InfoQ Homepage NPM Content on InfoQ
-
Last Npm Incident Uncovers Security Vulnerability
Last week, the npm registry had an operations incident that caused a number of highly depended on packages, such as require-from-string, to become unavailable. While the incident was relatively straightforward to solve, it uncovered a major security vulnerability that could have been exploited to inject malicious code in projects using npm.
-
Yarn 1.0 Adds Workspaces, Auto-Merge and Selective Version Resolution
Almost a year ago we published the news Facebook Open Sources Yarn, a JavaScript Package Manager, introducing Yarn and the motivation behind its creation. The community has moved the project forward, releasing the first major version with workspaces, automatic merging, selective version resolution and many other features and fixes.
-
Npm 5.0 Boosts Common Sense Performance
Npm 5.0 is a highly anticipated release that has been years in coming. The new version of the JavaScript package manager has a completely rewritten cache and has performance that is more in-line with its most direct competitor.
-
npm 4.0 Deprecates Prepublish Lifecycle Script
Npm has released version 4.0.0, its first semver major release since the release of npm 3 in 2015. The v4 release brings a bevy of breaking changes, including a rewritten npm search, as well as deprecated prepublish and changed behaviour for npm scripts.
-
Webpack Dashboard Improves UX over Console Output
A new tool, Webpack Dashboard, offers to improve the UX for those that use the popular Webpack module builder.
-
npm Releases Enterprise Add-ons for Security, Licensing
Npm has released Enterprise add-ons, allowing developers to directly integrate third-party tools for the first time
-
Node.js 6.0 Supports 93% of ES2015
Node.js 6.0 has been released, becoming the new current version. It comes with performance improvements, better test and documentation coverage, better security and wide support for ES2015.
-
Npm Updates Policy on Removing Packages
Npm has issued an updated policy on what happens when a user wants to remove one of their packages from the publishing system.
-
NPM Worm Vulnerability Disclosed
The NPM project has formally acknowledged a long-standing security vulnerability in which it is possible for malicious packages to run arbitrary code on developer's systems, leading to the first NPM created worm. With the recent problems with NPM, is it safe to use any more? InfoQ investigates.
-
NPM was Broken for 2.5 Hours
According to Isaac Z. Schlueter, the creator of npm, two days ago the npm registry started to report hundreds of failed builds per minute. Users worldwide could not install or build certain Node.js packages. Thousands of dependent packages were broken including Babel, Atom, Ember, React Native and many other packages depending on line-numbers. What happened?
-
Lodash 4.0 Adds Smaller Core and Plenty of Changes
Lodash 4.0.0 has been released. This new version adds a new, smaller core library and includes plenty of new features and breaking changes. Support for IE 6-8 has been dropped and the library is no longer available on Bower.
-
Node.js 4.2 "Argon" Released Under Long Term Support Plan
The Node.js Foundation have released Argon, the first Node.js release covered under the Long Term Support plan.
-
NPM 3 Beta Brings Good News for Windows Users
The beta of npm 3.0 has been released, with an almost complete rewrite of its installer bringing good news for running Node.js on Windows. Announcing the release, Rebecca Turner said the npm team were "delighted and proud" to be getting the 3.0 beta out, and that they were "looking forward to working with the npm user community to get it production-ready as quickly as possible."
-
Angular and React Teams Collaborate
Members of the AngularJS and React.js teams got together last week to discuss what they've been working on and areas where they can collaborate. While there are a lot of similarities between the projects, there is virtually no chance they will ever merge.
-
SemVer Confuses. NPM Tries to Help
NPM has released the SemVer calculator, a tool to help developers determine if a SemVer selector string matches the correct versions.