Presenting v7.0.0 of the npm CLI
We’re releasing v7.0.0 of the npm CLI, which includes exciting new features such as Workspaces, automatically installed peer deps, and more!
It’s hard to believe that just over 11 years ago the JavaScript community didn’t have npm. Fast forward to today, and npm now has millions of developers and over 1.3M packages with 75B downloads a month.
We first introduced npm v7 back in May. Today, we are excited to announce the release of npm v7.0.0, which will be shipping with Node.js 15.0.0 next week. If you would like to try it out now, you can install today by running npm i -g npm@7
in your terminal.
Exciting new features
npm 7 comes with some long-awaited and requested features including:
- Workspaces: a set of features to the npm CLI that provide support to managing multiple packages from within a singular top-level, root package
- Automatically installing peer dependencies: prior to npm 7 developers needed to manage and install their own peer dependencies. The new peer dependency algorithm ensures that a validly matching peer dependency is found at or above the peer-dependent’s location in the node_modules tree.
- package-lock v2 and support for yarn.lock: Our new package-lock format will unlock the ability to do deterministically reproducible builds and includes everything npm will need to fully build the package tree. Prior to npm 7 yarn.lock files were ignored, the npm cli can now use yarn.lock as source of package metadata and resolution guidance.
What’s old is new again
The internals of npm have been significantly refactored. There has been a large effort on separating concerns. For example, the inspection and management of the node_modules tree has been moved to the module Arborist. You can read about Arborist in this post on the npmjs blog.
These internal changes will ensure that the npm code base is more reliable over time and easier to maintain. With fewer bugs and a faster iteration cycle we will be able to deliver updates to npm faster than ever before.
We’ve been smoke-testing npm 7.0.0 using the Node.js smoke testing suite CITGM and are happy to report that despite massive internal changes, there are no new modules failing with npm 7 vs npm 6 when run against 120+ highly relied upon modules!
Breaking changes
Despite the massive overhaul to the internals of npm, the team has worked tirelessly to ensure that there will be minimal disruptions to most workflows. That said, some breaking changes are necessary to improve the overall developer experience. Breaking changes in npm 7.0.0 include:
- Automatically installing peer dependencies (while this feature is something we think is desirable new behavior, it does potentially break certain workflows).
- npm uses the
package.exports
field making it no longer possible torequire()
npm’s internal modules. npx
has been completely rewritten to use thenpm exec
command. There are various changes in functionality, most noticeable being a prompt if the module you are trying to run is not yet installed.- The output of
npm audit
has significantly changed both in the human-readable and--json
output styles.
To learn more about the breaking changes in npm 7.0.0 please check out our in-depth post on the npmjs.com blog.
What’s next
We know npm 7 is a big change, and we want to take extra care to not break the millions of workflows that use npm, especially in production. For this reason, we are going to take a page from Node.js and roll this release out over time.
npm 7.0.0. will not be marked as latest
; your workflows will not get npm v7.0.0 by default unless you opt in by running npm install -g npm@7
or install Node.js 15.
While we are confident that this release is ready to use daily, we want more real world use to get your feedback and bug reports. When we are sure that npm 7 has met the bar to be included in a Node.js LTS release, we will be publishing the release line as latest
.
We will also continue to improve the npm CLI with new features including improvements to workspaces and package overrides. If you have ideas for features for the npm CLI please check out our RFC repo and open an issue!
Tags:
Written by
Related posts
GitHub and JFrog partner to unify code and binaries for DevSecOps
This partnership between GitHub and JFrog enables developers to manage code and binaries more efficiently on two of the most widely used developer platforms in the world.
2024 GitHub Accelerator: Meet the 11 projects shaping open source AI
Announcing the second cohort, delivering value to projects, and driving a new frontier.
Introducing GitHub Copilot Extensions: Unlocking unlimited possibilities with our ecosystem of partners
The world of Copilot is getting bigger, improving the developer experience by keeping developers in the flow longer and allowing them to do more in natural language.