-
Notifications
You must be signed in to change notification settings - Fork 65
Releases: npm/pacote
Releases · npm/pacote
v22.0.0
@github-actions
github-actions
e4e44c5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
22.0.0 (2026年06月15日)
⚠️ BREAKING CHANGES
pacotenow supports node^22.22.2 || ^24.15.0 || >=26.0.0- git specs using the
httpsorgit+httpsprotocol now resolve togit+httpsURLs instead of being switched togit+ssh. Shortcut specs (e.g.github:user/repo,user/repo) andgit+ssh/git://specs are unchanged.
Features
09316f5#504 bump to new node engine range (@owlstronaut)2ab74b0#497 strip patchedDependencies from the packed package.json (#497) (@manzoorwanijk)66e7ea7#487 forward globalIgnoreFile option to npm-packlist (@ljharb)
Bug Fixes
ce804fb#498 avoid ReDoS in addGitSha committish stripping (#498) (@owlstronaut)1f5f131#494 pass --global=false when preparing git dependencies (@owlstronaut)e0af7f6#486 respect ignoreScripts option for git dependencies (@owlstronaut)12c8c8f#481 fall back to git clone when tarball response is not a valid archive (@babyhuey)61f065a#481 use statusCode instead of constructor name for tarball fallback in git fetcher (@j1mb0-1)6d160c1#434 do not switch to git+ssh for https repository links (#434) (@oldium)
Dependencies
371e8b0#504ssri@14.0.0b68c6c2#504sigstore@5.0.057793ab#504proc-log@7.0.033eacc9#504npm-registry-fetch@20.0.1a131916#504npm-pick-manifest@12.0.02b03527#504npm-packlist@11.2.05f8ad42#504npm-package-arg@14.0.0ee3b96d#504cacache@21.0.1033f655#504@npmcli/run-script@11.0.0ddcc738#504@npmcli/promise-spawn@10.0.06a28eb2#504@npmcli/package-json@8.0.05879416#504@npmcli/installed-package-contents@5.0.041ea727#504@npmcli/git@8.0.0
Chores
3fc5fd4#504@npmcli/eslint-config@7.0.0(@owlstronaut)7350ab8#504hosted-git-info@10.1.1(@owlstronaut)c7c7d7f#504 template-oss-apply (@owlstronaut)e9ac85e#501 template-oss-apply (@owlstronaut)e184356#501template-oss@5.1.0(@owlstronaut)644ebb6#479 template-oss-apply (@owlstronaut)ee64bea#479@npmcli/template-oss@4.30.0(@owlstronaut)
Contributors
ljharb, owlstronaut, and 4 other contributors
Assets 2
v21.5.1
@github-actions
github-actions
d36266f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
21.5.1 (2026年06月09日)
Bug Fixes
627a7dc#499 avoid ReDoS in addGitSha committish stripping (@owlstronaut)
Chores
790a24b#500 template-oss-apply (#500) (@owlstronaut, test)09cb304#499 template-oss-apply (@owlstronaut)bea9f84#499@npmcli/template-oss@5.1.0(@owlstronaut)
Assets 2
v21.5.0
@github-actions
github-actions
6c2555a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
21.5.0 (2026年03月09日)
Features
d912f17#457 expose fetched attestation bundles on manifest (#457) (@mitchdenny)
Chores
586a55d#471 template-oss-apply for new macos images (#471) (@wraithgar)d1cc5c8#460 template-oss-apply for release branches (#460) (@wraithgar)b741e8b#468 bump @npmcli/template-oss from 4.28.0 to 4.29.0 (#468) (@dependabot[bot], @npm-cli-bot)
Contributors
wraithgar, mitchdenny, and 2 other contributors
Assets 2
v20.0.1
@github-actions
github-actions
d191a57
This commit was created on GitHub.com and signed with GitHub’s verified signature.
20.0.1 (2026年03月06日)
Dependencies
Chores
01a126d#466 enable backport mode for v20 (#466) (@wraithgar)98f72f6#461 tests should not inherit --ignore-scripts flag from `npm run t... (#422) (@owlstronaut)f8cf9ba#461@npmcli/template-oss@4.29.0(@wraithgar)
Assets 2
v19.0.2
@github-actions
github-actions
a53be38
This commit was created on GitHub.com and signed with GitHub’s verified signature.
19.0.2 (2026年03月06日)
Dependencies
Chores
b7f2691#465 enable backport mode for v19 (#465) (@wraithgar)ed1aef0#459 tests should not inherit --ignore-scripts flag from `npm run t... (#422) (@owlstronaut)415e369#459@npmcli/template-oss@4.29.0(@wraithgar)
Assets 2
v21.4.0
@github-actions
github-actions
e3871d8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
21.4.0 (2026年02月24日)
Features
6912f24#451 add allowRegistry option (#451) (@wraithgar)
Bug Fixes
ab37bc1#452 prevent path duplication in attestation URL for registries with ... (#452) (@ajayk)ab37bc1#452 prevent path duplication in attestation URL for registries with (@ajayk)8b8ea3b#454 skip registry key check for keyless (Sigstore/Fulcio) attestations (#454) (@ajayk)8b8ea3b#454 skip registry key check for keyless (Sigstore/Fulcio) attestations (@ajayk)
Chores
0dfd1cd#456 remove git config from tests (#456) (@wraithgar)
Assets 2
v21.3.1
@github-actions
github-actions
18d36e6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
21.3.1 (2026年02月10日)
Bug Fixes
96e571a#439 ensure that resolved git ref matches expected sha (#439) (@klassiker, pacotedev)
Chores
91847c4#447 fix test for ssri ignoring invalid hashes (#447) (@wraithgar)
Assets 2
v21.3.0
@github-actions
github-actions
411ceb6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Assets 2
v21.2.0
@github-actions
github-actions
27cc5e1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Assets 2
v21.1.0
@github-actions
github-actions
7c9469d
This commit was created on GitHub.com and signed with GitHub’s verified signature.