npm 5 有了很大的进步,在几乎所有常见的情况下显著地改进了其性能,修复了很多由架构导致的旧的错误,使其更稳定和具有更好的容错性。这对于需要一致性/安全保证的用户是个好消息,新版还为 git 依赖提供了语义化支持。
重大变更:
现有的 npm 缓存将不再使用:您将不得不重新下载全部缓存的软件包。没有任何工具或意图重新使用旧的缓存 (#15666)
不要再使用大写的 npm(npm will now scold you if you capitalize its name. seriously it will fight you.)
npm will
--saveby default now。另外,除非npm-shrinkwrap.json存在,否则package-lock.json将会自动创建 (#15666)通过
user/repo#semver:^1.2.3,Git 依赖支持语义化 (#15308) (#15666) (@sankethkatta)“extremely legacy”
_tokencouchToken 已被移除 (#12986)npm install ./packages/subdirwill now create a symlink instead of a regular installation.file://path/to/tarball.tgzwill not change – only directories are symlinked. (#15900)Git dependencies with
preparescripts will have theirdevDependenciesinstalled, andnpm installrun in their directory before being packed.npm cachecommands have been rewritten and don’t really work anything like they did before. (#15666)--cache-minand--cache-maxhave been deprecated. (#15666)Running npm while offline will no longer insist on retrying network requests. npm will now immediately fall back to cache if possible, or fail. (#15666)
package locks no longer exclude
optionalDependenciesthat failed to build. This means package-lock.json and npm-shrinkwrap.json should now be cross-platform. (#15900)If you generated your package lock against registry A, and you switch to registry B, npm will now try to install the packages from registry B, instead of A. If you want to use different registries for different packages, use scope-specific registries (
npm config set @myscope:registry=https://myownregist.ry/packages/). Different registries for different unscoped packages are not supported anymore.Shrinkwrap and package-lock no longer warn and exit without saving the lockfile.
Local tarballs can now only be installed if they have a file extensions
.tar,.tar.gz, or.tgz.A new loglevel,
notice, has been added and set as default.One binary to rule them all:
./cli.jshas been removed in favor of./bin/npm-cli.js. In case you were doing something with./cli.jsitself. (#12096) (@watilde)
>>>【全民狂欢,评论有礼】5月15日-31日评论每日更新的“新闻资讯和软件更新资讯”,评论点赞数超过 20 的可登上每周更新的“源资讯”和“软件周刊”两大栏目,点赞数超过 50 的还将获得 5 活跃积分奖励和开源中国定制好礼。详情
如果默认自动添加 --save 并自动生成 package-lock.json,就基本跟yarn一样了,可以保证不同机器安装的依赖包版本一致。
当然了,安装性能和速度是否能达到尚未可知。