Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Hello there—
- Important new features in npm and the npm Registry will help you discover, share, and reuse code with confidence.
- npm audit
- Starting in npm@5.10.0, a new npm command can perform a security review of your projects.
- Simply type `npm audit` to analyze your code and its dependencies against the Node Security Platform database of JavaScript vulnerabilities. The command generates a report of vulnerabilities, simple-to-run npm commands and recommendations to resolve them, and links to web pages with more details.
- Learn more about using `npm audit`: How to run a security audit | npm documentation
- Vulnerability alerts
- When you install a package from the npm Registry, npm now analyzes the code you request. If we detect insecure code, npm will display a postinstall warning message.
- Users of npm@5.10.0 and greater will receive detailed information about each vulnerability, instructions for updating the affected packages, and a link to a webpage with more details. Users of earlier npm versions will receive a truncated warning with a link to more details.
- For maximum protection against unsafe code, as well as significant performance and stability improvements, every user should install and use npm@6. Simply type `npm install npm -g`.
- An updated privacy policy
- We’ve rewritten npm, Inc.’s privacy policy from scratch to make it easier to read, cover these new features, and meet the requirements of the EU’s General Data Protection Regulation. The new policy also announces a new contact point, privacy@npmjs.com, for privacy-related questions and help.
- We’re here to help
- If you have questions or feedback about how npm works to improve the quality and integrity of the code you use, we’re all ears. Simply reply to this message, or drop a line to support@npmjs.com.
- npm, Inc.
- 1999 Harrison Street, Suite 1150, Oakland, CA 94612
Add Comment
Please, Sign In to add comment
