npm
Version:
a package manager for JavaScript
1,045 lines (844 loc) • 240 kB
Markdown
### v3.1.3 (2015-07-17):
Rebecca: So Kat, I hear this week's other release uses a dialog between us to
explain what changed?
Kat: Well, you could say that…
Rebecca: I would! This week I fixed more npm@3 bugs!
Kat: That sounds familiar.
Rebecca: Eheheheh, well, before we look at those, a word from our sponsor…
#### BETA IS AS BETA DOES
**_THIS IS BETA SOFTWARE_**. Yes, we're still reminding you of this. No,
you can't be excused. `npm@3` will remain in beta until we're confident
that it's stable and have assessed the effect of the breaking changes on the
community. During that time we will still be doing `npm@2` releases, with
`npm@2` tagged as `latest` and `next`. We'll _also_ be publishing new
releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest` alongside those
versions until we're ready to switch everyone over to `npm@3`. We need your
help to find and fix its remaining bugs. It's a significant rewrite, so we
are _sure_ there still significant bugs remaining. So do us a solid and
deploy it in non-critical CI environments and for day-to-day use, but maybe
don't use it for production maintenance or frontline continuous deployment
just yet.
Rebecca: Ok, enough of the dialoguing, that's Kat's schtick. But do remember
kids, betas hide in dark hallways waiting to break your stuff, stuff like…
#### SO MANY LINKS YOU COULD MAKE A CHAIN
* [`6d69ec9`](https://github.com/npm/npm/6d69ec9)
[#8967](https://github.com/npm/npm/issues/8967)
Removing a module linked into your globals would result in having
all of its subdeps removed. Since the npm release process does
exactly this, it burned me -every- -single- -week-. =D
While we're here, we also removed extraneous warns that used to
spill out when you'd remove a symlink.
([@iarna](https://github.com/iarna))
* [`fdb360f`](https://github.com/npm/npm/fdb360f)
[#8874](https://github.com/npm/npm/issues/8874)
Linking scoped modules was failing outright, but this fixes that
and updates our tests so we don't do it again.
([@iarna](https://github.com/iarna))
#### WE'LL TRY NOT TO CRACK YOUR WINDOWS
* [`9fafb18`](https://github.com/npm/npm/9fafb18)
[#8701](https://github.com/npm/npm/issues/8701)
npm@3 introduced permissions checks that run before it actually tries to
do something. This saves you from having an install fail half way
through. We did this using the shiny new `fs.access` function available
in `node 0.12` and `io.js`, with fallback options for older nodes. Unfortunately
the way we implemented the fallback caused racey problems for Windows systems.
This fixes that by ensuring we only ever run any one check on a directory once.
BUT it turns out there are bugs in `fs.access` on Windows. So this ALSO just disables
the use of `fs.access` on Windows entirely until that settles out.
([@iarna](https://github.com/iarna))
#### ZOOM ZOOM, DEP UPDATES
* [`5656baa`](https://github.com/npm/npm/5656baa)
`gauge@1.2.2`: Better handle terminal resizes while printing the progress bar
([@iarna](https://github.com/iarna))
#### MERGED FORWARD
* Check out Kat's [super-fresh release notes for v2.13.2](https://github.com/npm/npm/releases/tag/v2.13.2)
and see all the changes we ported from npm@2.
### v2.13.2 (2015-07-16):
#### HOLD ON TO YOUR TENTACLES... IT'S NPM RELEASE TIME!
Kat: Hooray! Full team again, and we've got a pretty small patch release this
week, about everyone's favorite recurring issue: git URLs!
Rebecca: No Way! Again?
Kat: The ride never ends! In the meantime, there's some fun, exciting work in
the background to get orgs and teams out the door. Keep an eye out for news. :)
Rebecca: And make sure to keep an eye out for patches for the super-fresh
`npm@3`!
#### LET'S GIT INKY
Rebecca: So what's this about another git URL issue?
Kat: Welp, I apparently broke backwards-compatibility on what are actually
invalid `git+https` URLs! So I'm making it work, but we're gonna deprecate URLs
that look like `git+https://user@host:path/is/here`.
Rebecca: What should we use instead?!
Kat: Just do me a solid and use `git+ssh://user@host:path/here` or
`git+https://user@host/absolute/https/path` instead!
* [`769f06e`](https://github.com/npm/npm/commit/769f06e5455d7a9fc738379de2e05868df0dab6f)
Updated tests for `getResolved` so the URLs are run through
`normalize-git-url`.
([@zkat](https://github.com/zkat))
* [`edbae68`](https://github.com/npm/npm/commit/edbae685bf48971e878ced373d6825fc1891ee47)
[#8881](https://github.com/npm/npm/issues/8881) Added tests to verify that `git+https:` URLs are handled compatibly.
([@zkat](https://github.com/zkat))
#### NEWS FLASH! DOCUMENTATION IMPROVEMENTS!
* [`bad4e014`](https://github.com/npm/npm/commit/bad4e0143cc95754a682f1da543b2b4e196e924b)
[#8924](https://github.com/npm/npm/pull/8924) Make sure documented default
values in `lib/cache.js` properly correspond to current code.
([@watilde](https://github.com/watilde))
* [`e7a11fd`](https://github.com/npm/npm/commit/e7a11fdf70e333cdfe3dac94a1a30907adb76d59)
[#8036](https://github.com/npm/npm/issues/8036) Clarify the documentation for
`.npmrc` to clarify that it's not read at the project level when doing global
installs.
([@espadrine](https://github.com/espadrine))
#### STAY FRESH~
Kat: That's it for npm core changes!
Rebecca: Great! Let's look at the fresh new dependencies, then!
Kat: See you all next week!
Both: Stay Freeesh~
(some cat form of Forrest can be seen snoring in the corner)
* [`bfa1f45`](https://github.com/npm/npm/bfa1f45ee760d05039557d2245b7e3df9fda8def)
`normalize-git-url@3.0.1`: Fixes url normalization such that `git+https:`
accepts scp syntax, but get converted into absolute-path `https:` URLs. Also
fixes scp syntax so you can have absolute paths after the `:`
(`git@myhost.org:/some/absolute/place.git`)
([@zkat](https://github.com/zkat))
* [`6f757d2`](https://github.com/npm/npm/6f757d22b53f91da0bebec6b5d16c1f4dbe130b4)
`glob@5.0.15`: Better handling of ENOTSUP
([@isaacs](https://github.com/isaacs))
* [`0920819`](https://github.com/npm/npm/09208197fb8b0c6d5dbf6bd7f59970cf366de989)
`node-gyp@2.0.2`: Fixes an issue with long paths on Win32
([@TooTallNate](https://github.com/TooTallNate))
### v3.1.2
#### SO VERY BETA RELEASE
So, `v3.1.1` managed to actually break installing local modules. And then
immediately after I drove to an island for the weekend. 😁 So let's get
this fixed outside the usual release train!
