Skip to content

Latest commit

 

History

History
2212 lines (1950 loc) · 124 KB

CHANGELOG.md

File metadata and controls

2212 lines (1950 loc) · 124 KB
Raw

v2.7.3 (2015-03-16):

HAHA WHOOPS LIL SHINKWRAP ISSUE THERE LOL

  • 1549106 #7641 Due to 448efd0, running npm shrinkwrap --dev caused production dependencies to no longer be included in npm-shrinkwrap.json. Whoopsie! (@othiym23)

v2.7.2 (2015-03-12):

NPM GASTROENTEROLOGY

  • fb0ac26 #7579 Only block removing files and links when we're sure npm isn't responsible for them. This change is hard to summarize, because if things are working correctly you should never see it, but if you want more context, just go read the commit message, which lays it all out. (@othiym23)
  • 051c473 #7552 bundledDependencies are now properly included in the installation context. This is another fantastically hard-to-summarize bug, and once again, I encourage you to read the commit message if you're curious about the details. The snappy takeaway is that this unbreaks many use cases for ember-cli. (@othiym23)

LESS DRAMATIC CHANGES

  • fcd9247 #7597 Awk varies pretty dramatically from platform to platform, so use Perl to generate the AUTHORS list instead. (@KenanY)
  • 721b17a #7598 npm install --save really isn't experimental anymore. (@RichardLitt)

DEPENDENCY REFRESH

v2.7.1 (2015-03-05):

GITSANITY

  • 6823807 #7121 npm install --save for Git dependencies saves the URL passed in, instead of the temporary directory used to clone the remote repo. Fixes using Git dependencies when shrinkwwapping. In the process, rewrote the Git dependency caching code. Again. No more single-letter variable names, and a much clearer workflow. (@othiym23)
  • c8258f3 #7486 When installing Git remotes, the caching code was passing in the function gitEnv instead of the results of invoking it. (@functino)
  • c618eed #2556 Make it possible to install Git dependencies when using --link by not linking just the Git dependencies. (@smikes)

WHY DID THIS TAKE SO LONG.

  • abdd040 [email protected]: Provide more helpful error messages when JSON parse errors are encountered by using a more forgiving JSON parser than JSON.parse. (@smikes)

BUGS & TWEAKS

###E TYPSO & CLARFIICATIONS

dId yuo know that submiting fxies for doc tpyos is an exclelent way to get strated contriburting to a new open-saurce porject?

v2.7.0 (2015-02-26):

SOMETIMES SEMVER MEANS "SUBJECTIVE-EMPATHETIC VERSIONING"

For a very long time (maybe forever?), the documentation for npm run-script has said that npm restart will only call npm stop and npm start when there is no command defined as npm restart in package.json. The problem with this documentation is that npm run-script was apparently never wired up to actually work this way.

Until now.

If the patch below were landed on its own, free of context, it would be a breaking change. But, since the "new" behavior is how the documentation claims this feature has always worked, I'm classifying it as a patch-level bug fix. I apologize in advance if this breaks anybody's deployment scripts, and if it turns out to be a significant regression in practice, we can revert this change and move it to npm@3, which is allowed to make breaking changes due to being a new major version of semver.

  • 2f6a1df #1999 Only run stop and start scripts (plus their pre- and post- scripts) when there's no restart script defined. This makes it easier to support graceful restarts of services managed by npm. (@watilde / @scien)

A SMALL FEATURE WITH BIG IMPLICATIONS

  • 145af65 #4887 Replace calls to the node-gyp script bundled with npm by passing the --node-gyp=/path/to/node-gyp option to npm. Swap in pangyp or a version of node-gyp modified to work better with io.js without having to touch npm's code! (@ackalker)

@WATILDE'S NPM USABILITY CORNER

Following [email protected]'s unexpected fix of many of the issues with npm update -g simply by making --depth=0 the default for npm outdated, friend of npm @watilde has made several modest changes to npm's behavior that together justify bumping npm's minor version, as well as making npm significantly more pleasant to use:

  • 448efd0 #2853 Add support for --dev and --prod to npm ls, so that you can list only the trees of production or development dependencies, as desired. (@watilde)
  • a0a8777 #7463 Split the list printed by npm run-script into lifecycle scripts and scripts directly invoked via npm run-script. (@watilde)
  • a5edc17 #6749 [email protected]: Support for passing scopes to npm init so packages are initialized as part of that scope / organization / team. (@watilde)

