You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

124 KiB

v2.7.3 (2015-03-16):

HAHA WHOOPS LIL SHINKWRAP ISSUE THERE LOL

  • 1549106 #7641 Due to 448efd0, running npm shrinkwrap --dev caused production dependencies to no longer be included in npm-shrinkwrap.json. Whoopsie! (@othiym23)

v2.7.2 (2015-03-12):

NPM GASTROENTEROLOGY

  • fb0ac26 #7579 Only block removing files and links when we're sure npm isn't responsible for them. This change is hard to summarize, because if things are working correctly you should never see it, but if you want more context, just go read the commit message, which lays it all out. (@othiym23)
  • 051c473 #7552 bundledDependencies are now properly included in the installation context. This is another fantastically hard-to-summarize bug, and once again, I encourage you to read the commit message if you're curious about the details. The snappy takeaway is that this unbreaks many use cases for ember-cli. (@othiym23)

LESS DRAMATIC CHANGES

  • fcd9247 #7597 Awk varies pretty dramatically from platform to platform, so use Perl to generate the AUTHORS list instead. (@KenanY)
  • 721b17a #7598 npm install --save really isn't experimental anymore. (@RichardLitt)

DEPENDENCY REFRESH

  • a91f2c7 #7559 node-gyp@1.0.3 Switch node-gyp to use stdio instead of customFds so it stops printing a deprecation warning every time you build a native dependency. (@jeffbski)
  • 0c85db7 rimraf@2.3.2: Globbing now deals with paths containing valid glob metacharacters better. (@isaacs)
  • d14588e minimatch@2.0.4: Bug fixes. (@isaacs)
  • aa9952e graceful-fs@3.0.6: Bug fixes. (@isaacs)

v2.7.1 (2015-03-05):

GITSANITY

  • 6823807 #7121 npm install --save for Git dependencies saves the URL passed in, instead of the temporary directory used to clone the remote repo. Fixes using Git dependencies when shrinkwwapping. In the process, rewrote the Git dependency caching code. Again. No more single-letter variable names, and a much clearer workflow. (@othiym23)
  • c8258f3 #7486 When installing Git remotes, the caching code was passing in the function gitEnv instead of the results of invoking it. (@functino)
  • c618eed #2556 Make it possible to install Git dependencies when using --link by not linking just the Git dependencies. (@smikes)

WHY DID THIS TAKE SO LONG.

  • abdd040 read-package-json@1.3.2: Provide more helpful error messages when JSON parse errors are encountered by using a more forgiving JSON parser than JSON.parse. (@smikes)

BUGS & TWEAKS

  • c56cfcd #7525 npm dedupe handles scoped packages. (@KidkArolis)
  • 1b8ba74 #7531 npm stars and npm whoami will no longer send the registry the error text saying you need to log in as your username. (@othiym23)
  • 6de1e91 #6441 Prevent needless reinstalls by only updating packages when the current version isn't the same as the version returned as wanted by npm outdated. (@othiym23)
  • 2abc3ee Add npm upgrade as an alias for npm update. (@othiym23)
  • bcd4722 #7508 FreeBSD uses EAI_FAIL instead of ENOTFOUND. (@othiym23)
  • 21c1ac4 #7507 Update support URL in generic error handler to https: from http:. (@watilde)
  • b6bd99a #7492 On install, the package.json engineStrict deprecation only warns for the current package. (@othiym23)
  • 4ef1412 #7075 If you try to tag a release as a valid semver range, npm publish and npm tag will error early instead of proceeding. (@smikes)
  • ad53d0f Use rimraf in npm build script because Windows doesn't know what rm is. (@othiym23)
  • 8885c4d rimraf@2.3.1: Better Windows support. (@isaacs)
  • 8885c4d glob@4.4.2: Handle bad symlinks properly. (@isaacs)

###E TYPSO & CLARFIICATIONS

dId yuo know that submiting fxies for doc tpyos is an exclelent way to get strated contriburting to a new open-saurce porject?

v2.7.0 (2015-02-26):

SOMETIMES SEMVER MEANS "SUBJECTIVE-EMPATHETIC VERSIONING"

For a very long time (maybe forever?), the documentation for npm run-script has said that npm restart will only call npm stop and npm start when there is no command defined as npm restart in package.json. The problem with this documentation is that npm run-script was apparently never wired up to actually work this way.

Until now.

If the patch below were landed on its own, free of context, it would be a breaking change. But, since the "new" behavior is how the documentation claims this feature has always worked, I'm classifying it as a patch-level bug fix. I apologize in advance if this breaks anybody's deployment scripts, and if it turns out to be a significant regression in practice, we can revert this change and move it to npm@3, which is allowed to make breaking changes due to being a new major version of semver.

  • 2f6a1df #1999 Only run stop and start scripts (plus their pre- and post- scripts) when there's no restart script defined. This makes it easier to support graceful restarts of services managed by npm. (@watilde / @scien)

A SMALL FEATURE WITH BIG IMPLICATIONS

  • 145af65 #4887 Replace calls to the node-gyp script bundled with npm by passing the --node-gyp=/path/to/node-gyp option to npm. Swap in pangyp or a version of node-gyp modified to work better with io.js without having to touch npm's code! (@ackalker)

@WATILDE'S NPM USABILITY CORNER

Following npm@2.6.1's unexpected fix of many of the issues with npm update -g simply by making --depth=0 the default for npm outdated, friend of npm @watilde has made several modest changes to npm's behavior that together justify bumping npm's minor version, as well as making npm significantly more pleasant to use:

  • 448efd0 #2853 Add support for --dev and --prod to npm ls, so that you can list only the trees of production or development dependencies, as desired. (@watilde)
  • a0a8777 #7463 Split the list printed by npm run-script into lifecycle scripts and scripts directly invoked via npm run-script. (@watilde)
  • a5edc17 #6749 init-package-json@1.3.1: Support for passing scopes to npm init so packages are initialized as part of that scope / organization / team. (@watilde)

SMALLER FEATURES AND FIXES

It turns out that quite a few pull requests had piled up on npm's issue tracker, and they included some nice small features and fixes:

  • f33e8b8 #7354 Add --if-present flag to allow e.g. CI systems to call (semi-) standard build tasks defined in package.json, but don't raise an error if no such script is defined. (@jussi-kalliokoski)
  • 7bf85cc #4005 #6248 Globally unlink a package when npm rm / npm unlink is called with no arguments. (@isaacs)
  • a2e04bd #7294 Ensure that when depending on git+<proto> URLs, npm doesn't keep tacking additional git+ prefixes onto the front. (@twhid)
  • 0f87f5e #6422 When depending on GitHub private repositories, make sure we construct the Git URLS correctly. (@othiym23)
  • 50f461d #4595 Support finding compressed manpages. It's still up to the system to figure out how to display them, though. (@pshevtsov)
  • 44da664 #7465 When calling git, log the full command, with all arguments, on error. (@thriqon)
  • 9748d5c Add parent to error on ETARGET error. (@davglass)
  • 37038d7 #4663 Remove hackaround for Linux tests, as it's evidently no longer necessary. (@mmalecki)
  • d7b7853 #2612 Add support for path completion on npm install, which narrows completion to only directories containing package.json files. (@deestan)
  • 628fcdb Remove all command completion calls to -/short, because it's been removed from the primary registry for quite some time, and is generally a poor idea on any registry with more than a few hundred packages. (@othiym23)
  • 3f6061d #6659 Instead of removing zsh completion global, make it a local instead. (@othiym23)

DOCUMENTATION TWEAKS

  • 5bc70e6 #7417 Provide concrete examples of how the new npm update defaults work in practice, tied to actual test cases. Everyone interested in using npm update -g now that it's been fixed should read these documents, as should anyone interested in writing documentation for npm. (@smikes)
  • 8ac6f21 #6543 Clarify npm-scripts warnings to de-emphasize dangers of using install scripts. (@zeke)
  • ebe3b37 #6711 Note that git tagging of versions can be disabled via --no-git-tag-verson. (@smikes)
  • 2ef5771 #6711 Document git-tag-version configuration option. (@KenanY)
  • 95e59b2 Document that NODE_ENV=production behaves analogously to --production on npm install. (@stefaneg)
  • 687117a #7463 Document the new script grouping behavior in the man page for npm run-script. (@othiym23)
  • 536b2b6 Rescue one of the the disabled tests and make it work properly. (@smikes)

DEPENDENCY UPDATES

  • 89fc6a4 which@1.0.9: Test for being run as root, as well as the current user. (@isaacs)
  • 5d0612f glob@4.4.1: Better error message to explain why calling sync glob with a callback results in an error. (@isaacs)
  • 64b07f6 tap@0.7.1: More accurate counts of pending & skipped tests. (@rmg)
  • 8fda451 semver@4.3.1: Make official the fact that node-semver has moved from @isaacs's organization to @npm's. (@isaacs)

v2.6.1 (2015-02-19):

