The npm Blog — Next Phase Montage

2020/03/16 47 users

tl;dr – Good news! npm, Inc., is being purchased by GitHub. The public registry remains public, free, and as available as ever. npm as you know it continues, and in fact, there is good reason to believe that it’ll only get better. I’m still going to be working on npm (but with the luxury of more ... 続きを読む

npmとyarnの脆弱性とpostinstall - Cybozu Inside Out | サイボウズエンジニアのブログ

2019/12/22 33 users YARN npm サイボウズエンジニア npm cli 小林

フロントエンドエキスパートチームの小林(@koba04)です。 先日、npmから脆弱性についての発表がありました。 調べていく中でいくつか思うところがあったので解説も兼ねて書いていきたいと思います。 The npm Blog — Binary Planting with the npm CLI npmの利用者としてやるべきことは、 npmのバージョンを6.13.4以上に... 続きを読む

The npm Blog — A new chapter for npm

2019/07/18 15 users

Not to bury the lede: I have resigned from npm. I made the decision to leave in early May, and my final full-time day was July 1st, but as a co-founder it takes a long time to untangle yourself so I will be helping with transition-related tasks until they are wrapped up. I joined npm in January o... 続きを読む

The npm Blog — Continuous Security

2019/02/02 22 users

It’s been almost a year since npm acquired ^Lift Security and even less since the official formation of the internal npm Security Team. In addition to working on securing the Registry and its users, I’ve been setting aside time to think through how we look at security at npm. I wanted share some ... 続きを読む

The npm Blog — Two-factor authentication protection for packages

2018/07/13 16 users

I’m happy to announce that you can now beta-test two-factor authentication protection for individual packages in the npm Registry. This setting requires that every publication of a protected package be authorized by a one-time password. This requirement is enforced even if maintainers of that pac... 続きを読む

npm ciを使おう あるいはより速く - Qiita

2018/03/12 45 users Qiita サブコマンド npm ci npm POST

人類はより高速にCIを回していくべきだと思っている りんご（ @mstssk ）です。 先日、 npm の v5.7 がリリースされ npm ci というサブコマンドが新たに追加されました。 The npm Blog — Introducing npm ci for faster, more reliable... http://blog.npmjs.org/post/171556855892/i... 続きを読む

The npm Blog — npm operational incident, 6 Jan 2018

2018/01/07 23 users

The npm registry had an operations incident Saturday that caused 97 packages to be temporarily unavailable for download for approximately 30 minutes, and an additional 9 packages to be unavailable for... 続きを読む

The npm Blog — `crossenv` malware on the npm registry

2017/08/03 29 users npm Registry

On August 1, a user notified us via Twitter that a package with a name very similar to the popular cross-env package was sending environment variables from its installation context out to npm.hacktask... 続きを読む

The npm Blog — v5.0.0

2017/05/26 39 users v5.0.0

Wowowowowow npm@5! This release marks months of hard work for the young, scrappy, and hungry CLI team, and includes some changes we’ve been hoping to do for literally years. npm@5 takes npm a pretty b... 続きを読む

The npm Blog — announcing free Orgs

2017/03/23 30 users

Today, we’re excited to announce that npm Orgs, our collaboration tool for helping teams manage permissions and share their code, is free for all developers of open source packages. You may invite an ... 続きを読む

npm install scriptの脆弱性とオープンソースと信頼 - teppeis blog

2016/03/27 186 users teppeis blog 脆弱性 オープンソース 信頼 周辺

2016 - 03 - 27 npm install scriptの脆弱性とオープンソースと信頼 node.js npm security oss 先日アナウンスされた 脆弱性 とその周辺について、とりとめなく。 The npm Blog — Package install scripts vulnerability Vulnerability Note VU#319816 脆弱性 の概要 VU#... 続きを読む

The npm Blog — npm and front-end packaging

2014/11/04 35 users

We’ve known for a while that front-end asset and dependency management is a huge use-case for npm and a big driver of Node.js adoption in general. But how big, exactly? It’s a hard question to answer.... 続きを読む