The 4.0.0 version offers several breaking changes but is not considered as dramatic as its predecessor, having less impact on day-to-day operations than version 3, according to NPM. Both version 2 and 3 will move to the background with the release of NPM 4.
"We will no longer be updating those release branches with anything except critical bug fixes and security patches," said NPM's Kat Marchán, a CLI engineer. "We're still committed to NPM 2 and NPM 3 working, and NPM 2 remains our LTS (long term support) version, because both of these are going to be used by Node 4 and Node 6 respectively." NPM 4.0.0 is scheduled to become the default latest version in two weeks.
Among breaking changes in version 4.0.0 is the rewriting of
npm search, for searching for packages on the NPM registry, to stream results. "Let's face it --
npm search simply doesn't work anymore," said Marchán. "Apart from the fact that it grew slower over the years, it's reached a point where we can no longer fit the entire registry metadata in memory, and anyone who tries to use the command now sees a really awful memory overflow crash from node."
Other breaking changes include NPM scripts no longer prepending the path of the node executable used to run NPM before running scripts, the removal of the
npat config setting, and deprecation of the
prepublish lifecycle script, which is replaced by a
prepare script. Discontinuation of support for partial shrinkwraps and removal of
npm tag after a deprecation cycle are considered breaking changes as well; the
npm dist-tag capability should be used instead of
NPM anticipates an accelerated release schedule for NPM now that the CLI team is finished focusing on sustaining work, said Marchán. "We're planning a major overhaul of shrinkwrap as well as various speed and usability fixes for that release." NPM shrinkwrap locks down the versions of package dependencies so that developers can control which versions of each dependency will be used when a package is installed. NPM 3, released a little more than a year ago, offered a new installer and significant structural changes to how NPM set up a tree, Marchán said.
npm unpublish command for a package if it's been up for more than 24 hours," Marchán said.