Skip To Main Content | Accessibility

Begin Main Content


View this email in your browser

Say hello to npm@6.13.1

A new npm version was released earlier this week! This fixes some bugs and includes changes on the docs by the community.

Get it in the usual ways:

npm i -g npm@latest

Remember that doing `npm config set viewer=browser` will let you browse our new docs website when you do `npm help`!

Read the release notes here.

npm Security Insights API Preview Part 3: Behavioral Analysis


In the latest blog post installment from VP of Security, Adam Baldwin, we dive into the world of Behavioral Analysis

A lot of stuff happens when you install an npm package. npm downloads and extracts dependencies, but it also runs install hooks, which can bring forth a variety of negative side effects. Further, post-install scripts are the most popular malware infection method right now. 

In an effort to understand this further and to make side effects (malicious or not) transparent, the npm security team has been hard at work building infrastructure to do behavioral analysis of npm packages at scale. Learn more about what they've been up to here.

Open RFC Call: Add your ideas to the agenda


Don't miss next week's Open RFC call on Wednesday, 11/27 at 11am PT/2pm ET! Add your thoughts to our biweekly Open RFC Call agenda, and then join in the conversation! A new meeting thread providing details and an initial agenda will be created here soon.

Previous meeting recordings and notes can be found here.

Recommended project: mish


Looking to try out a new gallery app? Check out mish, a single-page gallery app run in a standard web browser, locally installed or on a web server. Collaboration is fully appreciated!

Are you using npm to build something cool? Let us know and we'll help get the word out!
 

Publish npm package with GitHub Actions


Check out this quick tutorial by Matej Jelluson how to publish npm packages using GitHub Actions. You can also read through the background on the development of this solution here.

Where's wombat?

Our wombats are busy this fall! Don't miss these exciting events:

Alright stop, collaborate and listen.
 


The same tools that empower developers to work together on Open Source projects can make teams more efficient when collaborating on mission-critical applications. Meet npm Orgs:
  • Publish and download private packages
  • Manage permissions with teams
  • Workflow integration and token management

Learn how npm Orgs can help your team.

10:05 PM, 02 Dec 2019 by Iuri Sampaio Permalink

Add comment