `npm version (major|minor|patch)`
is typically the last thing many developers do before publishing their updated
packages, it makes sense to add life cycle hooks to run tests or otherwise
preflight the package before doing a full publish. Thanks, as always, to the
indefatigable [@watilde](https://github.com/watilde) for yet another great
usability improvement for npm!
#### FEATURELETS
* [`b07f7c7`](https://github.com/npm/npm/commit/b07f7c7c1e5021730b3c320f1b3a46e70f8a21ff)
[#7906](https://github.com/npm/npm/issues/7906)
Add new [`scripts`](https://github.com/npm/npm/blob/master/doc/misc/npm-scripts.md) to
allow you to run scripts before and after
the [`npm version`](https://github.com/npm/npm/blob/master/doc/cli/npm-version.md)
command has run. This makes it easy to, for instance, require that your
test suite passes before bumping the version by just adding `"preversion":
"npm test"` to the scripts section of your `package.json`.
([@watilde](https://github.com/watilde))
* [`8a46136`](https://github.com/npm/npm/commit/8a46136f42e416cbadb533bcf89d73d681ed421d)
[#8185](https://github.com/npm/npm/issues/8185)
When we get a "not found" error from the registry, we'll now check to see
if the package name you specified is invalid and if so, give you a better
error message. ([@thefourtheye](https://github.com/thefourtheye))
#### BUG FIXES
* [`9bcf573`](https://github.com/npm/npm/commit/9bcf5730bd0316f210dafea898afe9103849cea9)
[#8324](https://github.com/npm/npm/pull/8324) On Windows, when you've configured a
custom `node-gyp`, run it with node itself instead of using the default open action (which
is almost never what you want). ([@bangbang93](https://github.com/bangbang93))
* [`1da9b04`](https://github.com/npm/npm/commit/1da9b0411d3416c7fca17d08cbbcfca7ae86e92d)
[#7195](https://github.com/npm/npm/issues/7195)
[#7260](https://github.com/npm/npm/issues/7260) `npm-registry-client@6.4.0`:
(Re-)allow publication of existing mixed-case packages (part 1).
([@smikes](https://github.com/smikes))
* [`e926783`](https://github.com/npm/npm/commit/e9267830ab261c751f12723e84d2458ae9238646)
[#7195](https://github.com/npm/npm/issues/7195)
[#7260](https://github.com/npm/npm/issues/7260)
`normalize-package-data@2.2.0`: (Re-)allow publication of existing mixed-case
packages (part 2). ([@smikes](https://github.com/smikes))
#### DOCUMENTATION IMPROVEMENTS
* [`f62ee05`](https://github.com/npm/npm/commit/f62ee05333b141539a8e851c620dd2e82ff06860)
[#8314](https://github.com/npm/npm/issues/8314) Update the README to warn
folks away from using the CLI's internal API. For the love of glob, just use a
child process to run the CLI! ([@claycarpenter](https://github.com/claycarpenter))
* [`1093921`](https://github.com/npm/npm/commit/1093921c04db41ab46db24a170a634a4b2acd8d9)
[#8279](https://github.com/npm/npm/pull/8279)
Update the documentation to note that, yes, you can publish scoped packages to the
public registry now! ([@mantoni](https://github.com/mantoni))
* [`f87cde5`](https://github.com/npm/npm/commit/f87cde5234a760d3e515ffdaacaed6f5b71dbf44)
[#8292](https://github.com/npm/npm/pull/8292)
Fix typo in an example and grammar in the description in
the [shrinkwrap documentation](https://github.com/npm/npm/blob/master/doc/cli/npm-shrinkwrap.md).
([@vshih](https://github.com/vshih))
* [`d3526ce`](https://github.com/npm/npm/commit/d3526ceb09a0c29fdb7d4124536ae09057d033e7)
Improve the formatting in
the [shrinkwrap documentation](https://github.com/npm/npm/blob/master/doc/cli/npm-shrinkwrap.md).
([@othiym23](https://github.com/othiym23))
* [`19fe6d2`](https://github.com/npm/npm/commit/19fe6d20883e28956ff916fe4dae42d73ee6195b)
[#8311](https://github.com/npm/npm/pull/8311)
Update [README.md](https://github.com/npm/npm#readme) to use syntax highlighting in
its code samples and bits of shell scripts. ([@SimenB](https://github.com/SimenB))
#### DEPENDENCY UPDATES! ALWAYS AND FOREVER!
* [`fc52160`](https://github.com/npm/npm/commit/fc52160d0223226fffe4166f42fdfd3b899b3c1e)
[#4700](https://github.com/npm/npm/issues/4700) [#5044](https://github.com/npm/npm/issues/5044)
`init-package-json@1.6.0`: Make entering an invalid version while running `npm init` give
you an immediate error and prompt you to correct it. ([@watilde](https://github.com/watilde))
* [`7