1+ ### v2.14.2 (2015-08-27):
2+
3+ #### GETTING THAT PESKY ` preferGlobal ` WARNING RIGHT
4+
5+ So apparently the ` preferGlobal ` option hasn't quite been warning correctly for
6+ some time. But now it should be all better! tl;dr: if you try and install a
7+ dependency with ` preferGlobal: true ` , and it's _ not already_ in your
8+ ` package.json ` , you'll get a warning that the author would really rather you
9+ install it with ` --global ` . :)
10+
11+ * [ ` bbb25f3 ` ] ( https://github.com/npm/npm/commit/bbb25f30d582f8979168c79233a9f8f840974f90 )
12+ [ #8841 ] ( https://github.com/npm/npm/issues/8841 )
13+ [ #9409 ] ( https://github.com/npm/npm/issues/9409 ) The ` preferGlobal `
14+ warning shouldn't happen if the dependency being installed is listed in
15+ ` devDependencies ` . ([ @saper ] ( https://github.com/saper ) )
16+ * [ ` 222fcec ` ] ( https://github.com/npm/npm/commit/222fcec85ccd30d35899e5037079fb14625af4e2 )
17+ [ #9409 ] ( https://github.com/npm/npm/issues/9409 ) ` preferGlobal ` now prints a
18+ warning when there are no dependencies for the current package.
19+ ([ @zkat ] ( https://github.com/zkat ) )
20+ * [ ` 5cfed6d ` ] ( https://github.com/npm/npm/commit/5cfed6d7a1a5f2731688cfc8293b5e43a6355393 )
21+ [ #9409 ] ( https://github.com/npm/npm/issues/9409 ) Verify that
22+ ` preferGlobal ` is warning as expected (when a ` preferGlobal ` dependency is
23+ installed, but isn't listed in either ` dependencies ` or ` devDependencies ` ).
24+ ([ @zkat ] ( https://github.com/zkat ) )
25+
26+ #### BUMP +1
27+
28+ * [ ` eeafce2 ` ] ( https://github.com/npm/npm/commit/eeafce2d06883c0f51bf403415b6bc5f2647eba3 )
29+ ` validate-npm-package-license@3.0.1 ` : Include additional metadata in parsed license object,
30+ useful for license checkers. ([ @kemitchell ] ( https://github.com/kemitchell ) )
31+ * [ ` 1502a28 ` ] ( https://github.com/npm/npm/commit/1502a285f84aa548806b3eafc8889e6288e810f3 )
32+ ` normalise-package-data@2.3.2 ` : Updated to use ` validate-npm-package-license@3.0.1 ` .
33+ ([ @othiym23 ] ( https://github.com/othiym23 ) )
34+ * [ ` cbde823 ` ] ( https://github.com/npm/npm/commit/cbde8233436bf0ea62a4740869b4990322c20659 )
35+ ` init-package-json@1.9.1 ` : Add a ` silent ` option to suppress output on writing the
36+ generated ` package.json ` . Also, updated to use ` validate-npm-package-license@3.0.1 ` .
37+ ([ @zkat ] ( https://github.com/zkat ) )
38+ * [ ` 08fda46 ` ] ( https://github.com/npm/npm/commit/08fda465452b4d77f1ced8050ee3a35a77fc30a5 )
39+ ` tar@2.2.0 ` : Minor improvements. ([ @othiym23 ] ( https://github.com/othiym23 ) )
40+ * [ ` dc2f20b ` ] ( https://github.com/npm/npm/commit/dc2f20b53fff77203139c863b48da0e959df2ac9 )
41+ ` rimraf@2.4.3 ` : ` EPERM ` now triggers a delay / retry loop (since Windows throws
42+ this when things still hold a handle). ([ @isaacs ] ( https://github.com/isaacs ) )
43+ * [ ` e8acb27 ` ] ( https://github.com/npm/npm/commit/e8acb273aa67ee0394d0431650e1b2a7d09c8554 )
44+ ` read@1.0.7 ` : Fix licensing ambiguity. ([ @isaacs ] ( https://github.com/isaacs ) )
45+
46+ #### OTHER STUFF THAT'S RELEVANT
47+
48+ * [ ` 73a1ee0 ` ] ( https://github.com/npm/npm/commit/73a1ee0be90fa1928521b63f28bef83b8ffab61d )
49+ [ #9386 ] ( https://github.com/npm/npm/issues/9386 ) Include additional unignorable files in
50+ documentation.
51+ ([ @mjhasbach ] ( https://github.com/mjhasbach ) )
52+ * [ ` 0313e40 ` ] ( https://github.com/npm/npm/commit/0313e40ee0f757fce8861be590ad668c23d7be53 )
53+ [ #9396 ] ( https://github.com/npm/npm/issues/9396 ) Improve the ` EISDIR ` error
54+ message returned by npm's error-handling code to give users a better hint of
55+ what's most likely going on. Usually, error reports with this error code are
56+ about people trying to install things without a ` package.json ` .
57+ ([ @KenanY ] ( https://github.com/KenanY ) )
58+ * [ ` 2677457 ` ] ( https://github.com/npm/npm/commit/26774579c739c5951351e58263cf4d6ea3d66ec8 )
59+ [ #9360 ] ( https://github.com/npm/npm/issues/9360 ) Make it easier to run
60+ only _ some_ of npm tests with lifecycle scripts via ` npm tap test/tap/testname.js ` .
61+ ([ @iarna ] ( https://github.com/iarna ) )
62+
63+ ### v2.14.1 (2015-08-20):
64+
65+ #### SECURITY FIX
66+
67+ There are patches for two information leaks of moderate severity in ` npm@2.14.1 ` :
68+
69+ 1 . In some cases, npm was leaking sensitive credential information into the
70+ child environment when running package and lifecycle scripts. This could
71+ lead to packages being published with files (most notably ` config.gypi ` , a
72+ file created by ` node-gyp ` that is a cache of environmental information
73+ regenerated on every run) containing the bearer tokens used to authenticate
74+ users to the registry. Users with affected packages have been notified (and
75+ the affected tokens invalidated), and now npm has been modified to not
76+ upload files that could contain this information, as well as scrubbing the
77+ sensitive information out of the environment passed to child scripts.
78+ 2 . Per-package ` .npmrc ` files are used by some maintainers as a way to scope
79+ those packages to a specific registry and its credentials. This is a
80+ reasonable use case, but by default ` .npmrc ` was packed into packages,
81+ leaking those credentials. npm will no longer include ` .npmrc ` when packing
82+ tarballs.
83+
84+ If you maintain packages and believe you may be affected by either
85+ of the above scenarios (especially if you've received a security
86+ notification from npm recently), please upgrade to ` npm@2.14.1 ` as
87+ soon as possible. If you believe you may have inadvertently leaked
88+ your credentials, upgrade to ` npm@2.14.1 ` on the affected machine,
89+ and run ` npm logout ` and then ` npm login ` . Your access tokens will be
90+ invalidated, which will eliminate any risk posed by tokens inadvertently
91+ included in published packages. We apologize for the inconvenience this
92+ causes, as well as the oversight that led to the existence of this issue
93+ in the first place.
94+
95+ Huge thanks to [ @ChALkeR ] ( https://github.com/ChALkeR ) for bringing these
96+ issues to our attention, and for helping us identify affected packages
97+ and maintainers. Thanks also to the Node.js security working group for
98+ their coördination with the team in our response to this issue. We
99+ appreciate everybody's patience and understanding tremendously.
100+
101+ * [ ` b9474a8 ` ] ( https://github.com/npm/npm/commit/b9474a843ca55b7c5fac6da33989e8eb39aff8b1 )
102+ ` fstream-npm@1.0.5 ` : Stop publishing build cruft (` config.gypi ` ) and per-project
103+ ` .npmrc ` files to keep local configuration out of published packages.
104+ ([ @othiym23 ] ( https://github.com/othiym23 ) )
105+ * [ ` 13c286d ` ] ( https://github.com/npm/npm/commit/13c286dbdc3fa8fec4cb79fc4d1ee505c8a41b2e )
106+ [ #9348 ] ( https://github.com/npm/npm/issues/9348 ) Filter "private"
107+ (underscore-prefixed, even when scoped to a registry) configuration values
108+ out of child environments. ([ @othiym23 ] ( https://github.com/othiym23 ) )
109+
110+ #### BETTER WINDOWS INTEGRATION, ONE STEP AT A TIME
111+
112+ * [ ` e40e71f ` ] ( https://github.com/npm/npm/commit/e40e71f2f838a8a42392f44e3eeec04e323ab743 )
113+ [ #6412 ] ( https://github.com/npm/npm/issues/6412 ) Improve the search strategy
114+ used by the npm shims for Windows to prioritize your own local npm installs.
