v9.0.0
9.0.0 (2022-10-19)
⚠️ BREAKING CHANGES
npm
is now compatible with the following semver range for node:^14.17.0 || ^16.13.0 || >=18.0.0
npm
will no longer attempt to modify ownership of files it creates- the presence of auth related settings that are not scoped to a specific registry found in a config file is no longer supported and will throw errors
login
,adduser
, andauth-type
changes- legacy auth types
sso
,saml
&legacy
have been consolidated into"legacy"
auth-type
defaults to"web"
login
andadduser
are now separate commands that send different data to
the registry.auth-type
config valuesweb
andlegacy
only try
their respective methods, npm no longer tries them all and waits to see
which one doesn't fail.
- legacy auth types
npm pack
now follows a strict order of operations when applying ignore rules. If afiles
array is present in thepackage.json
, then rules in.gitignore
and.npmignore
files from the root will be ignored.- links generated from git urls will now use
HEAD
instead ofmaster
as the default ref timing
andloglevel
changestiming
has been removed as a value for--loglevel
--timing
will show timing information regardless of
--loglevel
, except when--silent
--timing
file changes:- When run with the
--timing
flag,npm
now writes timing data to a
file alongside the debug log data, respecting thelogs-dir
option and
falling back to<CACHE>/_logs/
dir, instead of directly inside the
cache directory. - The timing file data is no longer newline delimited JSON, and instead
each run will create a uniquely named<ID>-timing.json
file, with the
<ID>
portion being the same as the debug log. - Finally, the data inside the file now has three top level keys,
metadata
,timers
, andunfinishedTimers
instead of everything being
a top level key.
- When run with the
npm
now outputs some json errors on stdout. Previouslynpm
would output all json formatted errors on stderr, making it difficult to parse as the stderr stream usually has logs already written to it. In the future,npm
will differentiate between errors and crashes. Errors, such asE404
andERESOLVE
, will be handled and will continue to be output on stdout. In the case of a crash,npm
will log the error as usual but will not attempt to display it as json, even in--json
mode. Moving a case from the category of an error to a crash will not be considered a breaking change. For more information see npm/rfcs#482.- deprecate boolean install flags in favor of
--install-strategy
- deprecate
--global-style
,--global
now sets--install-strategy=shallow
- deprecate
--legacy-bundling
, now sets--install-strategy=nested
- deprecate
npm config set
will no longer accept deprecated or invalid config optionsinstall-links
config defaults to"true"
node-version
config has been removednpm-version
config has been removednpm access
subcommands have been renamednpm birthday
has been removednpm set-script
has been removednpm bin
has been removed (usenpx
ornpm exec
to execute binaries)
Features
a09e19d
#5696 introduce thenpm config fix
command (@nlf)d2963c6
explicitly validate config within the cli (@nlf)a5fec08
rewrite: docs generation (@lukekarrys)9609e9e
#5605 use v3 lockfiles by default (@fritzy)3ae796d
implement newnpm-packlist
behavior (@lukekarrys)e64d69a
#5581 write eresolve error files to the logs directory (@lukekarrys)3445da0
timings are now written alongside debug log files (@lukekarrys)66ed584
#5551 defaultauth-type
to"web"
(@wraithgar)6ee5b32
query: displayqueryContext
in results (@nlf)314311c
#5550 separatelogin
/adduser
& remove unnecessary auth types (@wraithgar)9c32c6c
rewrite:npm access
(@wraithgar)854521b
rewrite:libnpmaccess
(@wraithgar)e95017a
#5485 feat(workspaces): update supported node engines inpackage.json
(@lukekarrys)de2d33f
add--install-strategy=hoisted|nested|shallow
, deprecate--global-style
,--legacy-bundling
(#5709) (@fritzy)49bbb2f
#5455 removenpm birthday
(@wraithgar)926f0ad
#5456 removenpm set-script
(@wraithgar)2a8c2fc
#5458 defaultinstall-links
to"true"
(@wraithgar)2e92800
#5459 removenpm bin
(@wraithgar)457d388
#5475 update supported node engines in package.json (@wraithgar)46d038f
#5716 output json formatted errors onstdout
(@lukekarrys)0a69db4
#5719 refuse to set deprecated/invalid config (@wraithgar)6e4961f
separate configs for--timing
and--loglevel
(@lukekarrys)6a27a7b
#5712 deprecatedkey
,cert
config options and updated registry scoped auth docs (@fritzy)
Bug Fixes
c3d7549
add tag to publish log message (@wraithgar)a35c784
#5691 config: removenode-version
andnpm-version
(@wraithgar)e4e8ae2
libnpmpack: obeyforegroundScripts
(@winterqt)07fabc9
#5633npm link
should override--install-links
(@fritzy)02fcbb6
#5634 ensureArborist
constructor gets passed around everywhere forpacote
(@nlf)0d90a01
#5480 audit: add a condition to allow third-party registries returning E400 (@juanheyns, Juan Heyns)41481f8
#5475 attempt more graceful failure in older node versions (@wraithgar)fc82298
#5295npm hook ls
duplicates hook name prefixes (@gennadiygashev)3f1fcf0
account for newnpm-package-arg
behavior (@wraithgar)353b5bb
#5710 removechownr
andmkdirp-infer-owner
(@nlf)
Documentation
285b39f
#5324 add documentation for expanded:semver
selector (@nlf)fd0eebe
update registry docs header (@hughlilly)542efdb
updatefolders
page for modern npm (@shalvah)f37caad
#5606 accurately describeinstall-links
effect on relative paths (@lukekarrys)130bc9f
#5626 remove circular reference (#5626) (@giovanniPepi)f0e7584
#5601 update docs/logging for new--access
default (@wraithgar)2d756cb
#5527 add instruction to query objects withnpm view
(@moonith)8743366
#5519 add hash to "tag" config link (@mrienstra, @lukekarrys)5645c51
#5521 link mentions of config parameters (@mrienstra)19762b4
#5529 modify misleading doc about bins (@Hafizur046)19762b4
#5529 modify misleading doc about package.json:bin (@Hafizur046)8402fd8
#5547 add:outdated
pseudo selector to docs (@nlf)
Dependencies
df77a1f
#5707 Update Major Versions of Dependencies
Updated:
@npmcli/config@6.0.1
@npmcli/disparity-colors@3.0.0
@npmcli/git@4.0.1
@npmcli/installed-package-contents@2.0.0
@npmcli/map-workspaces@3.0.0
@npmcli/metavuln-calculator@5.0.0
@npmcli/move-file@3.0.0
@npmcli/node-gyp@3.0.0
@npmcli/package-json@3.0.0
@npmcli/promise-spawn@4.0.0
@npmcli/query@3.0.0
@npmcli/run-script@5.0.0
bin-links@4.0.1
cacache@17.0.1
ignore-walk@6.0.0
init-package-json@4.0.1
json-parse-even-better-errors@3.0.0
make-fetch-happen@11.0.1
normalize-package-data@5.0.0
npm-audit-report@4.0.0
npm-install-checks@6.0.0
npm-packlist@7.0.1
npm-pick-manifest@8.0.1
npm-profile@7.0.1
npm-registry-fetch@14.0.2
npmlog@7.0.0
pacote@15.0.1
parse-conflict-json@3.0.0
proc-log@3.0.0
read-package-json-fast@3.0.1
read-package-json@6.0.0
ssri@10.0.0
treeverse@3.0.0
validate-npm-package-name@5.0.0
write-file-atomic@5.0.0
Removed:
@npmcli/fs