NPM CLI 7 had been available on an opt-in basis since October, but has now been promoted to the status of “latest” version. Installation instructions can be found on GitHub.
The highlight of NPM CLI 7 is a Workspaces capability to manage multiple packages from within a single, top-level root package. This long-requested feature was motivated by a desire to support the management of multiple packages that may or may not be used together.
NPM CLI 7 also features a new lockfile format, dubbed v2, which unlocks the ability to do deterministic and reproducible builds to produce a package tree. The format is compatible with NPM 6. Previously, yarn.lock files were ignored. The NPM CLI now can use yarn.lock as the source of metadata and package resolution guidance. If a
yarn.lock file is present, NPM will keep it current with the contents of a package tree. Running
npm install with NPM 7 in a project will replace the lockfile with the new format. To avoid this, developers can run
npm install –-no-save.
The developers behind the NPM CLI are touting significant improvements in various performance benchmarks as well as increased code coverage and a reduction in dependencies. The developers said NPM CLI 7 underwent a “massive overhaul” of internals but efforts have been made to ensure minimal disruptions to most workflows. Changes to internals are intended to ensure that the NPM code base is more reliable over time as well as easier to maintain. With fewer bugs and a faster iteration cycle, it is expected that NPM updates will be able to be delivered quicker.
Also in NPM CLI 7:
- Automatic installing of peer dependencies, via an algorithm to ensure that a matching dependency is found at or above the peer-dependent’s location in the node_module’s tree. This is a breaking change that could break some workflows.
- In another breaking change,
npxhas been rewritten to use the