npm weekly #219: The new security insights API, Wombat Day and more!

npm, Inc.
npm, Inc.
Oct 17 · 3 min read

npm Security Insights API Preview Part 2: Malware

In the second of a series of blog posts by npm’s VP of Security, Adam Baldwin, we dive into the world of malware.

For years, npm has monitored and tracked the malware published on the registry. Read the blog post to learn about our findings, and what to look for in our new security insights API.

We’d love your input on what you would like to see in the npm security insights API and what you would build with it. Sign up for the private beta and let us know!

Open RFC meeting notes and schedule

Our most recent open RFC meeting was held yesterday (Wednesday, 10/16) — you can review the notes here.

This meeting is scheduled to take place bi-weekly. Make sure to mark your calendars for the next one: Wednesday, 10/30 at 10am PT/1pm ET. A new meeting thread providing details and an initial agenda will be created here soon. Previous meeting agendas and notes can be found here.

Wombat Day is almost here!

Mark your calendars for Tuesday, October 22 — Wombat Day is quickly approaching! We’ll be sharing fun wombat and npm facts all day long here. Make sure to tune in!

Keep your eyes on this space for news from the npm security team

DevOpsDays Detroit

DevOpsDays Detroit (Wednesday, 10/23 — Thursday, 10/24) is dedicated to bringing system administration and development together. npm’s head of product, Daniel Sauble, will be sharing what npm is doing to make JavaScript safer for everyone. Get more details and register here!

Recommended project: Nift

Nift is a cross-platform open source framework for managing and generating websites (similar to Hugo, Gatsby, etc.). It is three times faster than Hugo, making it possibly the world’s fastest website generator! One potential scenario for using npm with Nift is installing Live Server, which you can then add to a pre-serve script (and kill in a post-serve script) to add hot reloading to websites.

There’s all sorts of ways to combine npm and Nift in useful ways. Check it out!

Upcoming events

Will you be at FinJS, New York (on 10/22) or NodeDay (on 10/25 in NYC)? Make sure to say hi to npm’s CTO, Ahmad Nassri, and check out his session, “Modern Patterns in Modular Software Architectures.”

Need private packages and team management tools?

Meet npm Orgs:

  • Publish and download private packages
  • Manage permissions with teams
  • Workflow integration and token management

Learn how npm Orgs can help your team.

npm, Inc.

npm, Inc.

Written by

npm, Inc.

npm is the package manager for JavaScript and the world’s largest software registry.

npm, Inc.

npm, Inc.

npm is the package manager for JavaScript and the world‘s largest software registry. Here are some of our thoughts.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade