hello.js

var please = require('share');
console.log('thank you');

Thursday, 9 August, 2018 UTC

v6.4.0-next.0

v6.4.0-next.0

NEW FEATURES 6e9f04b0b npm/cli#8 Search for authentication token defined by environment variables by preventing the translation layer from env variable to npm option from breaking :_authToken . (@mkhl) 84bfd23e7 npm/cli#35 Stop filtering out non-IPv4 ... more


Thursday, 2 August, 2018 UTC

v6.3.0

v6.3.0

This is basically the same as the prerelease, but two dependencies have been bumped due to bugs that had been around for a while. 0a22be42e [email protected] (@zkat) 0096f6997 [email protected] (@zkat) ... more


Tuesday, 31 July, 2018 UTC

Community questions following the eslint security incident

Community questions following the eslint security incident

Following the eslint incident on July 12, 2018, the community reached out to us with a few follow-up questions. This post will answer those questions as well as provide some additional technical insight into the eslint-scope malware that we haven’t seen ... more


Wednesday, 25 July, 2018 UTC

v6.3.0-next.0

v6.3.0-next.0

NEW FEATURES ad0dd226f npm/cli#26 npm version now supports a --preid option to specify the preid for prereleases. For example, npm version premajor --preid rc will tag a version like 2.0.0-rc.0 . (@dwilches) MESSAGING IMPROVEMENTS c1dad1e99 npm/cli#6 ... more


Saturday, 14 July, 2018 UTC

v6.2.0

v6.2.0

In case you missed it, we moved!. We look forward to seeing future PRs landing in npm/cli in the future, and we’ll be chatting with you all in npm.community. Go check it out! This final release of [email protected] includes a couple of features that weren’t ... more


Friday, 13 July, 2018 UTC

Two-factor authentication protection for packages

Two-factor authentication protection for packages

I’m happy to announce that you can now beta-test two-factor authentication protection for individual packages in the npm Registry. This setting requires that every publication of a protected package be authorized by a one-time password. This requirement ... more


Thursday, 12 July, 2018 UTC

Incident report: npm, Inc. operations incident of July 12, 2018

Incident report: npm, Inc. operations incident of July 12, 2018

Early in the morning of July 12, an individual gained access to an npm publisher’s account and used this access to publish an unauthorized update of a popular package. The update included malicious code that would have attempted to access the accounts ... more


Tuesday, 10 July, 2018 UTC

npm Joins ECMA International and TC39

npm Joins ECMA International and TC39

We’re excited to announce that npm has joined ECMA International and is participating in TC39, the working group of ECMA International that defines the standard for the JavaScript programming language. (The standard is, strictly speaking, called ECMAScript, ... more


Thursday, 5 July, 2018 UTC

Announcing npm.community

Announcing npm.community

I am pleased to announce that npm is transitioning its public issue trackers from GitHub to a Discourse site at npm.community. This will allow us to give the community a single place to report bugs that impact npm, regardless if they’re on the website, ... more


Thursday, 5 July, 2018 UTC

v6.2.0-next.1

v6.2.0-next.1

This is a quick patch to the release to fix an issue that was preventing users from installing [email protected] . ecdcbd745 #21129 Remove postinstall script that depended on source files, thus preventing [email protected] from being installable from the registry. (@zkat) ... more


Wednesday, 4 July, 2018 UTC

The Node Security Platform service is shutting down 9/30

The Node Security Platform service is shutting down 9/30

Earlier this year, we announced npm, Inc.’s acquisition of ^Lift Security and the Node Security Platform and promised to provide updates as our teams combined to protect the world’s largest JavaScript developer community. Today, we have some news about ... more


Saturday, 30 June, 2018 UTC

v6.2.0-next.0

v6.2.0-next.0

NEW FEATURES ce0793358 #20750 You can now disable the update notifier entirely by using --no-update-notifier or setting it in your config with npm config set update-notifier false . (@travi) d2ad776f6 #20879 When npm run-script <script> fails due ... more


Wednesday, 27 June, 2018 UTC

JavaScript Usage by Industry

JavaScript Usage by Industry

We’re continuing our analysis of the results of last winter’s JavaScript Ecosystem Survey, a survey of over 16,000 developers conducted by npm in collaboration with the Node.JS Foundation and the JS Foundation. Our second topic is How JavaScript is used ... more


Tuesday, 19 June, 2018 UTC

Customer Convos: Standard JS

Customer Convos: Standard JS

This piece is a part of our Customer Convos series. We’re sharing stories of how people use npm at work. Want to share your thoughts? Drop us a line. Q: Hi! Can you state your name, what you do, and/or what your company does? A: Hey there! My name is ... more


Friday, 1 June, 2018 UTC

npm Pride 2018 Shirts

npm Pride 2018 Shirts

npm loves everyone! Just like last year, npm team’s Pride shirts available to all, with help from our friends at &yet and Teespring. Select your favorite design from the pictures below and click through for types and sizes — or collect them all! ... more


