Artwork

Content provided by Jaymie Jones. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Jaymie Jones or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!

Episode 116 - NPM 5…4 3 2 1

8:42
 
Share
 

Archived series ("Inactive feed" status)

When? This feed was archived on April 24, 2020 16:10 (4+ y ago). Last successful fetch was on March 11, 2020 14:30 (4+ y ago)

Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Manage episode 180585323 series 1402066
Content provided by Jaymie Jones. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Jaymie Jones or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Version 5 of NPM is released and it is packed full of goodies!
http://blog.npmjs.org/post/161081169345/v500

Bundled in all new installations of Node.js 8

New Features

  • A new, standardised lockfile feature meant for cross-package-manager compatibility (package-lock.json), and a new format and semantics for shrinkwrap.
  • --save is no longer necessary. All installs will be saved by default. You can prevent saving with --no-save. Installing optional and dev deps is unchanged
  • Installing a package directory now ends up creating a symlink and does the Right Thing™ as far as saving to and installing from the package lock goes. If you have a monorepo, this might make things much easier to work with, and probably a lot faster too.
  • Project-level (toplevel) preinstall scripts now run before anything else, and can modify node_modules before the CLI reads it.
  • Two new scripts have been added, prepack and postpack, which will run on both npm pack and npm publish, but NOT on npm install (without arguments).
  • Git dependencies with prepare scripts will now have their devDependencies installed, and their prepare script executed as if under npm pack.
  • Git dependencies now support semver-based matching: npm install git://github.com/npm/npm#semver:^5
  • node-gyp now supports node-gyp.cmd on Windows
  • npm no longer blasts your screen with the whole installed tree. Instead, you’ll see a summary report of the install that is much kinder on your shell real-estate. Specially for large projects. (#15914): $ npm install npm added 125, removed 32, updated 148 and moved 5 packages in 5.032s. $
  • Cache Rewrite! (lots of stuff there, read the blog post for more)

Key Features
http://blog.npmjs.org/post/161276872334/npm5-is-now-npmlatest

npm install npm@latest -g and PROFIT

Speed

We’ve reworked package metadata, package download, and package caching, and this has sped things up significantly. In general, expect performance improvements of 20–100%; we’ve also seen some installations and version bumps that run 5x faster.

Default lockfiles
Shrinkwrap has been a part of npm for a long time, but npm@5 makes lockfiles the default, so all npm installs are now reproducible. The files you get when you install a given version of a package will be the same, every time you install it.

We’ve found countless common and time consuming problems can be tied to the “drift” that occurs when different developer environments utilize different package versions. With default lockfiles, this is no longer a problem. You won’t lose time trying to figure out a bug only to learn that it came from people running different versions of a library.

SHA-512 hashes
npm@5 adds support for any tarball hash function supported by Node.js, and it publishes with SHA-512 hashes. By checking all downloaded packages, you’re protected against data corruption and malicious attacks, and you can trust that the code you download from the registry is consistent and safe.

Self-healing cache
Our new caching is wicked fast, but it’s also more resilient. Multiple npm processes won’t corrupt a shared cache, and npm@5 will check data on both insertion and extraction to prevent installing corrupted data. If a cache entry fails an integrity check, npm@5 will automatically remove it and re-fetch.

What About Yarn?
Episode 91 talks about Yarn and the possibility of NPM having the same behaviours in the future

  continue reading

183 episodes

Artwork

Episode 116 - NPM 5…4 3 2 1

Coder Catchup

45 subscribers

published

iconShare
 

Archived series ("Inactive feed" status)

When? This feed was archived on April 24, 2020 16:10 (4+ y ago). Last successful fetch was on March 11, 2020 14:30 (4+ y ago)

Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Manage episode 180585323 series 1402066
Content provided by Jaymie Jones. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Jaymie Jones or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Version 5 of NPM is released and it is packed full of goodies!
http://blog.npmjs.org/post/161081169345/v500

Bundled in all new installations of Node.js 8

New Features

  • A new, standardised lockfile feature meant for cross-package-manager compatibility (package-lock.json), and a new format and semantics for shrinkwrap.
  • --save is no longer necessary. All installs will be saved by default. You can prevent saving with --no-save. Installing optional and dev deps is unchanged
  • Installing a package directory now ends up creating a symlink and does the Right Thing™ as far as saving to and installing from the package lock goes. If you have a monorepo, this might make things much easier to work with, and probably a lot faster too.
  • Project-level (toplevel) preinstall scripts now run before anything else, and can modify node_modules before the CLI reads it.
  • Two new scripts have been added, prepack and postpack, which will run on both npm pack and npm publish, but NOT on npm install (without arguments).
  • Git dependencies with prepare scripts will now have their devDependencies installed, and their prepare script executed as if under npm pack.
  • Git dependencies now support semver-based matching: npm install git://github.com/npm/npm#semver:^5
  • node-gyp now supports node-gyp.cmd on Windows
  • npm no longer blasts your screen with the whole installed tree. Instead, you’ll see a summary report of the install that is much kinder on your shell real-estate. Specially for large projects. (#15914): $ npm install npm added 125, removed 32, updated 148 and moved 5 packages in 5.032s. $
  • Cache Rewrite! (lots of stuff there, read the blog post for more)

Key Features
http://blog.npmjs.org/post/161276872334/npm5-is-now-npmlatest

npm install npm@latest -g and PROFIT

Speed

We’ve reworked package metadata, package download, and package caching, and this has sped things up significantly. In general, expect performance improvements of 20–100%; we’ve also seen some installations and version bumps that run 5x faster.

Default lockfiles
Shrinkwrap has been a part of npm for a long time, but npm@5 makes lockfiles the default, so all npm installs are now reproducible. The files you get when you install a given version of a package will be the same, every time you install it.

We’ve found countless common and time consuming problems can be tied to the “drift” that occurs when different developer environments utilize different package versions. With default lockfiles, this is no longer a problem. You won’t lose time trying to figure out a bug only to learn that it came from people running different versions of a library.

SHA-512 hashes
npm@5 adds support for any tarball hash function supported by Node.js, and it publishes with SHA-512 hashes. By checking all downloaded packages, you’re protected against data corruption and malicious attacks, and you can trust that the code you download from the registry is consistent and safe.

Self-healing cache
Our new caching is wicked fast, but it’s also more resilient. Multiple npm processes won’t corrupt a shared cache, and npm@5 will check data on both insertion and extraction to prevent installing corrupted data. If a cache entry fails an integrity check, npm@5 will automatically remove it and re-fetch.

What About Yarn?
Episode 91 talks about Yarn and the possibility of NPM having the same behaviours in the future

  continue reading

183 episodes

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Quick Reference Guide