npm weekly #224: Say hello to npm@6.13.1, behavioral analysis of npm packages & more

npm, Inc.
npm, Inc.
Nov 21, 2019 · 4 min read

Say hello to npm@6.13.1

A new npm version was released earlier this week! This fixes some bugs and includes changes on the docs by the community.

Get it in the usual ways:

npm i -g npm@latest

Remember that doing `npm config set viewer=browser` will let you browse our new docs website when you do `npm help`!

Read the release notes here.

npm Security Insights API Preview Part 3: Behavioral Analysis

In the latest blog post installment from VP of Security, Adam Baldwin, we dive into the world of Behavioral Analysis.

A lot of stuff happens when you install an npm package. npm downloads and extracts dependencies, but it also runs install hooks, which can bring forth a variety of negative side effects. Further, post-install scripts are the most popular malware infection method right now.

In an effort to understand this further and to make side effects (malicious or not) transparent, the npm security team has been hard at work building infrastructure to do behavioral analysis of npm packages at scale. Learn more about what they’ve been up to here.

Open RFC Call: Add your ideas to the agenda

Don’t miss next week’s Open RFC call on Wednesday, 11/27 at 11am PT/2pm ET! Add your thoughts to our biweekly Open RFC Call agenda, and then join in the conversation! A new meeting thread providing details and an initial agenda will be created here soon.

Previous meeting recordings and notes can be found here.

Recommended project: mish

Looking to try out a new gallery app? Check out mish, a single-page gallery app run in a standard web browser, locally installed or on a web server. Collaboration is fully appreciated!

Are you using npm to build something cool? Let us know and we’ll help get the word out!

Publish npm package with GitHub Actions

Check out this quick tutorial by Matej Jellus on how to publish npm packages using GitHub Actions. You can also read through the background on the development of this solution here.

Where’s wombat?

Our wombats are busy this fall! Don’t miss these exciting events:

Alright stop, collaborate and listen.

The same tools that empower developers to work together on Open Source projects can make teams more efficient when collaborating on mission-critical applications. Meet npm Orgs:

  • Publish and download private packages
  • Manage permissions with teams
  • Workflow integration and token management

Learn how npm Orgs can help your team.

Help others learn JavaScript!

NodeSchool SF is looking for mentors to participate in their next event on Saturday, December 7, from 1–5pm. Get all the details here!

npm, Inc.

npm is the package manager for JavaScript and the world‘s largest software registry. Here are some of our thoughts.

npm, Inc.

Written by

npm, Inc.

npm is the package manager for JavaScript and the world’s largest software registry.

npm, Inc.

npm, Inc.

npm is the package manager for JavaScript and the world‘s largest software registry. Here are some of our thoughts.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade