npm-registry-fetch - npm Package Compare versions

Comparing version 3.9.1 to 4.0.0

CHANGELOG.md

@@ -5,2 +5,16 @@ # Change Log
 
+<a name="4.0.0"></a>
+# [4.0.0](https://github.com/npm/registry-fetch/compare/v3.9.1...v4.0.0) (2019-07-15)
+
+
+* cacache@12.0.0, infer uid from cache folder ([0c4f060](https://github.com/npm/registry-fetch/commit/0c4f060))
+
+
+### BREAKING CHANGES
+
+* uid and gid are inferred from cache folder, rather than
+being passed in as options.
+
+
+
 <a name="3.9.1"></a>
@@ -7,0 +21,0 @@ ## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02)

config.js

@@ -22,3 +22,2 @@ 'use strict'
   forceAuth: 'force-auth',
-  'gid': {},
   'gzip': {},
@@ -81,3 +80,2 @@ 'headers': {},
   'timeout': {},
-  'uid': {},
   'user-agent': {
@@ -84,0 +82,0 @@ default: `${

index.js

@@ -102,5 +102,3 @@ 'use strict'
     strictSSL: !!opts['strict-ssl'],
-    timeout: opts.timeout,
-    uid: opts.uid,
-    gid: opts.gid
+    timeout: opts.timeout
   }).then(res => checkResponse(
@@ -107,0 +105,0 @@ opts.method || 'GET', res, registry, startTime, opts

package.json

 {
   "name": "npm-registry-fetch",
-  "version": "3.9.1",
+  "version": "4.0.0",
   "description": "Fetch-based http client for use with npm registry APIs",
@@ -36,7 +36,7 @@ "main": "index.js",
     "lru-cache": "^5.1.1",
-    "make-fetch-happen": "^4.0.2",
+    "make-fetch-happen": "^5.0.0",
     "npm-package-arg": "^6.1.0"
   },
   "devDependencies": {
-    "cacache": "^11.3.3",
+    "cacache": "^12.0.0",
     "get-stream": "^4.0.0",
@@ -43,0 +43,0 @@ "mkdirp": "^0.5.1",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

42549

increased by0.64%

Number of medium supply chain risk alerts

1

decreased by-50%

Worsened metrics

Lines of code

514

decreased by-0.77%

Dependency changes

• + Addedcacache@12.0.4(transitive)

• + Addedinfer-owner@1.0.4(transitive)

• + Addedmake-fetch-happen@5.0.2(transitive)

• - Removedcacache@11.3.3(transitive)

• - Removedmake-fetch-happen@4.0.2(transitive)

• Updatedmake-fetch-happen@^5.0.0