サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
おみそ汁
blog.npmjs.org
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. Happy Friday! 🎉 This week’s release brings two new features, starting with a brand new command: npm set-script that helps you manage your package.json scripts - thanks to the community contribution from @Yash-Singh1 🏆 Also npm exec (no args) now triggers an interactive sub
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. 🎉 Happy release Tuesday! Today marks a major milestone for the npm CLI team - we’ve officially cut npm@7.0.0. If you’ve been following along this past year, or more, you’ll now that we’ve been working hard to bring you this release. Our focus & determination excelerated the
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. << Why keep package-lock.json? A new beta version of npm appears! tl;dr - Run npm i -g npm@next-7 right now, and tell us about any problems you encounter with it. This is a big one, you’re going to want to check it out. As with any beta software, it’s likely to still have a
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. << Arborist Deep Dive >> Beta Release! One common question we’ve gotten a few times now, once we announce that npm v7 will include support for yarn.lock files, is “Why keep package-lock.json at all, then? Why not just use yarn.lock only?” The simple answer is: because yarn.l
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. << Introduction >> Why Keep package-lock.json? @npmcli/arborist is the dependency tree manager for npm, new in npm v7. It provides facilities for doing nearly everything that npm does with package trees, and fully replaces large parts of the npm CLI codebase. Way back in the
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. >> Arborist Deep Dive Quite a lot has happened in npm since our last update way back in 2019. We’re overdue for a status update on npm v7. Despite some massive distracting changes (some unfortunate, some very fortunate), development work has been proceeding steadily. Yesterd
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. tl;dr – Good news! npm, Inc., is being purchased by GitHub. The public registry remains public, free, and as available as ever. npm as you know it continues, and in fact, there is good reason to believe that it’ll only get better. I’m still going to be working on npm (but wi
TL;DRUntil today, you couldn’t unpublish packages, or package versions, older than 72 hours without contacting support (background available here and here). Because this is our most popular support request, we’ve extended the ability for you to unpublish packages beyond 72 hours if your package meets certain criteria. What are we doing?npm has grown a lot over the past 10 years, and rapid growth m
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. tl;dr - Update to npm v6.13.4 as soon as possible on all your systems to fix a vulnerability allowing arbitrary path access. The Vulnerabilities In versions of npm prior to 6.13.3 (and versions of yarn prior to 1.21.1), a properly constructed entry in the package.json bin fi
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. Happy Tuesday! Here on the Community & Open Source Team we’ve been working hard, in front of and behind the scenes, to provide real value and unlock developer potential. With that in mind, I’m happy to announce a number of updates/releases we’ve landed this morning & would l
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. A new npm version has been released! This fixes some bugs, including no longer claiming to not support node v13. Get it in the usual ways: npm i -g npm@latest 6.12.1 (2019-10-29) BUG FIXES 6508e833d #269 add node v13 as a supported version (@ljharb) b6588a8f7 #265 Fix regres
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. Part of npm, Inc.’s mission is to ensure the sustainability of the Open Source JavaScript ecosystem, and without fair compensation for developers, sustainability is impossible in the long term. For both practical and ethical reasons, those who consistently contribute to the
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. Motion on the npm CLI project has been accelerating, and we’re now moving forward with a clear direction and vision. This document outlines what’s in store for the remainder of the npm v6 line, and what to expect in v7 and v8. Remaining npm v6 Releases npm v6 is officially i
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. Splitting a large, monolithic codebase into small, encapsulated modules is usually good practice from an architectural perspective. Modularization is useful for everything from microservices to libraries of reusable components. However, it can also be a nightmare from a publ
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. Not to bury the lede: I have resigned from npm. I made the decision to leave in early May, and my final full-time day was July 1st, but as a co-founder it takes a long time to untangle yourself so I will be helping with transition-related tasks until they are wrapped up. I j
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. Protecting Package Publishers: npm Token Security and Hygiene now Extend to GitHub Today, we’re excited to announce that, in collaboration with GitHub’s token scanning partnership program, we’ve taken our existing token revocation efforts a step further. Whenever you commit
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. When I ask software developers what their biggest security concerns are, I typically hear something about malicious code in their npm packages. The average npm package has over 2000 dependencies, so the worry over malware makes a lot of sense. The npm security team certainly
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. It’s been almost a year since npm acquired ^Lift Security and even less since the official formation of the internal npm Security Team. In addition to working on securing the Registry and its users, I’ve been setting aside time to think through how we look at security at npm
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. Coming up as a software developer in Open Source, I’ve long believed that the best path to success is to depend on the strengths of others. One reason why I wrote a package manager in the first place was that I knew the JavaScript community as a whole could write a much bett
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. This study is adapted from my presentation npm and the Future of JavaScript. No data is perfect; if you have questions about ours you can read about the methodology used to gather this data. npm has over 10 million users who download well over 30 billion packages every month
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. This is an analysis of the event-stream incident of which many of you became aware earlier this week. npm acts immediately to address operational concerns and issues that affect the safety of our community, but we typically perform more thorough analysis before discussing in
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. What if installs were so fast they could happen in the background, just by using Node? What if every file in your dependencies could be guaranteed to be bit-by-bit identical to what’s on the registry? What if working on a new project was as simple as clone and run? What if y
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. In case you missed it, we moved!. We look forward to seeing future PRs landing in npm/cli in the future, and we’ll be chatting with you all in npm.community. Go check it out! This final release of npm@6.2.0 includes a couple of features that weren’t quite ready on time but t
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. I’m happy to announce that you can now beta-test two-factor authentication protection for individual packages in the npm Registry. This setting requires that every publication of a protected package be authorized by a one-time password. This requirement is enforced even if m
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. We’re excited to announce that npm has joined ECMA International and is participating in TC39, the working group of ECMA International that defines the standard for the JavaScript programming language. (The standard is, strictly speaking, called ECMAScript, although everyone
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. We’re continuing our analysis of the results of last winter’s JavaScript Ecosystem Survey, a survey of over 16,000 developers conducted by npm in collaboration with the Node.JS Foundation and the JS Foundation. Our second topic is How JavaScript is used across industries — a
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. Last month, we announced npm@6, which includes a powerful new tool to protect the safety of your code, npm audit. Together with new automatic alerts when a user installs code with a known security risk, audit is a dramatic step to ensure the quality and integrity of the code
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. Early May 2nd, the npm security team received and responded to reports of a package that masqueraded as a cookie parsing library but contained a malicious backdoor. The result of the investigation concluded with three packages and three versions of a fourth package being unp
The npm blog has been discontinued. Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog. This week npm@6 is going to be promoted to latest and so now is an excellent time to look forward. If you dig into it you’ll find that it doesn’t have much in the way of breaking changes. Later this year we’ll be releasing npm@7. First there are a few new features, these wil
次のページ
このページを最初にブックマークしてみませんか?
『npm Blog Archive』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く