Skip to content

chore(deps-dev): bump npm from 11.18.0 to 12.0.1#203

Merged
esacteksab merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-12.0.1
Jul 11, 2026
Merged

chore(deps-dev): bump npm from 11.18.0 to 12.0.1#203
esacteksab merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-12.0.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown
Contributor

Bumps npm from 11.18.0 to 12.0.1.

Release notes

Sourced from npm's releases.

v12.0.1

12.0.1 (2026-07-10)

Bug Fixes

Dependencies

libnpmpublish: v12.0.0

12.0.0 (2026-07-08)

⚠️ BREAKING CHANGES

  • npm now supports node ^22.22.2 || ^24.15.0 || >=26.0.0
  • opts.access now defaults to null instead of 'public'. With null, libnpmpublish no longer sets an explicit access level in the publish payload, so new scoped packages are created as restricted (registry default) and republishes preserve the existing access level. Callers that want to force public access must now pass access: 'public' explicitly.

Features

v12.0.0

12.0.0 (2026-07-08)

⚠️ BREAKING CHANGES

  • npm view --json now always returns an array.
  • npm sbom --sbom-format=cyclonedx now reports the name field from each package's package.json instead of the on-disk directory name. The name, bom-ref, and purl of the root component and of aliased dependencies may change.
  • npm no longer registers man pages with the system when installed globally. man npm-install will no longer work, but npm help install is unaffected.
  • The npm pkg output is no longer forced to json. This means you can get single values without having to worry about wrapping of the values. It also outputs non-json content more similarly to npm view.
  • npm shrinkwrap is removed, the shrinkwrap config alias is removed, and npm-shrinkwrap.json is no longer loaded or honored at the project root or from inside dependency tarballs. Rename project-root npm-shrinkwrap.json to package-lock.json; use bundleDependencies if you need to ship a locked dependency tree.
  • The Twitter and Freenode profile fields have been removed from the npm registry. This means that users will no longer be able to set or view these fields in their npm profiles.
  • npm will no longer attempt to resolve the path to node via whichnode. process.execPath is already set by Node to the resolved real path of the node binary, so the lookup was redundant. Scripts that expected npm to override process.execPath with a PATH-resolved (potentially symlinked) node path may be affected.
  • the --json output of npm pack and npm publish have changed. They are now always consistent, and in the same format.
  • the star, stars and unstar commands have been removed
  • The npm adduser command has been removed. Create and manage user accounts on the npm website, and use npm login to authenticate on the command line.
  • Preserve https protocol when working with git (#8703)
  • The default license for npm init has been changed from "ISC" to an empty string. If not set, the license field will be omitted from new packages.
  • npm now supports node ^22.22.2 || ^24.15.0 || >=26.0.0
  • allow-git and allow-remote now default to "none"; set them to "all" (or "root") to install git or user-supplied tarball-URL dependencies.
  • root `preinstall` now runs before dependencies are installed.
  • unknown configs in .npmrc, unknown CLI flags, abbreviated flags, and single-hyphen multi-char shorthands now throw instead of warning.

Chores

Dependencies

... (truncated)

Changelog

Sourced from npm's changelog.

12.0.1 (2026-07-10)

Bug Fixes

Dependencies

12.0.0 (2026-07-08)

⚠️ BREAKING CHANGES

  • npm view --json now always returns an array.
  • npm sbom --sbom-format=cyclonedx now reports the name field from each package's package.json instead of the on-disk directory name. The name, bom-ref, and purl of the root component and of aliased dependencies may change.
  • npm no longer registers man pages with the system when installed globally. man npm-install will no longer work, but npm help install is unaffected.
  • The npm pkg output is no longer forced to json. This means you can get single values without having to worry about wrapping of the values. It also outputs non-json content more similarly to npm view.
  • npm shrinkwrap is removed, the shrinkwrap config alias is removed, and npm-shrinkwrap.json is no longer loaded or honored at the project root or from inside dependency tarballs. Rename project-root npm-shrinkwrap.json to package-lock.json; use bundleDependencies if you need to ship a locked dependency tree.
  • The Twitter and Freenode profile fields have been removed from the npm registry. This means that users will no longer be able to set or view these fields in their npm profiles.
  • npm will no longer attempt to resolve the path to node via whichnode. process.execPath is already set by Node to the resolved real path of the node binary, so the lookup was redundant. Scripts that expected npm to override process.execPath with a PATH-resolved (potentially symlinked) node path may be affected.
  • the --json output of npm pack and npm publish have changed. They are now always consistent, and in the same format.
  • the star, stars and unstar commands have been removed
  • The npm adduser command has been removed. Create and manage user accounts on the npm website, and use npm login to authenticate on the command line.
  • Preserve https protocol when working with git (#8703)
  • The default license for npm init has been changed from "ISC" to an empty string. If not set, the license field will be omitted from new packages.
  • npm now supports node ^22.22.2 || ^24.15.0 || >=26.0.0
  • allow-git and allow-remote now default to "none"; set them to "all" (or "root") to install git or user-supplied tarball-URL dependencies.
  • root `preinstall` now runs before dependencies are installed.
  • unknown configs in .npmrc, unknown CLI flags, abbreviated flags, and single-hyphen multi-char shorthands now throw instead of warning.

Chores

Dependencies

... (truncated)

Commits
  • 72a6088 chore: release 12.0.1
  • ecb02a8 fix(view): avoid wrapping array results (#9745)
  • 47fc8b1 fix: correct bundled sigstore from dev dependency conflict (#9740)
  • 4403f05 chore: release 12.0.0
  • 5b83698 feat: trigger release process (#9737)
  • b77b532 chore: remove pre-release mode from npm 12 and workspaces (#9735)
  • 230e221 chore: release 12.0.0-pre.3
  • 6fefd0e chore: clarify unknown-config breaking change note in changelog (#9733)
  • fd75880 feat: warn instead of error on unknown .npmrc configs (#9729)
  • 42b12c2 feat(install-scripts): use install-scripts as the warning log title
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [npm](https://github.com/npm/cli) from 11.18.0 to 12.0.1.
- [Release notes](https://github.com/npm/cli/releases)
- [Changelog](https://github.com/npm/cli/blob/latest/CHANGELOG.md)
- [Commits](npm/cli@v11.18.0...v12.0.1)

---
updated-dependencies:
- dependency-name: npm
  dependency-version: 12.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file 🔗 javascript Pull requests that update javascript code labels Jul 10, 2026
@dependabot dependabot Bot requested a review from esacteksab as a code owner July 10, 2026 22:04
@dependabot dependabot Bot added javascript Pull requests that update javascript code dependencies Pull requests that update a dependency file 🔗 labels Jul 10, 2026
@github-actions github-actions Bot added the type: chore Chore 🔧 label Jul 10, 2026
@esacteksab esacteksab merged commit 8549b37 into main Jul 11, 2026
3 checks passed
@esacteksab esacteksab deleted the dependabot/npm_and_yarn/npm-12.0.1 branch July 11, 2026 02:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file 🔗 javascript Pull requests that update javascript code type: chore Chore 🔧

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant