Warn when the npm provenance source commit or repository cannot be found
npm will now check the linked source commit and repository when you view a package's provenance information on npmjs.com. If the linked source commit or repository cannot be found, an error displays at...
View ArticlePublishing with npm provenance from private source repositories is no longer...
Starting today, publishing with provenance is restricted to public source repositories only. Private source repositories are no longer supported for use with provenance for public packages. As...
View ArticleClik here to view.
npm provenance general availability
npm provenance is now generally available. npm packages built on a supported cloud CI/CD system can publish with provenance. Today this includes GitHub Actions and GitLab CI/CD. Publishing with...
View ArticleBlock npm package publishes when names and versions don’t match between...
On September 27, 2023, we began blocking npm package publishes with differing name or version fields between the manifest and tarball package.json. This blocking protects against obfuscation. The...
View Articlenpm feedback is now available on GitHub Community
npm feedback is now available on GitHub Community. Previously feedback for npm took place on the npm feedback channel, which is going to be sunset as we migrate unresolved discussions. External users...
View ArticleLeaner npm packument (metadata) contents
Starting today, the npm registry will begin removing README content from package version metadata to reduce the size of package packuments, and improve the performance of the registry and package...
View ArticleSunset Notice – npm Hooks API Endpoints
Starting today, we are deprecating npm hooks services and they might no longer be functional, including current hooks subscriptions. This deprecation includes npm hooks API Endpoints and its related...
View ArticleAnnouncing npm’s New Simplified Search Experience [GA]
Today, we’re excited to introduce a new, streamlined search experience on npmjs.com! This update provides clear, objective sorting options that make finding the right packages easier. The new search...
View ArticleChanges and deprecation notice for npm replication APIs
We are making changes to npm replication APIs to optimize performance and availability. As part of this update, certain endpoints will be deprecated as of Thursday, May 29, 2025. To facilitate a...
View ArticleClik here to view.
Easily distinguish between direct and transitive dependencies for npm packages
npm’s massive ecosystem of open source packages is one of its greatest strengths. But as a security-conscious developer, it can be tough to keep up with vulnerability reporting and updates once your...
View Article