2022-12-14, Version 19.3.0 (Current), @targos
Notable Changes
Updated npm to 9.2.0
Based on the list of guidelines we've established on integrating npm
and node
,
here is a grouped list of the breaking changes with the reasoning as to why they
fit within the guidelines linked above. Note that all the breaking changes were
made in 9.0.0.
All subsequent minor and patch releases after npm@9.0.0
do not contain any
breaking changes.
Engines
Explanation: the node engines supported by
npm@9
make it safe to allownpm@9
as the default in any LTS version of14
or16
, as well as anything later than or including18.0.0
npm
is now compatible with the following semver range for node:^14.17.0 || ^16.13.0 || >=18.0.0
Filesystem
Explanation: when run as root previous versions of npm attempted to manage file ownership automatically on the user's behalf. this behavior was problematic in many cases and has been removed in favor of allowing users to manage their own filesystem permissions
npm
will no longer attempt to modify ownership of files it creates.
Auth
Explanation: any errors thrown from users having unsupported auth configurations will show
npm config fix
in the remediation instructions, which will allow the user to automatically have their auth config fixed.
- The presence of auth related settings that are not scoped to a specific
registry found in a config file is no longer supported and will throw errors.
Login
Explanation: the default
auth-type
has changed and users can opt back into the old behavior withnpm config set auth-type=legacy
.login
andadduser
have also been seperated making each command more closely match it's name instead of being aliases for each other.
- Legacy auth types
sso
,saml
&legacy
have been consolidated into"legacy"
. auth-type
defaults to"web"
login
andadduser
are now separate commands that send different data to the registry.auth-type
config valuesweb
andlegacy
only try their respective methods,
npm no longer tries them all and waits to see which one doesn't fail.
Tarball Packing
Explanation: previously using multiple ignore/allow lists when packing was an undefined behavior, and now the order of operations is strictly defined when packing a tarball making it easier to follow and should only affect users relying on the previously undefined behavior.
npm pack
now follows a strict order of operations when applying ignore rules.
If afiles
array is present in thepackage.json
, then rules in.gitignore
and.npmignore
files from the root will be ignored.
Display/Debug/Timing Info
Explanation: these changes center around the display of information to the terminal including timing and debug log info. We do not anticipate these changes breaking any existing workflows.
- Links generated from git urls will now use
HEAD
instead ofmaster
as the default ref. timing
has been removed as a value for--loglevel
.--timing
will show timing information regardless of--loglevel
, except when--silent
.- When run with the
--timing
flag,npm
now writes timing data to a file
alongside the debug log data, respecting thelogs-dir
option and falling
back to<CACHE>/_logs/
dir, instead of directly inside the cache directory. - The timing file data is no longer newline delimited JSON, and instead each run
will create a uniquely named<ID>-timing.json
file, with the<ID>
portion
being the same as the debug log. npm
now outputs some json errors on stdout. Previouslynpm
would output
all json formatted errors on stderr, making it difficult to parse as the
stderr stream usually has logs already written to it.
Config/Command Deprecations or Removals
Explanation:
install-links
is the only config or command in the list that has an effect on package installs. We fixed a number of issues that came up during prereleases with this change. It will also only be applied to new package trees created without a package-lock.json file. Any install with an existing lock file will not be changed.
- Deprecate boolean install flags in favor of
--install-strategy
. npm config set
will no longer accept deprecated or invalid config options.install-links
config defaults to"true"
.node-version
config has been removed.npm-version
config has been removed.npm access
subcommands have been renamed.npm birthday
has been removed.npm set-script
has been removed.npm bin
has been removed (usenpx
ornpm exec
to execute binaries).
Other notable changes
- [
03db415540
] - build: disable v8 snapshot compression by default (Joyee Cheung) #45716 - [
9f51b9e50d
] - doc: add doc-only deprecation for headers/trailers setters (Rich Trott) #45697 - [
b010820c4e
] - doc: add Rafael Gonzaga to the TSC (Michael Dawson) #45691 - [
b8b13dccd9
] - (SEMVER-MINOR) net: add autoSelectFamily and autoSelectFamilyAttemptTimeout options (Paolo Insogna) #44731 - [
5d7cd363ab
] - (SEMVER-MINOR) src: add uvwasi version (Jithil P Ponnan) #45639 - [
4165dcddf0
] - (SEMVER-MINOR) test_runner: add t.after() hook (Colin Ihrig) #45792 - [
d1bd7796ad
] - (SEMVER-MINOR) test_runner: don't use a symbol for runHook() (Colin Ihrig) #45792 - [
691f58e76c
] - tls: remove trustcor root ca certificates (Ben Noordhuis) #45776
Commits
- [
382efdf460
] - benchmark: add variety of inputs to text-encoder (Yagiz Nizipli) #45787 - [
102c2dc071
] - benchmark: make benchmarks runnable in older versions of Node.js (Joyee Cheung) #45746 - [
e2caf7ced9
] - bootstrap: lazy load non-essential modules (Joyee Cheung) #45659 - [
49840d443c
] - buffer: remove unnecessary lazy loading (Antoine du Hamel) #45807 - [
17847683dc
] - buffer: make decodeUTF8 params loose (Yagiz Nizipli) #45610 - [
03db415540
] - build: disable v8 snapshot compression by default (Joyee Cheung) #45716 - [
95a23e24f3
] - build: add python 3.11 support for android (Mohammed Keyvanzadeh) #45765 - [
09bc89daba
] - build: rework gyp files for zlib (Richard Lau) #45589 - [
b5b56b6b45
] - crypto: simplify lazy loading of internal modules (Antoine du Hamel) #45809 - [
2e4d37e3f0
] - crypto: fix CipherBase Update int32 overflow (Marco Ippolito) #45769 - [
573eab9235
] - crypto: refactor ArrayBuffer to bigint conversion utils (Antoine du Hamel) #45567 - [
845f805490
] - crypto: refactor verify acceptable key usage functions (Filip Skokan) #45569 - [
7cc9998737
] - crypto: fix ECDH webcrypto public CryptoKey usages (Filip Skokan) #45569 - [
d030963f37
] - crypto: validate CFRG webcrypto JWK import "d" and "x" are a pair (Filip Skokan) #45569 - [
9cd106efdc
] - crypto: use DataError for CFRG webcrypto raw and jwk import key checks (Filip Skokan) #45569 - [
9e2e3de6ce
] - crypto: use DataError for webcrypto keyData import failures (Filip Skokan) #45569 - [
40037b4e79
] - crypto: fix X25519 and X448 webcrypto public CryptoKey usages (Filip Skokan) #45569 - [
de2b6b97b9
] - crypto: ensure "x" is present when importing private CFRG webcrypto keys (Filip Skokan) #45569 - [
75dbce9a07
] - deps: upgrade npm to 9.2.0 (npm team) #45780 - [
677eb62bf2
] - deps: upgrade npm to 9.1.3 (npm team) #45693 - [
1d823a6d30
] - Revert "deps: fix zlib compilation for CPUs without SIMD features" (Luigi Pinca) #45589 - [
6b15994597
] - deps: update undici to 5.13.0 (Node.js GitHub Bot) #45634 - [
fbd2d27789
] - deps: update corepack to 0.15.2 (Node.js GitHub Bot) #45635 - [
60c9ac5178
] - deps: update nghttp2 to 1.51.0 (Yagiz Nizipli) #45537 - [
c8421204b0
] - deps: patch V8 to 10.8.168.21 (Michaël Zasso) #45749 - [
c5277417c9
] - diagnostics_channel: fix diagnostics channel memory leak (theanarkh) #45633 - [
8a90f5c784
] - doc: buffer.fill empty value (Marco Ippolito) #45794 - [
9d6af617ea
] - doc: add args of filter option of fs.cp (MURAKAMI Masahiko) #45739 - [
8c728d2f02
] - doc: disambiguatenative module
toaddon
(Daeyeon Jeong) #45673 - [
7718ff82a4
] - doc: using console.error for error cases in crypto and events (emirgoren) #45640 - [
029060e6e4
] - doc: fix actual result of example is different in events (Deokjin Kim) #45656 - [
9f51b9e50d
] - doc: add doc-only deprecation for headers/trailers setters (Rich Trott) #45697 - [
801fe30488
] - doc: add detail on how api docs are published (Michael Dawson) #45626 - [
e124e2a6ee
] - doc: use console.error for error case in child_process and dgram (Deokjin Kim) #45690 - [
1b920287b6
] - doc: move streaming instruc to doc/contributing (Michael Dawson) #45582 - [
b010820c4e
] - doc: add Rafael to the tsc (Michael Dawson) #45691 - [
4fb7cf88e2
] - doc: add missing line in debugger (Deokjin Kim) #45632 - [
c0df265fea
] - doc: fix actual result of example is different in stream (Deokjin Kim) #45619 - [
027e738064
] - doc: addoptions
parameter to eventTarget.removeEventListener (Deokjin Kim) #45667 - [
23ff5057b2
] - doc: define "react-native" community condition (Alex Hunt) #45367 - [
2e767bf18b
] - doc: move os.machine() docs to sorted position (Colin Ihrig) #45647 - [
aabfdef861
] - doc: use console.error for error case in fs, https, net and process (Deokjin Kim) #45606 - [
3a02d50d35
] - doc: add link to doc with social processes (Michael Dawson) #45584 - [
e4316124fa
] - fs: fixnonNativeWatcher
watching folder with existing files (Moshe Atlow) #45500 - [
d272faa54d
] - fs: fixnonNativeWatcher
leak ofStatWatchers
(Moshe Atlow) #45501 - [
d64e773168
] - http: makeOutgoingMessage
more streamlike (Robert Nagy) #45672 - [
ed8ae88f30
] - lib: remove unnecessary lazy loading ininternal/encoding
(Antoine du Hamel) #45810 - [
302c5240c5
] - lib: allow Writeable.toWeb() to work on http.Outgoing message (Debadree Chatterjee) #45642 - [
e8745083b9
] - lib: check number of arguments inEventTarget
's function (Deokjin Kim) #45668 - [
9f7bb5ce0e
] - lib: disambiguatenative module
tobinding
(Daeyeon Jeong) #45673 - [
353339a552
] - lib: disambiguatenative module
tobuiltin module
(Daeyeon Jeong) #45673 - [
99410efd19
] - lib: added SuiteContext class (Debadree Chatterjee) #45687 - [
a79f37a0a7
] - lib: add missing type of removeEventListener in question (Deokjin Kim) #45676 - [
e0750467e8
] - meta: update AUTHORS (Node.js GitHub Bot) #45814 - [
376f3468b9
] - meta: update AUTHORS (Node.js GitHub Bot) #45732 - [
a6e2cf2d6f
] - meta: add .mailmap entry for Stefan Stojanovic (Rich Trott) #45703 - [
eb9a383d2a
] - meta: update AUTHORS info for nstepien (Nicolas Stepien) #45692 - [
049ef342c6
] - meta: update AUTHORS (Node.js GitHub Bot) #45637 - [
b9c2fc7623
] - net: checkautoSelectFamilyAttemptTimeout
is positive (Deokjin Kim) #45740 - [
b8b13dccd9
] - (SEMVER-MINOR) net: add autoSelectFamily and autoSelectFamilyAttemptTimeout options (Paolo Insogna) #44731 - [
6962ef0df1
] - readline: improve robustness against prototype mutation (Antoine du Hamel) #45614 - [
7892e23e68
