statusboard icon indicating copy to clipboard operation
statusboard copied to clipboard

Published 20 hours ago verified publisher icon npm

npm cli breaking changes

Open darcyclarke opened this issue 3 years ago • 10 comments

This is the issue where we file our future breaking changes for the npm cli.

Breaking Changes:

  1. [ ] Remove legacy lifecycle scripts support (ie. pre/post scripts)

darcyclarke avatar Apr 28 '22 17:04 darcyclarke

Copied from v10 initiative

v11 and beyond

These are still future looking breaking changes that we want to keep in consideration going forward

### Breaking Changes:
- [ ] stop reading process.env.NODE in config for nodeBin
- [ ] remove man pages
- [ ] Remove install scripts support
- [ ] Support for reading `stdin` across **all** commands (ie. https://github.com/npm/rfcs/blob/3d5b2130504139bdc8a3b599923aa07d2ff79c96/accepted/0000-dependency-selector-syntax.md#commands-could-read-from-stdin)
- [ ] Support Package Distributions by default
- [ ] Consider changing strict-ssl default based on environment variables https://github.com/npm/make-fetch-happen/pull/257
- [ ] https://github.com/npm/npm-packlist/pull/168
- [ ] Revert all of the hacks around "globstar" in packlist.  Just use node-glob's patterns.

Features (v10 or v11 or beyond):

- [ ] New `npm link` experience
- [ ] Add new "lifecycle events" API - differentiate between scripts & events - user/project & dependency defined usecases)
- [ ] First-class `import-maps` Support
- [ ] Warn/error on unecessary config items in publishConfig

wraithgar avatar Sep 06 '23 16:09 wraithgar

Let's figure out the "store the range i asked for" change for v11 too?

ljharb avatar Sep 06 '23 17:09 ljharb

I just lost an hour of my day to this "clever" helpful line. We should drop support for this.

https://github.com/npm/cli/blob/1114a12f2b4691d403d0863d4dca44f25580f57d/lib/cli-entry.js#L9-L12

  // if npm is called as "npmg" or "npm_g", then run in global mode.
  if (process.argv[1][process.argv[1].length - 1] === 'g') {
    process.argv.splice(1, 1, 'npm', '-g')
  }

$ node /Users/wraithgar/Development/npm/cli/branches/gar_semver-debug pkg set description='test'
npm ERR! code EPKGGLOBAL
npm ERR! There's no package.json file to manage on global mode

wraithgar avatar Mar 22 '24 17:03 wraithgar

  • [ ] Revert all of the hacks around "globstar" in packlist. Just use node-glob's patterns.

This is just a bug factory at this point.

wraithgar avatar May 13 '24 14:05 wraithgar

A few things I've found in the issue tracker lately that can't be fixed due to how they would likely break things:

  • [ ] Make --silent truly silent (eg dont set up any process listeners) and create a net-new way of hiding only logging output. (The opposite could also be done). Then go through and remove all npm.silent checks. https://github.com/npm/cli/issues/4877#issuecomment-2109184464
  • [ ] Make run-script banners a log event. They have been swapped to stderr for json mode, but I think they should always be on stderr. I think an open question would be if they should be called with output.error or as an actual log (maybe with a custom META prefix)? https://github.com/npm/cli/issues/3354#issuecomment-2108901091
  • [ ] Apply --ignore-scripts to the prepare script when packing and publishing https://github.com/npm/cli/issues/3707 https://github.com/npm/cli/issues/7211#issuecomment-2103635859
  • [ ] Make pack --json return an object like publish --json instead of an array
  • [ ] Dont unwrap any single item arrays in view --json
  • [ ] Set all json output on known top-level keys. I think those should be result and error to start (🚲 those names).

lukekarrys avatar May 14 '24 19:05 lukekarrys

https://github.com/npm/rfcs/pull/776

wraithgar avatar May 24 '24 16:05 wraithgar

We should remove the npm audit fallback to the old endpoint. I don't think it works with lockfile v3 anyways.

wraithgar avatar Jun 11 '24 17:06 wraithgar