npm weekly #98: Get your npm Pride shirt! Package-lock explained! Greenkeeper and Zeit announce support for package-lock files!
Greenkeeper announces support for new npm@5 lockfiles
In the wake of their recently released version 2.0, Greenkeeper.io, the automated realtime monitor for npm dependencies, announced support for npm@5 package-lock files.
The Greenkeeper plugin, installed on your CI (TravisCI, CircleCI, and custom CI services are supported) will update your lockfile and commit the lockfile changes back to GitHub. That means having access to stable dependency trees across your team and way faster npm installs.
And you know how we feel about speed. :) Check it out.
Zeit announces support for npm@5
Last week, Zeit also announced support for npm@5’s new package-lock file. When you deploy from ∆ now, you can upgrade to both npm@5 and the recently released Node version 8 with full support (including support for private modules in npm). Have fun building stuff!
ICYMI: Credentials resets
Earlier this week, CTO CJ Silverio announced on the blog that npm has been resetting passwords for around a thousand users after they were discovered by an independent security researcher.
The affected users had re-used their npm credentials on third-party sites which had been breached, making them discoverable via Google. npm revoked all extant auth tokens for users whose passwords were public. For more infomation, read Credentials resets on the blog — and, please, friends don’t let friends re-use passwords.
Finally, a “tap 100” list we can get behind
So the Node TAP (Test-Anything-Protocol) 100 List doesn’t actually have 100 modules, but the modules that comprise the TAP 100 all use the --100 flag to run tests with 100% coverage of all lines, branches, statements, and functions. See a module missing? Submit a pull request!
Join us for NodeSchool Oakland
It’s that time of the month! This weekend, we’re once again excited to host the free Node.js mentoring event NodeSchool Oakland. If you’re free Saturday from 1–5pm, join us! Sign up as a student or volunteer to help out as mentor. As a third option, share with someone who might be interested!
Get your npm Pride shirt and help support The Trevor Project!
Don’t let the Teespring countdown clocks fool you (like they did our editor!): our npm Pride shirts will be available all month long.
This year’s shirts are available in a number of designs and sizes, and they all support The Trevor Project. We’re donating 100% of the profits to the project, which provides crisis intervention for LGBTQ+ youth.
Get your shirt today, then be sure to send us a selfie in your new stylish duds.
Meet npm version 5.0.3
This week, we released an update to npm@5 in the form of release 5.0.3. This release issues some bugfixes and dependency updates, as well as some minor tweaks to things like npm-doctor.
We’re so happy that the community has welcomed npm@5 so eagerly. Laurie Voss released the latest npm and Node.js stats to show that in just seven days, npm@5 reached 9% of npm usage. Keep up the great work, everyone!
Recommended module: npx
Don’t take our word for it. As one Twitter friend recently exclaimed, “npx will run cmds from node_modules or install them on the fly! How could I live without it?”
In short, npx executes npm package binaries; it’s been a real game changer in npm@5. Check it out!
What we’re reading: About the 1Password security model
Security is something we take very seriously, so this post from the folks at 1Password caught our eye. For reals though, everyone should use a password manager. It doesn’t have to be 1Password, but their security model is pretty solid, so they’re a good choice. Protect your passwords!
Let these helpful illustrations on npm@5’s new package-lock files be your guide
Right before the release of npm@5, npm human Ashley Williams shared some hand drawn illustrations to help explain how the new package-lock files in version 5 release works. (She’s the best ❤) Take a look at the four illustrations for an explanation on package-lock files and shrinkwrap. Enjoy!
Get free socks! Just fix some bugs.
Get this in your inbox! Just subscribe.
