hello.js

var please = require('share');
console.log('thank you');

Tuesday, 28 May, 2019 UTC

private package development with npm Orgs

private package development with npm Orgs

Most of you probably download packages from the public npm registry on a regular basis. Some of you might even publish packages for others to use. Did you know that npm provides tools for collaborative development as well? With npm Orgs, you get the ... more


Tuesday, 30 April, 2019 UTC

Easy Automatic npm Publishes

Easy Automatic npm Publishes

One common question from people using npm to publish, especially on CI systems, is how best to automate the process, especially when dealing with multiple branches. For a while now, I’ve been using a pattern that takes almost all of the human interaction ... more


Tuesday, 5 March, 2019 UTC

npm On-Call

npm On-Call

This is Teacup, our adopted wombat and latest on-call engineer. Just like everyone, Teacup has to take responsibility for what we ship to production. It won’t be smooth sailing on-boarding her — the late night alerts, the fact she doesn’t even own a ... more


Tuesday, 26 February, 2019 UTC

Why we created npm Enterprise

Why we created npm Enterprise

Last week we launched npm Enterprise, a fact that might come as a surprise to those of you who’ve been paying attention and know that we’ve had an enterprise product since 2014. The new Enterprise is a totally different beast, the result of recognizing ... more


Thursday, 21 February, 2019 UTC

Managing JavaScript in the Enterprise

Managing JavaScript in the Enterprise

We are excited to announce the launch of a platform to help modernize Javascript development in the enterprise. Ripping the “beta” label off npm Enterprise is satisfying for a lot of reasons. We started npm to remove friction for JavaScript developers, ... more


Tuesday, 19 February, 2019 UTC

npm Convos: open-wc

npm Convos: open-wc

Q. Hi! Can you state your name, what you do, and/or what your company does? A: `open-wc` (Open Web Components) is an open collective of volunteer developers interested in web components and the web platform in general. Late last year we got together ... more


Friday, 15 February, 2019 UTC

The security risks of changing package owners

The security risks of changing package owners

When I ask software developers what their biggest security concerns are, I typically hear something about malicious code in their npm packages. The average npm package has over 2000 dependencies, so the worry over malware makes a lot of sense. The npm ... more


Wednesday, 13 February, 2019 UTC

npm Convos: Quasar Framework

npm Convos: Quasar Framework

Q. Hi! Can you state your name, what you do, and/or what your company does? A: My name is Razvan Stoenescu and I’m the founder of Quasar Framework, which is a Node.js and Vue.js-based system that helps developers rapidly create best-practice applications ... more


Tuesday, 29 January, 2019 UTC

Continuous Security

Continuous Security

It’s been almost a year since npm acquired ^Lift Security and even less since the official formation of the internal npm Security Team. In addition to working on securing the Registry and its users, I’ve been setting aside time to think through how we ... more


Monday, 28 January, 2019 UTC

On Building npm and Hiring a CEO - Founders Talk

On Building npm and Hiring a CEO - Founders Talk

I had the opportunity to chat with Adam Stacoviak recently about the journey of creating npm and turning that into npm, Inc., 4 and a half years as CEO, and the transition to my new role as Chief Product Officer. Along the way, we touched on some of ... more


Wednesday, 23 January, 2019 UTC

npm Convos: the native web

npm Convos: the native web

Q: Hi! Can you state your name, what you do, and/or what your company does? A: Hey, I’m Golo, founder and CTO of the native web. We provide consulting, training and development for Node.js, JavaScript, and related technologies. Our speciality is designing ... more


Wednesday, 16 January, 2019 UTC

OSS, Risk, and Compliance

OSS, Risk, and Compliance

I’m going to tell you a story. There are no villains in this story. Just smart people doing their best, and unfortunately working at cross-purposes through no fault of their own. The names and places have been changed, but it is a true story. I’ve heard ... more


Wednesday, 16 January, 2019 UTC

npm Convos: Tripetto

npm Convos: Tripetto

Hi! Can you state your name, what you do, and what your company does? Hello! My name is Mark van den Brink and I’m a co-founder and tech lead of Tripetto. Developers can integrate our full-fledged form kit straight into their projects to wield an entire ... more


Tuesday, 15 January, 2019 UTC

Automated token revocation for when you accidentally publish a token

Automated token revocation for when you accidentally publish a token

Protecting npm user accounts is one of the most important ways we help secure the JavaScript ecosystem. This is especially true for accounts that publish packages, as the npm ecosystem is the beginning of the supply chain for the world’s JavaScript. ... more


Thursday, 10 January, 2019 UTC

npm, Inc. has a new CEO, Bryan Bogensberger

npm, Inc. has a new CEO, Bryan Bogensberger

Coming up as a software developer in Open Source, I’ve long believed that the best path to success is to depend on the strengths of others. One reason why I wrote a package manager in the first place was that I knew the JavaScript community as a whole ... more


Thursday, 6 December, 2018 UTC

This year in JavaScript: 2018 in review and npm’s predictions for 2019

This year in JavaScript: 2018 in review and npm’s predictions for 2019

This study is adapted from my presentation npm and the Future of JavaScript. No data is perfect; if you have questions about ours you can read about the methodology used to gather this data. npm has over 10 million users who download well over 30 billion ... more


Tuesday, 4 December, 2018 UTC

Securing Your Site like It’s 1999

Securing Your Site like It’s 1999

“Running a website in the early years of the web was a scary business. The web was an evolving medium, and people were finding new uses for it almost every day. From book stores to online auctions, the web was an expanding universe of new possibilities. ... more


Thursday, 29 November, 2018 UTC

npm Convos: Lexio

npm Convos: Lexio

Q. Hi! Can you state your name, what you do, and/or what your company does? AH: Hi! I’m Anthony Humphreys, Technical Lead at Lexio, I’m a full-stack developer and work on all the technical aspects of the business. JT: Hey, I’m Jessica Tebay, Operations ... more


Wednesday, 28 November, 2018 UTC

401 & scoped packages

401 & scoped packages

Update: We rolled back this change around 2pm PST today, but will be rolling it out again soon. Did you recently get a 401 or an EINVALIDNPMTOKEN error when trying to interact with scoped packages? This is the result of some recent changes we made and ... more


Tuesday, 27 November, 2018 UTC

Details about the event-stream incident

Details about the event-stream incident

This is an analysis of the event-stream incident of which many of you became aware earlier this week. npm acts immediately to address operational concerns and issues that affect the safety of our community, but we typically perform more thorough analysis ... more


Wednesday, 14 November, 2018 UTC

npm Convos: Lumie

npm Convos: Lumie

Q: Hi! Can you state your name and what you do? A: Hi! I am Alexandre Levacher, a software engineer living in the south of France, working at Teads, the inventor of native video advertising and the leading Outstream Video Marketplace. How’s your day ... more


Thursday, 25 October, 2018 UTC

Writing Quality Vulnerability Reports

Writing Quality Vulnerability Reports

npm offers a way for security researchers, package users, package maintainers, and community members to report security vulnerabilities via the “Report a Vulnerability” button on npm Package pages. This provides the community a way to participate in ... more


Tuesday, 23 October, 2018 UTC

npm Convos: Hello Club

npm Convos: Hello Club

Q. Hi! Can you state your name, what you do, and/or what your company does? Hi there! My name is Adam Reis, and I am the co-founder and CTO of Hello Club. We’ve created Hello Club to help reduce the workload and time spent on admin tasks for the volunteers ... more


Thursday, 4 October, 2018 UTC

Node + JS Foundation

Node + JS Foundation

Today the Node.js and JS Foundations announced an intent to merge. tl;dr – This is a good thing. I’m psyched. The JavaScript community is a big and diverse group of people, doing lots of stuff. Most companies in the world use JavaScript, and at npm, ... more


Friday, 28 September, 2018 UTC

npm Convos: Rolustech

npm Convos: Rolustech

Q1. Hi! Can you state your name, what you do, and/or what your company does? I’m Amer Wilson, CRM Consultant at Rolustech, a certified SugarCRM and Salesforce Partner firm. We do CRM customization, implementation, and integrations and have been in the ... more


Thursday, 27 September, 2018 UTC

Rethinking JavaScript Test Coverage

Rethinking JavaScript Test Coverage

This post was written by Benjamin Coe, Product Manager at npm, Inc. and lead maintainer of yargs and Istanbul for the Node.js Collection. It covers work that has gone into introducing native code coverage support to Node.js. TLDR: You can now expose ... more


Thursday, 13 September, 2018 UTC

Next Generation Package Management

Next Generation Package Management

What if installs were so fast they could happen in the background, just by using Node? What every file in your dependencies could be guaranteed to be bit-by-bit identical to what’s on the registry? What if working on a new project was as simple as clone ... more


Wednesday, 29 August, 2018 UTC

Release: npm@6.4.1

Release: [email protected]

A new version of the npm CLI has been released! next: 6.4.1 latest: 6.4.1 Check out the changelog on npm.community ... more


Tuesday, 28 August, 2018 UTC

npm Convos: Capital One

npm Convos: Capital One

Q. Hi! Can you state your name, what you do, and/or what your company does? A. My name is Joe Hanley, and I am a full-stack software engineer at Capital One. We’re a bank, a credit card company, and a financial services provider, but we like to think ... more


Thursday, 23 August, 2018 UTC

Release: npm@6.4.1-next.0

Release: [email protected]

A new npm cli version has been released! latest: 6.4.0 next: 6.4.1-next.0 Check out the changelog on npm.community ... more