The package manager for JavaScript Problems? Visit npmjs.com/support or github.com/npm/feedback
- Tweets 4,706
- Following 142
- Followers 146,940
- Likes 672
Big news! We’re excited to announce that @npmjs will be joining @GitHub! We're thrilled to join an organization as committed to open source as we are, so that the npm registry can remain free & public forever.
You can read more about this new chapter here: buff.ly/3aYygVf
49
1,345
2,970
it’s official! we’re now a part of @github. excited for the next chapter of npm: buff.ly/2XQ7fjR
22
422
1,737
we’re thrilled to share that npm 7 is now generally available 🚀 read our blog post to see some of the performance improvements, breaking changes, and more! buff.ly/2MO9OiR
4
138
379
today we're excited to share the release of npm v7.0.0! if you want to try it out now, run `npm i -g npm@7` in your terminal and let us know what you think. read more about what's new here: buff.ly/3iQMECx 🎉
1
137
328
starting today, developers building npm projects on @GitHub Actions can request a provenance statement to be published alongside their package, giving consumers a verifiable way to link a package back to its source repository and build instructions.
github.blog/2023-04-19-intro…
14
74
260
136,392
We've launched a number of security enhancements to npm including:
* Improved login and publish experience /w CLI
* Connecting GitHub + Twitter accounts
* All packages have been resigned and a new command `npm audit signatures`
Read more at: github.blog/2022-07-26-intro…
3
56
193
today we enrolled all maintainers of the top-100 npm packages in mandatory 2FA. read more about it on our blog: github.blog/2022-02-01-top-1…
7
33
198
we’re thrilled @nodejs 16 is here 🥳 get it today with npm v7.10.0!
2
28
192
"nasa is teaming up with npm to create software projects that help share critical information about the health of our planet."
buff.ly/2qO53a9
4
70
183
continuing our commitment to npm security with the introduction of new enhanced login verification and timeline for two-factor authentication enforcement github.blog/2021-12-07-enrol…
12
40
152
Today we opened an RFC with a proposal of how npm can collaborate with @projectsigstore to link packages to their source and build, a significant improvement to the supply chain security of the JavaScript ecosystem. github.blog/2022-08-08-new-r…
7
40
146
this morning we detected multiple versions of the “coa” package published with malicious code due to a compromised account of a maintainer. we quickly removed the compromised versions and have published an advisory: github.com/advisories/GHSA-7…. npm itself was not compromised. [1/3]
7
108
145
psa: please update to npm v6.13.4 as soon as possible on all your systems to fix a vulnerability allowing arbitrary path access. learn more about the vulnerabilities, risk and fix here: blog.npmjs.org/post/18961860…
3
141
146
yesterday morning, npm’s security team was notified of a malicious package that had made its way into a popular package. we removed `flatmap-stream` and `event-stream@3.3.6` from the registry and took ownership of `event-stream`. here are more details: blog.npmjs.org/post/18056538…
5
97
143
an update on recent security incidents across the registry as well as a look into our ongoing investments in maintaining the security of the registry (including 2FA requirements) ⬇️ github.blog/2021-11-15-githu…
6
63
132
npm v7 beta arrives! we’ve been hard at work to deliver you npm v7, and we’re looking forward to your feedback. check out our blog on the release here: buff.ly/3kD523V
2
49
140
⚠️ action recommended: following newly discovered vulnerabilities in `tar` and `@npmcli/arborist`, we recommend upgrading to the latest versions of @nodejs 12 / 14 / 16 or npm 6 / 7 as well as updating any dependencies you may have on `tar`. read more: github.blog/2021-09-08-githu…
82
123
get excited! npm 7 will soon be promoted to `latest` in the next couple of weeks. please note, once npm 7 is `latest` it will be the default version installed when you run `npm install -g npm`. if you want to keep getting npm 6 please run `npm install -g npm@6`
33
130
we have to kick things off with npm 7. this was a massive release, that wouldn’t have been possible without the community. let’s take a look at how we got here...
3
19
124
we're excited to announce an initiative that will make it easy to fund open source contributions through the npm registry, to launch by the end of the year. learn more: buff.ly/2ZDz28m
4
33
129
we’re unveiling a new npm public roadmap + feedback process! you can now see what’s coming and get involved. learn more here: buff.ly/34lAqhy
1
31
124
we are pleased to announce the release of two-factor authentication and read-only tokens. learn more:
buff.ly/2fQ5YWf
1
50
121
npm co-founder @seldo took stock of what 2018 meant for javascript and made some bold predictions about the year to come:
buff.ly/2G0bfXl
6
53
106
we currently have 999,706 registered users - we register about 1000 new users a day on the average weekday, so we will hit 1M registered users today! registered users can publish their own packages and use orgs!
21
103
introducing the npm semantic version calculator: semver.npmjs.com/ nitter.app/npmjs/status/583665488…
7
125
101
"npm" doesn't stand for "Node Package Manager".
It stands for "npm Is Not An Acronym".
Why not "NINAA"? Because then it would be an acronym.
2
52
135
interested in helping us improve javascript development? please take some time to fill out the 2018 javascript ecosystem survey:
buff.ly/2FUS29H
7
65
95
npm weekly: free trial of private modules + building a simple command line tool blog.npmjs.org/post//npm-wee…
3
31
92
good morning, #nodeinteractive! we'll be set up in the west building of the vancouver convention center all day. we have socks!
5
9
89
we just published the second part of the state of javascript frameworks 2017! this one focuses on the react ecosystem. take a look: buff.ly/2mc6OeU
3
53
89
icymi, we removed some malicious packages with misleading names from the npm registry.
buff.ly/2f8VZKI
3
77
82
my humans noticed npm upside-down is wdu. so now they are the wombat developers union, with logo courtesy @itsJonQ!
8
68
76
🚀 we just shipped npm v8.16.0 with the new `npm query` command
📦 this new feature allows developers to quickly ask & answer questions about their project's dependencies. you can learn more here: github.blog/changelog/2022-0…
⬇️ to get it now, run:
$ npm install -g npm
4
29
77
we are delighted to announce the addition of bryan bogensberger to the npm team, who joins us as our new chief executive officer. you can read more about his appointment here:
go.npm.me/new_ceo
2
20
76
we're at @nodesummit with lots of swag! come find us and grab some npm socks, stickers, or t-shirts! #nodesummit
3
8
71
npm weekly: npm is now the largest module registry + wombats at #jsconf blog.npmjs.org/post/12003633…
5
64
66
“how many of you here work for a company that has a website? great. you’re my user. if you have a website, use any modern front-end framework, or your developers type `npm install`, you use us, because we’re how the world shares javascript.” - @ceejbot
#googlenext18
2
13
65
we are delighted to announce the release of npm enterprise! npm ceo @bbogens talks about the insights that led us to creating this product and how it will fundamentally change the way enterprises use javascript:
buff.ly/2BKqm2A
2
32
65
🔒 an enhanced npm 2FA experience is now available in public beta. it includes:
* support for physical security keys and biometric devices
* support for multiple second factors
* a new 2FA configuration menu
and more!
github.blog/2022-05-10-enhan…
2
34
60
"the overwhelming reason why people pick a programming language is because of its adjoining library. node is popular because of npm and npm is popular because of node. this is why npm has undergone 11,000% growth in the last 4 years." -@seldo at #nodesummit
4
30
58
after four years of leadership, @izs is moving from ceo to chief product officer. read his thoughts on the importance of perspective and learn more about npm’s new ceo here:
buff.ly/2Qv25Cp
2
20
67
are you building something cool with npm? we want to hear about it. reach out to marketing@npmjs.com and we'll help promote your projects!
1
27
59
we've removed some malicious packages with misleading names from the npm registry.
buff.ly/2hoTcxK
5
57
54
new npm v7 release, full of delicious bug fixes and documentation updates!
get it in the usual way:
npm install -g npm@7
this is most likely the release that will be promoted to "latest" 🔜
github.com/npm/cli/releases/…
21
62
the npm security team just introduced automated token revocation for any token accidentally published in a public package:
buff.ly/2QOyjbK
24
55
.@seldo took a look at the state of javascript frameworks. first up: front-end.
buff.ly/2CiKTJT
2
32
57
new! we're introducing a new authentication format for access tokens that are working to keep development on npm secure 🛡️ find out how to reset your existing tokens here: github.blog/2021-09-23-annou…
3
22
57
we’ve reverted a patch that could cause ownership changes on some system files. if you run npm@next, run `npm install -g npm@next` to get the fix: github.com/npm/npm/releases/…
1
57
53
it's official: you need to verify your email with us to publish packages. here's how to do it:
buff.ly/2vMt3vY
2
32
54
announcing hooks: get notifications of npm registry and package changes as they happen blog.npmjs.org/post/14526015…
59
54
some good news for #nodejsinteractive attendees from @seldo's talk "npm and the future of javascript". see it live in five minutes in west ballroom c:
buff.ly/2Oxxk2J
3
15
51
track direct and transitive dependencies for npm packages with GitHub’s dependency graph ⬇️
github.blog/changelog/2025-0…
22
10
61
47,774
the recording of kat @maybekatz marchán's @jsconfeu presentation, "tink: a next generation package manager" is up! watch it here: buff.ly/2MyuE58
19
48
my humans said some good law things happened today, but not in any way involving javascript modules.
i’m very happy for you all!
#lovewins❤️
20
43
sorry/not sorry (try espresso shots)
Ugh, @npmjs finished installing all my deps before I could finish taking a drink of coffee. What happen to the good old days where I could kick off an install and go take a break!? <3 y'all, doing fantastic work
1
7
50
we just shipped a number of security-focused improvements to npm including:
- naming access tokens
- enforcing 2FA in your npm orgs
- improved auditing for 2FA adoption in orgs
- selecting teams when adding new org members
read more in our Changelog ⬇️ github.blog/changelog/2022-0…
2
24
53
a huge thank you again for all of the support you’ve shown us and we can’t wait to see what comes next ❤️ we thought we’d end with something fun...
2
8
52
all npm users can now take advantage of a new install command called npm ci. it offers massive improvements to both the performance and reliability of ci/cd builds. learn more here: buff.ly/2oNOOtw
5
27
44
are you using npm to build something awesome? we want to hear about it! reach out to marketing at npmjs dot com and let us know what you've been working on.
3
13
45
do you publish from a npm workspace & use a root-level ignore file? if so, you should update to npm v8.11.0 or the latest versions of Node.js 16/17/18 to avoid a recently discovered vulnerability that wouldn't respect these files.
read the advisory here: github.co/3zebIPH
4
24
44
"javascript developers trust open source code to be secure more than they trust themselves to write secure code." @seldo analyzed how developers feel about security and open source: buff.ly/2ql6ldz
1
18
47
soon, every npm user will begin receiving warnings if you try to use code with a known security issue. npm will automatically review install requests against the @nodesecurity database and return a warning if the code contains a vulnerability: buff.ly/2HJ3lS5
27
46
this year, we’ve made npm up to 17x faster, and improved usability & reduced friction, too. see what you’ve missed…:
buff.ly/2qSZRmq
21
45
we're looking for a web engineer to join the team! you'll work with a modern web framework to deliver features and products, write internal documentation, and contribute to the open source projects that we maintain for the community.
learn more here:
buff.ly/2UpYUOM
1
24
42
"what is going in javascript land is growth. enormous, shocking levels of growth. npm has 11 million users with 6 billion downloads per week. javascript is getting more popular and javascript trees are getting deeper." - @seldo at #nodesummit
1
19
44
we just announced 43% quarterly growth and 193 new customers as well as a 140% increase in npm team size, including 5 key executive appointments and role changes. learn what else made 2018 a record-setting year for npm:
buff.ly/2UvQhC5
1
20
46
following ongoing investigations, we identified in real time multiple versions of the “rc” package containing identical malware to the “coa” package. malicious versions of “rc” were immediately removed from the registry and we have published an advisory: github.com/advisories/GHSA-g…
4
26
44