115+ npm has really needed this tweak for a long time, so hammer on it and let us
116+ know if you run into issues, but with luck it will Just Work.
117+ ([ @joaocgreis ] ( https://github.com/joaocgreis ) )
118+ * [ ` 204ebbb ` ] ( https://github.com/npm/npm/commit/204ebbb3e0cab696a429a878ceeb4a7e78ec2b94 )
119+ [ #8751 ] ( https://github.com/npm/npm/issues/8751 )
120+ [ #7333 ] ( https://github.com/npm/npm/issues/7333 ) Keep [ autorun
121+ scripts] ( https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx ) from
122+ interfering with npm package and lifecycle script execution on Windows by
123+ adding ` /d ` and ` /s ` when invoking ` cmd.exe ` .
124+ ([ @saper ] ( https://github.com/saper ) )
125+
126+ #### IT SEEMED LIKE AN IDEA AT THE TIME
127+
128+ * [ ` 286f3d9 ` ] ( https://github.com/npm/npm/commit/286f3d97103812f0fd84b70352addbe899e258f9 )
129+ [ #9201 ] ( https://github.com/npm/npm/pull/9201 ) For a while npm was building
130+ HTML partials for use on [ ` docs.npmjs.com ` ] ( https://docs.npmjs.com ) , but we
131+ weren't actually using them. Stop building them, which makes running the full
132+ test suite and installation process around a third faster.
133+ ([ @isaacs ] ( https://github.com/isaacs ) )
134+
135+ #### A SINGLE LONELY DEPENDENCY UPGRADE
136+
137+ * [ ` b343b95 ` ] ( https://github.com/npm/npm/commit/b343b956ef777e321e4251ddc96ec6d80827d9e2 )
138+ ` request@2.61.0 ` : Bug fixes and keep-alive tweaks.
139+ ([ @simov ] ( https://github.com/simov ) )
140+
141+ ### v2.14.0 (2015-08-13):
142+
143+ #### IT'S HERE! KINDA!
144+
145+ This release adds support for teens and orcs (err, teams and organizations) to
146+ the npm CLI! Note that the web site and registry-side features of this are
147+ still not ready for public consumption.
148+
149+ A beta should be starting in the next couple of weeks, and the features
150+ themselves will become public once all that's done. Keep an eye out for more
151+ news!
152+
153+ All of these changes were done under [ ` #9011 ` ] ( https://github.com/npm/npm/pull/9011 ) :
154+
155+ * [ ` 6424170 ` ] ( https://github.com/npm/npm/commit/6424170fc17c666a6efc090370ec691e0cab1792 )
156+ Added new ` npm team ` command and subcommands.
157+ ([ @zkat ] ( https://github.com/zkat ) )
158+ * [ ` 52220d1 ` ] ( https://github.com/npm/npm/commit/52220d146d474ec29b683bd99c06f75cbd46a9f4 )
159+ Added documentation for new ` npm team ` command.
160+ ([ @zkat ] ( https://github.com/zkat ) )
161+ * [ ` 4e66830 ` ] ( https://github.com/npm/npm/commit/4e668304850d02df8eb27a779fda76fe5de645e7 )
162+ Updated ` npm access ` to support teams and organizations.
163+ ([ @zkat ] ( https://github.com/zkat ) )
164+ * [ ` ea3eb87 ` ] ( https://github.com/npm/npm/commit/ea3eb8733d9fa09ce34106b1b19fb1a8f95844a5 )
165+ Gussied up docs for ` npm access ` with new commands.
166+ ([ @zkat ] ( https://github.com/zkat ) )
167+ * [ ` 6e0b431 ` ] ( https://github.com/npm/npm/commit/6e0b431c1de5e329c86e57d097aa88ebfedea864 )
168+ Fix up ` npm whoami ` to make the underlying API usable elsewhere.
169+ ([ @zkat ] ( https://github.com/zkat ) )
170+ * [ ` f29c931 ` ] ( https://github.com/npm/npm/commit/f29c931012ce5ccd69c29d83548f27e443bf7e62 )
171+ ` npm-registry-client@7.0.1 ` : Upgrade ` npm-registry-client ` API to support
172+ ` team ` and ` access ` calls against the registry.
173+ ([ @zkat ] ( https://github.com/zkat ) )
174+
175+ #### A FEW EXTRA VERSION BUMPS
176+
177+ * [ ` c977e12 ` ] ( https://github.com/npm/npm/commit/c977e12cbfa50c2f52fc807f5cc19ba1cc1b39bf )
178+ ` init-package-json@1.8.0 ` : Checks for some ` npm@3 ` metadata.
179+ ([ @iarna ] ( https://github.com/iarna ) )
180+ * [ ` 5c8c9e5 ` ] ( https://github.com/npm/npm/commit/5c8c9e5ae177ba7d0d298cfa42f3fc7f0271e4ec )
181+ ` columnify@1.5.2 ` : Updated some dependencies.
182+ ([ @timoxley ] ( https://github.com/timoxley ) )
183+ * [ ` 5d56742 ` ] ( https://github.com/npm/npm/commit/5d567425768b75aeab402c817a53d8b2bc60d8de )
184+ ` chownr@1.0.1 ` : Tests, docs, and minor style nits.
185+ ([ @isaacs ] ( https://github.com/isaacs ) )
186+
187+ #### ALSO A DOC FIX
188+
189+ * [ ` 846fcc7 ` ] ( https://github.com/npm/npm/commit/846fcc79b86984b109a97366b0422f995a45f8bf )
190+ [ ` #9200 ` ] ( https://github.com/npm/npm/pull/9200 ) Remove single quotes
191+ around semver range, thus making it valid semver.
192+ ([ @KenanY ] ( https://github.com/KenanY ) )
193+
194+ ### v2.13.5 (2015-08-07):
195+
196+ This is another quiet week for the ` npm@2 ` release.
197+ [ @zkat ] ( https://github.com/zkat ) has been working hard on polishing the CLI
198+ bits of the registry's new feature to support direct management of teams and
199+ organizations, and [ @iarna ] ( https://github.com/iarna ) continues to work through
200+ the list of issues blocking the general release of ` npm@3 ` , which is looking
201+ more and more solid all the time.
202+
203+ [ @othiym23 ] ( https://github.com/othiym23 ) and [ @zkat ] ( https://github.com/zkat )
204+ have also been at this week's Node.js / io.js [ collaborator
205+ summit] ( https://github.com/nodejs/summit/tree/master ) , both as facilitators and
206+ participants. This is a valuable opportunity to get some face time with other
207+ contributors and to work through a bunch of important discussions, but it does
208+ leave us feeling kind of sleepy. Running meetings is hard!
209+
210+ What does that leave for this release? A few of the more tricky bug fixes that
211+ have been sitting around for a little while now, and a couple dependency
212+ upgrades. Nothing too fancy, but most of these were contributed by developers
213+ like _ you_ , which we think is swell. Thanks!
214+
215+ #### BUG FIXES
216+
217+ * [ ` d7271b8 ` ] ( https://github.com/npm/npm/commit/d7271b8226712479cdd339bf85faf7e394923e0d )
218+ [ #4530 ] ( https://github.com/npm/npm/issues/4530 ) The bash completion script
219+ for npm no longer alters global completion behavior around word breaks.
220+ ([ @whitty ] ( https://github.com/whitty ) )
221+ * [ ` c9ce294 ` ] ( https://github.com/npm/npm/commit/c9ce29415a0a8fc610690b6e9d91b64d6e36cfcc )
222+ [ #7198 ] ( https://github.com/npm/npm/issues/7198 ) When setting up dependencies
223+ to be shared via ` npm link <package> ` , only run the lifecycle scripts during
224+ the original link, not when running ` npm link <package> ` or `npm install
225+ --link` against them. ([ @murgatroid99 ] ( https://github.com/murgatroid99 ) )
226+ * [ ` 422da66 ` ] ( https://github.com/npm/npm/commit/422da664bd3ce71313da447f170507faf5aac46a )
227+ [ #9108 ] ( https://github.com/npm/npm/issues/9108 ) Clear up minor confusion
228+ around wording in ` bundledDependencies ` section of ` package.json ` docs.
