npm v6.0.1-next.0 已发布,虽然这是一个预发行版,但依然公布了不少重要的改动,具体如下:
CTRL-C OUT DURING PACKAGE EXTRACTION AS MUCH AS YOU WANT!
b267bbbb9npm/lockfile#29[email protected]: Switches tosignal-exitto detect abnormal exits and remove locks. (@Redsandro)
SHRONKWRAPS AND LACKFILES
If a published modules had legacy npm-shrinkwrap.json we were saving ordinary registry dependencies (name@version) to your package-lock.json as https:// URLs instead of versions.
89102c0d9When saving the lock-file compute how the dependency is being required instead of using_resolvedin thepackage.json. This fixes the bug that was converting registry dependencies intohttps://dependencies. (@iarna)676f1239aWhen encountering ahttps://URL in our lockfiles that point at our default registry, extract the version and use them as registry dependencies. This lets us healpackage-lock.jsonfiles produced by 6.0.0 (@iarna)
AUDIT AUDIT EVERYWHERE
You can't use it quite yet, but we do have a few last moment patches to npm audit to make it even better when it is turned on!
b2e4f48f5Make sure we hide stream errors on background audit submissions. Previously some classes of error could end up being displayed (harmlessly) during installs. (@iarna)1fe0c7feaInclude session and scope in requests (as we do in other requests to the registry). (@iarna)d04656461Exit with non-zero status when vulnerabilities are found. So you can havenpm auditas a test or prepublish step! (@iarna)fcdbcbaccVerify lockfile integrity before running. You'd get an error either way, but this way it's faster and can give you more concrete instructions on how to fix it. (@iarna)2ac8edd42Refuse to run in global mode. Audits require a lockfile and globals don't have one. Yet. (@iarna)
DOCUMENTATION IMPROVEMENTS
b7fca1084#20407 Update the lock-file spec doc to mention that we now generate the from field forgit-type dependencies. (@watilde)7a6555e61#20408 Describe what the colors in outdated mean. (@teameh)
详情请查看发布主页:https://github.com/npm/npm/releases/tag/v6.0.1-next.0