deps: upgrade npm to 4.0.1
Checklist
-
make -j8 test
(UNIX), orvcbuild test nosign
(Windows) passes -
tests and/or benchmarks are included -
documentation is changed or added -
commit message follows commit guidelines
Affected core subsystem(s)
deps
Description of change
Hey y'all! #8977 (closed) was created a while back to track stuff surrounding this release, and I think it's a good decision to wait to do a minor bump later, rather than rush this release out in any way. Thanks a bunch for your patience!
As you can see, this is a semver-major bump for npm. That said, the actual impact of the release to the ecosystem is relatively small. Most certainly much smaller in impact than npm@3
was. We're still sniffing out a couple of issues and might even put together an npm@4.0.2
soon to iron that out before npm@4
becomes latest
.
THIS IS NOT A FINAL RELEASE -- as mentioned in #8977 (closed), this is a preview of npm@4
so y'all can start testing and taking a look at changes and make sure everything looks good before considering including it with official node releases.
One more note: With the release of npm@4
, we've decided to move both npm@2
and npm@3
to maintenance: that means we're unlikely to continue adding features to either of those, but will include critical patches, specially security patches, if something comes up. Regular bugfixes will not be done, as it's much better for our team to be able to focus on the latest release which we're standing behind. As far as Node Core is concerned, though, npm@2
continues what we consider to be a sort of LTS release for y'all's sake. Maintenance doesn't mean it's no longer maintained, and users should continue to have a working experience with npm@2
until node@4
leaves LTS. npm@3.10.9
, which I'll be downstreaming soon, might end up being our last npm@3
release.
So without further ado, npm@4
!
Breaking Changes
-
npm search
rewritten to stream results, and no longer supports sorting. -
npm scripts
no longer prepend the path of the node executable used to run npm before running scripts. A--scripts-prepend-node-path
option has been added to configure this behavior. (/cc @addaleax) -
prepublish
has been deprecated, replaced byprepare
. AprepublishOnly
script has been temporarily added, which will only run onnpm publish
. NOTE: This change only affects users publishing new versions of their packages and developers installing through git and local deps. Registry installs should be (mostly) unaffected by this change. -
npm outdated
exits with exit code1
if it finds any outdated packages. (/cc @watilde) -
npm tag
has been removed after a deprecation cycle. Usenpm dist-tag
. - Partial shrinkwraps are no longer supported.
npm-shrinkwrap.json
is considered a complete installation manifest except fordevDependencies
. This will affect certain projects that relied heavily on this feature, most notablyhapi
. -
devDependencies
are now included innpm-shrinkwrap.json
by default. This should make the transition tonpm@5
easier.
Other Notable Changes
- npm now sends two extra http headers to the registry (npm/npm#14129):
-
Npm-In-CI
- whether npm was run within a Continuous Integration environment. -
Npm-Scope
- the scope of the toplevel package this installation is for. For example, if you have a@node/foo
package, all dependency requests for that package will include@node
in the header, even if those dependencies themselves are not scoped or are for a different scope.
-
Changelogs
r: @Fishrock123 r: @addaleax r: @jasnell