hello.js

var please = require('share');
console.log('thank you');

Tuesday, 24 April, 2018 UTC

Announcing npm@6

Announcing [email protected]

In coordination with today’s announcement of Node.js v10, we’re excited to announce [email protected] This major update to npm includes powerful new security features for every developer who works with open source code. Read on to understand why this matters. We ... more


Tuesday, 24 April, 2018 UTC

The new npm CLI: a year in review; or, what you may have missed!

The new npm CLI: a year in review; or, what you may have missed!

First published just under a year ago, [email protected] has probably seen the fastest rate in major changes of any prior npm version. Even if you’ve been following us closely, you probably still haven’t been able to keep up with everything that’s been going on ... more


Tuesday, 24 April, 2018 UTC

Beyond npm@6: The future of the npm cli

Beyond [email protected]: The future of the npm cli

This week [email protected] is going to be promoted to latest and so now is an excellent time to look forward. If you dig into it you’ll find that it doesn’t have much in the way of breaking changes. Later this year we’ll be releasing [email protected] . First there are a few ... more


Saturday, 21 April, 2018 UTC

v6.0.0-next.2

v6.0.0-next.2

Hey y'all! Here’s another [email protected] release – with [email protected] around the corner, this might well be the last prerelease before we tag 6.0.0 ! There’s two major features included with this release, along with a few miscellaneous fixes and changes. EXTENDED npm ... more


Wednesday, 18 April, 2018 UTC

v6.0.0-next.1

v6.0.0-next.1

NEW FEATURES a9e722118 #20256 Add support for managing npm webhooks. This brings over functionality previously provided by the wombat CLI. (@zkat) 8a1a64203 #20126 Add npm cit command that’s equivalent of npm ci && npm t that’s equivalent of ... more


Wednesday, 18 April, 2018 UTC

v5.10.0

v5.10.0

NEW FEATURES 32ec2f54b #20257 Add shasum and integrity to the new npm view output. (@zkat) a22153be2 #20126 Add npm cit command that’s equivalent of npm ci && npm t that’s equivalent of npm it . (@SimenB) BUG FIXES 089aeaf44 Fix a bug where OTPs ... more


Wednesday, 18 April, 2018 UTC

new pgp machinery

new pgp machinery

If you’ve recently examined packuments in the Registry, you might have noticed a new npm-signature field in the dist section. It might look to you like a PGP signature, and that in fact is what it is! This field holds the npm registry’s PGP signature ... more


Tuesday, 10 April, 2018 UTC

npm Acquires ^Lift Security and Node Security Platform

npm Acquires ^Lift Security and Node Security Platform

Today, we’re excited to announce that npm, Inc. has acquired the team and assets of ^Lift Security, including their work on the Node Security Platform. Adam Baldwin and his team have joined npm to work full time on keeping the npm Registry and npm applications ... more


Tuesday, 10 April, 2018 UTC

Attitudes to security in the JavaScript community

Attitudes to security in the JavaScript community

Over the coming months, we’ll be diving more deeply into the results of this winter’s JavaScript Ecosystem Survey, a survey of over 16,000 developers conducted by npm in collaboration with the Node.JS Foundation and the JS Foundation. Our first topic ... more


Wednesday, 4 April, 2018 UTC

Re-inventing npmjs.com

Re-inventing npmjs.com

Last week, the npmjs.com website received the most ambitious update in its history. We said “cheerio” to the old hapi - and jQuery-based website, and “hello” to a state-of-the-art React web application. Hello React, goodbye hapi We decided to replace ... more


Thursday, 29 March, 2018 UTC

Customer Convos: SendBird

Customer Convos: SendBird

This piece is a part of our Customer Convos series. We’re sharing stories of how people use npm at work. Want to share your thoughts? Drop us a line. Q. Hi! Can you state your name, what you do, and/or what your company does? A. Hi, my name is James ... more


Friday, 23 March, 2018 UTC

v5.9.0-next.0

v5.9.0-next.0

Coming to you this week are a fancy new package view, pack/publish previews and a handful of bug fixes! Let’s get right in! NEW PACKAGE VIEW There’s a new npm view in town. You might it as npm info or npm show . The new output gives you a nicely summarized ... more


Tuesday, 13 March, 2018 UTC

v5.8.0-next.0

v5.8.0-next.0

Hey again, everyone! While last release was focused largely around PRs from the CLI team, this release is mostly pulling in community PRs in npm itself and its dependencies! We’ve got a good chunk of wonderful contributions for y'all, and even new features ... more


Monday, 5 March, 2018 UTC

Introducing `npm ci` for faster, more reliable builds

Introducing `npm ci` for faster, more reliable builds

Starting today, all npm users can take advantage of a new install command called npm ci . The command offers massive improvements to both the performance and reliability of builds for continuous integration / continuous deployment processes, providing ... more


Tuesday, 27 February, 2018 UTC

Customer Convos: Sqreen

Customer Convos: Sqreen

This piece is a part of our Customer Convos series. We’re sharing stories of how people use npm at work. Want to share your thoughts? Drop us a line. Q: Hi! Can you state your name, what you do, and what your company does? A: Hello, my name is Vladimir ... more


