npm v6.0.1-next.0 已发布,虽然这是一个预发行版,但依然公布了不少重要的改动,具体如下:
CTRL-C OUT DURING PACKAGE EXTRACTION AS MUCH AS YOU WANT!
b267bbbb9
npm/lockfile#29lockfile@1.0.4
: Switches tosignal-exit
to detect abnormal exits and remove locks. (@Redsandro)
SHRONKWRAPS AND LACKFILES
If a published modules had legacy npm-shrinkwrap.json
we were saving ordinary registry dependencies (name@version
) to your package-lock.json
as https://
URLs instead of versions.
89102c0d9
When saving the lock-file compute how the dependency is being required instead of using_resolved
in thepackage.json
. This fixes the bug that was converting registry dependencies intohttps://
dependencies. (@iarna)676f1239a
When encountering ahttps://
URL in our lockfiles that point at our default registry, extract the version and use them as registry dependencies. This lets us healpackage-lock.json
files produced by 6.0.0 (@iarna)
AUDIT AUDIT EVERYWHERE
You can't use it quite yet, but we do have a few last moment patches to npm audit
to make it even better when it is turned on!
b2e4f48f5
Make sure we hide stream errors on background audit submissions. Previously some classes of error could end up being displayed (harmlessly) during installs. (@iarna)1fe0c7fea
Include session and scope in requests (as we do in other requests to the registry). (@iarna)d04656461
Exit with non-zero status when vulnerabilities are found. So you can havenpm audit
as a test or prepublish step! (@iarna)fcdbcbacc
Verify lockfile integrity before running. You'd get an error either way, but this way it's faster and can give you more concrete instructions on how to fix it. (@iarna)2ac8edd42
Refuse to run in global mode. Audits require a lockfile and globals don't have one. Yet. (@iarna)
DOCUMENTATION IMPROVEMENTS
b7fca1084
#20407 Update the lock-file spec doc to mention that we now generate the from field forgit
-type dependencies. (@watilde)7a6555e61
#20408 Describe what the colors in outdated mean. (@teameh)
详情请查看发布主页:https://github.com/npm/npm/releases/tag/v6.0.1-next.0
暂无更多评论