npm, Inc. Releases npm @ 6 Package Manager with New Security Safeguards


Npm, Inc. has announced the release of the npm @ 6 package manager. It will feature powerful new security features, such as automatic warnings when developers try to use open source code with known vulnerabilities, and “audit npm,” which is an npm command that allows developers to analyze code. complex and identify specific vulnerabilities.

A recent npm survey found that 97% of JavaScript developers use open source code, and 77% of them wonder if the open source software they use is secure. Additionally, 52% of developers don’t think there are satisfactory ways to assess whether code is safe.

“Node.js has proven to be a reliable platform for applications at all scales. It is used across industries to build everything from APIs to cloud, mobile and IoT applications, ”said Mark Hinkle, Executive Director of the Node.js Foundation. “The release of npm @ 6 is another great testament to the care and work of the Node.js ecosystem to make security a top priority and help developers create the most scalable and critical JavaScript applications. in the world.”

Other new features include performance improvements, optimizations for continuous integration, webhook management, more visible package integrity metadata, and automatic resolution of lock file conflicts.

“Before npm security, people were just hoping for the best,” Adam Baldwin, security manager at npm, Inc. “Every developer should know that the code they are using is safe. By alerting the entire npm community to security vulnerabilities within a tool they already use, we can make JavaScript development safer for everyone.


Comments are closed.