hello.js

var please = require('share');
console.log('thank you');

Saturday, 14 September, 2019 UTC

Avoiding the Tragedy of the Commons: Acceptable Use Program for the Public Registry

Avoiding the Tragedy of the Commons: Acceptable Use Program for the Public Registry

The npm public registry, like the JavaScript ecosystem at large, is experiencing exponential growth. The longevity of the registry and its continued availability as a public resource depends on awareness of what constitutes acceptable use by the entire ... more


Thursday, 12 September, 2019 UTC

Better package selection with npm Enterprise

Better package selection with npm Enterprise

A couple months ago, we added the ability to block bad package downloads from npm Enterprise. For a security team, this is awesome because it lets you define compliance policies that are automatically enforced by the tools your developers already use. ... more


Wednesday, 4 September, 2019 UTC

AppSec POV on Dependency Management

AppSec POV on Dependency Management

It’s tempting to assume that all packages in the npm registry are safe to use––and, for the vast majority of them, that’s true. The npm security team and the JavaScript community at large exercises a high degree of vigilance over the hygiene of the massive ... more


Tuesday, 3 September, 2019 UTC

Release: 6.11.3

Release: 6.11.3

A new npm version has been released! This fixes some npm ci regressions and npm outdated --depth . To get it, run npm i -g [email protected] Check out the changelog on npm.community. ... more


Friday, 30 August, 2019 UTC

Supporting Open Source Maintainers

Supporting Open Source Maintainers

Part of npm, Inc.’s mission is to ensure the sustainability of the Open Source JavaScript ecosystem, and without fair compensation for developers, sustainability is impossible in the long term. For both practical and ethical reasons, those who consistently ... more


Thursday, 22 August, 2019 UTC

Release: 6.11.2

Release: 6.11.2

A new version of the npm CLI is available! This fixes the last of the Windows regressions in 6.11.0. To get it, run npm i -g [email protected] View the full changelog on npm.community. ... more


Tuesday, 20 August, 2019 UTC

Release: 6.11.0

Release: 6.11.0

A new npm version has been released! As of this release, npm should never ever create root-owned files anywhere other than in root-owned folders. (Ie, this extends 6.10’s inferred cache ownership to node_modules, package.json, package-lock.json, etc.) ... more


Tuesday, 13 August, 2019 UTC

npm CLI Roadmap - Summer 2019

npm CLI Roadmap - Summer 2019

Motion on the npm CLI project has been accelerating, and we’re now moving forward with a clear direction and vision. This document outlines what’s in store for the remainder of the npm v6 line, and what to expect in v7 and v8. Remaining npm v6 Releases ... more


Tuesday, 6 August, 2019 UTC

Release: 6.10.3

Release: 6.10.3

A new version has been released! This adds better support for GitLab shorthands via an update to hosted-git-info, and better error handling and reporting when users encounter EACCES on their cache folder. To get it, run: npm install -g npm Check out ... more


Tuesday, 23 July, 2019 UTC

Release: 6.10.2

Release: 6.10.2

A new npm release has arrived! This fixes a lot of cache ownership issues, some bugs around the PATH environment variable being set properly on Windows and Windows Bash, npm ci in the presence of local file dependencies, and a race condition in pacote ... more


Tuesday, 23 July, 2019 UTC

Monorepos and npm

Monorepos and npm

Splitting a large, monolithic codebase into small, encapsulated modules is usually good practice from an architectural perspective. Modularization is useful for everything from microservices to libraries of reusable components. However, it can also be ... more


Thursday, 18 July, 2019 UTC

A new chapter for npm Not to bury the lede: I have resigned from npm. I made the decision to leave...

A new chapter for npm Not to bury the lede: I have resigned from npm. I made the decision to leave...

A new chapter for npm Not to bury the lede: I have resigned from npm. I made the decision to leave in early May, and my final full-time day was July 1st, but as a co-founder it takes a long time to untangle yourself so I will be helping with transition-related ... more


Wednesday, 17 July, 2019 UTC

npm Enterprise: Delivering More Secure JavaScript Development

npm Enterprise: Delivering More Secure JavaScript Development

In March of this year, we launched npm Enterprise, our flagship product designed for large organizations and mission-critical projects. Today, we’re very pleased to announce the first major update to npmE, delivering a rich set of new security, compliance, ... more


Thursday, 11 July, 2019 UTC

Release: npm@6.10.1

Release: [email protected]

It’s npm release day! latest: v6.10.1 You can install it with npm i -g [email protected] or try it out with npx [email protected] ... This fixes that annoying cacache EISDIR Darwin thing, and adds VS2019 support with node-gyp v5. See the full release notes and details ... more


Wednesday, 10 July, 2019 UTC

An Old Bug

An Old Bug

Recently, I happened across a weird line in read-package-tree while reading through the code to see where I might get started implementing Workspaces for the npm CLI. At the time, I was so deep in the flow of reading code and tracing flows through various ... more


