NPM's Kat Marchán, a CLI engineer said, “We will no longer be updating those release branches with anything except critical bug fixes and security patches.” Kat Marchan also explained that they are still going to work with NPM 2 and NPM 3. They are going to continue with NPM 2 as LTS version because Node 4 and Node 6 are going to use them respectively. NPM 4 is going to become the default version in two weeks.
In version 4.0.0, rewriting of npm-search for searching packages on the NPM registry to stream results is among breaking changes. Marchan said, “Let's face it -- npm search simply doesn't work anymore.” It doesn’t fit in the entire registry metadata in memory and anybody trying to use the command experiences an awful memory overflow crash from nodes.
NPM 4.0.0 breaking changes includes NPM script no longer adds the path of the node executable used to run NPM before starting of scripts, no longer use of npatconfig setting, and reduction of the prepublish lifecycle script, which is replaced by a prepare script. Ending the support for partial shrikwraps and excluding npm-tag after a deprecation cycle. Instead of using npm-tag, the npm dist-tag capabilities should be used.
Marchan said, "We're planning a major overhaul of shrinkwrap as well as various speed and usability fixes for that release." NPM shrinkwraps are responsible for locking down the package versions dependencies to help developers controlling which versions of each dependency will be used when a package is installed.
Earlier this year, NPM faced troubles when removal of a small JS package from NPM registry impacted other packages dependent on it. NPM said that the situation was resolved within few hours.