npm weekly #219: The new security insights API, Wombat Day and more!
npm Security Insights API Preview Part 2: Malware
In the second of a series of blog posts by npm’s VP of Security, Adam Baldwin, we dive into the world of malware.
For years, npm has monitored and tracked the malware published on the registry. Read the blog post to learn about our findings, and what to look for in our new security insights API.
We’d love your input on what you would like to see in the npm security insights API and what you would build with it. Sign up for the private beta and let us know!
Open RFC meeting notes and schedule
Our most recent open RFC meeting was held yesterday (Wednesday, 10/16) — you can review the notes here.
This meeting is scheduled to take place bi-weekly. Make sure to mark your calendars for the next one: Wednesday, 10/30 at 10am PT/1pm ET. A new meeting thread providing details and an initial agenda will be created here soon. Previous meeting agendas and notes can be found here.
Wombat Day is almost here!
Mark your calendars for Tuesday, October 22 — Wombat Day is quickly approaching! We’ll be sharing fun wombat and npm facts all day long here. Make sure to tune in!
Keep your eyes on this space for news from the npm security team
Recommended project: Nift
Nift is a cross-platform open source framework for managing and generating websites (similar to Hugo, Gatsby, etc.). It is three times faster than Hugo, making it possibly the world’s fastest website generator! One potential scenario for using npm with Nift is installing Live Server, which you can then add to a pre-serve script (and kill in a post-serve script) to add hot reloading to websites.
There’s all sorts of ways to combine npm and Nift in useful ways. Check it out!
Need private packages and team management tools?
Meet npm Orgs:
- Publish and download private packages
- Manage permissions with teams
- Workflow integration and token management