Quantcast
Browsing latest articles
Browse All 16 View Live

Warn when the npm provenance source commit or repository cannot be found

npm will now check the linked source commit and repository when you view a package's provenance information on npmjs.com. If the linked source commit or repository cannot be found, an error displays at...

View Article


Publishing with npm provenance from private source repositories is no longer...

Starting today, publishing with provenance is restricted to public source repositories only. Private source repositories are no longer supported for use with provenance for public packages. As...

View Article


Image may be NSFW.
Clik here to view.

npm provenance general availability

npm provenance is now generally available. npm packages built on a supported cloud CI/CD system can publish with provenance. Today this includes GitHub Actions and GitLab CI/CD. Publishing with...

View Article

Block npm package publishes when names and versions don’t match between...

On September 27, 2023, we began blocking npm package publishes with differing name or version fields between the manifest and tarball package.json. This blocking protects against obfuscation. The...

View Article

npm feedback is now available on GitHub Community

npm feedback is now available on GitHub Community. Previously feedback for npm took place on the npm feedback channel, which is going to be sunset as we migrate unresolved discussions. External users...

View Article


Leaner npm packument (metadata) contents

Starting today, the npm registry will begin removing README content from package version metadata to reduce the size of package packuments, and improve the performance of the registry and package...

View Article

Sunset Notice – npm Hooks API Endpoints

Starting today, we are deprecating npm hooks services and they might no longer be functional, including current hooks subscriptions. This deprecation includes npm hooks API Endpoints and its related...

View Article

Announcing npm’s New Simplified Search Experience [GA]

Today, we’re excited to introduce a new, streamlined search experience on npmjs.com! This update provides clear, objective sorting options that make finding the right packages easier. The new search...

View Article


Changes and deprecation notice for npm replication APIs

We are making changes to npm replication APIs to optimize performance and availability. As part of this update, certain endpoints will be deprecated as of Thursday, May 29, 2025. To facilitate a...

View Article


Image may be NSFW.
Clik here to view.

Easily distinguish between direct and transitive dependencies for npm packages

npm’s massive ecosystem of open source packages is one of its greatest strengths. But as a security-conscious developer, it can be tough to keep up with vulnerability reporting and updates once your...

View Article
Browsing latest articles
Browse All 16 View Live