  • 8b98f0e #4471 npm outdated (and only npm outdated) now defaults to --depth=0. See the docs for --depth for the mildly confusing details. (@smikes)
  • aa79194 #6565 Tweak peerDependency deprecation warning to include which peer dependency on which package is going to need to change. (@othiym23)
  • 5fa067f #7171 Tweak engineStrict deprecation warning to include which package.json is using it. (@othiym23)
  • 0fe0caa glob@4.4.0: Glob patterns can now ignore matches. (@isaacs)

v2.6.0 (2015-02-12):

A LONG-AWAITED GUEST

  • 38c4825 #5068 Add new logout command, and make it do something useful on both bearer-based and basic-based authed clients. (@othiym23)
  • 4bf0f5d npm-registry-client@6.1.1: Support new logout endpoint to invalidate token for sessions. (@othiym23)

DEPRECATIONS

  • c8e08e6 #6565 Warn that peerDependency behavior is changing and add a note to the docs. (@othiym23)
  • 7c81a5f #7171 Warn that engineStrict in package.json will be going away in the next major version of npm (coming soon!) (@othiym23)

BUG FIXES & TWEAKS

  • add5890 #4668 read-package-json@1.3.1: Warn when a bin symbolic link is a dangling reference. (@nicks)
  • 4b42071 semver@4.3.0: Add functions to extract parts of the version triple, fix a typo. (@isaacs)
  • a9aff38 Use full path for man pages as the symbolic link source, instead of just the file name. (@bengl)
  • 6fd0fbd #7233 Ensure globalconfig path exists before trying to edit it. (@ljharb)
  • a0a2620 ini@1.3.3: Allow embedded, quoted equals signs in ini field names. (@isaacs)

Also typos and other documentation issues were addressed by @rutsky, @imurchie, @marcin-wosinek, @marr, @amZotti, and @karlhorky. Thank you, everyone!

v2.5.1 (2015-02-06):

This release doesn't look like much, but considerable effort went into ensuring that npm's tests will pass on io.js 1.1.0 and Node 0.11.16 / 0.12.0 on both OS X and Linux.

NOTE: there are no actual changes to npm's code in npm@2.5.1. Only test code (and the upgrade of request to the latest version) has changed.

npm-registry-mock@1.0.0:

MINOR DEPENDENCY TWEAK

  • a4c7af9 request@2.53.0: Tweaks to tunneling proxy behavior. (@nylen)

v2.5.0 (2015-01-29):

SMALL FEATURE I HAVE ALREADY USED TO MAINTAIN NPM ITSELF

  • 9d61e96 npm outdated --long now includes a column showing the type of dependency. (@watilde)

BUG FIXES & TWEAKS

npm-registry-client@6.0.7:

v2.4.1 (2015-01-23):

bridge that doesn't meet in the middle

Let's accentuate the positive: the dist-tag endpoints for npm dist-tag {add,rm,ls} are now live on the public npm registry.

  • f70272b npm-registry-client@6.0.3: Properly escape JSON tag version strings and filter _etag from CouchDB docs. (@othiym23)

v2.4.0 (2015-01-22):

REGISTRY 2: ACCESS AND DIST-TAGS

NOTE: This week's registry-2 commands are leading the implementation on registry.npmjs.org a little bit, so some of the following may not work for another week or so. Also note that npm access has documentation and subcommands that are not yet finished, because they depend on incompletely specified registry API endpoints. Things are coming together very quickly, though, so expect the missing pieces to be filled in the coming weeks.

NOT EXACTLY SELF-DEPRECATING

BUG FIX AND TINY FEATURE

v2.3.0 (2015-01-15):

REGISTRY 2: OH MY STARS! WHO AM I?

  • e662a60 The new whoami endpoint might not return a value. (@othiym23)
  • c2cccd4 npm-registry-client@5.0.0: Includes the following fine changes (@othiym23):
    • ba6b73e #92 BREAKING CHANGE: Move /whoami endpoint out of the package namespace (to /-/whoami). (@othiym23)
    • 3b174b7 #93 Registries based on token-based auth can now offer starring. (@bcoe)
    • 4701a29 Fix HTTP[S] connection keep-alive on Node 0.11 / io.js 1.0. (@fengmk2)

BETTER REGISTRY METADATA CACHING

  • 98e1e10 #6791 Add caching based on Last-Modified / If-Modified-Since headers. Includes this npm-registry-client@5.0.0 change (@lxe):
    • 07bc335 #86 Add Last-Modified / If-Modified-Since cache header handling. (@lxe)

HOW MUCH IS THAT WINDOWS IN THE DOGGY?

