tra-analysis/website/node_modules/npm/changelogs/CHANGELOG-1.md

v1.4.29 (2015-10-29):

THINGS ARE HAPPENING IN LTS LAND

In a special one-off release as part of the strategy to get a version of npm into Node LTS that works with the current registry, modify npm to print out this deprecation banner literally every time npm is invoked to do anything:

npm WARN deprecated This version of npm lacks support for important features,
npm WARN deprecated such as scoped packages, offered by the primary npm
npm WARN deprecated registry. Consider upgrading to at least npm@2, if not the
npm WARN deprecated latest stable version. To upgrade to npm@2, run:
npm WARN deprecated
npm WARN deprecated   npm -g install npm@latest-2
npm WARN deprecated
npm WARN deprecated To upgrade to the latest stable version, run:
npm WARN deprecated
npm WARN deprecated   npm -g install npm@latest
npm WARN deprecated
npm WARN deprecated (Depending on how Node.js was installed on your system, you
npm WARN deprecated may need to prefix the preceding commands with `sudo`, or if
npm WARN deprecated on Windows, run them from an Administrator prompt.)
npm WARN deprecated
npm WARN deprecated If you're running the version of npm bundled with
npm WARN deprecated Node.js 0.10 LTS, be aware that the next version of 0.10 LTS
npm WARN deprecated will be bundled with a version of npm@2, which has some small
npm WARN deprecated backwards-incompatible changes made to `npm run-script` and
npm WARN deprecated semver behavior.

The message basically tells the tale: Node 0.10 will finally be getting npm@2, so those of you who haven't upgraded your build systems to deal with its (relatively small) breaking changes should do so now.

Also, this version doesn't even pretend that it can deal with scoped packages, which, given the confusing behavior of older versions of npm@1.4, where it would sometimes try to install packages from GitHub, is a distinct improvement.

There is no good reason for you as an end user to upgrade to this version of npm yourself.

• 709e9b4 Print 20-line deprecation banner on all command invocations. (@othiym23)
• 0c29d09 Crash out immediately with an exhortation to upgrade on attempts to use scoped packages. (@othiym23)

v1.5.0-alpha-4 (2014-07-18):

• fall back to _auth config as default auth when using default registry (@isaacs)
• support for 'init.version' for those who don't want to deal with semver 0.0.x oddities (@rvagg)
• be06213 remove residual support for win log level (@aterris)

v1.5.0-alpha-3 (2014-07-17):

• a3a85dd --save scoped packages correctly (@othiym23)
• 18a3385 npm-registry-client@3.0.2 (@othiym23)
• 375988b invalid package names are an early error for optional deps (@othiym23)
• consistently use node-package-arg instead of arbitrary package spec splitting (@othiym23)

v1.5.0-alpha-2 (2014-07-01):

• 54cf625 fix handling for 301s in npm-registry-client@3.0.1 (@Raynos)
• e410861 don't crash if no username set on whoami (@isaacs)
• 0353dde respect --json for output (@isaacs)
• b3d112a outdated: Don't show headings if there's nothing to output (@isaacs)
• bb4b90c outdated: Default to latest rather than * for unspecified deps (@isaacs)

v1.5.0-alpha-1 (2014-07-01):

• eef4884 use the correct piece of the spec for GitHub shortcuts (@othiym23)

v1.5.0-alpha-0 (2014-07-01):

• 7f55057 install scoped packages (#5239) (@othiym23)
• 0df7e16 publish scoped packages (#5239) (@othiym23)
• 0689ba2 support (and save) --scope=@s config (@othiym23)
• f34878f scope credentials to registry (@othiym23)
• 0ac7ca2 capture and store bearer tokens when sent by registry (@othiym23)
• 63c3277 only delete files that are created by npm (@othiym23)
• 4f54043 npm-package-arg@2.0.0 (@othiym23)
• 9e1460e read-package-json@1.2.3 (@othiym23)
• 719d8ad fs-vacuum@1.2.1 (@othiym23)
• 9ef8fe4 async-some@1.0.0 (@othiym23)
• a964f65 npmconf@2.0.1 (@othiym23)
• 113765b npm-registry-client@3.0.0 (@othiym23)

v1.4.28 (2014-09-12):

• f4540b6 #6043 defer rollbacks until just before the CLI exits (@isaacs)
• 1eabfd5 #6043 slide@1.1.6: wait until all callbacks have finished before proceeding (@othiym23)

v1.4.27 (2014-09-04):

