hello.js

var please = require('share');
console.log('thank you');

Wednesday, 16 January, 2019 UTC

OSS, Risk, and Compliance

OSS, Risk, and Compliance

I’m going to tell you a story. There are no villains in this story. Just smart people doing their best, and unfortunately working at cross-purposes through no fault of their own. The names and places have been changed, but it is a true story. I’ve heard ... more


Wednesday, 16 January, 2019 UTC

npm Convos: Tripetto

npm Convos: Tripetto

Hi! Can you state your name, what you do, and what your company does? Hello! My name is Mark van den Brink and I’m a co-founder and tech lead of Tripetto. Developers can integrate our full-fledged form kit straight into their projects to wield an entire ... more


Tuesday, 15 January, 2019 UTC

Automated token revocation for when you accidentally publish a token

Automated token revocation for when you accidentally publish a token

Protecting npm user accounts is one of the most important ways we help secure the JavaScript ecosystem. This is especially true for accounts that publish packages, as the npm ecosystem is the beginning of the supply chain for the world’s JavaScript. ... more


Thursday, 10 January, 2019 UTC

npm, Inc. has a new CEO, Bryan Bogensberger

npm, Inc. has a new CEO, Bryan Bogensberger

Coming up as a software developer in Open Source, I’ve long believed that the best path to success is to depend on the strengths of others. One reason why I wrote a package manager in the first place was that I knew the JavaScript community as a whole ... more


Thursday, 6 December, 2018 UTC

This year in JavaScript: 2018 in review and npm’s predictions for 2019

This year in JavaScript: 2018 in review and npm’s predictions for 2019

This study is adapted from my presentation npm and the Future of JavaScript. No data is perfect; if you have questions about ours you can read about the methodology used to gather this data. npm has over 10 million users who download well over 30 billion ... more


Tuesday, 4 December, 2018 UTC

Securing Your Site like It’s 1999

Securing Your Site like It’s 1999

“Running a website in the early years of the web was a scary business. The web was an evolving medium, and people were finding new uses for it almost every day. From book stores to online auctions, the web was an expanding universe of new possibilities. ... more


Thursday, 29 November, 2018 UTC

npm Convos: Lexio

npm Convos: Lexio

Q. Hi! Can you state your name, what you do, and/or what your company does? AH: Hi! I’m Anthony Humphreys, Technical Lead at Lexio, I’m a full-stack developer and work on all the technical aspects of the business. JT: Hey, I’m Jessica Tebay, Operations ... more


Wednesday, 28 November, 2018 UTC

401 & scoped packages

401 & scoped packages

Update: We rolled back this change around 2pm PST today, but will be rolling it out again soon. Did you recently get a 401 or an EINVALIDNPMTOKEN error when trying to interact with scoped packages? This is the result of some recent changes we made and ... more


Tuesday, 27 November, 2018 UTC

Details about the event-stream incident

Details about the event-stream incident

This is an analysis of the event-stream incident of which many of you became aware earlier this week. npm acts immediately to address operational concerns and issues that affect the safety of our community, but we typically perform more thorough analysis ... more


Wednesday, 14 November, 2018 UTC

npm Convos: Lumie

npm Convos: Lumie

Q: Hi! Can you state your name and what you do? A: Hi! I am Alexandre Levacher, a software engineer living in the south of France, working at Teads, the inventor of native video advertising and the leading Outstream Video Marketplace. How’s your day ... more


Thursday, 25 October, 2018 UTC

Writing Quality Vulnerability Reports

Writing Quality Vulnerability Reports

npm offers a way for security researchers, package users, package maintainers, and community members to report security vulnerabilities via the “Report a Vulnerability” button on npm Package pages. This provides the community a way to participate in ... more


Tuesday, 23 October, 2018 UTC

npm Convos: Hello Club

npm Convos: Hello Club

Q. Hi! Can you state your name, what you do, and/or what your company does? Hi there! My name is Adam Reis, and I am the co-founder and CTO of Hello Club. We’ve created Hello Club to help reduce the workload and time spent on admin tasks for the volunteers ... more


Thursday, 4 October, 2018 UTC

Node + JS Foundation

Node + JS Foundation

Today the Node.js and JS Foundations announced an intent to merge. tl;dr – This is a good thing. I’m psyched. The JavaScript community is a big and diverse group of people, doing lots of stuff. Most companies in the world use JavaScript, and at npm, ... more


Friday, 28 September, 2018 UTC

npm Convos: Rolustech

npm Convos: Rolustech

Q1. Hi! Can you state your name, what you do, and/or what your company does? I’m Amer Wilson, CRM Consultant at Rolustech, a certified SugarCRM and Salesforce Partner firm. We do CRM customization, implementation, and integrations and have been in the ... more


