npm weekly #233: A Day in the Life of npm Security, ConFoo & wombat news

npm, Inc.
npm, Inc.
Feb 6 · 3 min read

A Day in the Life of npm Security

Ever wonder what goes on behind the scenes within npm’s Security team, or how the team tackles ongoing research, vulnerability reports and findings? Get the scoop here!

Tune in to the Absolute AppSec podcast — today!

npm Software Security Engineer, Ron Perris, will be on the Absolute AppSec podcast today (Thursday, February 6) at 9am PT/12pm ET! Tune in:


😄 Just a friendly reminder: Node.js v8 is a month into EOL now. If you haven’t already, it’s time to upgrade! npm v7 will require node v10 and above.

Open RFC meeting — mark your calendar!

Mark your calendar for our next Open RFC meeting: Wednesday, February 19 at 11am PT/2pm ET. Add your topics to be considered for discussion (agenda and meeting details will be shared here soon as well). Miss this week’s Open RFC call? You can access the meeting notes here.

Recommended project: Serenity/JS

Check out Serenity/JS, a next generation, full-stack acceptance testing framework, continuously delivered to npm several times a week. Serenity/JS comes with over 60 building blocks to help you create automated acceptance tests interacting with Web apps, REST APIs, and more. Thanks to Jan Molak for sharing this project with the community.

We love to feature projects created by customers and members of the npm community. If your team is using npm to build something cool, let us know!


Don’t miss Open Source Developer Ruy Adorno’s presentation, “Mock API endpoints for fun and profit” at ConFoo in Canada on Friday, February 28. Learn more.

Take your projects to the next level

Need private packages and/or team management tools? Check out npm Pro and npm Teams. Both tools empower developers to utilize private packages and collaborate, either working with contributors on Open Source projects (Pro), or working as a team on mission-critical applications (Teams).

Learn more about our suite of solutions here.

Wombat news

We just had to share. ❤️ Here’s an adorable video of a wombat and her joey that survived a NSW bushfire:

📹: RFS Tomerong Brigade

We’ve also received an update on Teacup, the wombat that npm adopted/is supporting via the Sleepy Burrows Sanctuary: she’s doing beautifully, and will soon be moving to wombat university when it’s cooler and the conditions have settled. Stay tuned for photos!

Node School Oakland

Node School Oakland is back from hiatus! Sign up as a learner or mentor, and join in the fun on Saturday, February 15, 1–5pm, for JavaScript, pizza and good company.

npm, Inc.

Written by

npm, Inc.

npm is the package manager for JavaScript and the world’s largest software registry.

npm, Inc.

npm, Inc.

npm is the package manager for JavaScript and the world‘s largest software registry. Here are some of our thoughts.

More From Medium

More on NPM from npm, Inc.

More on npm Weekly from npm, Inc.

More on JavaScript from npm, Inc.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade