npm@9.7.0 was published but never tagged latest due to a bug found during release. below is a root cause of the bug, but the tl;dr is that npm@9.7.0 will be deprecated and npm@9.7.1 will be published once the bug is fixed.
we switched from read-package-json to @npmcli/package-json which recently received an update to bring all the features from the former to the latter. lost in this port was a minor change to normalizing package bins. previously we would not parse package.json#directories.bin if a package.json#bin was present (ref: https://github.com/npm/read-package-json/blob/main/lib/read-json.js#L351-L353) but now we do regardless of whether a bin object is there (ref: https://github.com/npm/package-json/blob/main/lib/normalize.js#L161)
next steps:
- deprecate
npm@9.7.0. this version exists on the registry and contains breaking changes that would impact users if you publish packages using both bin and directories.bin
- make a fix for this bug in
@npmcli/package.json
- do a further analysis of the changes between
read-package-json and @npmcli/package-json and assert this behavior in news tests to ensure no other breaking changes occurred
- do a new release for
npm@9.7.1
Originally posted by @lukekarrys in npm/cli#6470 (comment)
npm@9.7.0was published but never taggedlatestdue to a bug found during release. below is a root cause of the bug, but thetl;dris thatnpm@9.7.0will be deprecated andnpm@9.7.1will be published once the bug is fixed.we switched from
read-package-jsonto@npmcli/package-jsonwhich recently received an update to bring all the features from the former to the latter. lost in this port was a minor change to normalizing package bins. previously we would not parsepackage.json#directories.binif apackage.json#binwas present (ref: https://github.com/npm/read-package-json/blob/main/lib/read-json.js#L351-L353) but now we do regardless of whether a bin object is there (ref: https://github.com/npm/package-json/blob/main/lib/normalize.js#L161)next steps:
npm@9.7.0. this version exists on the registry and contains breaking changes that would impact users if you publish packages using bothbinanddirectories.bin@npmcli/package.jsonread-package-jsonand@npmcli/package-jsonand assert this behavior in news tests to ensure no other breaking changes occurrednpm@9.7.1Originally posted by @lukekarrys in npm/cli#6470 (comment)