NPM 5 reworks the cache for speed, but could break existing apps

Other changes target better fault tolerance, garbage collection, and auto-saving

NPM, the popular JavaScript package manager, is being upgraded for better performance.

Expected to be released tomorrow, NPM Version 5.0 is two to six times faster than NPM 4, said Kat Marchan, a member of the NPM team. Other improvements include better defaults, simplified options, and better error messages.

NPM's cache has been rewritten for speed. It also is fault-tolerant and supports concurrent access. Corrupted cache entries are automatically removed and refetched. Also, an NPM cache verify command performs garbage collection to reduce disk usage and provide integrity verification.

For reliability, NPM Version 5.0 offers better disk and network fault tolerance, an automatic offline mode, and automatic corruption recovery. New installer features include a standardized lock file for cross-package manager compatibility with package-lock.json as well as a new format and semantics for shrinkwrap.

Also, all installs are saved by default; the –save function is no longer needed. The NPM developers also said NPM no longer “blasts” the screen with an entire installed tree. “Instead, you’ll see a summary report of the install that is much kinder on your shell real estate.”

Meanwhile, project-level preinstall scripts now run first and can modify node_modules before the command line reading it. Version 5.0 also adds scripts for prepack and postpack.

NPM 5.0’s registry includes reduced data transfer when fetching package metadata, and adds support for SHA512 integrity hashes.

NPM 5.0 does break prior code, because existing NPM caches are no longer used and the cache commands have been rewritten. Users will have to re-download any cached package.

Copyright © 2017 IDG Communications, Inc.