• 4cf3c8f #6007 request@2.42.0: properly set headers on proxy requests (@isaacs)
• 403cb52 #6055 npmconf@1.1.8: restore case-insensitivity of environmental config (@iarna)

v1.4.26 (2014-08-28):

• eceea95 github-url-from-git@1.4.0: add support for git+https and git+ssh (@stefanbuck)
• e561758 columnify@1.2.1 (@othiym23)
• 0c4fab3 cmd-shim@2.0.0: upgrade to graceful-fs 3 (@ForbesLindesay)
• 2d69e4d github-url-from-username-repo@1.0.0: accept slashes in branch names (@robertkowalski)
• 81f9b2b ensure lifecycle spawn errors caught properly (@isaacs)
• bfaab8c npm-registry-client@2.0.7: properly encode % in passwords (@isaacs)
• 91cfb58 doc: Fix 'npm help index' (@isaacs)

v1.4.25 (2014-08-21):

• 64c0ec2 npm-registry-client@2.0.6: Print the notification header returned by the registry, and make sure status codes are printed without gratuitous quotes around them. (@othiym23)
• a8ed12b tar@1.0.1: Add test for removing an extract target immediately after unpacking. (@isaacs)
• 70fd11d lockfile@1.0.0: Fix incorrect interaction between wait, stale, and retries options. Part 2 of race condition leading to ENOENT errors. (@isaacs)
• 0072c4d fstream@1.0.2: Fix a double-finish call which can result in excess FS operations after the close event. Part 2 of race condition leading to ENOENT errors. (@isaacs)

v1.4.24 (2014-08-14):

• 9344bd9 doc: add new changelog (@othiym23)
• 4be76fd doc: update version doc to include pre-* increment args (@isaacs)
• e4f2620 build: add make tag to tag current release as latest (@isaacs)
• ec2596a build: publish with --tag=v1.4-next (@isaacs)
• 9ee55f8 build: add script to output v1.4-next publish tag (@isaacs)
• aecb56f build: remove outdated docpublish make target (@isaacs)
• b57a9b7 build: remove unpublish step from make publish (@isaacs)
• 2c6acb9 install: rename .gitignore when unpacking foreign tarballs (@isaacs)
• 22f3681 cache: detect non-gzipped tar files more reliably (@isaacs)

v1.4.23 (2014-07-31):

• 8dd11d1 update several dependencies to avoid using semvers starting with 0.

v1.4.22 (2014-07-31):

• d9a9e84 read-package-json@1.2.4 (@isaacs)
• 86f0340 github-url-from-git@1.2.0 (@isaacs)
• a94136a fstream@0.1.29 (@isaacs)
• bb82d18 glob@4.0.5 (@isaacs)
• 5b6bcf4 cmd-shim@1.1.2 (@isaacs)
• c2aa8b3 license: Cleaned up legalese with actual lawyer (@isaacs)
• 63fe0ee init-package-json@1.0.0 (@isaacs)

v1.4.21 (2014-07-14):

• 88f51aa fix handling for 301s in npm-registry-client@2.0.3 (@Raynos)

v1.4.20 (2014-07-02):

• 0353dde respect --json for output (@isaacs)
• b3d112a outdated: Don't show headings if there's nothing to output (@isaacs)
• bb4b90c outdated: Default to latest rather than * for unspecified deps (@isaacs)

v1.4.19 (2014-07-01):

• f687433 relative URLS for working non-root registry URLS (@othiym23)
• bea190c #5591 bump nopt and npmconf (@isaacs)

v1.4.18 (2014-06-29):

• Bump glob dependency from 4.0.2 to 4.0.3. It now uses graceful-fs when available, increasing resilience to various filesystem errors. (@isaacs)

v1.4.17 (2014-06-27):

• replace escape codes with ansicolors (@othiym23)
• Allow to build all the docs OOTB. (@GeJ)
• Use core.longpaths on win32 git - fixes #5525 (@bmeck)
• npmconf@1.1.2 (@isaacs)
• Consolidate color sniffing in config/log loading process (@isaacs)
• add verbose log when project config file is ignored (@isaacs)
• npmconf: Float patch to remove 'scope' from config defs (@isaacs)
• doc: npm-explore can't handle a version (@robertkowalski)
• Add user-friendly errors for ENOSPC and EROFS. (@voodootikigod)
• bump tar and fstream deps (@isaacs)
• Run the npm-registry-couchapp tests along with npm tests (@isaacs)

v1.2.8000 (2014-06-17):

