npm v6.0.1-next.0 已发布,虽然这是一个预发行版,但依然公布了不少重要的改动,具体如下:
b267bbbb9
npm/lockfile#29 lockfile@1.0.4
: Switches to?signal-exit
?to detect abnormal exits and remove locks. (@Redsandro)If a published modules had legacy?npm-shrinkwrap.json
?we were saving ordinary registry dependencies (name@version
) to your?package-lock.json
?as?https://
?URLs instead of versions.
89102c0d9
?When saving the lock-file compute how the dependency is being required instead of using?_resolved
?in the?package.json
. This fixes the bug that was converting registry dependencies into?https://
?dependencies. (@iarna)676f1239a
?When encountering a?https://
?URL in our lockfiles that point at our default registry, extract the version and use them as registry dependencies. This lets us heal?package-lock.json
?files produced by 6.0.0 (@iarna)You can't use it?quite?yet, but we do have a few last moment patches to?npm audit
?to make it even better when it is turned on!
b2e4f48f5
?Make sure we hide stream errors on background audit submissions. Previously some classes of error could end up being displayed (harmlessly) during installs. (@iarna)1fe0c7fea
?Include session and scope in requests (as we do in other requests to the registry). (@iarna)d04656461
?Exit with non-zero status when vulnerabilities are found. So you can have?npm audit
?as a test or prepublish step! (@iarna)fcdbcbacc
?Verify lockfile integrity before running. You'd get an error either way, but this way it's faster and can give you more concrete instructions on how to fix it. (@iarna)2ac8edd42
?Refuse to run in global mode. Audits require a lockfile and globals don't have one. Yet. (@iarna)b7fca1084
#20407?Update the lock-file spec doc to mention that we now generate the from field for?git
-type dependencies. (@watilde)7a6555e61
#20408?Describe what the colors in outdated mean. (@teameh)详情请查看发布主页:https://github.com/npm/npm/releases/tag/v6.0.1-next.0
领取专属 10元无门槛券
私享最新 技术干货