SMALLER FEATURES AND FIXES

It turns out that quite a few pull requests had piled up on npm's issue tracker, and they included some nice small features and fixes:

  • f33e8b8 #7354 Add --if-present flag to allow e.g. CI systems to call (semi-) standard build tasks defined in package.json, but don't raise an error if no such script is defined. (@jussi-kalliokoski)
  • 7bf85cc #4005 #6248 Globally unlink a package when npm rm / npm unlink is called with no arguments. (@isaacs)
  • a2e04bd #7294 Ensure that when depending on git+<proto> URLs, npm doesn't keep tacking additional git+ prefixes onto the front. (@twhid)
  • 0f87f5e #6422 When depending on GitHub private repositories, make sure we construct the Git URLS correctly. (@othiym23)
  • 50f461d #4595 Support finding compressed manpages. It's still up to the system to figure out how to display them, though. (@pshevtsov)
  • 44da664 #7465 When calling git, log the full command, with all arguments, on error. (@thriqon)
  • 9748d5c Add parent to error on ETARGET error. (@davglass)
  • 37038d7 #4663 Remove hackaround for Linux tests, as it's evidently no longer necessary. (@mmalecki)
  • d7b7853 #2612 Add support for path completion on npm install, which narrows completion to only directories containing package.json files. (@deestan)
  • 628fcdb Remove all command completion calls to -/short, because it's been removed from the primary registry for quite some time, and is generally a poor idea on any registry with more than a few hundred packages. (@othiym23)
  • 3f6061d #6659 Instead of removing zsh completion global, make it a local instead. (@othiym23)

DOCUMENTATION TWEAKS

  • 5bc70e6 #7417 Provide concrete examples of how the new npm update defaults work in practice, tied to actual test cases. Everyone interested in using npm update -g now that it's been fixed should read these documents, as should anyone interested in writing documentation for npm. (@smikes)
  • 8ac6f21 #6543 Clarify npm-scripts warnings to de-emphasize dangers of using install scripts. (@zeke)
  • ebe3b37 #6711 Note that git tagging of versions can be disabled via --no-git-tag-verson. (@smikes)
  • 2ef5771 #6711 Document git-tag-version configuration option. (@KenanY)
  • 95e59b2 Document that NODE_ENV=production behaves analogously to --production on npm install. (@stefaneg)
  • 687117a #7463 Document the new script grouping behavior in the man page for npm run-script. (@othiym23)
  • 536b2b6 Rescue one of the the disabled tests and make it work properly. (@smikes)

DEPENDENCY UPDATES

v2.6.1 (2015-02-19):

v2.6.0 (2015-02-12):

A LONG-AWAITED GUEST

DEPRECATIONS

  • c8e08e6 #6565 Warn that peerDependency behavior is changing and add a note to the docs. (@othiym23)
  • 7c81a5f #7171 Warn that engineStrict in package.json will be going away in the next major version of npm (coming soon!) (@othiym23)

BUG FIXES & TWEAKS

Also typos and other documentation issues were addressed by @rutsky, @imurchie, @marcin-wosinek, @marr, @amZotti, and @karlhorky. Thank you, everyone!

v2.5.1 (2015-02-06):

This release doesn't look like much, but considerable effort went into ensuring that npm's tests will pass on io.js 1.1.0 and Node 0.11.16 / 0.12.0 on both OS X and Linux.

NOTE: there are no actual changes to npm's code in [email protected]. Only test code (and the upgrade of request to the latest version) has changed.

[email protected]:

MINOR DEPENDENCY TWEAK

v2.5.0 (2015-01-29):

SMALL FEATURE I HAVE ALREADY USED TO MAINTAIN NPM ITSELF

  • 9d61e96 npm outdated --long now includes a column showing the type of dependency. (@watilde)

BUG FIXES & TWEAKS

[email protected]:

v2.4.1 (2015-01-23):

bridge that doesn't meet in the middle

Let's accentuate the positive: the dist-tag endpoints for npm dist-tag {add,rm,ls} are now live on the public npm registry.

v2.4.0 (2015-01-22):

REGISTRY 2: ACCESS AND DIST-TAGS

NOTE: This week's registry-2 commands are leading the implementation on registry.npmjs.org a little bit, so some of the following may not work for another week or so. Also note that npm access has documentation and subcommands that are not yet finished, because they depend on incompletely specified registry API endpoints. Things are coming together very quickly, though, so expect the missing pieces to be filled in the coming weeks.

NOT EXACTLY SELF-DEPRECATING

BUG FIX AND TINY FEATURE

v2.3.0 (2015-01-15):

REGISTRY 2: OH MY STARS! WHO AM I?

BETTER REGISTRY METADATA CACHING

HOW MUCH IS THAT WINDOWS IN THE DOGGY?

THRILLING BUG FIXES

v2.2.0 (2015-01-08):

v2.1.18 (2015-01-01):

v2.1.17 (2014-12-25):

merry npm xmas

Working with @phated, I discovered that npm still had some lingering race conditions around how it handles Git dependencies. The following changes were intended to remedy to these issues. Thanks to @phated for all his help getting to the bottom of these.

Other changes:

v2.1.16 (2014-12-22):

v2.1.15 (2014-12-18):

v2.1.14 (2014-12-13):

v2.1.13 (2014-12-11):

v2.1.12 (2014-12-04):

v2.1.11 (2014-11-27):

v2.1.10 (2014-11-20):

v2.1.9 (2014-11-13):

v2.1.8 (2014-11-06):

v2.1.7 (2014-10-30):

v2.1.6 (2014-10-23):

v2.1.5 (2014-10-16):

OUTDATED DEPENDENCY CLEANUP JAMBOREE

v2.1.4 (2014-10-09):

TEST CLEANUP EXTRAVAGANZA:

v2.1.3 (2014-10-02):

BREAKING CHANGE FOR THE SQRT(i) PEOPLE ACTUALLY USING npm submodule:

  • 1e64473 rm -rf npm submodule command, which has been broken since the Carter Administration (@isaacs)

BREAKING CHANGE IF YOU ARE FOR SOME REASON STILL USING NODE 0.6 AND YOU SHOULD NOT BE DOING THAT CAN YOU NOT:

Other changes:

v2.1.2 (2014-09-29):

v2.1.1 (2014-09-26):

v2.1.0 (2014-09-25):

NEW FEATURE:

Other changes:

v2.0.2 (2014-09-19):

v2.0.1 (2014-09-18):

v2.0.0 (2014-09-12):

BREAKING CHANGES:

  • 4378a17 [email protected]: prerelease versions no longer show up in ranges; ^0.x.y behaves the way it did in semver@2 rather than semver@3; docs have been reorganized for comprehensibility (@isaacs)
  • c6ddb64 npm now assumes that node is newer than 0.6 (@isaacs)

Other changes:

v1.4.28 (2014-09-12):

v2.0.0-beta.3 (2014-09-04):

v1.4.27 (2014-09-04):

v2.0.0-beta.2 (2014-08-29):

SPECIAL LABOR DAY WEEKEND RELEASE PARTY WOOO

v2.0.0-beta.1 (2014-08-28):

v1.4.26 (2014-08-28):

v2.0.0-beta.0 (2014-08-21):

v1.4.25 (2014-08-21):

v2.0.0-alpha.7 (2014-08-14):

v1.4.24 (2014-08-14):

v2.0.0-alpha.6 (2014-08-07):

BREAKING CHANGE:

  • ea547e2 Bump semver to version 3: ^0.x.y is now functionally the same as =0.x.y. (@isaacs)

Other changes:

v1.4.23 (2014-07-31):

  • 8dd11d1 update several dependencies to avoid using semvers starting with 0.

v1.4.22 (2014-07-31):

v2.0.0-alpha-5 (2014-07-22):

This release bumps up to 2.0 because of this breaking change, which could potentially affect how your package's scripts are run:

Other changes:

v1.5.0-alpha-4 (2014-07-18):

  • fall back to _auth config as default auth when using default registry (@isaacs)
  • support for 'init.version' for those who don't want to deal with semver 0.0.x oddities (@rvagg)
  • be06213 remove residual support for win log level (@aterris)

v1.5.0-alpha-3 (2014-07-17):

v1.4.21 (2014-07-14):

v1.5.0-alpha-2 (2014-07-01):

v1.4.20 (2014-07-02):

v1.5.0-alpha-1 (2014-07-01):

v1.5.0-alpha-0 (2014-07-01):

v1.4.19 (2014-07-01):

v1.4.18 (2014-06-29):

v1.4.17 (2014-06-27):

