Skip to content
This repository has been archived by the owner on Aug 11, 2022. It is now read-only.

v2.7.6

Compare
Choose a tag to compare
@othiym23 othiym23 released this 03 Apr 08:30
· 2839 commits to latest since this release

GIT MEAN, GIT TUFF, GIT ALL THE WAY AWAY FROM MY STUFF

Part of the reason that we're reluctant to take patches to how npm deals with git dependencies is that every time we touch the git support, something breaks. The last few releases are a case in point. [email protected] completely broke installing private modules from GitHub, and [email protected] fixed them at the cost of logging a misleading error message that caused many people to believe that their dependencies hadn't been successfully installed when they actually had been.

This all started from a desire to ensure that GitHub shortcut syntax is being handled correctly. The correct behavior is for npm to try to clone all dependencies on GitHub (whether they're specified with the GitHub organization/repository shortcut syntax or not) via the plain git: protocol first, and to fall back to using git+ssh: if git: doesn't work. Previously, sometimes npm would use git: and git+ssh: in some cases (most notably when using GitHub shortcut syntax on the command line), and use git+https: in others (when the GitHub shortcut syntax was present in package.json). This led to subtle and hard-to-understand inconsistencies, and we're glad that as of [email protected], we've finally gotten things to where they were before we started, only slightly more consistent overall.

We are now going to go back to our policy of being extremely reluctant to touch the code that handles Git dependencies.

  • b747593
    #7630 Don't automatically log all
    git failures as errors. maybeGithub needs to be able to fail without
    logging to support its fallback logic.
    (@othiym23)
  • cd67a0d
    #7829 When fetching a git remote
    URL, handle failures gracefully (without assuming standard output exists).
    (@othiym23)
  • 637c7d1
    #7829 When fetching a git remote
    URL, handle failures gracefully (without assuming standard error exists).
    (@othiym23)

OTHER SIGNIFICANT FIXES

  • 78005eb
    #7743 Always quote arguments passed
    to npm run-script. This allows build systems and the like to safely escape
    glob patterns passed as arguments to run-scripts with `npm run-script <script> -- `. This is a tricky change to test, and may be reverted or moved to `npm@3` if it turns out it breaks things for users. ([@mantoni](https://github.com/mantoni))
  • da015ee
    #7074 [email protected]:
    read-package-json no longer caches package.json files, which trades a
    very small performance loss for the elimination of a large class of really
    annoying race conditions. See #7074
    for the grisly details. (@othiym23)
  • dd20f57
    [email protected]: Only add the @ to scoped package names if it's
    not already there when reading from the filesystem
    (@watilde), and support inline validation of
    package names (@michaelnisi).

SMALL FIXES AND DEPENDENCY UPGRADES