229+ ([ @derekpeterson ] ( https://github.com/derekpeterson ) )
230+ * [ ` 6b42d99 ` ] ( https://github.com/npm/npm/commit/6b42d99460885e715772d3487b1c548d2bc8a738 )
231+ [ #9146 ] ( https://github.com/npm/npm/issues/9146 ) Include scripts that run for
232+ ` preversion ` , ` version ` , and ` postversion ` in the section for lifecycle
233+ scripts rather than the generic ` npm run-script ` output.
234+ ([ @othiym23 ] ( https://github.com/othiym23 ) )
235+
236+ #### NOPE, NOT DONE WITH DEPENDENCY UPDATES
237+
238+ * [ ` 91a48bb ` ] ( https://github.com/npm/npm/commit/91a48bb5ef5a990781c86f8b69b8a32cf4fac2d9 )
239+ ` chmodr@1.0.1 ` : Ignore symbolic links when recursively changing mode, just
240+ like the Unix command. ([ @isaacs ] ( https://github.com/isaacs ) )
241+ * [ ` 4bbc86e ` ] ( https://github.com/npm/npm/commit/4bbc86e3825e2eee9a8758ba26bdea0cb6a2581e )
242+ ` nock@2.10.0 ` ([ @pgte ] ( https://github.com/pgte ) )
243+
244+ ### v2.13.4 (2015-07-30):
245+
246+ #### JULY ENDS ON A FAIRLY QUIET NOTE
247+
248+ Hey everyone! I hope you've had a great week. We're having a fairly small
249+ release this week while we wrap up Teams and Orgs (or, as we've taken to calling
250+ it internally, _ Teens and Orcs_ ).
251+
252+ In other exciting news, a bunch of us are gonna be at the [ Node.js Collaborator
253+ Summit] ( https://github.com/nodejs/summit/issues/1 ) , and you can also find us at
254+ [ wafflejs] ( https://wafflejs.com/ ) on Wednesday. Hopefully we'll be seeing some
255+ of you there. :)
256+
257+ #### THE PATCH!!!
258+
259+ So here it is. The patch. Hope it helps. (Thanks,
260+ [ @ktarplee ] ( https://github.com/ktarplee ) !)
261+
262+ * [ ` 2e58c48 ` ] ( https://github.com/npm/npm/commit/2e58c4819e3cafe4ae23ab7f4a520fe09258cfd7 )
263+ [ #9033 ] ( https://github.com/npm/npm/pull/9033 ) ` npm version ` now works on git
264+ submodules
265+ ([ @ktarplee ] ( https://github.com/ktarplee ) )
266+
267+ #### OH AND THERE'S A DEV DEPENDENCIES UPDATE
268+
269+ Hooray.
270+
271+ * [ ` d204683 ` ] ( https://github.com/npm/npm/commit/d2046839d471322e61e3ceb0f00e78e5c481f967 )
272+ nock@2.9.1
273+ ([ @pgte ] ( https://github.com/pgte ) )
274+
1275### v2.13.3 (2015-07-23):
2276
3277#### I'M SAVING THE GOOD JOKES FOR MORE INTERESTING RELEASES
@@ -29,12 +303,10 @@ There's a couple of doc updates! The last one might be interesting.
29303 settings.
30304 ([ @SimenB ] ( https://github.com/SimenB ) )
31305* [ ` cf09e75 ` ] ( https://github.com/npm/npm/commit/cf09e754931739af32647d667b671e72a4c79081 )
32-
33306 [ #9022 ] ( https://github.com/npm/npm/issues/9022 ) Document the ` "access" ` field
34307 in ` "publishConfig" ` . Did you know you don't need to use ` --access=public `
35308 when publishing scoped packages?! Just put it in your ` package.json ` !
36309 Go refresh yourself on scopes packages by [ checking our docs] ( https://docs.npmjs.com/getting-started/scoped-packages ) on them.
37-
38310 ([ @boennemann ] ( https://github.com/boennemann ) )
39311* [ ` bfd73da ` ] ( https://github.com/npm/npm/commit/bfd73da33349cc2afb8278953b2ae16ea95023de )
40312 [ #9013 ] ( https://github.com/npm/npm/issues/9013 ) fixed typo in changelog
0 commit comments