THRILLING BUG FIXES

v2.2.0 (2015-01-08):

v2.1.18 (2015-01-01):

v2.1.17 (2014-12-25):

merry npm xmas

Working with @phated, I discovered that npm still had some lingering race conditions around how it handles Git dependencies. The following changes were intended to remedy to these issues. Thanks to @phated for all his help getting to the bottom of these.

Other changes:

v2.1.16 (2014-12-22):

  • a4e4e33 #6987 read-installed@3.1.5: fixed a regression where a new / empty package would cause read-installed to throw. (@othiym23 / @pgilad)

v2.1.15 (2014-12-18):

v2.1.14 (2014-12-13):

v2.1.13 (2014-12-11):

  • cbb890e #6897 npm is a nice package manager that runs server-side JavaScript. (@othiym23)
  • d9043c3 #6893 Remove erroneous docs about preupdate / update / postupdate lifecycle scripts, which have never existed. (@devTristan)
  • c5df4d0 #6884 Update npmjs.org to npmjs.com in docs. (@linclark)
  • cb6ff8d #6879 npm version: Update shrinkwrap post-check. (@othiym23)
  • 2a340bd #6868 Use magic numbers instead of regexps to distinguish tarballs from other things. (@daxxog)
  • f1c8bdb #6861 npm-registry-client@4.0.5: Distinguish between error properties that are part of the response and error strings that should be returned to the user. (@disrvptor)
  • d3a1b63 #6762 Make npm outdated ignore private packages. (@KenanY)
  • 16d8542 install.sh: Drop support for node < 0.8, remove engines bits. (@isaacs)
  • b9c6046 init-package-json@1.1.3: (@terinstock) noticed that init.license configuration doesn't stick. Make sure that dashed defaults don't trump dotted parameters. (@othiym23)
  • b6d6acf which@1.0.8: No longer use graceful-fs for some reason. (@isaacs)
  • d39f673 request@2.51.0: Incorporate bug fixes. (@nylen)
  • c7ad727 columnify@1.3.2: Incorporate bug fixes. (@timoxley)

v2.1.12 (2014-12-04):

v2.1.11 (2014-11-27):

v2.1.10 (2014-11-20):

  • 756f3d4 #6735 Log "already built" messages at info, not error. (@smikes)
  • 1b7330d #6729 npm-registry-client@4.0.3: GitHub won't redirect you through an HTML page to a compressed tarball if you don't tell it you accept JSON responses. (@KenanY)
  • d9c7857 #6506 readdir-scoped-modules@1.0.1: Use graceful-fs so the whole dependency tree gets read, even in case of EMFILE. (@sakana)
  • 3a085be Grammar fix in docs. (@icylace)
  • 3f8e2ff Did you know that npm has a Code of Conduct? Add a link to it to CONTRIBUTING.md. (@isaacs)
  • 319ccf6 glob@4.2.1: Performance tuning. (@isaacs)
  • 835f046 readable-stream@1.0.33: Bug fixes. (@rvagg)
  • a34c38d request@2.48.0: Bug fixes. (@nylen)

v2.1.9 (2014-11-13):

v2.1.8 (2014-11-06):

v2.1.7 (2014-10-30):

v2.1.6 (2014-10-23):

v2.1.5 (2014-10-16):

OUTDATED DEPENDENCY CLEANUP JAMBOREE

v2.1.4 (2014-10-09):

TEST CLEANUP EXTRAVAGANZA:

v2.1.3 (2014-10-02):

BREAKING CHANGE FOR THE SQRT(i) PEOPLE ACTUALLY USING npm submodule:

  • 1e64473 rm -rf npm submodule command, which has been broken since the Carter Administration (@isaacs)

BREAKING CHANGE IF YOU ARE FOR SOME REASON STILL USING NODE 0.6 AND YOU SHOULD NOT BE DOING THAT CAN YOU NOT:

Other changes:

v2.1.2 (2014-09-29):

v2.1.1 (2014-09-26):

v2.1.0 (2014-09-25):

NEW FEATURE:

