hello.js

var please = require('share');
console.log('thank you');

Wednesday, 15 November, 2017 UTC

CouchDB vulnerabilities and the npm registry

CouchDB vulnerabilities and the npm registry

Recently a serious vulnerability in Apache CouchDB was discovered, patched, and disclosed. In this post we discuss its impact on the npm registry and correct some incorrect speculation on that impact. The npm package registry is a well-known deployment ... more


Wednesday, 15 November, 2017 UTC

Customer Convos: The Google Cloud Team

Customer Convos: The Google Cloud Team

This piece is a part of our Customer Convos series. We’re sharing stories of how people use npm at work. Want to share your thoughts? Drop us a line. Q: Hi! Can you state your name and what you do, and what your company does? Luke Sneeringer, SWE : Our ... more


Wednesday, 8 November, 2017 UTC

Customer Convos: Marcus Noble, Elsevier

Customer Convos: Marcus Noble, Elsevier

Q: Hi! Can you state your name, what you do, and what your company does? A: Hi there! I’m Marcus from Elsevier. I work in a team building their global ecommerce platform. How’s your day going? Not too bad. Had a kickoff meeting for an exciting upcoming ... more


Wednesday, 1 November, 2017 UTC

Customer Convo: Ben Edelstein, LogRocket

Customer Convo: Ben Edelstein, LogRocket

This piece is a part of our Customer Convos series. We’re sharing stories of how people use npm at work. Want to share your thoughts? Drop us a line. Q: Hi! Can you state your name and what you do, and what your company does? A: LogRocket helps product ... more


Thursday, 5 October, 2017 UTC

v5.5.0 (2017-10-04)

v5.5.0 (2017-10-04)

Hey y'all, this is a big new feature release! We’ve got some security related goodies plus a some quality-of-life improvements for anyone who uses the public registry (so, virtually everyone). The changes largely came together in one piece, so I’m just ... more


Thursday, 5 October, 2017 UTC

Protect your npm account with two-factor authentication and read-only tokens

Protect your npm account with two-factor authentication and read-only tokens

UPDATE: To try out TFA, you’ll need the beta of the npm client. To get it, run `npm install npm@next -g`. Today, we are announcing two new ways to protect your npm account. Please read on to learn how you can use these security features to keep your ... more


Tuesday, 26 September, 2017 UTC

Publishing what you mean to publish

Publishing what you mean to publish

Editor’s note: This is a guest post from Adam Baldwin of ^Lift Security and the Node Security Platform. As we discussed in earlier posts, Adam conducts constant security reviews of the Registry and its contents and keeps us appraised of anything that ... more


Friday, 15 September, 2017 UTC

v5.4.2 (2017-09-14):

v5.4.2 (2017-09-14):

This is a small bug fix release wrapping up most of the issues introduced with 5.4.0. Bugs 0b28ac72d #18458 Fix a bug on Windows where rolling back of failed optional dependencies would fail. (@marcins) 3a1b29991 write-file-atomic@2.1.0 Revert update ... more


Tuesday, 12 September, 2017 UTC

Supported Node.js Versions in the npm CLI

Supported Node.js Versions in the npm CLI

We’ve talked about our support policy before and it hasn’t changed but I wanted to take a moment to provide some clarification. Supported Major Versions The npm CLI supports running on any version of Node.js currently supported by the Node.js Foundation. ... more


Wednesday, 30 August, 2017 UTC

Meet Teacup

Meet Teacup

npm’s newest wombat is… an actual wombat. Teacup is a female wombat joey being nursed and raised at the Sleepy Burrows Wombat Sanctuary in Gundaroo, Australia. When npm adopted her shortly after she arrived at Sleepy Burrows in July, Teacup weighed just ... more


Wednesday, 30 August, 2017 UTC

API rate limiting rolling out

API rate limiting rolling out

Over the years our legacy APIs have not had rate-limiting built into them, other than the implicit, informal rate limiting caused by performance bottlenecks. Most of the time, for most users of our public APIs, this has been sufficient. As the registry ... more


Friday, 25 August, 2017 UTC

Values, Inclusion, and the Node.js Foundation

Values, Inclusion, and the Node.js Foundation

npm, Inc. and I will continue to throw our weight behind our values, including diversity and inclusivity in the Node.js project. I am encouraged to see that the Node.js Foundation board also recognizes the importance of these values, and is taking steps ... more


Wednesday, 23 August, 2017 UTC

v5.4.0 (2017-08-22)

v5.4.0 (2017-08-22)

Here’s another small big release, with a handful bunch of fixes and a couple of small new features! This release has been incubating rather longer than usual and it’s grown quite a bit in that time. I’m also excited to say that it has contributions from ... more


Wednesday, 23 August, 2017 UTC

Customer Convo: Jan Klausa, Clue

Customer Convo: Jan Klausa, Clue

This piece is a part of our Customer Convos series. We’re sharing stories of how people use npm at work. Want to share your thoughts? Drop us a line. Q: Hi! Can you state your name and what you do? A: Hi! I’m Jan and I’m an iOS developer at Clue. How’s ... more


Tuesday, 15 August, 2017 UTC

Edge node architecture with npm Enterprise

Edge node architecture with npm Enterprise

Recently, there’s been some buzz around the next great architectural shift in systems. There is a rising interest in the evolution of decentralized edge computing as a core part of that shift. For over two years, npm has been using edge computing concepts ... more