• Same as v1.4.16, but with the spinner disabled, and a version number that starts with v1.2.

v1.4.16 (2014-06-17):

• npm-registry-client@2.0.2 (@isaacs)
• fstream@0.1.27 (@isaacs)
• sha@1.2.4 (@isaacs)
• rimraf@2.2.8 (@isaacs)
• npmlog@1.0.1 (@isaacs)
• npm-registry-client@2.0.1 (@isaacs)
• removed redundant dependency (@othiym23)
• npmconf@1.0.5 (@isaacs)
• Properly handle errors that can occur in the config-loading process (@isaacs)

v1.4.15 (2014-06-10):

• cache: atomic de-race-ified package.json writing (@isaacs)
• fstream@0.1.26 (@isaacs)
• graceful-fs@3.0.2 (@isaacs)
• osenv@0.1.0 (@isaacs)
• Only spin the spinner when we're fetching stuff (@isaacs)
• Update osenv@0.1.0 which removes ~/tmp as possible tmp-folder (@robertkowalski)
• ini@1.2.1 (@isaacs)
• graceful-fs@3 (@isaacs)
• Update glob and things depending on glob (@isaacs)
• github-url-from-username-repo and read-package-json updates (@isaacs)
• editor@0.1.0 (@isaacs)
• columnify@1.1.0 (@isaacs)
• bump ansi and associated deps (@isaacs)

v1.4.14 (2014-06-05):

• char-spinner: update to not bork windows (@isaacs)

v1.4.13 (2014-05-23):

• Fix npm install on a tarball. (ed3abf1, #5330, @othiym23)
• Fix an issue with the spinner on Node 0.8. (9f00306, @isaacs)
• Re-add npm.commands.cache.clean and npm.commands.cache.read APIs, and document npm.commands.cache.* as npm-cache(3). (e06799e, @isaacs)

v1.4.12 (2014-05-23):

• remove normalize-package-data from top level, de-^-ify inflight dep (@isaacs)
• Always sort saved bundleDependencies (@isaacs)
• add inflight to bundledDependencies (@othiym23)

v1.4.11 (2014-05-22):

• fix npm ls labeling issue
• node-gyp@0.13.1
• default repository to https:// instead of git://
• addLocalTarball: Remove extraneous unpack (@isaacs)
• Massive cache folder refactor (@othiym23 and @isaacs)
• Busy Spinner, no http noise (@isaacs)
• Per-project .npmrc file support (@isaacs)
• npmconf@1.0.0, Refactor config/uid/prefix loading process (@isaacs)
• Allow once-disallowed characters in passwords (@isaacs)
• Send npm version as 'version' header (@isaacs)
• fix cygwin encoding issue (Karsten Tinnefeld)
• Allow non-github repositories with npm repo (@evanlucas)
• Allow peer deps to be satisfied by grandparent
• Stop optional deps moving into deps on update --save (@timoxley)
• Ensure only matching deps update with update --save* (@timoxley)
• Add support for prerelease, preminor, prepatch to npm version

v1.4.10 (2014-05-05):

• Don't set referer if already set
• fetch: Send referer and npm-session headers
• run-script: Support --parseable and --json
• list runnable scripts (@evanlucas)
• Use marked instead of ronn for html docs

v1.4.9 (2014-05-01):

• Send referer header (with any potentially private stuff redacted)
• Fix critical typo bug in previous npm release

v1.4.8 (2014-05-01):

• Check SHA before using files from cache
• adduser: allow change of the saved password
• Make npm install respect config.unicode
• Fix lifecycle to pass Infinity for config env value
• Don't return 0 exit code on invalid command
• cache: Handle 404s and other HTTP errors as errors
• Resolve ~ in path configs to env.HOME
• Include npm version in default user-agent conf
• npm init: Use ISC as default license, use save-prefix for deps
• Many test and doc fixes

v1.4.7 (2014-04-15):

• Add --save-prefix option that can be used to override the default of ^ when using npm install --save and its counterparts. (64eefdf, @thlorenz)
• Allow --silent to silence the echoing of commands that occurs with npm run. (c95cf08, @Raynos)
• Some speed improvements to the cache, which should improve install times. (cb94310, 3b0870f, 120f5a9, @isaacs)
• Improve ability to retry registry requests when a subset of the registry servers are down. (4a5257d, 7686d02cb0, @isaacs)
• Fix marking of peer dependencies as extraneous. (779b164, 6680ba6ef2, @isaacs)
• Fix npm crashing when doing npm shrinkwrap in the presence of a package.json with no dependencies. (a9d9fa5, @kislyuk)
• Fix error when using npm view on packages that have no versions or have been unpublished. (94df2f5, @juliangruber; 2241a09, @isaacs)

v1.4.6 (2014-03-19):

• Fix extraneous package detection to work in more cases. (f671286, npm/read-installed#20, @LaurentVB)

v1.4.5 (2014-03-18):

• Sort dependencies in package.json when doing npm install --save and all its variants. (6fd6ff7, @domenic)
• Add --save-exact option, usable alongside --save and its variants, which will write the exact version number into package.json instead of the appropriate semver-compatibility range. (17f07df, @timoxley)
• Accept gzipped content from the registry to speed up downloads and save bandwidth. (a3762de, npm/npm-registry-client#40, @fengmk2)
• Fix npm ls's --depth and --log options. (1d29b17, npm/read-installed#13, @zertosh)
• Fix "Adding a cache directory to the cache will make the world implode" in certain cases. (9a4b2c4, domenic/path-is-inside#1, @pmarques)
• Fix readmes not being uploaded in certain rare cases. (527b72c, @isaacs)

v1.4.4 (2014-02-20):

• Add npm t as an alias for npm test (which is itself an alias for npm run test, or even npm run-script test). We like making running your tests easy. (14e650b, @isaacs)

v1.4.3 (2014-02-16):

• Add back npm prune --production, which was removed in 1.3.24. (acc4d02, @davglass)
• Default npm install --save and its counterparts to use the ^ version specifier, instead of ~. (0a3151c, @mikolalysenko)
• Make npm shrinkwrap output dependencies in a sorted order, so that diffs between shrinkwrap files should be saner now. (059b2bf, @Raynos)
• Fix npm dedupe not correctly respecting dependency constraints. (86028e9, @rafeca)
• Fix npm ls giving spurious warnings when you used "latest" as a version specifier. (d2956400e0, @bajtos)
• Fixed a bug where using npm link on packages without a name value could cause npm to delete itself. (401a642, @isaacs)
• Fixed npm install ./pkg@1.2.3 to actually install the directory at pkg@1.2.3; before it would try to find version 1.2.3 of the package ./pkg in the npm registry. (46d8768, @rlidwka; see also f851b79)
• Fix npm outdated to respect the color configuration option. (d4f6f3f, @timoxley)
• Fix npm outdated --parseable. (9575a23, @yhpark)
• Fix a lockfile-related errors when using certain Git URLs. (164b97e, @nigelzor)

v1.4.2 (2014-02-13):

• Fixed an issue related to mid-publish GET requests made against the registry. (acbec48372, @isaacs)

v1.4.1 (2014-02-13):

• Fix npm shrinkwrap forgetting to shrinkwrap dependencies that were also development dependencies. (9c575c5, @diwu1989)
• Fixed publishing of pre-existing packages with uppercase characters in their name. (9345d3b6c3, @isaacs)

v1.4.0 (2014-02-12):

• Remove npm publish --force. See https://github.com/npm/npmjs.org/issues/148. (@isaacs, npm/npm-registry-client@2c8dba990d)
• Other changes to the registry client related to saved configs and couch logins. (@isaacs; npm/npm-registry-client@25e2b019a1, npm/npm-registry-client@9e41e9101b, npm/npm-registry-client@2c8dba990d)
• Show an error to the user when doing npm update and the package.json specifies a version that does not exist. (@evanlucas, 027a33a)
• Fix some issues with cache ownership in certain installation configurations. (@outcoldman, a132690)
• Fix issues where GitHub shorthand dependencies user/repo were not always treated the same as full Git URLs. (@robertkowalski, 005d0b637a)

v1.3.26 (2014-02-02):

• Fixes and updates to publishing code (735427a and c0ac832, @isaacs)
• Fix npm bugs with no arguments. (b99d465, @Hoops)

v1.3.25 (2014-01-25):

• Remove gubblebum blocky font from documentation headers. (6940c9a, @isaacs)

v1.3.24 (2014-01-19):

• Make the search output prettier, with nice truncated columns, and a --long option to create wrapping columns. (20439b2 and 3a6942d, @timoxley)
• Support multiple packagenames in npm docs. (823010b, @timoxley)
• Fix the npm adduser bug regarding "Error: default value must be string or number" again. (b9b4248, @isaacs)
• Fix scripts entries containing whitespaces on Windows. (80282ed, @robertkowalski)
• Fix npm update for Git URLs that have credentials in them (93fc364, @danielsantiago)
• Fix npm install overwriting npm link-ed dependencies when they are tagged Git dependencies. (af9bbd9, @evanlucas)
• Remove npm prune --production since it buggily removed some dependencies that were necessary for production; see #4509. Hopefully it can make its triumphant return, one day. (1101b6a, @isaacs)

Dependency updates:

• 909cccf read-package-json@1.1.6
• a3891b6 rimraf@2.2.6
• ac6efbc sha@1.2.3
• dd30038 node-gyp@0.12.2
• c8c3ebe npm-registry-client@0.3.3
• 4315286 npmconf@0.1.12

v1.3.23 (2014-01-03):

• Properly handle installations that contained a certain class of circular dependencies. (5dc93e8, @substack)

v1.3.22 (2013-12-25):

• Fix a critical bug in npm adduser that would manifest in the error message "Error: default value must be string or number." (fba4bd2, @isaacs)
• Allow npm bugs in the current directory to open the current package's bugs URL. (d04cf64, @evanlucas)
• Several fixes to various error messages to include more useful or updated information. (1e6f2a7, ff46366, 8b4bb48; @rlidwka, @evanlucas)

v1.3.21 (2013-12-17):

• Fix a critical bug that prevented publishing due to incorrect hash calculation. (4ca4a2c, @dominictarr)

v1.3.20 (2013-12-17):

• Fixes a critical bug in v1.3.19. Thankfully, due to that bug, no one could install npm v1.3.19 :)

v1.3.19 (2013-12-16):

• Adds atomic PUTs for publishing packages, which should result in far fewer requests and less room for replication errors on the server-side.

v1.3.18 (2013-12-16):

• Added an --ignore-scripts option, which will prevent package.json scripts from being run. Most notably, this will work on npm install, so e.g. npm install --ignore-scripts will not run preinstall and prepublish scripts. (d7e67bf, @sqs)
• Fixed a bug introduced in 1.3.16 that would manifest with certain cache configurations, by causing spurious errors saying "Adding a cache directory to the cache will make the world implode." (966373f, @domenic)
• Re-fixed the multiple download of URL dependencies, whose fix was reverted in 1.3.17. (a362c3f, @spmason)

v1.3.17 (2013-12-11):

• This release reverts 644c2ff, which avoided re-downloading URL and shinkwrap dependencies when doing npm install. You can see the in-depth reasoning in d8c907e; the problem was, that the patch changed the behavior of npm install -f to reinstall all dependencies.
• A new version of the no-re-downloading fix has been submitted as #4303 and will hopefully be included in the next release.

v1.3.16 (2013-12-11):

• Git URL dependencies are now updated on npm install, fixing a two-year old bug (5829ecf, @robertkowalski). Additional progress on reducing the resulting Git-related I/O is tracked as #4191, but for now, this will be a big improvement.
• Added a --json mode to npm outdated to give a parseable output. (0b6c9b7, @yyx990803)
• Made npm outdated much prettier and more useful. It now outputs a color-coded and easy-to-read table. (fd3017f, @quimcalpe)
• Added the --depth option to npm outdated, so that e.g. you can do npm outdated --depth=0 to show only top-level outdated dependencies. (1d184ef, @yyx990803)
• Added a --no-git-tag-version option to npm version, for doing the usual job of npm version minus the Git tagging. This could be useful if you need to increase the version in other related files before actually adding the tag. (59ca984, @evanlucas)
• Made npm repo and npm docs work without any arguments, adding them to the list of npm commands that work on the package in the current directory when invoked without arguments. (bf9048e, @robertkowalski; 07600d0, @wilmoore). There are a few other commands we still want to implement this for; see #4204.
• Pass through the GIT_SSL_NO_VERIFY environment variable to Git, if it is set; we currently do this with a few other environment variables, but we missed that one. (c625de9, @arikon)
• Fixed npm dedupe on Windows due to incorrect path separators being used (7677de4, @mcolyer).
• Fixed the npm help command when multiple words were searched for; it previously gave a ReferenceError. (6a28dd1, @dereckson)
• Stopped re-downloading URL and shrinkwrap dependencies, as demonstrated in #3463 (644c2ff, @spmason). You can use the --force option to force re-download and installation of all dependencies.