Presenting v7.0.0 of the npm CLI
We’re releasing v7.0.0 of the npm CLI, which includes exciting new features such as Workspaces, automatically installed peer deps, and more!
It’s hard to believe that just over 11 years ago the JavaScript community didn’t have npm. Fast forward to today, and npm now has millions of developers and over 1.3M packages with 75B downloads a month.
We first introduced npm v7 back in May. Today, we are excited to announce the release of npm v7.0.0, which will be shipping with Node.js 15.0.0 next week. If you would like to try it out now, you can install today by running npm i -g npm@7
in your terminal.
Exciting new features
npm 7 comes with some long-awaited and requested features including:
- Workspaces: a set of features to the npm CLI that provide support to managing multiple packages from within a singular top-level, root package
- Automatically installing peer dependencies: prior to npm 7 developers needed to manage and install their own peer dependencies. The new peer dependency algorithm ensures that a validly matching peer dependency is found at or above the peer-dependent’s location in the node_modules tree.
- package-lock v2 and support for yarn.lock: Our new package-lock format will unlock the ability to do deterministically reproducible builds and includes everything npm will need to fully build the package tree. Prior to npm 7 yarn.lock files were ignored, the npm cli can now use yarn.lock as source of package metadata and resolution guidance.
What’s old is new again
The internals of npm have been significantly refactored. There has been a large effort on separating concerns. For example, the inspection and management of the node_modules tree has been moved to the module Arborist. You can read about Arborist in this post on the npmjs blog.
These internal changes will ensure that the npm code base is more reliable over time and easier to maintain. With fewer bugs and a faster iteration cycle we will be able to deliver updates to npm faster than ever before.
We’ve been smoke-testing npm 7.0.0 using the Node.js smoke testing suite CITGM and are happy to report that despite massive internal changes, there are no new modules failing with npm 7 vs npm 6 when run against 120+ highly relied upon modules!
Breaking changes
Despite the massive overhaul to the internals of npm, the team has worked tirelessly to ensure that there will be minimal disruptions to most workflows. That said, some breaking changes are necessary to improve the overall developer experience. Breaking changes in npm 7.0.0 include:
- Automatically installing peer dependencies (while this feature is something we think is desirable new behavior, it does potentially break certain workflows).
- npm uses the
package.exports
field making it no longer possible torequire()
npm’s internal modules. npx
has been completely rewritten to use thenpm exec
command. There are various changes in functionality, most noticeable being a prompt if the module you are trying to run is not yet installed.- The output of
npm audit
has significantly changed both in the human-readable and--json
output styles.
To learn more about the breaking changes in npm 7.0.0 please check out our in-depth post on the npmjs.com blog.
What’s next
We know npm 7 is a big change, and we want to take extra care to not break the millions of workflows that use npm, especially in production. For this reason, we are going to take a page from Node.js and roll this release out over time.
npm 7.0.0. will not be marked as latest
; your workflows will not get npm v7.0.0 by default unless you opt in by running npm install -g npm@7
or install Node.js 15.
While we are confident that this release is ready to use daily, we want more real world use to get your feedback and bug reports. When we are sure that npm 7 has met the bar to be included in a Node.js LTS release, we will be publishing the release line as latest
.
We will also continue to improve the npm CLI with new features including improvements to workspaces and package overrides. If you have ideas for features for the npm CLI please check out our RFC repo and open an issue!
Tags:
Written by
Related posts
Code referencing now generally available in GitHub Copilot and with Microsoft Azure AI
Announcing the general availability of code referencing in GitHub Copilot and Microsoft Azure AI, allowing developers to permit code suggestions containing public code matches while receiving detailed information about the match.
The nuances and challenges of moderating a code collaboration platform
Sharing the latest data update to our Transparency Center alongside a new research article on what makes moderating a code collaboration platform unique.
GitHub Copilot now available in github.com for Copilot Individual and Copilot Business plans
With this public preview, we’re unlocking the context of your code and collaborators—and taking the next step in infusing AI into every developer’s workflow.