v11.0.0-pre.1

11.0.0-pre.1 (2024-12-06)

⚠️ BREAKING CHANGES

• Upon publishing, in order to apply a default "latest" dist tag, the command now retrieves all prior versions of the package. It will require that the version you're trying to publish is above the latest semver version in the registry, not including pre-release tags.
• npm init now has a type prompt, and sorts the entries the created packages differently
• bun.lockb files are now included in the strict ignore list during packing

Features

• f3ac7b7 #7939 no implicit latest tag on publish when latest > version (#7939) (@reggi, @ljharb)

Bug Fixes

• e362c6d #7944 prefix: remove duplicate -g from usage output (#7944) (@wraithgar)

Documentation

• 2af31dd #7947 change certfile to cafile (#7947) (@wraithgar)
• 1be8e95 #7945 update ignore rules (@wraithgar)

Dependencies

• bc9b14d #7955 @npmcli/run-script@9.0.2
• fecfcf4 #7955 node-gyp@11.0.0
• 8905037 #7955 p-map@7.0.2
• ac8eb39 #7955 diff@7.0.0
• c0bcc2a #7955 walk-up-path@4.0.0
• d463a6f #7955 init-package-json@8.0.0
• b87ba24 #7945 @npmcli/package-json@6.1.0
• 4bf1901 #7945 @npmcli/metavuln-calculator@9.0.0
• ca84b22 #7945 pacote@21.0.0
• 4906f3d #7945 npm-packlist@10.0.0

Chores

• cfdf214 #7943 fork changelog (#7943) (@wraithgar)
• workspace: @npmcli/arborist@9.0.0-pre.1
• workspace: @npmcli/config@10.0.0-pre.1
• workspace: libnpmdiff@8.0.0-pre.1
• workspace: libnpmexec@10.0.0-pre.1
• workspace: libnpmfund@7.0.0-pre.1
• workspace: libnpmorg@8.0.0-pre.1
• workspace: libnpmpack@9.0.0-pre.1

libnpmpack: v9.0.0-pre.1

9.0.0-pre.1 (2024-12-06)

⚠️ BREAKING CHANGES

• bun.lockb files are now included in the strict ignore list during packing

Dependencies

• ca84b22 #7945 pacote@21.0.0
• workspace: @npmcli/arborist@9.0.0-pre.1

libnpmorg: v8.0.0-pre.1

8.0.0-pre.1 (2024-12-06)

⚠️ BREAKING CHANGES

• Upon publishing, in order to apply a default "latest" dist tag, the command now retrieves all prior versions of the package. It will require that the version you're trying to publish is above the latest semver version in the registry, not including pre-release tags.

Features

• f3ac7b7 #7939 no implicit latest tag on publish when latest > version (#7939) (@reggi, @ljharb)

libnpmfund: v7.0.0-pre.1

Dependencies

• workspace: @npmcli/arborist@9.0.0-pre.1

libnpmexec: v10.0.0-pre.1

10.0.0-pre.1 (2024-12-06)

⚠️ BREAKING CHANGES

• bun.lockb files are now included in the strict ignore list during packing

Dependencies

• c0bcc2a #7955 walk-up-path@4.0.0
• ca84b22 #7945 pacote@21.0.0
• workspace: @npmcli/arborist@9.0.0-pre.1

libnpmdiff: v8.0.0-pre.1

8.0.0-pre.1 (2024-12-06)

⚠️ BREAKING CHANGES

• bun.lockb files are now included in the strict ignore list during packing

Dependencies

• ac8eb39 #7955 diff@7.0.0
• c0bcc2a #7955 walk-up-path@4.0.0
• ca84b22 #7945 pacote@21.0.0
• workspace: @npmcli/arborist@9.0.0-pre.1

config: v10.0.0-pre.1

10.0.0-pre.1 (2024-12-06)

Documentation

• 2af31dd #7947 change certfile to cafile (#7947) (@wraithgar)

Dependencies

• c0bcc2a #7955 walk-up-path@4.0.0

arborist: v9.0.0-pre.1

9.0.0-pre.1 (2024-12-06)

⚠️ BREAKING CHANGES

• Upon publishing, in order to apply a default "latest" dist tag, the command now retrieves all prior versions of the package. It will require that the version you're trying to publish is above the latest semver version in the registry, not including pre-release tags.
• bun.lockb files are now included in the strict ignore list during packing

Features

• f3ac7b7 #7939 no implicit latest tag on publish when latest > version (#7939) (@reggi, @ljharb)

Dependencies

• c0bcc2a #7955 walk-up-path@4.0.0
• 4bf1901 #7945 @npmcli/metavuln-calculator@9.0.0
• ca84b22 #7945 pacote@21.0.0

v10.9.2

10.9.2 (2024-12-04)

Dependencies

• ae9345e #7959 @npmcli/run-script@9.0.2
• 39a19b3 #7959 node-gyp@11.0.0
• 93e2186 #7956 @npmcli/map-workspaces@4.0.2
• bf0ea00 #7956 @npmcli/package-json@6.1.0
• c84baa3 #7956 init-package-json@7.0.2
• e642099 #7956 node-gyp@10.3.1

v11.0.0-pre.0

11.0.0-pre.0 (2024-11-26)

⚠️ BREAKING CHANGES

• When publishing a package with a pre-release version, you must explicitly specify a tag.
• --ignore-scripts now applies to all lifecycle scripts, include prepare
• npm will no longer fall back to the old audit endpoint if the bulk advisory request fails.
• npm will no longer switch to global mode if aliased to "npmg" or "npm-g" etc.
• The npm hook command has been removed
• Attestations made by this package will no longer validate in npm versions prior to 10.6.0
• npm now supports node ^20.17.0 || >=22.9.0
• @npmcli/docs now supports node ^20.17.0 || >=22.9.0

Features

• 6995303 #7850 adds --ignore-scripts flag to pack (@reggi)

Bug Fixes

• 16b7367 #7910 publishing prerelease requires explicit tag (#7910) (@reggi)
• e19bff0 #7901 perf: enable compile cache if present (#7901) (@H4ad)
• 080a0f2 #7911 remove old audit fallback request (@wraithgar)
• 780afc5 #7855 pkg: display if any of multiple attributes exist (#7855) (@Sanderovich)
• ecd2d23 #7842 don't go into global mode if aliased to npmg (#7842) (@wraithgar)
• 62c71e5 #7835 removes npm hook command (@reggi)
• 7f541e8 #7815 make pack and exec work with git hash refs (#7815) (@milaninfy)
• 3162620 #7831 sets node engine range to ^20.17.0 || >=22.9.0 (@reggi)
• 4c8ba0a #7831 for @npmcli/docs sets node engine range to ^20.17.0 || >=22.9.0 (@reggi)
• 70cd88d #7808 view: sort and truncate dist-tags (#7808) (@wraithgar)
• 534ad77 #7795 remove unused parameters catch statements (#7795) (@btea)

Documentation

• feb54f7 #7822 package.json: add libc field (#7822) (@wraithgar)

Dependencies

• 78293ad #7937 spdx-license-ids@3.0.20
• 33cf580 #7937 promise-call-limit@3.0.2
• ef1c368 #7937 package-json-from-dist@1.0.1
• 92e6f07 #7937 npm-registry-fetch@18.0.2
• e32284a #7937 npm-install-checks@7.1.1
• 5dffd11 #7937 negotiator@0.6.4
• 69d9f01 #7937 make-fetch-happen@14.0.3
• 884bbde #7937 hosted-git-info@8.0.2
• 3c74ec0 #7937 debug@4.3.7
• f00359f #7937 cross-spawn@7.0.6
• 534bbe8 #7937 ci-info@4.1.0
• 8cbf1a7 #7937 @npmcli/promise-spawn@8.0.2
• 1bd39e7 #7937 @npmcli/map-workspaces@4.0.2
• eb6498d #7937 ansi-regex@6.1.0
• 66fc8c9 #7850 @npmcli/metavuln-calculator@8.0.1
• 7dbef6f #7850 pacote@20.0.0
• 75a3f12 #7859 remove unused deps (#7859)
• f36dc59 #7833 pacote@19.0.1
• 7ee15bb #7833 bump sigstore from 2.x to 3.0.0 (@bdehamer)

Chores

• 2d530a5 #7941 tests: account for when npm is a prerelease (#7941) (@wraithgar)
• 2c1b369 #7937 dev dependency updates (@wraithgar)
• 6edfe2f #7937 @npmcli/template-oss@4.23.5 (@wraithgar)
• 475285b #7920 clean up dependency graph repos (#7920) (@hashtagchris)
• ec57f5f #7911 fix dependencies script for circular workspace deps (@wraithgar)
• ccd8420 #7911 fix cli tests for audit fallback removal (@wraithgar)
• 720b4d8 #7833 bump @npmcli/arborist to 8.0.0 (@wraithgar)
• 286739c #7824 add creation of a DEPENDENCIES.json file (#7824) (@reggi)
• 852dd8b #7831 sets npm 11 to prerelase (@reggi)
• 95d009e #7831 update engine ^20.17.0 || >=22.9.0 in actions (@reggi)
• 5a74478 #7831 update engines ^20.17.0 || >=22.9.0 in package template (@reggi)
• workspace: @npmcli/arborist@9.0.0-pre.0
• workspace: @npmcli/config@10.0.0-pre.0
• workspace: libnpmaccess@10.0.0-pre.0
• workspace: libnpmdiff@8.0.0-pre.0
• workspace: libnpmexec@10.0.0-pre.0
• workspace: libnpmfund@7.0.0-pre.0
• workspace: libnpmorg@8.0.0-pre.0
• workspace: libnpmpack@9.0.0-pre.0
• workspace: libnpmpublish@11.0.0-pre.0
• workspace: libnpmsearch@9.0.0-pre.0
• workspace: libnpmteam@8.0.0-pre.0
• workspace: libnpmversion@8.0.0-pre.0