Open in app

Sign in

Write

Sign in

npm weekly #142: Attitudes to security in JS, adding pgp signatures to packages, and we’re in Cluj for JSHeroes!

npm, Inc.
npm, Inc.
Published in
3 min readApr 19, 2018

Interpreting the JS Ecosystem Survey

Last week we shared the first post in a series examining the results of the JavaScript Ecosystem Survey. In Attitudes to security in the JavaScript community, Laurie Voss took a look at the larger community’s opinion of the role security plays in open source.

The survey results are fascinating — they show optimism about open source while revealing a number of broader concerns with security. Read the full report on the blog for more details.

npm heads to Edinburgh this July

The folks at ScotlandJS recently announced the speaker lineup for this summer’s event, and both C J Silverio and Katie Fenn will be there to give talks. Get your ticket before they’re all sold out!

Look into the future with Package Phobia

Do you need to preview the size of an npm package before you install it? Package Phobia lets you find the cost of adding a new dependency, estimate bloat over time with visuals, and even comes with its own badge. Check it out!

NEW: signing packages with pgp

Continuing on with the security theme, this week C J Silverio announced new pgp machinery. We’ve begun the process of signing packages with the encryption standard pgp (a.k.a., Pretty Good Privacy) to provide additional levels of security.

To learn more about why we’re signing publications, what exactly we’re signing, and how you can use this signature data, read the full post on the blog.

We’re hiring for two new roles!

Account Executive
Are you a talented negotiator and skilled communicator? Do you have experience selling enterprise software? Do you know someone who might fit this description? Point them to this job posting so they can apply before the May 11 deadline.

Sr. Service Reliability Engineer
We’re looking for someone who enjoys solving complex problems but also remains open and communicates with empathy. Being a quick learner helps too! If that sounds like you or someone you know, learn more about the role at npmjs.com/jobs and apply before April 30.

Catch Jeff in Cluj and get yourself a sweet npm sticker

As we mentioned last week, Jeff Lembeck is currently in Cluj-Napoca, Romania for JSHeroes 2018. His talk, Package Quest: the journey of a package from the npm registry to your computer, takes place tomorrow at 5pm, so find him before then to get a new npm sticker!

Start sharing private packages within your organization by upgrading your npm Org account. Learn how to upgrade or get details on working with private packages.

Get free socks! Just fix some bugs.

Get this in your inbox! Just subscribe.

JavaScript
NPM
Npm Weekly
Security
Hiring

--

--

npm, Inc.
npm, Inc.

Written by npm, Inc.

18.9K Followers
Editor for

npm is the package manager for JavaScript and the world’s largest software registry.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams