Announcing npm’s new access token format
npm access tokens will now follow the established format of GitHub authentication tokens.
Tag
npm
GitHub security update: Vulnerabilities in tar and @npmcli/arborist
Between July 21, 2021 and August 13, 2021 we received reports through one of our private security bug bounty programs from researchers regarding vulnerabilities in tar and @npmcli/arborist.
Release Radar · August 2021 Edition
The end of financial year is complete, tax time is over, and everyone is back to shipping awesome projects. During August, our community has been super busy shipping lots of…
The npm registry is deprecating TLS 1.0 and TLS 1.1
Beginning October 4, 2021, all connections to npm websites and the npm registry, including for package installation, must use TLS 1.2 or higher.
Avoiding npm substitution attacks
Supply chain attacks are a reality in modern software development. Thankfully, you can reduce the attack surface by taking precautions and being thoughtful about how you manage your dependencies. We…
Presenting v7.0.0 of the npm CLI
We’re releasing v7.0.0 of the npm CLI, which includes exciting new features such as Workspaces, automatically installed peer deps, and more!