<< Introduction @npmcli/arborist is the dependency tree manager for npm, new in npm v7. It provides facilities for doing nearly everything that npm does with package trees, and fully replaces large parts of the npm CLI codebase. Way back in the ... more
Quite a lot has happened in npm since our last update way back in 2019. We’re overdue for a status update on npm v7. Despite some massive distracting changes (some unfortunate, some very fortunate), development work has been proceeding steadily. Yesterday, ... more
Happy Monday! Time for a new npm version 😄 v6.14.5 containing a few bug fixes from the community and dependency updates. To get it: npm install -g npm@latest 6.14.5 (2020-05-04) BUG FIXES 33ec41f18 #758 fix: relativize file links when inflating shrinkwrap ... more
On September 29th, 2019, npm turned 10 years old and we all celebrated the incredible story of npm. Today, I’m announcing my departure from npm, and that has me looking back at the last 10 years and my own story. A lot has changed, I got married, bought ... more
We have recently updated our privacy FAQ. This update includes, amongst others, changes to provide further detail regarding: How npm shares data with service providers The circumstances in which certain data may be available publicly on our platform ... more
Like everyone else around the globe, we are closely monitoring the COVID-19 situation for possible effects on our employees, our services, and our customers. We know that many organizations playing key roles in fighting the disease, helping those directly ... more
Hello Everyone! We just published v6.14.4 containing some dependencies updates 😊 You can get the latest release in the usual ways: npm install -g npm@latest 6.14.4 DEPENDENCIES 136832dca [email protected] Bump [email protected] transitive dep to resolve security ... more
Guest post from npm customer and the f ounder of Rise , Kahl Orr. I run Rise, a fast-growing web design and development agency based in Philadelphia. I started my company after my first job as a developer led to high demand for my services in the form ... more
A new npm version has been released, v6.14.3! 🎉 You can update to the latest version of the cli in the usual way: $ npm install -g npm@latest Notable updates include: e11167646 [email protected] c5b97d17d fix: bump minimist dep to resolve security issue ... more
tl;dr – Good news! npm, Inc., is being purchased by GitHub. The public registry remains public, free, and as available as ever. npm as you know it continues, and in fact, there is good reason to believe that it’ll only get better. I’m still going to ... more
A new npm version has been released, v6.14.2! 🎉 You can update to the latest version of the cli in the usual way: $ npm install -g npm@latest Notable updates include: 9204ffa58 [email protected] (@isaacs) 6bcf0860a fix: treat non-http/https login urls ... more
6.14.1 (2020-02-26) 303e5c11e [email protected] Fixes a regression where scp-style git urls are passed to the WhatWG URL parser, which does not handle them properly. (@isaacs) ... more
A new npm version has been released, v6.14 ! You can update to the latest version of the cli in the usual way: $ npm install -g npm@latest 🎉 Support for multiple funding entries A big shout-out goes to @ljharb & @ruyadorno for their work on expanding ... more
At 11:06 UTC, our CDN partner deployed changes intended to detect spurious traffic by observing the “Referer” HTTP request header. This change caused some requests from the npm CLI to be flagged as suspect by the CDN. To our monitoring systems, this ... more
The JavaScript ecosystem is a lush, fertile, mostly beneficent garden. But even the best gardens need some tending. Much of that tending comes in the form of the continuous research on the part of the npm security team mated with their automated processes ... more
TL;DR Until today, you couldn’t unpublish packages, or package versions, older than 72 hours without contacting support (background available here and here). Because this is our most popular support request, we’ve extended the ability for you to unpublish ... more
Hello Everyone! There is a new release of the npm cli v6.13.7! You can update to the latest version of the cli with the following command: $ npm install -g npm@latest 6.13.7 BUG FIXES 7dbb91438 #655 Update CI detection cases (@isaacs) DEPENDENCIES 0fb1296c7 ... more
Happy Thursday! We shipped two releases today: v6.13.5 and v6.13.6 😄 You can get the latest release in the usual ways: npm i -g npm@latest 6.13.6 DEPENDENCIES 6dba897a1 [email protected] : d2f4176 fix(git): Do not drop uid/gid when executing in root-owned ... more
The California Consumer Privacy Act went into effect on January 1, 2020. We have updated our privacy FAQ to answer the following questions about our compliance with the CCPA: Does npm comply with the California Consumer Privacy Act? How can I access ... more
A year in review from VP of Security Adam Baldwin (in the style of Harper’s Index): Number of npm tokens revoked that were erroneously published to either the registry or to GitHub: 737 Value, in millions of dollars, of cryptocurrency saved from theft ... more
tl;dr - Update to npm v6.13.4 as soon as possible on all your systems to fix a vulnerability allowing arbitrary path access. The Vulnerabilities In versions of npm prior to 6.13.3 (and versions of yarn prior to 1.21.1), a properly constructed entry in ... more
Second of two important bugfix releases this week. Please enjoy it! npm install -g npm@latest 6.13.4 (2019-12-11) BUGFIXES 320ac9aee npm/bin-links#12 npm/gentle-fs#7 Do not remove global bin/man links inappropriately (@isaacs) DEPENDENCIES 52fd21061 ... more
We’re pleased to announce today the launch of npm Pro, an affordable new tool designed for independent JavaScript developers, and well-suited for consultant work, personal projects, and side hustles. We’re also announcing npm Teams, the new name for ... more
Just a quick little release to update some deps and fix a few very annoying bugs. Come and get it! npm i -g npm@latest Full release notes: 6.13.3 (2019-12-09) DEPENDENCIES 19ce061a2 [email protected] Properly normalize, sanitize, and verify bin entries ... more
A new npm version has been released! Get it in the usual ways: npm i -g npm@latest 6.13.2 (2019-12-03) BUG FIXES 4429645b3 #546 fix docs target typo (@richardlau) 867642942 #142 fix(packageRelativePath): fix ‘where’ for file deps (@larsgw) d480f2c17 ... more
From November 21-25, the npm registry experienced periodic service degradation. Alerted to increasing error rates from our monitoring systems and reports from the npm community, our incident response team began investigations on Thursday and has since ... more
This is the third in a series of blog posts we’re running to preview and gather input on the new security insights API we’re developing. Previous posts Part 1: Package publication Insights Part 2: Malware Today’s topic: Behavioral Analysis A lot of stuff ... more
A new npm version has been released! This fixes some bugs and includes changes on the docs by the community! Get it in the usual ways: npm i -g npm@latest 6.13.1 (2019-11-18) BUG FIXES 938d6124d #472 fix(fund): support funding string shorthand (@ruyadorno) ... more
npm developer Ruy Adorno writes about his experience cutting his first npm release and two new features available in the CLI › https://dev.to/ruyadorno/npm-6-13-0-7f3 ... more
Happy Tuesday! Here on the Community & Open Source Team we’ve been working hard, in front of and behind the scenes, to provide real value and unlock developer potential. With that in mind, I’m happy to announce a number of updates/releases we’ve ... more