Other changes:

v2.0.2 (2014-09-19):

v2.0.1 (2014-09-18):

v2.0.0 (2014-09-12):

BREAKING CHANGES:

  • 4378a17 semver@4.0.0: prerelease versions no longer show up in ranges; ^0.x.y behaves the way it did in semver@2 rather than semver@3; docs have been reorganized for comprehensibility (@isaacs)
  • c6ddb64 npm now assumes that node is newer than 0.6 (@isaacs)

Other changes:

v1.4.28 (2014-09-12):

v2.0.0-beta.3 (2014-09-04):

v1.4.27 (2014-09-04):

v2.0.0-beta.2 (2014-08-29):

SPECIAL LABOR DAY WEEKEND RELEASE PARTY WOOO

  • ed207e8 npm-registry-client@3.1.7: Clean up auth logic and improve logging around auth decisions. Also error on trying to change a user document without writing to it. (@othiym23)
  • 66c7423 npmconf@2.0.7: support -C as an alias for --prefix (@isaacs)
  • 0dc6a07 #6059 run commands in prefix, not cwd (@isaacs)
  • 65d2179 github-url-from-username-repo@1.0.1: part 3 handle slashes in branch names (@robertkowalski)
  • e8d75d0 #6057 read-installed@3.1.1: properly handle extraneous dev dependencies of required dependencies (@othiym23)
  • 0602f70 #6064 ls: do not show deps of extraneous deps (@isaacs)

v2.0.0-beta.1 (2014-08-28):

v1.4.26 (2014-08-28):

v2.0.0-beta.0 (2014-08-21):

  • 685f8be npm-registry-client@3.1.3: Print the notification header returned by the registry, and make sure status codes are printed without gratuitous quotes around them. (@isaacs / @othiym23)
  • a8cb676 #5900 remove npm from its own engines field in package.json. None of us remember why it was there. (@timoxley)
  • 6c47201 #5752, #6013 save git URLs correctly in _resolved fields (@isaacs)
  • e4e1223 #5936 document the use of tags in package.json (@KenanY)
  • c92b8d4 #6004 manually installed scoped packages are tracked correctly (@dead-horse)
  • 21ca0aa #5945 link scoped packages correctly (@dead-horse)
  • 16bead7 #5958 ensure that file streams work in all versions of node (@dead-horse)
  • dbf0cab you can now pass quoted args to npm run-script (@bcoe)
  • 0583874 tar@1.0.1: Add test for removing an extract target immediately after unpacking. (@isaacs)
  • cdf3b04 lockfile@1.0.0: Fix incorrect interaction between wait, stale, and retries options. Part 2 of race condition leading to ENOENT (@isaacs) errors.
  • 22d72a8 fstream@1.0.2: Fix a double-finish call which can result in excess FS operations after the close event. Part 1 of race condition leading to ENOENT errors. (@isaacs)

v1.4.25 (2014-08-21):

  • 64c0ec2 npm-registry-client@2.0.6: Print the notification header returned by the registry, and make sure status codes are printed without gratuitous quotes around them. (@othiym23)
  • a8ed12b tar@1.0.1: Add test for removing an extract target immediately after unpacking. (@isaacs)
  • 70fd11d lockfile@1.0.0: Fix incorrect interaction between wait, stale, and retries options. Part 2 of race condition leading to ENOENT errors. (@isaacs)
  • 0072c4d fstream@1.0.2: Fix a double-finish call which can result in excess FS operations after the close event. Part 2 of race condition leading to ENOENT errors. (@isaacs)

v2.0.0-alpha.7 (2014-08-14):

v1.4.24 (2014-08-14):

v2.0.0-alpha.6 (2014-08-07):

BREAKING CHANGE:

  • ea547e2 Bump semver to version 3: ^0.x.y is now functionally the same as =0.x.y. (@isaacs)

Other changes:

v1.4.23 (2014-07-31):

  • 8dd11d1 update several dependencies to avoid using semvers starting with 0.

v1.4.22 (2014-07-31):

v2.0.0-alpha-5 (2014-07-22):

This release bumps up to 2.0 because of this breaking change, which could potentially affect how your package's scripts are run:

Other changes:

v1.5.0-alpha-4 (2014-07-18):

  • fall back to _auth config as default auth when using default registry (@isaacs)
  • support for 'init.version' for those who don't want to deal with semver 0.0.x oddities (@rvagg)
  • be06213 remove residual support for win log level (@aterris)

v1.5.0-alpha-3 (2014-07-17):

v1.4.21 (2014-07-14):

