npm weekly #157: Answering your questions about the eslint security incident, more npm.community news, plus tune in to hear us on JS Party today
Community post mortem following the eslint security incident
Earlier this week, npm security lead Adam Baldwin published a response to some community questions in light of the eslint security incident that happened last month.
Keeping the registry secure is one of our highest priorities, so if you are a maintainer, please review the details of this post to find out what you can do to help keep your packages and the npm ecosystem better secured.
Join the JS Party later today!
Jeff Lembeck is going to be joining the folks at popular Changelog podcast, JS Party later today to talk about npm and empathy. Check the site for your local time to tune into the live broadcast, or check out the show on changelog.com once it’s posted.
Pacote version 9 is here
Earlier this week, Kat Marchán announced the release of pacote@9.0.0. If you haven’t tried pacote before, it’s a subsystem for downloading npm-compatible packages. So if compatibility is an issue for you, you’re going to want to check this helper out.
Send us your projects
How do you use npm? If you or your team is building something cool with npm, we want to help promote it far and wide. Let’s partner up to show off what you’ve built. Let’s chat!
Go 3D in this visual of the npm CLI
Created by Andrei Kashcha, this visualization of npm shows the dependency graph of an npm package in both 2D or 3D. npmgraph was pointed out on Twitter recently by styfle to show both the number of dependencies, and which maintainers have created the most packages. Check it out!
npm.community Corner
Have you been to npm.community yet?
Recent discussions you may have missed include topics like a feature request for consistency between info published on npm and the source code published on public repos, chatter about all things 2FA, and nearly real-time support question and bug triaging.
Talking React at Reactathon
Earlier this week, the folks at Reactathon announced that Laurie Voss would be a featured speaker at next month’s event in San Francisco. What does npm have to do with React? Well, for starters, npmjs.com is a React application. To hear more, grab a ticket while they’re still available.
What we’re reading: Debugging Your Emotions: What To Do When Code Makes You Cry
Originally a conference talk from Non-Binary in Tech 2018, this post by Jess Pumphrey points out the very normal reaction to the ever present challenge of problem solving; it’s hard. And problem solving is hard for everyone.
So if you’re looking for a way to help you handle the feelings that make you want to chuck your computer out the window, give this a read.
More of your questions answered!
Recently, Laurie posted some answers to common questions about the npm registry. Hope this helps clarify things for some of you out there, but if not, feel free to check outdocs.npmjs.com or join npm.community where you can ask questions and find answers!
Start sharing private packages within your organization by upgrading your npm Org account. Learn how to upgrade or get details on working with private packages.
Get this in your inbox! Just subscribe.