Fortunately it didn't break installing _global_ modules and so you could
swap it out for another version at least.
#### DISCLAIMER MEANS WHAT IT SAYS
**_THIS IS BETA SOFTWARE_**. Yes, we're still reminding you of this. No,
you can't be excused. `npm@3` will remain in beta until we're confident
that it's stable and have assessed the effect of the breaking changes on the
community. During that time we will still be doing `npm@2` releases, with
`npm@2` tagged as `latest` and `next`. We'll _also_ be publishing new
releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest` alongside those
versions until we're ready to switch everyone over to `npm@3`. We need your
help to find and fix its remaining bugs. It's a significant rewrite, so we
are _sure_ there still significant bugs remaining. So do us a solid and
deploy it in non-critical CI environments and for day-to-day use, but maybe
don't use it for production maintenance or frontline continuous deployment
just yet.
#### THIS IS IT, THE REASON
* [`f5e19df`](https://github.com/npm/npm/commit/f5e19df)
[#8893](https://github.com/npm/npm/issues/8893)
Fix crash when installing local modules introduced by the fix for
[#8608](https://github.com/npm/npm/issues/8608)
([@iarna](https://github.com/iarna)
### v3.1.1
#### RED EYE RELEASE
Rebecca's up too late writing tests, so you can have npm@3 bug fixes! Lots
of great new issues from you all! ❤️️ Keep it up!
#### YUP STILL BETA, PLEASE PAY ATTENTION
**_THIS IS BETA SOFTWARE_**. Yes, we're still reminding you of this. No,
you can't be excused. `npm@3` will remain in beta until we're confident
that it's stable and have assessed the effect of the breaking changes on the
community. During that time we will still be doing `npm@2` releases, with
`npm@2` tagged as `latest` and `next`. We'll _also_ be publishing new
releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest` alongside those
versions until we're ready to switch everyone over to `npm@3`. We need your
help to find and fix its remaining bugs. It's a significant rewrite, so we
are _sure_ there still significant bugs remaining. So do us a solid and
deploy it in non-critical CI environments and for day-to-day use, but maybe
don't use it for production maintenance or frontline continuous deployment
just yet.
#### BOOGS
* [`9badfd6`](https://github.com/npm/npm/commit/9babfd63f19f2d80b2d2624e0963b0bdb0d76ef4)
[#8608](https://github.com/npm/npm/issues/8608)
Make global installs and uninstalls MUCH faster by only reading the directories of
modules referred to by arguments.
([@iarna](https://github.com/iarna)
* [`075a5f0`](https://github.com/npm/npm/commit/075a5f046ab6837f489b08d44cb601e9fdb369b7)
[#8660](https://github.com/npm/npm/issues/8660)
Failed optional deps would still result in the optional deps own
dependencies being installed. We now find them and fail them out of the
tree.
([@iarna](https://github.com/iarna)
* [`c9fbbb5`](https://github.com/npm/npm/commit/c9fbbb540083396ea58fd179d81131d959d8e049)
[#8863](https://github.com/npm/npm/issues/8863)
The "no compatible version found" error message was including only the
version requested, not the name of the package we wanted. Ooops!
([@iarna](https://github.com/iarna)
* [`32e6bbd`](https://github.com/npm/npm/commit/32e6bbd21744dcbe8c0720ab53f60caa7f2a0588)
[#8806](https://github.com/npm/npm/issues/8806)
The "uninstall" lifecycle was being run after all of a module's dependencies has been
removed. This reverses that order-- this means "uninstall" lifecycles can make use
of the package's dependencies.
([@iarna](https://github.com/iarna)
#### MERGED FORWARD
* Check out the [v2.13.1 release notes](https://github.com/npm/npm/releases/tag/v2.13.1)
and see all the changes we ported from npm@2.
### v2.13.1 (2015-07-09):
#### KAUAI WAS NICE. I MISS IT.
But Forrest's still kinda on vacation, and not just mentally, because he's
hanging out with the fine meatbags at CascadiaFest. Enjoy this small bug
release.
#### MAKE OURSELVES HAPPY
* [`40981f2`](https://github.com/npm/npm/commit/40981f2e0c9c12bb003ccf188169afd1d201f5af)
[#8862](https://github.com/npm/npm/issues/8862) Make the lifecycle's safety
check work with scoped packages. ([@tcort](https://github.com/tcort))
* [`5125856`](https://github.com/npm/npm/commit/512585622481dbbda9a0306932468d59efaff658)
[#8855](https://github.com/npm/npm/issues/8855) Make dependency versions of
`"*"` match `"latest"` when all versions are prerelease.
([@iarna](https://github.com/iarna))
* [`22fdc1d`](https://github.com/npm/npm/commit/22fdc1d52602ba7098af978c75fca8f7d1060141)
Visually emphasize the correct way to write lifecycle scripts.
([@josh-egan](https://github.com/josh-egan))
#### MAKE TRAVIS HAPPY
* [`413c3ac`](https://github.com/npm/npm/commit/413c3ac2ab2437f3011c6ca0d1630109ec14e604)
Use npm's `2.x` branch for testing its `2.x` branch.
([@iarna](https://github.com/iarna))
* [`7602f64`](https://github.com/npm/npm/commit/7602f64826f7a465d9f3a20bd87a376d992607e6)
Don't prompt for GnuPG passphrase in version lifecycle tests.
([@othiym23](https://github.com/othiym23))
#### MAKE `npm outdated` HAPPY
* [`d338668`](https://github.com/npm/npm/commit/d338668601d1ebe5247a26237106e80ea8cd7f48)
[#8796](https://github.com/npm/npm/issues/8796) `fstream-npm@1.0.4`: When packing the
package tarball, npm no longer crashes for packages with certain combinations of
`.npmignore` entries, `.gitignore` entries, and lifecycle scripts.
([@iarna](https://github.com/iarna))
* [`dbe7c9c`](https://github.com/npm/npm/commit/dbe7c9c74734be870d16dd61b9e7f746123011f6)
`nock@2.7.0`: Add matching based on query strings.
