皇上,还记得我吗?我就是1999年那个Linux伊甸园啊-----24小时滚动更新开源资讯,全年无休!

包管理工具 npm v6.0.1-next.0 发布,包含重大改进

2018-05-06 分类:软件更新资讯 评论(0)
包管理工具 npm v6.0.1-next.0 发布,包含重大改进

npm v6.0.1-next.0 已发布,虽然这是一个预发行版,但依然公布了不少重要的改动,具体如下:

CTRL-C OUT DURING PACKAGE EXTRACTION AS MUCH AS YOU WANT!

SHRONKWRAPS AND LACKFILES

If a published modules had legacy npm-shrinkwrap.json we were saving ordinary registry dependencies (name@version) to your package-lock.json as https:// URLs instead of versions.

  • 89102c0d9 When saving the lock-file compute how the dependency is being required instead of using _resolved in the package.json. This fixes the bug that was converting registry dependencies into https:// dependencies. (@iarna)
  • 676f1239a When encountering a https:// URL in our lockfiles that point at our default registry, extract the version and use them as registry dependencies. This lets us heal package-lock.json files produced by 6.0.0 (@iarna)

AUDIT AUDIT EVERYWHERE

You can’t use it quite yet, but we do have a few last moment patches to npm audit to make it even better when it is turned on!

  • b2e4f48f5 Make sure we hide stream errors on background audit submissions. Previously some classes of error could end up being displayed (harmlessly) during installs. (@iarna)
  • 1fe0c7fea Include session and scope in requests (as we do in other requests to the registry). (@iarna)
  • d04656461 Exit with non-zero status when vulnerabilities are found. So you can have npm audit as a test or prepublish step! (@iarna)
  • fcdbcbacc Verify lockfile integrity before running. You’d get an error either way, but this way it’s faster and can give you more concrete instructions on how to fix it. (@iarna)
  • 2ac8edd42 Refuse to run in global mode. Audits require a lockfile and globals don’t have one. Yet. (@iarna)

DOCUMENTATION IMPROVEMENTS

详情请查看发布主页:https://github.com/npm/npm/releases/tag/v6.0.1-next.0

转自 https://www.oschina.net/news/95796/npm-6-0-1-next0-released

相关推荐