Thursday, 27 September, 2018 UTC

Rethinking JavaScript Test Coverage

Rethinking JavaScript Test Coverage

This post was written by Benjamin Coe, Product Manager at npm, Inc. and lead maintainer of yargs and Istanbul for the Node.js Collection. It covers work that has gone into introducing native code coverage support to Node.js. TLDR: You can now expose ... more


Thursday, 13 September, 2018 UTC

Next Generation Package Management

Next Generation Package Management

What if installs were so fast they could happen in the background, just by using Node? What every file in your dependencies could be guaranteed to be bit-by-bit identical to what’s on the registry? What if working on a new project was as simple as clone ... more


Wednesday, 29 August, 2018 UTC

Release: npm@6.4.1

Release: [email protected]

A new version of the npm CLI has been released! next: 6.4.1 latest: 6.4.1 Check out the changelog on npm.community ... more


Tuesday, 28 August, 2018 UTC

npm Convos: Capital One

npm Convos: Capital One

Q. Hi! Can you state your name, what you do, and/or what your company does? A. My name is Joe Hanley, and I am a full-stack software engineer at Capital One. We’re a bank, a credit card company, and a financial services provider, but we like to think ... more


Thursday, 23 August, 2018 UTC

Release: npm@6.4.1-next.0

Release: [email protected]

A new npm cli version has been released! latest: 6.4.0 next: 6.4.1-next.0 Check out the changelog on npm.community ... more


Thursday, 23 August, 2018 UTC

Three new features to help our users protect themselves

Three new features to help our users protect themselves

As you’ve probably noticed, npm has been on a roll delivering security features. We have three new features on the website that we’d like to share: the report a vulnerability button, security advisories, and a feature that prevents the use of compromised ... more


Wednesday, 15 August, 2018 UTC

Release: npm@6.4.0

Release: [email protected]

A new version of npm has been released! Read more about it on npm.community! ... more


Thursday, 9 August, 2018 UTC

v6.4.0-next.0

v6.4.0-next.0

NEW FEATURES 6e9f04b0b npm/cli#8 Search for authentication token defined by environment variables by preventing the translation layer from env variable to npm option from breaking :_authToken . (@mkhl) 84bfd23e7 npm/cli#35 Stop filtering out non-IPv4 ... more


Thursday, 2 August, 2018 UTC

v6.3.0

v6.3.0

This is basically the same as the prerelease, but two dependencies have been bumped due to bugs that had been around for a while. 0a22be42e [email protected] (@zkat) 0096f6997 [email protected] (@zkat) ... more


Tuesday, 31 July, 2018 UTC

Community questions following the eslint security incident

Community questions following the eslint security incident

Following the eslint incident on July 12, 2018, the community reached out to us with a few follow-up questions. This post will answer those questions as well as provide some additional technical insight into the eslint-scope malware that we haven’t seen ... more


Wednesday, 25 July, 2018 UTC

v6.3.0-next.0

v6.3.0-next.0

NEW FEATURES ad0dd226f npm/cli#26 npm version now supports a --preid option to specify the preid for prereleases. For example, npm version premajor --preid rc will tag a version like 2.0.0-rc.0 . (@dwilches) MESSAGING IMPROVEMENTS c1dad1e99 npm/cli#6 ... more


Saturday, 14 July, 2018 UTC

v6.2.0

v6.2.0

In case you missed it, we moved!. We look forward to seeing future PRs landing in npm/cli in the future, and we’ll be chatting with you all in npm.community. Go check it out! This final release of [email protected] includes a couple of features that weren’t ... more


Friday, 13 July, 2018 UTC

Two-factor authentication protection for packages

Two-factor authentication protection for packages

I’m happy to announce that you can now beta-test two-factor authentication protection for individual packages in the npm Registry. This setting requires that every publication of a protected package be authorized by a one-time password. This requirement ... more


Thursday, 12 July, 2018 UTC

Incident report: npm, Inc. operations incident of July 12, 2018

Incident report: npm, Inc. operations incident of July 12, 2018

Early in the morning of July 12, an individual gained access to an npm publisher’s account and used this access to publish an unauthorized update of a popular package. The update included malicious code that would have attempted to access the accounts ... more


Tuesday, 10 July, 2018 UTC

npm Joins ECMA International and TC39

npm Joins ECMA International and TC39

We’re excited to announce that npm has joined ECMA International and is participating in TC39, the working group of ECMA International that defines the standard for the JavaScript programming language. (The standard is, strictly speaking, called ECMAScript, ... more


Thursday, 5 July, 2018 UTC

Announcing npm.community

Announcing npm.community

I am pleased to announce that npm is transitioning its public issue trackers from GitHub to a Discourse site at npm.community. This will allow us to give the community a single place to report bugs that impact npm, regardless if they’re on the website, ... more