Wednesday, 3 July, 2019 UTC

Release: npm@6.10.0

Release: [email protected]

A new version of the npm CLI has been released! latest: 6.10.0 next: 6.10.1-next.0 Check out the changelog on npm.community. ... more


Wednesday, 26 June, 2019 UTC

Release: 6.9.1

Release: 6.9.1

A new version of the npm CLI has been released! latest: 6.9.1 next: 6.9.1 Check out the changelog on npm.community. ... more


Tuesday, 18 June, 2019 UTC

Protecting Package Publishers: npm Token Security and Hygiene now Extend to GitHub

Protecting Package Publishers: npm Token Security and Hygiene now Extend to GitHub

Today, we’re excited to announce that, in collaboration with GitHub’s token scanning partnership program, we’ve taken our existing token revocation efforts a step further. Whenever you commit or push a change to GitHub in a public repository and an npm ... more


Monday, 10 June, 2019 UTC

npm Pride 2019 Shirts

npm Pride 2019 Shirts

npm loves everyone! With help from our friends at &yet and Teespring, our 2019 Pride shirts are now available! Select your favorite design in the npm Pride 2019 Teespring shop — or collect them all! — and 100% of proceeds will benefit The Trevor ... more


Thursday, 6 June, 2019 UTC

Plot to steal cryptocurrency foiled by the npm security team

Plot to steal cryptocurrency foiled by the npm security team

Yesterday, the npm, Inc. security team, in collaboration with Komodo, helped protect over $13 million USD in cryptocurrency assets as we found and responded to a malware threat targeting the users of a cryptocurrency wallet called Agama. This attack ... more


Tuesday, 28 May, 2019 UTC

private package development with npm Orgs

private package development with npm Orgs

Most of you probably download packages from the public npm registry on a regular basis. Some of you might even publish packages for others to use. Did you know that npm provides tools for collaborative development as well? With npm Orgs, you get the ... more


Tuesday, 30 April, 2019 UTC

Easy Automatic npm Publishes

Easy Automatic npm Publishes

One common question from people using npm to publish, especially on CI systems, is how best to automate the process, especially when dealing with multiple branches. For a while now, I’ve been using a pattern that takes almost all of the human interaction ... more


Tuesday, 5 March, 2019 UTC

npm On-Call

npm On-Call

This is Teacup, our adopted wombat and latest on-call engineer. Just like everyone, Teacup has to take responsibility for what we ship to production. It won’t be smooth sailing on-boarding her — the late night alerts, the fact she doesn’t even own a ... more


Tuesday, 26 February, 2019 UTC

Why we created npm Enterprise

Why we created npm Enterprise

Last week we launched npm Enterprise, a fact that might come as a surprise to those of you who’ve been paying attention and know that we’ve had an enterprise product since 2014. The new Enterprise is a totally different beast, the result of recognizing ... more


Thursday, 21 February, 2019 UTC

Managing JavaScript in the Enterprise

Managing JavaScript in the Enterprise

We are excited to announce the launch of a platform to help modernize Javascript development in the enterprise. Ripping the “beta” label off npm Enterprise is satisfying for a lot of reasons. We started npm to remove friction for JavaScript developers, ... more


Tuesday, 19 February, 2019 UTC

npm Convos: open-wc

npm Convos: open-wc

Q. Hi! Can you state your name, what you do, and/or what your company does? A: `open-wc` (Open Web Components) is an open collective of volunteer developers interested in web components and the web platform in general. Late last year we got together ... more


Friday, 15 February, 2019 UTC

The security risks of changing package owners

The security risks of changing package owners

When I ask software developers what their biggest security concerns are, I typically hear something about malicious code in their npm packages. The average npm package has over 2000 dependencies, so the worry over malware makes a lot of sense. The npm ... more


Wednesday, 13 February, 2019 UTC

npm Convos: Quasar Framework

npm Convos: Quasar Framework

Q. Hi! Can you state your name, what you do, and/or what your company does? A: My name is Razvan Stoenescu and I’m the founder of Quasar Framework, which is a Node.js and Vue.js-based system that helps developers rapidly create best-practice applications ... more


Tuesday, 29 January, 2019 UTC

Continuous Security

Continuous Security

It’s been almost a year since npm acquired ^Lift Security and even less since the official formation of the internal npm Security Team. In addition to working on securing the Registry and its users, I’ve been setting aside time to think through how we ... more


Monday, 28 January, 2019 UTC

On Building npm and Hiring a CEO - Founders Talk

On Building npm and Hiring a CEO - Founders Talk

I had the opportunity to chat with Adam Stacoviak recently about the journey of creating npm and turning that into npm, Inc., 4 and a half years as CEO, and the transition to my new role as Chief Product Officer. Along the way, we touched on some of ... more