  • 88f51aa fix handling for 301s in npm-registry-client@2.0.3 (@Raynos)

v1.5.0-alpha-2 (2014-07-01):

v1.4.20 (2014-07-02):

v1.5.0-alpha-1 (2014-07-01):

v1.5.0-alpha-0 (2014-07-01):

v1.4.19 (2014-07-01):

v1.4.18 (2014-06-29):

v1.4.17 (2014-06-27):

  • replace escape codes with ansicolors (@othiym23)
  • Allow to build all the docs OOTB. (@GeJ)
  • Use core.longpaths on win32 git - fixes #5525 (@bmeck)
  • npmconf@1.1.2 (@isaacs)
  • Consolidate color sniffing in config/log loading process (@isaacs)
  • add verbose log when project config file is ignored (@isaacs)
  • npmconf: Float patch to remove 'scope' from config defs (@isaacs)
  • doc: npm-explore can't handle a version (@robertkowalski)
  • Add user-friendly errors for ENOSPC and EROFS. (@voodootikigod)
  • bump tar and fstream deps (@isaacs)
  • Run the npm-registry-couchapp tests along with npm tests (@isaacs)

v1.2.8000 (2014-06-17):

  • Same as v1.4.16, but with the spinner disabled, and a version number that starts with v1.2.

v1.4.16 (2014-06-17):

v1.4.15 (2014-06-10):

  • cache: atomic de-race-ified package.json writing (@isaacs)
  • fstream@0.1.26 (@isaacs)
  • graceful-fs@3.0.2 (@isaacs)
  • osenv@0.1.0 (@isaacs)
  • Only spin the spinner when we're fetching stuff (@isaacs)
  • Update osenv@0.1.0 which removes ~/tmp as possible tmp-folder (@robertkowalski)
  • ini@1.2.1 (@isaacs)
  • graceful-fs@3 (@isaacs)
  • Update glob and things depending on glob (@isaacs)
  • github-url-from-username-repo and read-package-json updates (@isaacs)
  • editor@0.1.0 (@isaacs)
  • columnify@1.1.0 (@isaacs)
  • bump ansi and associated deps (@isaacs)

v1.4.14 (2014-06-05):

  • char-spinner: update to not bork windows (@isaacs)

v1.4.13 (2014-05-23):

  • Fix npm install on a tarball. (ed3abf1, #5330, @othiym23)
  • Fix an issue with the spinner on Node 0.8. (9f00306, @isaacs)
  • Re-add npm.commands.cache.clean and npm.commands.cache.read APIs, and document npm.commands.cache.* as npm-cache(3). (e06799e, @isaacs)

v1.4.12 (2014-05-23):

  • remove normalize-package-data from top level, de-^-ify inflight dep (@isaacs)
  • Always sort saved bundleDependencies (@isaacs)
  • add inflight to bundledDependencies (@othiym23)

v1.4.11 (2014-05-22):

  • fix npm ls labeling issue
  • node-gyp@0.13.1
  • default repository to https:// instead of git://
  • addLocalTarball: Remove extraneous unpack (@isaacs)
  • Massive cache folder refactor (@othiym23 and @isaacs)
  • Busy Spinner, no http noise (@isaacs)
  • Per-project .npmrc file support (@isaacs)
  • npmconf@1.0.0, Refactor config/uid/prefix loading process (@isaacs)
  • Allow once-disallowed characters in passwords (@isaacs)
  • Send npm version as 'version' header (@isaacs)
  • fix cygwin encoding issue (Karsten Tinnefeld)
  • Allow non-github repositories with npm repo (@evanlucas)
  • Allow peer deps to be satisfied by grandparent
  • Stop optional deps moving into deps on update --save (@timoxley)
  • Ensure only matching deps update with update --save* (@timoxley)
  • Add support for prerelease, preminor, prepatch to npm version

v1.4.10 (2014-05-05):

  • Don't set referer if already set
  • fetch: Send referer and npm-session headers
  • run-script: Support --parseable and --json
  • list runnable scripts (@evanlucas)
  • Use marked instead of ronn for html docs

v1.4.9 (2014-05-01):

  • Send referer header (with any potentially private stuff redacted)
  • Fix critical typo bug in previous npm release

v1.4.8 (2014-05-01):

  • Check SHA before using files from cache
  • adduser: allow change of the saved password
  • Make npm install respect config.unicode
  • Fix lifecycle to pass Infinity for config env value
  • Don't return 0 exit code on invalid command
  • cache: Handle 404s and other HTTP errors as errors
  • Resolve ~ in path configs to env.HOME
  • Include npm version in default user-agent conf
  • npm init: Use ISC as default license, use save-prefix for deps
  • Many test and doc fixes

v1.4.7 (2014-04-15):

  • Add --save-prefix option that can be used to override the default of ^ when using npm install --save and its counterparts. (64eefdf, @thlorenz)
  • Allow --silent to silence the echoing of commands that occurs with npm run. (c95cf08, @Raynos)
  • Some speed improvements to the cache, which should improve install times. (cb94310, 3b0870f, 120f5a9, @isaacs)
  • Improve ability to retry registry requests when a subset of the registry servers are down. (4a5257d, 7686d02cb0, @isaacs)
  • Fix marking of peer dependencies as extraneous. (779b164, 6680ba6ef2, @isaacs)
  • Fix npm crashing when doing npm shrinkwrap in the presence of a package.json with no dependencies. (a9d9fa5, @kislyuk)
  • Fix error when using npm view on packages that have no versions or have been unpublished. (94df2f5, @juliangruber; 2241a09, @isaacs)

v1.4.6 (2014-03-19):

v1.4.5 (2014-03-18):

v1.4.4 (2014-02-20):

  • Add npm t as an alias for npm test (which is itself an alias for npm run test, or even npm run-script test). We like making running your tests easy. (14e650b, @isaacs)

v1.4.3 (2014-02-16):

  • Add back npm prune --production, which was removed in 1.3.24. (acc4d02, @davglass)
  • Default npm install --save and its counterparts to use the ^ version specifier, instead of ~. (0a3151c, @mikolalysenko)
  • Make npm shrinkwrap output dependencies in a sorted order, so that diffs between shrinkwrap files should be saner now. (059b2bf, @Raynos)
  • Fix npm dedupe not correctly respecting dependency constraints. (86028e9, @rafeca)
  • Fix npm ls giving spurious warnings when you used "latest" as a version specifier. (d2956400e0, @bajtos)
  • Fixed a bug where using npm link on packages without a name value could cause npm to delete itself. (401a642, @isaacs)
  • Fixed npm install ./pkg@1.2.3 to actually install the directory at pkg@1.2.3; before it would try to find version 1.2.3 of the package ./pkg in the npm registry. (46d8768, @rlidwka; see also f851b79)
  • Fix npm outdated to respect the color configuration option. (d4f6f3f, @timoxley)
  • Fix npm outdated --parseable. (9575a23, @yhpark)
  • Fix a lockfile-related errors when using certain Git URLs. (164b97e, @nigelzor)

v1.4.2 (2014-02-13):

  • Fixed an issue related to mid-publish GET requests made against the registry. (acbec48372, @isaacs)

v1.4.1 (2014-02-13):

  • Fix npm shrinkwrap forgetting to shrinkwrap dependencies that were also development dependencies. (9c575c5, @diwu1989)
  • Fixed publishing of pre-existing packages with uppercase characters in their name. (9345d3b6c3, @isaacs)

v1.4.0 (2014-02-12):

  • Remove npm publish --force. See https://github.com/npm/npmjs.org/issues/148. (@isaacs, npm/npm-registry-client@2c8dba990de6a59af6545b75cc00a6dc12777c2a)
  • Other changes to the registry client related to saved configs and couch logins. (@isaacs; npm/npm-registry-client@25e2b019a1588155e5f87d035c27e79963b75951, npm/npm-registry-client@9e41e9101b68036e0f078398785f618575f3cdde, npm/npm-registry-client@2c8dba990de6a59af6545b75cc00a6dc12777c2a)
  • Show an error to the user when doing npm update and the package.json specifies a version that does not exist. (@evanlucas, 027a33a)
  • Fix some issues with cache ownership in certain installation configurations. (@outcoldman, a132690)
  • Fix issues where GitHub shorthand dependencies user/repo were not always treated the same as full Git URLs. (@robertkowalski, 005d0b637a)

v1.3.26 (2014-02-02):

v1.3.25 (2014-01-25):

  • Remove gubblebum blocky font from documentation headers. (6940c9a, @isaacs)

v1.3.24 (2014-01-19):

  • Make the search output prettier, with nice truncated columns, and a --long option to create wrapping columns. (20439b2 and 3a6942d, @timoxley)
  • Support multiple packagenames in npm docs. (823010b, @timoxley)
  • Fix the npm adduser bug regarding "Error: default value must be string or number" again. (b9b4248, @isaacs)
  • Fix scripts entries containing whitespaces on Windows. (80282ed, @robertkowalski)
  • Fix npm update for Git URLs that have credentials in them (93fc364, @danielsantiago)
  • Fix npm install overwriting npm link-ed dependencies when they are tagged Git dependencies. (af9bbd9, @evanlucas)
  • Remove npm prune --production since it buggily removed some dependencies that were necessary for production; see #4509. Hopefully it can make its triumphant return, one day. (1101b6a, @isaacs)

Dependency updates:

v1.3.23 (2014-01-03):

  • Properly handle installations that contained a certain class of circular dependencies. (5dc93e8, @substack)

v1.3.22 (2013-12-25):

  • Fix a critical bug in npm adduser that would manifest in the error message "Error: default value must be string or number." (fba4bd2, @isaacs)
  • Allow npm bugs in the current directory to open the current package's bugs URL. (d04cf64, @evanlucas)
  • Several fixes to various error messages to include more useful or updated information. (1e6f2a7, ff46366, 8b4bb48; @rlidwka, @evanlucas)

v1.3.21 (2013-12-17):

  • Fix a critical bug that prevented publishing due to incorrect hash calculation. (4ca4a2c, @dominictarr)

v1.3.20 (2013-12-17):

  • Fixes a critical bug in v1.3.19. Thankfully, due to that bug, no one could install npm v1.3.19 :)

v1.3.19 (2013-12-16):

  • Adds atomic PUTs for publishing packages, which should result in far fewer requests and less room for replication errors on the server-side.

v1.3.18 (2013-12-16):

  • Added an --ignore-scripts option, which will prevent package.json scripts from being run. Most notably, this will work on npm install, so e.g. npm install --ignore-scripts will not run preinstall and prepublish scripts. (d7e67bf, @sqs)
  • Fixed a bug introduced in 1.3.16 that would manifest with certain cache configurations, by causing spurious errors saying "Adding a cache directory to the cache will make the world implode." (966373f, @domenic)
  • Re-fixed the multiple download of URL dependencies, whose fix was reverted in 1.3.17. (a362c3f, @spmason)

v1.3.17 (2013-12-11):

  • This release reverts 644c2ff, which avoided re-downloading URL and shinkwrap dependencies when doing npm install. You can see the in-depth reasoning in d8c907e; the problem was, that the patch changed the behavior of npm install -f to reinstall all dependencies.
  • A new version of the no-re-downloading fix has been submitted as #4303 and will hopefully be included in the next release.

v1.3.16 (2013-12-11):

  • Git URL dependencies are now updated on npm install, fixing a two-year old bug (5829ecf, @robertkowalski). Additional progress on reducing the resulting Git-related I/O is tracked as #4191, but for now, this will be a big improvement.
  • Added a --json mode to npm outdated to give a parseable output. (0b6c9b7, @yyx990803)
  • Made npm outdated much prettier and more useful. It now outputs a color-coded and easy-to-read table. (fd3017f, @quimcalpe)
  • Added the --depth option to npm outdated, so that e.g. you can do npm outdated --depth=0 to show only top-level outdated dependencies. (1d184ef, @yyx990803)
  • Added a --no-git-tag-version option to npm version, for doing the usual job of npm version minus the Git tagging. This could be useful if you need to increase the version in other related files before actually adding the tag. (59ca984, @evanlucas)
  • Made npm repo and npm docs work without any arguments, adding them to the list of npm commands that work on the package in the current directory when invoked without arguments. (bf9048e, @robertkowalski; 07600d0, @wilmoore). There are a few other commands we still want to implement this for; see #4204.
  • Pass through the GIT_SSL_NO_VERIFY environment variable to Git, if it is set; we currently do this with a few other environment variables, but we missed that one. (c625de9, @arikon)
  • Fixed npm dedupe on Windows due to incorrect path separators being used (7677de4, @mcolyer).
  • Fixed the npm help command when multiple words were searched for; it previously gave a ReferenceError. (6a28dd1, @dereckson)
  • Stopped re-downloading URL and shrinkwrap dependencies, as demonstrated in #3463 (644c2ff, @spmason). You can use the --force option to force re-download and installation of all dependencies.