v2.7.6
GIT MEAN, GIT TUFF, GIT ALL THE WAY AWAY FROM MY STUFF
Part of the reason that we're reluctant to take patches to how npm deals with git dependencies is that every time we touch the git support, something breaks. The last few releases are a case in point. [email protected]
completely broke installing private modules from GitHub, and [email protected]
fixed them at the cost of logging a misleading error message that caused many people to believe that their dependencies hadn't been successfully installed when they actually had been.
This all started from a desire to ensure that GitHub shortcut syntax is being handled correctly. The correct behavior is for npm to try to clone all dependencies on GitHub (whether they're specified with the GitHub organization/repository
shortcut syntax or not) via the plain git:
protocol first, and to fall back to using git+ssh:
if git:
doesn't work. Previously, sometimes npm would use git:
and git+ssh:
in some cases (most notably when using GitHub shortcut syntax on the command line), and use git+https:
in others (when the GitHub shortcut syntax was present in package.json
). This led to subtle and hard-to-understand inconsistencies, and we're glad that as of [email protected]
, we've finally gotten things to where they were before we started, only slightly more consistent overall.
We are now going to go back to our policy of being extremely reluctant to touch the code that handles Git dependencies.
b747593
#7630 Don't automatically log all
git failures as errors.maybeGithub
needs to be able to fail without
logging to support its fallback logic.
(@othiym23)cd67a0d
#7829 When fetching a git remote
URL, handle failures gracefully (without assuming standard output exists).
(@othiym23)637c7d1
#7829 When fetching a git remote
URL, handle failures gracefully (without assuming standard error exists).
(@othiym23)
OTHER SIGNIFICANT FIXES
78005eb
#7743 Always quote arguments passed
tonpm run-script
. This allows build systems and the like to safely escape
glob patterns passed as arguments torun-scripts
with `npm run-script <script> -- `. This is a tricky change to test, and may be reverted or moved to `npm@3` if it turns out it breaks things for users. ([@mantoni](https://github.com/mantoni))da015ee
#7074[email protected]
:
read-package-json
no longer cachespackage.json
files, which trades a
very small performance loss for the elimination of a large class of really
annoying race conditions. See #7074
for the grisly details. (@othiym23)dd20f57
[email protected]
: Only add the@
to scoped package names if it's
not already there when reading from the filesystem
(@watilde), and support inline validation of
package names (@michaelnisi).
SMALL FIXES AND DEPENDENCY UPGRADES
1f380f6
#7820[email protected]
: Use
readable-stream
instead of built-instream
module to better support
Node.js 0.8.x. (@SonicHedgehog)d380188
[email protected]
: Don't throw onsemver.parse(null)
, and parse numeric
version strings more robustly. (@isaacs)01d9964
[email protected]
: This change may need to be rolled back, or rolled forward,
because nock depends on
setImmediate
, which causes tests
to fail when run with Node.js 0.8. (@othiym23)91f5cb1
#7791 Fix brackets in npmconf so
thatloaded
is set correctly.
(@charmander)1349e27
#7818 UpdateREADME.md
to point
out that the install script now lives on https://www.npmjs.com.
(@weisjohn)