Thursday, 22 February, 2018 UTC

v5.7.1

v5.7.1

This release reverts a patch that could cause some ownership changes on system files when running from some directories when also using `sudo`. 😲 Thankfully, it only affected users running `[email protected]`, which is part of our staggered release system, which ... more


Thursday, 22 February, 2018 UTC

v5.7.0

v5.7.0

Hey y'all, it’s been a while. Expect our release rate to increase back to normal here, as we’ve got a lot in the pipeline. Right now we’ve got a bunch of things from folks at npm. In the next release we’ll be focusing on user contributions and there ... more


Thursday, 11 January, 2018 UTC

Incident report: npm, Inc. operations incident of January 6, 2018

Incident report: npm, Inc. operations incident of January 6, 2018

On Saturday, January 6, 2018, we incorrectly removed the user floatdrop and blocked the discovery and download of all 102 of their packages on the public npm Registry. Some of those packages were highly depended on, such as require-from-string , and ... more


Tuesday, 9 January, 2018 UTC

npm operational incident, 6 Jan 2018

npm operational incident, 6 Jan 2018

The npm registry had an operations incident Saturday that caused 97 packages to be temporarily unavailable for download for approximately 30 minutes, and an additional 9 packages to be unavailable for approximately three hours. Early this coming week, ... more


Saturday, 30 December, 2017 UTC

npm private modules outage on December 12th

npm private modules outage on December 12th

For a period of about 100 minutes on 12 Dec 2017, all read and write access to private packages was interrupted. For some days after that, our customer data was not in perfect sync with the source of truth—Stripe, our payments provider—and some customers ... more


Wednesday, 27 December, 2017 UTC

New Package Moniker rules

New Package Moniker rules

We’ve recently made some changes to how package naming works to better fight typosquatting, and help package authors pick names that stand out. You might have read our post earlier about typosquatting on the npm registry. We responded to this incident ... more


Tuesday, 28 November, 2017 UTC

v5.6.0 (2017-11-27)

v5.6.0 (2017-11-27)

Features! You may have noticed this is a semver-minor bump. Wondering why? This is why! bc263c3fd #19054 Fully cross-platform package-lock.json . Installing a failing optional dependency on one platform no longer removes it from the dependency tree, ... more


Wednesday, 15 November, 2017 UTC

CouchDB vulnerabilities and the npm registry

CouchDB vulnerabilities and the npm registry

Recently a serious vulnerability in Apache CouchDB was discovered, patched, and disclosed. In this post we discuss its impact on the npm registry and correct some incorrect speculation on that impact. The npm package registry is a well-known deployment ... more


Wednesday, 15 November, 2017 UTC

Customer Convos: The Google Cloud Team

Customer Convos: The Google Cloud Team

This piece is a part of our Customer Convos series. We’re sharing stories of how people use npm at work. Want to share your thoughts? Drop us a line. Q: Hi! Can you state your name and what you do, and what your company does? Luke Sneeringer, SWE : Our ... more


Wednesday, 8 November, 2017 UTC

Customer Convos: Marcus Noble, Elsevier

Customer Convos: Marcus Noble, Elsevier

Q: Hi! Can you state your name, what you do, and what your company does? A: Hi there! I’m Marcus from Elsevier. I work in a team building their global ecommerce platform. How’s your day going? Not too bad. Had a kickoff meeting for an exciting upcoming ... more


Wednesday, 1 November, 2017 UTC

Customer Convo: Ben Edelstein, LogRocket

Customer Convo: Ben Edelstein, LogRocket

This piece is a part of our Customer Convos series. We’re sharing stories of how people use npm at work. Want to share your thoughts? Drop us a line. Q: Hi! Can you state your name and what you do, and what your company does? A: LogRocket helps product ... more


Thursday, 5 October, 2017 UTC

v5.5.0 (2017-10-04)

v5.5.0 (2017-10-04)

Hey y'all, this is a big new feature release! We’ve got some security related goodies plus a some quality-of-life improvements for anyone who uses the public registry (so, virtually everyone). The changes largely came together in one piece, so I’m just ... more


Thursday, 5 October, 2017 UTC

Protect your npm account with two-factor authentication and read-only tokens

Protect your npm account with two-factor authentication and read-only tokens

UPDATE: To try out TFA, you’ll need the beta of the npm client. To get it, run `npm install [email protected] -g`. Today, we are announcing two new ways to protect your npm account. Please read on to learn how you can use these security features to keep your ... more


Tuesday, 26 September, 2017 UTC

Publishing what you mean to publish

Publishing what you mean to publish

Editor’s note: This is a guest post from Adam Baldwin of ^Lift Security and the Node Security Platform. As we discussed in earlier posts, Adam conducts constant security reviews of the Registry and its contents and keeps us appraised of anything that ... more


Friday, 15 September, 2017 UTC

v5.4.2 (2017-09-14):

v5.4.2 (2017-09-14):

This is a small bug fix release wrapping up most of the issues introduced with 5.4.0. Bugs 0b28ac72d #18458 Fix a bug on Windows where rolling back of failed optional dependencies would fail. (@marcins) 3a1b29991 [email protected] Revert update ... more