Wednesday, 30 May, 2018 UTC

How npm is affected by the recently disclosed git vulnerability

How npm is affected by the recently disclosed git vulnerability

npm cli users should make sure that they have git version 2.17.1 or later installed to protect against a recent code execution vulnerability involving git submodules. On May 29th, a new version of git (2.17.1) was published which addressed a flaw in ... more


Wednesday, 23 May, 2018 UTC

Customer Convos: BinaryOps Software

Customer Convos: BinaryOps Software

This piece is a part of our Customer Convos series. We’re sharing stories of how people use npm at work. Want to share your thoughts? Drop us a line. Q: Hi! Can you state your name, what you do, and/or what your company does? A: I’m Mark Voorberg, one ... more


Wednesday, 23 May, 2018 UTC

Privacy Policy Update for Privacy Shield

Privacy Policy Update for Privacy Shield

We’ve added language to our privacy policy about our participation in the EU-US and Swiss-US Privacy Shield programs. As always, you can read the diff on GitHub. ... more


Friday, 18 May, 2018 UTC

v6.1.0-next.0

v6.1.0-next.0

Look at that! A feature bump! [email protected] was super-exciting not just because it used a bigger number than ever before, but also because it included a super shiny new command: npm audit . Well, we’ve kept working on it since then and have some really nice ... more


Wednesday, 16 May, 2018 UTC

CouchDB browse views unavailable

CouchDB browse views unavailable

If you access /-/_view endpoints in the npm Registry, you have probably noticed that their availability has been low recently. We are temporarily suspending these endpoints and responding to them with 404s instead of the 504s you’ve been seeing. Our ... more


Wednesday, 9 May, 2018 UTC

`npm audit`: identify and fix insecure dependencies

`npm audit`: identify and fix insecure dependencies

Last month, we announced [email protected], which includes a powerful new tool to protect the safety of your code, npm audit . Together with new automatic alerts when a user installs code with a known security risk, audit is a dramatic step to ensure the quality ... more


Friday, 4 May, 2018 UTC

v6.0.1-next.0

v6.0.1-next.0

CTRL-C OUT DURING PACKAGE EXTRACTION AS MUCH AS YOU WANT! b267bbbb9 npm/lockfile#29 [email protected] : Switches to signal-exit to detect abnormal exits and remove locks. (@Redsandro) SHRONKWRAPS AND LACKFILES If a published modules had legacy npm-shrinkwrap.json ... more


Friday, 4 May, 2018 UTC

New privacy policy

New privacy policy

We’ve rewritten our privacy policy from scratch to make it easier to read, cover new features, and meet the requirements of the EU’s General Data Protection Regulation. The new policy also announces a new contact point, [email protected], for privacy-related ... more


Wednesday, 2 May, 2018 UTC

Reported malicious module: getcookies

Reported malicious module: getcookies

Early May 2nd, the npm security team received and responded to reports of a package that masqueraded as a cookie parsing library but contained a malicious backdoor. The result of the investigation concluded with three packages and three versions of a ... more


Tuesday, 24 April, 2018 UTC

Announcing npm@6

Announcing [email protected]

In coordination with today’s announcement of Node.js v10, we’re excited to announce [email protected] This major update to npm includes powerful new security features for every developer who works with open source code. Read on to understand why this matters. We ... more


Tuesday, 24 April, 2018 UTC

The new npm CLI: a year in review; or, what you may have missed!

The new npm CLI: a year in review; or, what you may have missed!

First published just under a year ago, [email protected] has probably seen the fastest rate in major changes of any prior npm version. Even if you’ve been following us closely, you probably still haven’t been able to keep up with everything that’s been going on ... more


Tuesday, 24 April, 2018 UTC

Beyond npm@6: The future of the npm cli

Beyond [email protected]: The future of the npm cli

This week [email protected] is going to be promoted to latest and so now is an excellent time to look forward. If you dig into it you’ll find that it doesn’t have much in the way of breaking changes. Later this year we’ll be releasing [email protected] . First there are a few ... more


Saturday, 21 April, 2018 UTC

v6.0.0-next.2

v6.0.0-next.2

Hey y'all! Here’s another [email protected] release – with [email protected] around the corner, this might well be the last prerelease before we tag 6.0.0 ! There’s two major features included with this release, along with a few miscellaneous fixes and changes. EXTENDED npm ... more


Wednesday, 18 April, 2018 UTC

v6.0.0-next.1

v6.0.0-next.1

NEW FEATURES a9e722118 #20256 Add support for managing npm webhooks. This brings over functionality previously provided by the wombat CLI. (@zkat) 8a1a64203 #20126 Add npm cit command that’s equivalent of npm ci && npm t that’s equivalent of ... more


Wednesday, 18 April, 2018 UTC

v5.10.0

v5.10.0

NEW FEATURES 32ec2f54b #20257 Add shasum and integrity to the new npm view output. (@zkat) a22153be2 #20126 Add npm cit command that’s equivalent of npm ci && npm t that’s equivalent of npm it . (@SimenB) BUG FIXES 089aeaf44 Fix a bug where OTPs ... more