  • replace escape codes with ansicolors (@othiym23)
  • Allow to build all the docs OOTB. (@GeJ)
  • Use core.longpaths on win32 git - fixes #5525 (@bmeck)
  • [email protected] (@isaacs)
  • Consolidate color sniffing in config/log loading process (@isaacs)
  • add verbose log when project config file is ignored (@isaacs)
  • npmconf: Float patch to remove 'scope' from config defs (@isaacs)
  • doc: npm-explore can't handle a version (@robertkowalski)
  • Add user-friendly errors for ENOSPC and EROFS. (@voodootikigod)
  • bump tar and fstream deps (@isaacs)
  • Run the npm-registry-couchapp tests along with npm tests (@isaacs)

v1.2.8000 (2014-06-17):

  • Same as v1.4.16, but with the spinner disabled, and a version number that starts with v1.2.

v1.4.16 (2014-06-17):

v1.4.15 (2014-06-10):

v1.4.14 (2014-06-05):

  • char-spinner: update to not bork windows (@isaacs)

v1.4.13 (2014-05-23):

  • Fix npm install on a tarball. (ed3abf1, #5330, @othiym23)
  • Fix an issue with the spinner on Node 0.8. (9f00306, @isaacs)
  • Re-add npm.commands.cache.clean and npm.commands.cache.read APIs, and document npm.commands.cache.* as npm-cache(3). (e06799e, @isaacs)

v1.4.12 (2014-05-23):

  • remove normalize-package-data from top level, de-^-ify inflight dep (@isaacs)
  • Always sort saved bundleDependencies (@isaacs)
  • add inflight to bundledDependencies (@othiym23)

v1.4.11 (2014-05-22):

  • fix npm ls labeling issue
  • [email protected]
  • default repository to https:// instead of git://
  • addLocalTarball: Remove extraneous unpack (@isaacs)
  • Massive cache folder refactor (@othiym23 and @isaacs)
  • Busy Spinner, no http noise (@isaacs)
  • Per-project .npmrc file support (@isaacs)
  • [email protected], Refactor config/uid/prefix loading process (@isaacs)
  • Allow once-disallowed characters in passwords (@isaacs)
  • Send npm version as 'version' header (@isaacs)
  • fix cygwin encoding issue (Karsten Tinnefeld)
  • Allow non-github repositories with npm repo (@evanlucas)
  • Allow peer deps to be satisfied by grandparent
  • Stop optional deps moving into deps on update --save (@timoxley)
  • Ensure only matching deps update with update --save* (@timoxley)
  • Add support for prerelease, preminor, prepatch to npm version

v1.4.10 (2014-05-05):

  • Don't set referer if already set
  • fetch: Send referer and npm-session headers
  • run-script: Support --parseable and --json
  • list runnable scripts (@evanlucas)
  • Use marked instead of ronn for html docs

v1.4.9 (2014-05-01):

  • Send referer header (with any potentially private stuff redacted)
  • Fix critical typo bug in previous npm release

v1.4.8 (2014-05-01):

  • Check SHA before using files from cache
  • adduser: allow change of the saved password
  • Make npm install respect config.unicode
  • Fix lifecycle to pass Infinity for config env value
  • Don't return 0 exit code on invalid command
  • cache: Handle 404s and other HTTP errors as errors
  • Resolve ~ in path configs to env.HOME
  • Include npm version in default user-agent conf
  • npm init: Use ISC as default license, use save-prefix for deps
  • Many test and doc fixes

v1.4.7 (2014-04-15):

v1.4.6 (2014-03-19):

v1.4.5 (2014-03-18):

v1.4.4 (2014-02-20):

  • Add npm t as an alias for npm test (which is itself an alias for npm run test, or even npm run-script test). We like making running your tests easy. (14e650b, @isaacs)

v1.4.3 (2014-02-16):

v1.4.2 (2014-02-13):

v1.4.1 (2014-02-13):

v1.4.0 (2014-02-12):

v1.3.26 (2014-02-02):

v1.3.25 (2014-01-25):

  • Remove gubblebum blocky font from documentation headers. (6940c9a, @isaacs)

v1.3.24 (2014-01-19):

