Release: npm@6.4.0

release

(Kat Marchán) #1

A new version has been released!

You can install it with npm i -g npm@latest or try it out with $ npx npm@latest ...!

As per our process, the prerelease cycle for 6.4.0 is now over and npm@6.4.0 is the latest and greatest in npm technology. :sunglasses:

latest: 6.4.0
next: 6.4.0

NEW FEATURES

  • 6e9f04b0b npm/cli#8 Search for authentication token defined by environment variables by preventing the translation layer from env variable to npm option from breaking :_authToken. (@mkhl)
  • 84bfd23e7 npm/cli#35 Stop filtering out non-IPv4 addresses from local-addrs, making npm actually use IPv6 addresses when it must. (@valentin2105)
  • 792c8c709 npm/cli#31 configurable audit level for non-zero exit npm audit currently exits with exit code 1 if any vulnerabilities are found of any level. Add a flag of --audit-level to npm audit to allow it to pass if only vulnerabilities below a certain level are found. Example: npm audit --audit-level=high will exit with 0 if only low or moderate level vulns are detected. (@lennym)

BUGFIXES

DEPENDENCY UPDATES

A very special dependency update event! Since the release of node-gyp@3.8.0, an awkward version conflict that was preventing request from begin flattened was resolved. This means two things:

  1. We’ve cut down the npm tarball size by another 200kb, to 4.6MB
  2. npm audit now shows no vulnerabilities for npm itself!

Thanks, @rvagg!

DOCUMENTATION


(Kat Marchán) #2