([@othiym23](https://github.com/othiym23))
There are new versions of `strip-ansi` and `ansi-regex`, but npm only uses them
indirectly, so we pushed them down into their dependencies where they can get
updated at their own pace.
* [`06b6ca5`](https://github.com/npm/npm/commit/06b6ca5b5333025f10c8d901628859bd4678e027)
undeduplicate `ansi-regex` ([@othiym23](https://github.com/othiym23))
* [`b168e33`](https://github.com/npm/npm/commit/b168e33ad46faf47020a45f72ba8cec8c644bdb9)
undeduplicate `strip-ansi` ([@othiym23](https://github.com/othiym23))
### v3.1.0 (2015-07-02):
This has been a brief week of bug fixes, plus some fun stuff merged forward
from this weeks 2.x release. See the
[2.13.0 release notes](https://github.com/npm/npm/releases/tag/v2.13.0)
for details on that.
You all have been AWESOME with
[all](https://github.com/npm/npm/milestones/3.x)
[the](https://github.com/npm/npm/milestones/3.2.0)
npm@3 bug reports! Thank you and keep up the great work!
#### NEW PLACE, SAME CODE
Remember how last week we said `npm@3` would go to `3.0-next` and latest
tags? Yeaaah, no, please use `npm@v3.x-next` and `npm@v3.x-latest` going forward.
I dunno why we said "suuure, we'll never do a feature release till we're out
of beta" when we're still forward porting `npm@2.x` features. `¯\_(ツ)_/¯`
If you do accidentally use the old tag names, I'll be maintaining them
for a few releases, but they won't be around forever.
#### YUP STILL BETA, PLEASE PAY ATTENTION
**_THIS IS BETA SOFTWARE_**. `npm@3` will remain in beta until we're
confident that it's stable and have assessed the effect of the breaking
changes on the community. During that time we will still be doing `npm@2`
releases, with `npm@2` tagged as `latest` and `next`. We'll _also_ be
publishing new releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest`
alongside those versions until we're ready to switch everyone over to
`npm@3`. We need your help to find and fix its remaining bugs. It's a
significant rewrite, so we are _sure_ there still significant bugs
remaining. So do us a solid and deploy it in non-critical CI environments
and for day-to-day use, but maybe don't use it for production maintenance
or frontline continuous deployment just yet.
#### BUGS ON THE WINDOWS
* [`0030ade`](https://github.com/npm/npm/commit/0030ade)
[#8685](https://github.com/npm/npm/issues/8685)
Windows would hang when trying to clone git repos
([@euprogramador](https://github.com/npm/npm/pull/8777))
* [`b259bcc`](https://github.com/npm/npm/commit/b259bcc)
[#8786](https://github.com/npm/npm/pull/8786)
Windows permissions checks would cause installations to fail under some
circumstances. We're disabling the checks entirely for this release.
I'm hoping to check back with this next week to get a Windows friendly
fix in.
([@iarna](https://github.com/iarna))
#### SO MANY BUGS SQUASHED, JUST CALL US RAID
* [`0848698`](https://github.com/npm/npm/commit/0848698)
[#8686](https://github.com/npm/npm/pull/8686)
Stop leaving progress bar cruft on the screen during publication
([@ajcrites](https://github.com/ajcrites))
* [`57c3cea`](https://github.com/npm/npm/commit/57c3cea)
[#8695](https://github.com/npm/npm/pull/8695)
Remote packages with shrinkwraps made npm cause node + iojs to explode
and catch fire. NO MORE.
([@iarna](https://github.com/iarna))
* [`2875ba3`](https://github.com/npm/npm/commit/2875ba3)
[#8723](https://github.com/npm/npm/pull/8723)
I uh, told you that engineStrict checking had gone away last week.
TURNS OUT I LIED. So this is making that actually be true.
([@iarna](https://github.com/iarna))
* [`28064e5`](https://github.com/npm/npm/commit/28064e5)
[#3358](https://github.com/npm/npm/issues/3358)
Consistently allow Unicode BOMs at the start of package.json files.
Previously this was allowed some of time, like when you were installing
modules, but not others, like running npm version or installing w/
`--save`.
([@iarna](https://github.com/iarna))
* [`3cb6ad2`](https://github.com/npm/npm/commit/3cb6ad2)
[#8736](https://github.com/npm/npm/issues/8766)
npm@3 wasn't running the "install" lifecycle in your current (toplevel)
module. This broke modules that relied on C compilation. BOO.
([@iarna](https://github.com/iarna))
* [`68da583`](https://github.com/npm/npm/commit/68da583)
[#8766](https://github.com/npm/npm/issues/8766)
To my great shame, `npm link package` wasn't working AT ALL if you
didn't have `package` already installed.
([@iarna](https://github.com/iarna))
* [`edd7448`](https://github.com/npm/npm/commit/edd7448)
read-package-tree@5.0.0: This update makes read-package-tree not explode
when there's bad data in your node_modules folder. npm@2 silently
ignores this sort of thing.
([@iarna](https://github.com/iarna))
* [`0bb08c8`](https://github.com/npm/npm/commit/0bb08c8)
[#8778](https://github.com/npm/npm/pull/8778)
RELATEDLY, we now show any errors from your node_modules folder after
your installation completes as warnings. We're also reporting these in
`npm ls` now.
([@iarna](https://github.com/iarna))
* [`6c248ff`](https://github.com/npm/npm/commit/6c248ff)
[#8779](https://github.com/npm/npm/pull/8779)
Hey, you know how we used to complain if your `package.json` was
missing stuff? Well guess what, we are again. I know, I know, you can
thank me later.
([@iarna](https://github.com/iarna))
* [`d6f7c98`](https://github.com/npm/npm/commit/d6f7c98)
So, when we were rolling back after errors we had untested code that
tried to undo moves. Being untested it turns out it was very broken.
I've removed it until we have time to do this right.
([@iarna](https://github.com/iarna))
#### NEW VERSION
Just the one. Others came in via the 2.x release. Do check out its
changelog, immediately following this message.
* [`4e602c5`](https://github.com/npm/npm/commit/4e602c5) lodash@3.2.2
### v2.13.0 (2015-07-02):
#### FORREST IS OUT! LET'S SNEAK IN ALL THE THINGS!
Well, not _everything_. Just a couple of goodies, like the new `npm ping`
command, and the ability to add files to the commits created by `npm version`
with the new version hooks. There's also a couple of bugfixes in `npm` itself
and some of its dependencies. Here we go!
#### YES HELLO THIS IS NPM REGISTRY SORRY NO DOG HERE
Yes, that's right! We now have a dedicated `npm ping` command. It's super simple
and super easy. You ping. We tell you whether you pinged right by saying hello
right back. This should help out folks dealing with things like proxy issues or
other registry-access debugging issues. Give it a shot!
This addresses [#5750](https://github.com/npm/npm/issues/5750), and will help
with the `npm doctor` stuff descripbed in
[#6756](https://github.com/npm/npm/issues/6756).
* [`f1f7a85`](https://github.com/npm/npm/commit/f1f7a85)
Add ping command to CLI
([@michaelnisi](https://github.com/michaelnisi))
* [`8cec629`](https://github.com/npm/npm/commit/8cec629)
Add ping command to npm-registry-client
([@michaelnisi](https://github.com/michaelnisi))
* [`0c0c92d`](https://github.com/npm/npm/0c0c92d)
Fixed ping command issues (added docs, tests, fixed minor bugs, etc)
([@zkat](https://github.com/zkat))
#### I'VE WANTED THIS FOR `version` SINCE LIKE LITERALLY FOREVER AND A DAY
Seriously! This patch lets you add files to the `version` commit before it's
made, So you can add additional metadata files, more automated changes to
`package.json`, or even generate `CHANGELOG.md` automatically pre-commit if
you're into that sort of thing. I'm so happy this is there I can't even. Do you
have other fun usecases for this? Tell
[npmbot (@npmjs)](http://twitter.com/npmjs) about it!
* [`582f170`](https://github.com/npm/npm/commit/582f170)
[#8620](https://github.com/npm/npm/issues/8620) version: Allow scripts to add
files to the commit.
([@jamestalmage](https://github.com/jamestalmage))
#### ALL YOUR FILE DESCRIPTORS ARE BELONG TO US
We've had problems in the past with things like `EMFILE` errors popping up when
trying to install packages with a bunch of dependencies. Isaac patched up
[`graceful-fs`](https://github.com/isaacs/node-graceful-fs) to handle this case
better, so we should be seeing fewer of those.
* [`022691a`](https://github.com/npm/npm/commit/022691a)
`graceful-fs@4.1.2`: Updated so we can monkey patch globally.
([@isaacs](https://github.com/isaacs))
* [`c9fb0fd`](https://github.com/npm/npm/commit/c9fb0fd)
Globally monkey-patch graceful-fs. This should fix some errors when installing
packages with lots of dependencies.
([@isaacs](https://github.com/isaacs))
#### READ THE FINE DOCS. THEY'VE IMPROVED
* [`5587d0d`](https://github.com/npm/npm/commit/5587d0d)
Nice clarification for `directories.bin`
([@ujane](https://github.com/ujane))
* [`20673c7`](https://github.com/npm/npm/commit/20673c7)
Hey, Windows folks! Check out
[`nvm-windows`](https://github.com/coreybutler/nvm-windows)
([@ArtskydJ](https://github.com/ArtskydJ))
#### MORE NUMBERS! MORE VALUE!
* [`5afa2d5`](https://github.com/npm/npm/commit/5afa2d5)
`validate-npm-package-name@2.2.2`: Documented package name rules in README
([@zeusdeux](https://github.com/zeusdeux))
* [`021f4d9`](https://github.com/npm/npm/commit/021f4d9)
`rimraf@2.4.1`: [#74](https://github.com/isaacs/rimraf/issues/74) Use async
function for bin (to better handle Window's `EBUSY`)
([@isaacs](https://github.com/isaacs))
* [`5223432`](https://github.com/npm/npm/commit/5223432)
`osenv@0.1.3`: Use `os.homedir()` polyfill for more reliable output. io.js
added the function and the polyfill does a better job than the prior solution.
([@sindresorhus](https://github.com/sindresorhus))
* [`8ebbc90`](https://github.com/npm/npm/commit/8ebbc90)
`npm-cache-filename@1.0.2`: Make sure different git references get different
cache folders. This should prevent `foo/bar#v1.0` and `foo/bar#master` from
sharing the same cache folder.
([@tomekwi](https://github.com/tomekwi))
* [`367b854`](https://github.com/npm/npm/commit/367b854)
`lru-cache@2.6.5`: Minor test/typo changes
([@isaacs](https://github.com/isaacs))
* [`9fcae61`](https://github.com/npm/npm/commit/9fcae61)
`glob@5.0.13`: Tiny doc change + stop firing 'match' events for ignored items.
([@isaacs](https://github.com/isaacs))
#### OH AND ONE MORE THING
* [`7827249`](https://github.com/npm/npm/commit/7827249)
`PeerDependencies` errors now include the package version.
([@NickHeiner](https://github.com/NickHeiner))
### v2.12.1 (2015-06-25):
#### HEY WHERE DID EVERYBODY GO
I keep [hearing some commotion](https://github.com/npm/npm/releases/tag/v3.0.0).
Is there something going on? Like, a party or something? Anyway, here's a small
release with at least two significant bug fixes, at least one of which some of
you have been waiting for for quite a while.
#### REMEMBER WHEN I SAID "REMEMBER WHEN I SAID THAT THING ABOUT PERMISSIONS?"?
`npm@2.12.0` has a change that introduces a fix for a permissions problem
whereby the `_locks` directory in the cache directory can up being owned by
root. The fix in 2.12.0 takes care of that problem, but introduces a new
problem for Windows users where npm tries to call `process.getuid()`, which
doesn't exist on Windows. It was easy enough to fix (but more or less
impossible to test, thanks to all the external dependencies involved with
permissions and platforms and whatnot), but as a result, Windows users might
want to skip `npm@2.12.0` and go straight to `npm@2.12.1`. Sorry about that!
* [`7e5da23`](https://github.com/npm/npm/commit/7e5da238ee869201fdb9027c27b79b0f76b440a8)
When using the new, "fixed" cache directory creator, be extra-careful to not
call `process.getuid()` on platforms that lack it.
([@othiym23](https://github.com/othiym23))
#### WHEW! ALL DONE FIXING GIT FOREVER!
New npm CLI team hero [@zkat](https://github.com/zkat) has finally (FINALLY)
fixed the regression somebody (hi!) introduced a couple months ago whereby git
URLs of the format `git+ssh://user@githost.com:org/repo.git` suddenly stopped
working, and also started being saved (and cached) incorrectly. I am 100% sure
there are absolutely no more bugs in the git caching code at all ever. Mm hm.
