npm weekly #170: How to submit quality security reports, we’re hiring a Senior Security Engineer, and npm heads to Colombia in June!
Writing quality vulnerability reports
If you’ve ever considered using the “Report a vulnerability” button on npm package pages, Adam Baldwin has written up some advice for you!
Adam offers some some pointers on how to submit a high quality security report, such as making sure to include the specific details of the environment in which you experienced a vulnerability. Head to the blog to read the example report.
Recommended package: typed-install
Created by David Brownman, typed-install is a CLI utility that makes it easier to install TypeScript… you guessed it, types! It installs your packages and then checks which include types and which don’t, checks for types available on npm, then fetches those as well. Give it a try!
npm will be at NodeConf Colombia this summer!
The organizers at NodeConf Colombia recently announced a few of the speakers for their 2019 event in Medellín and Kat Marchán was on the list! Tickets are available for the June conference, so head to colombia.nodeconf.com to get yours now.
What we’re reading: For Node.js builds, `cache: npm` shortcut is available
This was just a quick update to the Travis CI changelog, but it’s an update we’re really excited about. Now you have a handy shortcut for caching your Node.js builds in Travis CI. Take a look at `cache:npm` and read the full documentation for yourself. Cool stuff!
We’re hiring Senior Security Engineer who will work with the npm Security team to make the npm ecosystem a safer, more secure environment. We’re also looking for the right person to join the Marketing team as a Growth Marketer. Head to npmjs.com/jobs and fill out your application right now.
npm.community Corner
In case you missed it, npm.community has added new category: #development. The first topic of discussion in #development is tink: State of the Unwinder, in which the CLI team gives some insight into where things are heading with tink development. To find out more about the current state of tink or npm in general, head to npm.community now.
Open source JavaScript is taking over software development
Over 97% of professional JavaScript developers now rely on open source code. Learn how large teams seamlessly combine proprietary code and OSS and automatically protect against security vulnerabilities.
Learn more about npm Enterprise »
Empower your team to collaborate more securely
1 in 4 developers don’t use code review or other security methods to evaluate their code. npm Orgs with automatic vulnerability scanning ensures best practices and secure collaboration.
Watch Brenna play video games this weekend to raise money for Seattle Children’s Hospital
This Saturday, November 3, Brenna Flood will be streaming her video game play on Twitch for 24 hours straight, all in the name of raising money for sick kids in her local community. She’ll be doing a speed run of The Legend of Zelda: Link to the Past and possibly some other games. Donate to Brenna’s Extra Life game play to help out!