  • Make the search output prettier, with nice truncated columns, and a --long option to create wrapping columns. (20439b2 and 3a6942d, @timoxley)
  • Support multiple packagenames in npm docs. (823010b, @timoxley)
  • Fix the npm adduser bug regarding "Error: default value must be string or number" again. (b9b4248, @isaacs)
  • Fix scripts entries containing whitespaces on Windows. (80282ed, @robertkowalski)
  • Fix npm update for Git URLs that have credentials in them (93fc364, @danielsantiago)
  • Fix npm install overwriting npm link-ed dependencies when they are tagged Git dependencies. (af9bbd9, @evanlucas)
  • Remove npm prune --production since it buggily removed some dependencies that were necessary for production; see #4509. Hopefully it can make its triumphant return, one day. (1101b6a, @isaacs)

Dependency updates:

v1.3.23 (2014-01-03):

  • Properly handle installations that contained a certain class of circular dependencies. (5dc93e8, @substack)

v1.3.22 (2013-12-25):

  • Fix a critical bug in npm adduser that would manifest in the error message "Error: default value must be string or number." (fba4bd2, @isaacs)
  • Allow npm bugs in the current directory to open the current package's bugs URL. (d04cf64, @evanlucas)
  • Several fixes to various error messages to include more useful or updated information. (1e6f2a7, ff46366, 8b4bb48; @rlidwka, @evanlucas)

v1.3.21 (2013-12-17):

  • Fix a critical bug that prevented publishing due to incorrect hash calculation. (4ca4a2c, @dominictarr)

v1.3.20 (2013-12-17):

  • Fixes a critical bug in v1.3.19. Thankfully, due to that bug, no one could install npm v1.3.19 :)

v1.3.19 (2013-12-16):

  • Adds atomic PUTs for publishing packages, which should result in far fewer requests and less room for replication errors on the server-side.

v1.3.18 (2013-12-16):

  • Added an --ignore-scripts option, which will prevent package.json scripts from being run. Most notably, this will work on npm install, so e.g. npm install --ignore-scripts will not run preinstall and prepublish scripts. (d7e67bf, @sqs)
  • Fixed a bug introduced in 1.3.16 that would manifest with certain cache configurations, by causing spurious errors saying "Adding a cache directory to the cache will make the world implode." (966373f, @domenic)
  • Re-fixed the multiple download of URL dependencies, whose fix was reverted in 1.3.17. (a362c3f, @spmason)

v1.3.17 (2013-12-11):

  • This release reverts 644c2ff, which avoided re-downloading URL and shinkwrap dependencies when doing npm install. You can see the in-depth reasoning in d8c907e; the problem was, that the patch changed the behavior of npm install -f to reinstall all dependencies.
  • A new version of the no-re-downloading fix has been submitted as #4303 and will hopefully be included in the next release.

v1.3.16 (2013-12-11):

  • Git URL dependencies are now updated on npm install, fixing a two-year old bug (5829ecf, @robertkowalski). Additional progress on reducing the resulting Git-related I/O is tracked as #4191, but for now, this will be a big improvement.
  • Added a --json mode to npm outdated to give a parseable output. (0b6c9b7, @yyx990803)
  • Made npm outdated much prettier and more useful. It now outputs a color-coded and easy-to-read table. (fd3017f, @quimcalpe)
  • Added the --depth option to npm outdated, so that e.g. you can do npm outdated --depth=0 to show only top-level outdated dependencies. (1d184ef, @yyx990803)
  • Added a --no-git-tag-version option to npm version, for doing the usual job of npm version minus the Git tagging. This could be useful if you need to increase the version in other related files before actually adding the tag. (59ca984, @evanlucas)
  • Made npm repo and npm docs work without any arguments, adding them to the list of npm commands that work on the package in the current directory when invoked without arguments. (bf9048e, @robertkowalski; 07600d0, @wilmoore). There are a few other commands we still want to implement this for; see #4204.
  • Pass through the GIT_SSL_NO_VERIFY environment variable to Git, if it is set; we currently do this with a few other environment variables, but we missed that one. (c625de9, @arikon)
  • Fixed npm dedupe on Windows due to incorrect path separators being used (7677de4, @mcolyer).
  • Fixed the npm help command when multiple words were searched for; it previously gave a ReferenceError. (6a28dd1, @dereckson)
  • Stopped re-downloading URL and shrinkwrap dependencies, as demonstrated in #3463 (644c2ff, @spmason). You can use the --force option to force re-download and installation of all dependencies.