Yep. Pretty sure. Maybe. Hmm... I hope.
*Sighs audibly.*
[Let us know](http://github.com/npm/npm/issues/new) if we broke something else
with this fix.
* [`94ca4a7`](https://github.com/npm/npm/commit/94ca4a711619ba8e40ce3d20bc42b13cdb7611b7)
[#8031](https://github.com/npm/npm/issues/8031) Even though
`git+ssh://user@githost.com:org/repo.git` isn't a URL, treat it like one for
the purposes of npm. ([@zkat](https://github.com/zkat))
* [`e7f56e5`](https://github.com/npm/npm/commit/e7f56e5a97fcf1c52d5c5bee71303b0126129815)
[#8031](https://github.com/npm/npm/issues/8031) `normalize-git-url@2.0.0`:
Handle git URLs (and URL-like remote refs) in a manner consistent with npm's
docs. ([@zkat](https://github.com/zkat))
#### YEP, THERE ARE STILL DEPENDENCY UPGRADES
* [`679bf47`](https://github.com/npm/npm/commit/679bf4745ac2cfbb01c9ce273e189807fd04fa33)
[#40](http://github.com/npm/read-installed/issues/40) `read-installed@4.0.1`:
Handle prerelease versions in top-level dependencies not in `package.json`
without marking those packages as invalid.
([@benjamn](https://github.com/benjamn))
* [`3a67410`](https://github.com/npm/npm/commit/3a6741068c9119174c920496778aeee870ebdac0)
`tap@1.3.1` ([@isaacs](https://github.com/isaacs))
* [`151904a`](https://github.com/npm/npm/commit/151904af39dc24567f8c98529a2a64a4dbcc960a)
`nopt@3.0.3` ([@isaacs](https://github.com/isaacs))
### v3.0.0 (2015-06-25):
Wow, it's finally here! This has been a long time coming. We are all
delighted and proud to be getting this out into the world, and are looking
forward to working with the npm user community to get it production-ready
as quickly as possible.
`npm@3` constitutes a nearly complete rewrite of npm's installer to be
easier to maintain, and to bring a bunch of valuable new features and
design improvements to you all.
[@othiym23](https://github.com/othiym23) and
[@isaacs](https://github.com/isaacs) have been
[talking about the changes](http://blog.npmjs.org/post/91303926460/npm-cli-roadmap-a-periodic-update)
in this release for well over a year, and it's been the primary focus of
[@iarna](https://github.com/iarna) since she joined the team.
Given that this is a near-total rewrite, all changes listed here are
[@iarna](https://github.com/iarna)'s work unless otherwise specified.
#### NO, REALLY, READ THIS PARAGRAPH. IT'S THE IMPORTANT ONE.
**_THIS IS BETA SOFTWARE_**. `npm@3` will remain in beta until we're
confident that it's stable and have assessed the effect of the breaking
changes on the community. During that time we will still be doing `npm@2`
releases, with `npm@2` tagged as `latest` and `next`. We'll _also_ be
publishing new releases of `npm@3` as `npm@3.0-next` and `npm@3.0-latest`
alongside those versions until we're ready to switch everyone over to
`npm@3`. We need your help to find and fix its remaining bugs. It's a
significant rewrite, so we are _sure_ there still significant bugs
remaining. So do us a solid and deploy it in non-critical CI environments
and for day-to-day use, but maybe don't use it for production maintenance
or frontline continuous deployment just yet.
#### BREAKING CHANGES
##### `peerDependencies`
`grunt`, `gulp`, and `broccoli` plugin maintainers take note! You will be
affected by this change!
* [#6930](https://github.com/npm/npm/issues/6930)
([#6565](https://github.com/npm/npm/issues/6565))
`peerDependencies` no longer cause _anything_ to be implicitly installed.
Instead, npm will now warn if a packages `peerDependencies` are missing,
but it's up to the consumer of the module (i.e. you) to ensure the peers
get installed / are included in `package.json` as direct `dependencies`
or `devDependencies` of your package.
* [#3803](https://github.com/npm/npm/issues/3803)
npm also no longer checks `peerDependencies` until after it has fully
resolved the tree.
This shifts the responsibility for fulfilling peer dependencies from library
/ framework / plugin maintainers to application authors, and is intended to
get users out of the dependency hell caused by conflicting `peerDependency`
constraints. npm's job is to keep you _out_ of dependency hell, not put you
in it.
##### `engineStrict`
* [#6931](https://github.com/npm/npm/issues/6931) The rarely-used
`package.json` option `engineStrict` has been deprecated for several
months, producing warnings when it was used. Starting with `npm@3`, the
value of the field is ignored, and engine violations will only produce
warnings. If you, as a user, want strict `engines` field enforcement,
just run `npm config set engine-strict true`.
As with the peer dependencies change, this is about shifting control from
module authors to application authors. It turns out `engineStrict` was very
difficult to understand even harder to use correctly, and more often than
not just made modules using it difficult to deploy.
##### `npm view`
* [`77f1aec`](https://github.com/npm/npm/commit/77f1aec) With `npm view` (aka
`npm info`), always return arrays for versions, maintainers, etc. Previously
npm would return a plain value if there was only one, and multiple values if
there were more. ([@KenanY](https://github.com/KenanY))
#### KNOWN BUGS
Again, this is a _**BETA RELEASE**_, so not everything is working just yet.
Here are the issues that we already know about. If you run into something
that isn't on this list,
[let us know](https://github.com/npm/npm/issues/new)!
* [#8575](https://github.com/npm/npm/issues/8575)
Circular deps will never be removed by the prune-on-uninstall code.
* [#8588](https://github.com/npm/npm/issues/8588)
Local deps where the dep name and the name in the package.json differ
don't result in an error.
* [#8637](https://github.com/npm/npm/issues/8637)
Modules can install themselves as direct dependencies. npm@2 declined to
do this.
* [#8660](https://github.com/npm/npm/issues/8660)
Dependencies of failed optional dependencies aren't rolled back when the
optional dependency is, and then are reported as extraneous thereafter.
#### NEW FEATURES
##### The multi-stage installer!
* [#5919](https://github.com/npm/npm/issues/5919)
Previously the installer had a set of steps it executed for each package
and it would immediately start executing them as soon as it decided to
act on a package.
But now it executes each of those steps at the same time for all
packages, waiting for all of one stage to complete before moving on. This
eliminates many race conditions and makes the code easier to reason
about.
This fixes, for instance:
* [#6926](https://github.com/npm/npm/issues/6926)
([#5001](https://github.com/npm/npm/issues/5001),
[#6170](https://github.com/npm/npm/issues/6170))
`install` and `postinstall` lifecycle scripts now only execute `after`
all the module with the script's dependencies are installed.
##### Install: it looks different!
You'll now get a tree much like the one produced by `npm ls` that
highlights in orange the packages that were installed. Similarly, any
removed packages will have their names prefixed by a `-`.
Also, `npm outdated` used to include the name of the module in the
`Location` field:
```
Package Current Wanted Latest Location
deep-equal MISSING 1.0.0 1.0.0 deep-equal
glob 4.5.3 4.5.3 5.0.10 rimraf > glob
```
Now it shows the module that required it as the final point in the
`Location` field:
```
Package Current Wanted Latest Location
deep-equal MISSING 1.0.0 1.0.0 npm
glob 4.5.3 4.5.3 5.0.10 npm > rimraf
```
Previously the `Location` field was telling you where the module was on
disk. Now it tells you what requires the module. When more than one thing
requires the module you'll see it listed once for each thing requiring it.
##### Install: it works different!
* [#6928](https://github.com/npm/npm/issues/6928)
([#2931](https://github.com/npm/npm/issues/2931)
[#2950](https://github.com/npm/npm/issues/2950))
`npm install` when you have an `npm-shrinkwrap.json` will ensure you have
the modules specified in it are installed in exactly the shape specified
no matter what you had when you started.
* [#6913](https://github.com/npm/npm/issues/6913)
([#1341](https://github.com/npm/npm/issues/1341)
[#3124](https://github.com/npm/npm/issues/3124)
[#4956](https://github.com/npm/npm/issues/4956)
[#6349](https://github.com/npm/npm/issues/6349)
[#5465](https://github.com/npm/npm/issues/5465))
`npm install` when some of your dependencies are missing sub-dependencies
will result in those sub-dependencies being installed. That is, `npm
install` now knows how to fix broken installs, most of the time.
* [#5465](https://github.com/npm/npm/issues/5465)
If you directly `npm install` a module that's already a subdep of
something else and your new version is incompatible, it will now install
the previous version nested in the things that need it.
* [`a2b50cf`](https://github.com/npm/npm/commit/a2b50cf)
[#5693](https://github.com/npm/npm/issues/5693)
When installing a new module, if it's mentioned in your
`npm-shrinkwrap.json` or your `package.json` use the version specifier
from there if you didn't specify one yourself.
##### Flat, flat, flat!
Your dependencies will now be installed *maximally flat*. Insofar as is
possible, all of your dependencies, and their dependencies, and THEIR
dependencies will be installed in your project's `node_modules` folder with no
nesting. You'll only see modules nested underneath one another when two (or
more) modules have conflicting dependencies.
* [#3697](https://github.com/npm/npm/issues/3697)
This will hopefully eliminate most cases where windows users ended up
with paths that were too long for Explorer and other standard tools to
deal with.
* [#6912](https://github.com/npm/npm/issues/6912)
([#4761](https://github.com/npm/npm/issues/4761)
[#4037](https://github.com/npm/npm/issues/4037))
This also means that your installs will be deduped from the start.
* [#5827](https://github.com/npm/npm/issues/5827)
This deduping even extends to git deps.
* [#6936](https://github.com/npm/npm/issues/6936)
([#5698](https://github.com/npm/npm/issues/5698))
Various commands are dedupe aware now.
This has some implications for the behavior of other commands:
* `npm uninstall` removes any dependencies of the module that you specified
that aren't required by any other module. Previously, it would only
remove those that happened to be installed under it, resulting in left
over cruft if you'd ever deduped.
* `npm ls` now shows you your dependency tree organized around what
requires what, rather than where those modules are on disk.
* [#6937](https://github.com/npm/npm/issues/6937)
`npm dedupe` now flattens the tree in addition to deduping.
And bundling of dependencies when packing or publishing changes too:
* [#2442](https://github.com/npm/npm/issues/2442)
bundledDependencies no longer requires that you specify deduped sub deps.
npm can now see that a dependency is required by something bundled and
automatically include it. To put that another way, bundledDependencies
should ONLY include things that you included in dependencies,
optionalDependencies or devDependencies.
* [#5437](https://github.com/npm/npm/issues/5437)
When bundling a dependency that's both a `devDependency` and the child of
a regular `dependency`, npm bundles the child dependency.
As a demonstration of our confidence in our own work, npm's own
dependencies are now flattened, deduped, and bundled in the `npm@3` style.
This means that `npm@3` can't be packed or published by `npm@2`, which is
something to be aware of if you're hacking on npm.
##### Shrinkwraps: they are a-changin'!
First of all, they should be idempotent now
([#5779](https://github.com/npm/npm/issues/5779)). No more differences
because the first time you install (without `npm-shrinkwrap.json`) and the
second time (with `npm-shrinkwrap.json`).
* [#6781](https://github.com/npm/npm/issues/6781)
Second, if you save your changes to `package.json` and you have
`npm-shrinkwrap.json`, then it will be updated as well. This applies to
all of the commands that update your tree:
* `npm install --save`
* `npm update --save`
* `npm dedupe --save` ([#6410](https://github.com/npm/npm/issues/6410))
* `npm uninstall --save`
* [#4944](https://github.com/npm/npm/issues/4944)
([#5161](https://github.com/npm/npm/issues/5161)
[#5448](https://github.com/npm/npm/issues/5448))
Third, because `node_modules` folders are now deduped and flat,
shrinkwrap has to also be smart enough to handle this.
And finally, enjoy this shrinkwrap bug fix:
* [#3675](https://github.com/npm/npm/issues/3675)
When shrinkwrapping a dependency that's both a `devDependency` and the
child of a regular `dependency`, npm now correctly includes the child.
##### The Age of Progress (Bars)!
* [#6911](https://github.com/npm/npm/issues/6911)
([#1257](https://github.com/npm/npm/issues/1257)
[#5340](https://github.com/npm/npm/issues/5340)
[#6420](https://github.com/npm/npm/issues/6420))
The spinner is gone (yay? boo? will you miss it?), and in its place npm
has _progress bars_, so you actually have some sense of how long installs
will take. It's provided in Unicode and non-Unicode variants, and Unicode
support is automatically detected from your environment.
#### TINY JEWELS
The bottom is where we usually hide the less interesting bits of each
release, but each of these are small but incredibly useful bits of this
release, and very much worth checking out:
* [`9ebe312`](https://github.com/npm/npm/commit/9ebe312)
Build system maintainers, rejoice: npm does a better job of cleaning up
after itself in your temporary folder.
* [#6942](https://github.com/npm/npm/issues/6942)
Check for permissions issues prior to actually trying to install
anything.
* Emit warnings at the end of the installation when possible, so that
they'll be on your screen when npm stops.
* [#3505](https://github.com/npm/npm/issues/3505)
`npm --dry-run`: You can now ask that npm only report what it _would have
done_ with the new `--dry-run` flag. This can be passed to any of the
commands that change your `node_modules` folder: `install`, `uninstall`,
`update` and `dedupe`.
* [`81b46fb`](https://github.com/npm/npm/commit/81b46fb)
npm now knows the correct URLs for `npm bugs` and `npm repo` for
repositories hosted on Bitbucket and GitLab, just like it does for GitHub
(and GitHub support now extends to projects hosted as gists as well as
traditional repositories).
* [`5be4008a`](https://github.com/npm/npm/commit/5be4008a09730cfa3891d9f145e4ec7f2accd144)
npm has been cleaned up to pass the [`standard`](http://npm.im/standard)
style checker. Forrest and Rebecca both feel this makes it easier to read
and understand the code, and should also make it easier for new
contributors to put merge-ready patches.
([@othiym23](https://github.com/othiym23))
#### ZARRO BOOGS
* [`6401643`](https://github.com/npm/npm/commit/6401643)
Make sure the global install directory exists before installing to it.
([@thefourtheye](https://github.com/thefourtheye))
* [#6158](https://github.com/npm/npm/issues/6158)
When we remove modules we do so inside-out running unbuild for each one.
* [`960a765`](https://github.com/npm/npm/commit/960a765)
The short usage information for each subcommand has been brought in sync
with the documentation. ([@smikes](https://github.com/smikes))
### v2.12.0 (2015-06-18):
#### REMEMBER WHEN I SAID THAT THING ABOUT PERMISSIONS?
About [a million people](https://github.com/npm/npm/issues?utf8=%E2%9C%93&q=is%3Aissue+EACCES+_locks)
have filed issues related to having a tough time using npm after they've run
npm once or twice with sudo. "Don't worry about it!" I said. "We've fixed all
those permissions problems ages ago! Use this one weird trick and you'll never
have to deal with this again!"
Well, uh, if you run npm with root the first time you run npm on a machine, it
turns out that the directory npm uses to store lockfiles ends up being owned by
the wrong user (almost always root), and that can, well, it can cause problems
sometimes. By which I mean every time you run npm without being root it'll barf
with `EACCES` errors. Whoops!
This is an obnoxious regression, and to prevent it from recurring, we've made
it so that the cache, cached git remotes, and the lockfile directories are all
created and maintained using the same utilty module, which not only creates the
relevant paths with the correct permissions, but will fix the permissions on
those directories (if it can) when it notices that they're broken. An `npm
install` run as root ought to be sufficient to fix things up (and if that
doesn't work, first tell us about it, and then run `sudo chown -R $(whoami)
$HOME/.npm`)
Also, I apologize for inadvertently gaslighting any of you by claiming this bug
wasn't actually a bug. I do think we've got this permanently dealt with now,
but I'll be paying extra-close attention to permissions issues related to the
cache for a while.
* [`85d1a53`](https://github.com/npm/npm/commit/85d1a53d7b5e0fc04823187e522ae3711ede61fa)
Set permissions on lock directory to the owner of the process.
([@othiym23](https://github.com/othiym23))
#### I WENT TO NODECONF AND ALL I GOT WAS THIS LOUSY SPDX T-SHIRT
That's not literally true. We spent very little time discussing SPDX,
[@kemitchell](https://github.com/kemitchell) is a champ, and I had a lot of fun
playing drum & bass to a mostly empty Boogie Barn and only ended up with one
moderately severe cold for my pains. Another winner of a NodeConf! (I would
probably wear a SPDX T-shirt if somebody gave me one, though.)
A bunch of us did have a spirited discussion of the basics of open-source
intellectual property, and the convergence of me,
[@kemitchell](https://github.com/kemitchell), and
[@jandrieu](https://github.com/jandrieu) in one place allowed us to hammmer out
a small but significant issue that had been bedeviling early adopters of the
new SPDX expression syntax in `package.json` license fields: how to deal with
packages that are left without a license on purpose.
Refer to [the docs](https://github.com/npm/npm/blob/16a3dd545b10f8a2464e2037506ce39124739b41/doc/files/package.json.md#license)
for the specifics, but the short version is that instead of using
`LicenseRef-LICENSE` for proprietary licenses, you can now use either
`UNLICENSED` if you want to make it clear that you don't _want_ your software
to be licensed (and want npm to stop warning you about this), or `SEE LICENSE
IN <filename>` if there's a license with custom text you want to use. At some
point in the near term, we'll be updating npm to verify that the mentioned
file actually exists, but for now you're all on the honor system.
* [`4827fc7`](https://github.com/npm/npm/commit/4827fc784117c17f35dd9b51b21d1eff6094f661)
[#8557](https://github.com/npm/npm/issues/8557)
`normalize-package-data@2.2.1`: Allow `UNLICENSED` and `SEE LICENSE IN
<filename>` in "license" field of `package.json`.
([@kemitchell](https://github.com/kemitchell))
* [`16a3dd5`](https://github.com/npm/npm/commit/16a3dd545b10f8a2464e2037506ce39124739b41)
[#8557](https://github.com/npm/npm/issues/8557) Document the new accepted
values for the "license" field.
([@kemitchell](https://github.com/kemitchell))
* [`8155311`](https://github.com/npm/npm/commit/81553119350deaf199e79e38e35b52a5c8ad206c)
[#8557](https://github.com/npm/npm/issues/8557) `init-package-json@1.7.0`:
Support new "license" field values at init time.