Friday, 4 August, 2017 UTC

We have a tendency to police our code ecosystems and it's harmful to those ecosystems and community

We have a tendency to police our code ecosystems and it's harmful to those ecosystems and community

Editor’s note: This is a guest post from Jenn Schiffer, who originally posted it on her blog extremely online and incredibly logged on (you can see the original post here). We feel 100% in agreement about the importance of an inclusive, collaborative, ... more


Wednesday, 2 August, 2017 UTC

`crossenv` malware on the npm registry

`crossenv` malware on the npm registry

On August 1, a user notified us via Twitter that a package with a name very similar to the popular cross-env package was sending environment variables from its installation context out to npm.hacktask.net. We investigated this report immediately and ... more


Tuesday, 1 August, 2017 UTC

Securing the npm registry

Securing the npm registry

You probably know ^Lift Security for its work as the Node Security Project, which reviews the most popular of the half-million packages in the npm Registry to find security vulnerabilities. However, you might not know that ^Lift also reviews the npm ... more


Wednesday, 26 July, 2017 UTC

Shutting Down #npm IRC

Shutting Down #npm IRC

The #npm channel on irc.freenode.net is being devoiced. That means: if you’re not a moderator in the channel, you won’t be able to post there. Instead, you’ll be redirected to this message. As an official communication channel, IRC is difficult for us ... more


Friday, 21 July, 2017 UTC

upcoming change: verified email required

upcoming change: verified email required

npm’s open source terms of use require that you provide us with a valid email address. Starting next week, you will need to verify your email before you can publish new packages. This change affects only the requirements for new packages. You do not ... more


Friday, 21 July, 2017 UTC

Customer Convo: Max Antoni, JavaScript Studio

Customer Convo: Max Antoni, JavaScript Studio

This piece is a part of our Customer Convos series. We’re sharing stories of how people use npm at work. Want to share your thoughts? Drop us a line Q. Hi! Can you state your name and what you do? A. Hi 👋, I’m Max from JavaScript Studio. I’m currently ... more


Friday, 14 July, 2017 UTC

v5.3.0 (2017-07-13)

v5.3.0 (2017-07-13)

As mentioned before, we’re continuing to do relatively rapid, smaller releases as we keep working on stomping out npm@5 issues! We’ve made a lot of progress since 5.0 already, and this release is no exception. FEATURES 1e3a46944 #17616 Add --link filter ... more


Thursday, 13 July, 2017 UTC

Customer Convo: Clemens Stolle, Civey

Customer Convo: Clemens Stolle, Civey

Q: Hi! Can you state your name and what you do, and what your company does? A: Hi, I’m Clemens and I’m the lead frontend developer at Civey in Berlin, Germany. We do representative online opinion research. Anyone can embed our widget in their website ... more


Tuesday, 11 July, 2017 UTC

Introducing npx: an npm package runner

Introducing npx: an npm package runner

Those of you upgrading npm to its latest version, npm@5.2.0 , might notice that it installs a new binary alongside the usual npm : npx . npx is a tool intended to help round out the experience of using packages from the npm registry — the same way npm ... more


Tuesday, 11 July, 2017 UTC

v5.2.0 (2017-07-05)

v5.2.0 (2017-07-05)

It’s only been a couple of days but we’ve got some bug fixes we wanted to get out to you all. We also believe that npx is ready to be bundled with npm, which we’re really excited about! npx!!! npx is a tool intended to help round out the experience of ... more


Saturday, 1 July, 2017 UTC

The npm CLI's Long Term Support (LTS) policy

The npm CLI's Long Term Support (LTS) policy

The npm CLI project does not have designated LTS releases. The project only regularly does releases to the most recent major release. Security Issues In the event of a security issue, the npm CLI project will back port security patches to any version ... more


Thursday, 29 June, 2017 UTC

Customer Convo: Dan Gebhardt, Cerebris

Customer Convo: Dan Gebhardt, Cerebris

Q: Hi! Can you state your name and what you do? A: Hi there! I’m Dan Gebhardt. I’m a co-founder of Cerebris, which is a small web application consulting firm I run with my brother Larry Gebhardt. We’re pretty heavily into open source — I’m on the core ... more


Tuesday, 27 June, 2017 UTC

v5.0.4 (2017-06-13)

v5.0.4 (2017-06-13)

Hey y'all. This is another minor patch release with a variety of little fixes we’ve been accumulating~ f0a37ace9 Fix npm doctor when hitting registries without ping . (@zkat) 64f0105e8 Fix invalid format error when setting cache-related headers. ([@Kat ... more


Thursday, 22 June, 2017 UTC

Why use SemVer?

Why use SemVer?

npm’s documentation recommends that you use semantic versioning, which we also call semver, but it doesn’t explain why you’d use SemVer in the first place. This post is a quick overview of SemVer and why it’s a good idea. What is SemVer, again? At its ... more


Thursday, 15 June, 2017 UTC

Customer Convos: Alistair Brown, ShopKeep

Customer Convos: Alistair Brown, ShopKeep

Q: Hi! Can you state your name and what you do? A: Ahoy, I’m Alistair Brown and I’m a lead front-end engineer at ShopKeep, primarily focusing on our BackOffice app, which enables more than 23,000 merchants the ability to manage their business operations ... more