Major CLI Versions - Planning

# Major CLI Versions - Planning ## npm v7 #### Timeline: - **Generally Available:** January 2021 - **End-of-Life:** October 2021 #### Features: - [x] Install Peer-Depedendencies by Default - [x] `npm install` throws an error when trying to install a version of itself when there's an `engine` mismatch ## npm v8 #### Timeline: - **Alpha:** August 2021 - **Generally Available:** September 2021 - **End of Life ### Goals - Low friction from `7 -> 8` - Reduce maintenance burden - Align release schedules better with Node Project - Update deps which are dropping support for unsupported nodes ### Breaking Changes: - Drop support for `node@10` - Drop programmatic API (ie. no more `require('npm')`) - Re-think the dist-tags we use (ie. drop `lts` based on: https://github.com/npm/cli/wiki/Support-Policy) ### Features: 1. [ ] Start warning on **unknown** flags or config (under `loglevel=verbose`) 1. [ ] Start warning on **deprecated** flags or config (under `loglevel=verbose`) 1. [ ] Introduce new "tree mutated" lifecycle event 1. [ ] Deprecate & warn for `npm set-script` 1. [ ] Deprecate & warn for `npm birthday` 1. [ ] Deprecate & warn for `--global` (`--location=global`) 1. [ ] Deprecate & warn for `--local` 1. [ ] Deprecate & warn for `sso-type` ## npm v9 #### Timeline: - **Generally Available:** Mid 2022 - **End-of-Life:** Mid 2023 ### Goals: 1. Standardize reasonable defaults 2. Support complex workflows - This can be accomodated as a minor/feature enhancements - Examples include: `--parallel` flag, workspace & run-script grouping/alias' etc. ### Breaking Changes: 1. [ ] Begin throwing on unkown config keys or invalid config values 1. [ ] Defaults to lockfile version `v3` - ie. drop backwards compatibility w/ `npm@6` & `v1` lockfiles 1. [ ] Remove path support in `npm explain` 1. [ ] Remove deprecated config/flags 1. [ ] Remove `npm set-script` 1. [ ] Remove `npm birthday` 1. [ ] Remove alias of `npm login` to `adduser` 1. [ ] Remove `sso-type` 1. [ ] Remove `auth-type` 1. [ ] Remove `loglevel=timing` 1. [ ] Differentiate `--timing` from `--loglevel` 1. [ ] Write process specific timing file instead of newline delimited json in `*_timing.json` 1. [ ] `npm update` supports saving back to `package.json` (potentially via `--save`) 1. [ ] Map `--location=global` to `--global` - `--global` maps to `--location=global` - `--local` no longer maps to `--no-global` ### Features: 1. [ ] [Support Command-Specific Config](https://hackmd.io/6-Jb8tPzQRG86IXO6s2P2A) 1. [ ] New `npm query` command (alongside a package selector syntax) 1. [ ] New `npm add` command 1. [ ] New `npm register` command (alias, `adduser`) 1. [ ] New `npm login` command - Supports `WebAuthn` flow 1. [ ] **Major** refactor to `@npmcli/arborist` - [ ] separate business logic out - [ ] separate graphing logic out 1. [ ] Standardize `--json` support & output across **all** commands ## npm v10 1. Use "isolated" mode by default(?) 1. New `npm link` experience 1. Support for `stdin` across **all** commands ### Feature 1. [ ] Differentiate "scripts" from "lifecycle events" # Notes: - [ ] spike out `nopt` support for capturing unknown config - [ ] potential space to contribute back to node core via the [`parseArgs`](https://github.com/pkgjs/parseargs) Node Tooling WG efforts