([@kemitchell](https://github.com/kemitchell))
#### SMALLISH BUG FIXES
* [`9d8cac9`](https://github.com/npm/npm/commit/9d8cac94a258db648a2b1069b1c8c6529c79d013)
[#8548](https://github.com/npm/npm/issues/8548) Remove extraneous newline
from `npm view` output, making it easier to use in shell scripts.
([@eush77](https://github.com/eush77))
* [`765fd4b`](https://github.com/npm/npm/commit/765fd4bfca8ea3e2a4a399765b17eec40a3d893d)
[#8521](https://github.com/npm/npm/issues/8521) When checking for outdated
packages, or updating packages, raise an error when the registry is
unreachable instead of silently "succeeding".
([@ryantemple](https://github.com/ryantemple))
#### SMALLERISH DOCUMENTATION TWEAKS
* [`5018335`](https://github.com/npm/npm/commit/5018335ce1754a9f771954ecbc1a93acde9b8c0a)
[#8365](https://github.com/npm/npm/issues/8365) Add details about which git
environment variables are whitelisted by npm.
([@nmalaguti](https://github.com/nmalaguti))
* [`bed9edd`](https://github.com/npm/npm/commit/bed9edddfdcc6d22a80feab33b53e4ef9172ec72)
[#8554](https://github.com/npm/npm/issues/8554) Fix typo in version docs.
([@rainyday](https://github.com/rainyday))
#### WELL, I GUESS THERE ARE MORE DEPENDENCY UPGRADES
* [`7ce2f06`](https://github.com/npm/npm/commit/7ce2f06f6f34d469b1d2e248084d4f3fef10c05e)
`request@2.58.0`: Refactor tunneling logic, and use `extend` instead of
abusing `util._extend`. ([@simov](https://github.com/simov))
* [`e6c6195`](https://github.com/npm/npm/commit/e6c61954aad42e20eec49745615c7640b2026a6c)
`nock@2.6.0`: Refined interception behavior.
([@pgte](https://github.com/pgte))
* [`9583cc3`](https://github.com/npm/npm/commit/9583cc3cb192c2fced006927cfba7cd37b588605)
`fstream-npm@1.0.3`: Ensure that `main` entry in `package.json` is always
included in the bundled package tarball.
([@coderhaoxin](https://github.com/coderhaoxin))
* [`df89493`](https://github.com/npm/npm/commit/df894930f2716adac28740b29b2e863170919990)
`fstream@1.0.7` ([@isaacs](https://github.com/isaacs))
* [`9744049`](https://github.com/npm/npm/commit/974404934758124aa8ae5b54f7d5257c3bd6b588)
`dezalgo@1.0.3`: `dezalgo` should be usable in the browser, and can be now
that `asap` has been upgraded to be browserifiable.
([@mvayngrib](https://github.com/mvayngrib))
### v2.11.3 (2015-06-11):
This was a very quiet week. This release was done by
[@iarna](https://github.com/iarna), while the rest of the team hangs out at
NodeConf Adventure!
#### TESTS IN 0.8 FAIL LESS
* [`5b3b3c2`](https://github.com/npm/npm/commit/5b3b3c2)
[#8491](//github.com/npm/npm/pull/8491)
Updates a test to use only 0.8 compatible features
([@watilde](https://github.com/watilde))
#### THE TREADMILL OF UPDATES NEVER CEASES
* [`9f439da`](https://github.com/npm/npm/commit/9f439da)
`spdx@0.4.1`: License range updates
([@kemitchell](https://github.com/kemitchell))
* [`2dd055b`](https://github.com/npm/npm/commit/2dd055b)
`normalize-package-data@2.2.1`: Fixes a crashing bug when the package.json
`scripts` property is not an object.
([@iarna](https://github.com/iarna))
* [`e02e85d`](https://github.com/npm/npm/commit/e02e85d)
`osenv@0.1.2`: Switches to using the `os-tmpdir` module instead of
`os.tmpdir()` for greate consistency in behavior between node versions.
([@iarna](https://github.com/iarna))
* [`a6f0265`](https://github.com/npm/npm/commit/a6f0265)
`ini@1.3.4` ([@isaacs](https://github.com/isaacs))
* [`7395977`](https://github.com/npm/npm/commit/7395977)
`rimraf@2.4.0` ([@isaacs](https://github.com/isaacs))
### v2.11.2 (2015-06-04):
Another small release this week, brought to you by the latest addition to the
CLI team, [@zkat](https://github.com/zkat) (Hi, all!)
Mostly small documentation tweaks and version updates. Oh! And `npm outdated`
is actually sorted now. Rejoice!
It's gonna be a while before we get another palindromic version number. Enjoy it
while it lasts. :3
#### QUALITY OF LIFE HAS NEVER BEEN BETTER
* [`31aada4`](https://github.com/npm/npm/commit/31aada4ccc369c0903ff7f233f464955d12c6fe2)
[#8401](https://github.com/npm/npm/issues/8401) `npm outdated` output is just
that much nicer to consume now, due to sorting by name.
([@watilde](https://github.com/watilde))
* [`458a919`](https://github.com/npm/npm/commit/458a91925d8b20c5e672ba71a86745aad654abaf)
[#8469](https://github.com/npm/npm/pull/8469) Explicitly set `cwd` for
`preversion`, `version`, and `postversion` scripts. This makes the scripts
findable relative to the root dir.
([@alexkwolfe](https://github.com/alexkwolfe))
* [`55d6d71`](https://github.com/npm/npm/commit/55d6d71562e979e745c9db88861cc39f99b9f3ec)
Ensure package name and version are included in display during `npm version`
lifecycle execution. Gets rid of those little `undefined`s in the console.
([@othiym23](https://github.com/othiym23))
#### WORDS HAVE NEVER BEEN QUITE THIS READABLE
* [`3901e49`](https://github.com/npm/npm/commit/3901e4974c800e7f9fba4a5b2ff88da1126d5ef8)
[#8462](https://github.com/npm/npm/pull/8462) English apparently requires
correspondence between indefinite articles and attached nouns.
([@Enet4](https://github.com/Enet4))
* [`5a744e4`](https://github.com/npm/npm/commit/5a744e4b143ef7b2f50c80a1d96fdae4204d452b)
[#8421](https://github.com/npm/npm/pull/8421) The effect of `npm prune`'s
`--production` flag and how to use it have been documented a bit better.
([@foiseworth](https://github.com/foiseworth))
* [`eada625`](https://github.com/npm/npm/commit/eada625993485f0a2c5324b06f02bfa0a95ce4bc)
We've updated our