] - repl: do not definewasi
on global with no flag (Kohei Ueno) #45595 - [
349b4f8817
] - src: add internal isArrayBufferDetached (Yagiz Nizipli) #45568 - [
5d7cd363ab
] - (SEMVER-MINOR) src: add uvwasi version (Jithil P Ponnan) #45639 - [
8a03684018
] - src: simplify NodeBIO::GetMethod initialization (Anna Henningsen) #45799 - [
b35ebebc0e
] - src: make structuredClone work for process.env (Ben Noordhuis) #45698 - [
81ab54035f
] - src: mark generatedsnapshot_data
asconst
(Anna Henningsen) #45786 - [
79edf257bb
] - src: cleanup on disambiguating native modules (Michael Dawson) #45665 - [
c9cba2e873
] - src: useenum class
instead ofenum
in node_i18n (Deokjin Kim) #45646 - [
818028caba
] - src: rename internal module declaration as internal bindings (Chengzhong Wu) #45551 - [
2fbe2f9f0a
] - src,lib: group properties used as constants fromutil
binding (Daeyeon Jeong) #45539 - [
56eee72abb
] - stream: use structuredClone instead of v8 (Yagiz Nizipli) #45611 - [
b297dd5393
] - test: remove flaky parallel/test-process-wrap test (Ben Noordhuis) #45806 - [
924f6ab3a1
] - test: order list alphabetically intest-bootstrap-modules
(Antoine du Hamel) #45808 - [
5c4475dab9
] - test: fix invalid output TAP if there newline in test name (Pulkit Gupta) #45742 - [
4c51c5c97a
] - test: fix -Wunused-variable on report-fatalerror (Santiago Gimeno) #45747 - [
764725040c
] - test: fix test-watch-mode (Stefan Stojanovic) #45585 - [
cd36250fcb
] - test: fix test-watch-mode-inspect (Stefan Stojanovic) #45586 - [
b55bd6e8c1
] - test: fix typos in test/parallel (Deokjin Kim) #45583 - [
358e2fe217
] - test,crypto: update WebCryptoAPI WPT (Filip Skokan) #45569 - [
424419c2b4
] - test_runner: refactortap_lexer
to use more primordials (Antoine du Hamel) #45744 - [
ffc0f3d7be
] - test_runner: refactortap_parser
to use more primordials (Antoine du Hamel) #45745 - [
4165dcddf0
] - (SEMVER-MINOR) test_runner: add t.after() hook (Colin Ihrig) #45792 - [
d1bd7796ad
] - (SEMVER-MINOR) test_runner: don't use a symbol for runHook() (Colin Ihrig) #45792 - [
6bc7b7e6f4
] - test_runner: add resetCalls to MockFunctionContext (MURAKAMI Masahiko) #45710 - [
3e485365ec
] - test_runner: don't parse TAP from stderr (Colin Ihrig) #45618 - [
efc44567c9
] - test_runner: add getter and setter to MockTracker (MURAKAMI Masahiko) #45506 - [
c9cbd1d396
] - test_runner: remove stdout and stderr from error (Colin Ihrig) #45592 - [
691f58e76c
] - tls: remove trustcor root ca certificates (Ben Noordhuis) #45776 - [
d384b73f76
] - tools: update lint-md-dependencies (Node.js GitHub Bot) #45730 - [
324ae3d5dd
] - tools: add GitHub token permissions to label flaky-test issues (Gabriela Gutierrez) #45308 - [
418ae9be56
] - tools: remove dependency vulnerability checker (Facundo Tuesca) #45675 - [
238fc64c38
] - tools: update lint-md-dependencies to rollup@3.4.0 (Node.js GitHub Bot) #45638 - [
1b98f17876
] - tools: update doc to highlight.js@11.7.0 (Node.js GitHub Bot) #45636 - [
470384e7be
] - util: use private symbols in JS land directly (Joyee Cheung) #45379 - [
cee6f382d8
] - watch: add CLI flag to preserve output (Debadree Chatterjee) #45717