2 min read

After the recent release of Node 10.0.0, npm have released version 6 in collaboration with node.js. npm v6 is a major update of the popular package manager for the JavaScript runtime environment Node.js. Typically, npm release their newer versions every year around spring time and following this pattern npm v6 was introduced as on April 26, 2018. This update introduces powerful security features for every developer who works with open source code.

Built in security features

npm v6 is the result of the collaboration between npm and their acquisition of the Node Security Platform. This introduces two new security features:

npm registry

Every user of the npm v6 Registry will begin receiving automatic warnings if the code used has a known security issue. npm will automatically review install requests against the NSP database and return a warning if the code contains a vulnerability.

npm audit

npm v6, has a new command, ‘npm audit’, which allows developers to recursively analyze their dependency trees to identify specific insecurities, following which developers can swap in a new version or find a safer alternate dependency.

Both these security features are available free of charge to every npm user, with no purchase or registration required. These resources are open sourced to maximize the community benefit. By alerting the entire community to security vulnerabilities within a tool, npm can make JavaScript development safer for everyone.

Additional Features

Apart from the security features, there are also a large number of other performance updates:

  • npm v6 is up to 17x faster than the npm of one year ago.
  • npm ci is optimized to use npm within the continuous integration/continuous deployment (CI/CD) workflow almost 2x–3x faster.
  • Webhooks are now configurable directly within the npm CLI.
  • Easy verification of package with respect to tampering and corruption, with more visibly integrated metadata.
  • Teams can now more easily share reproducible builds with automatic resolution of lockfile conflicts.

Also checkout the release notes for npm v6 release, and the roadmap of the year ahead.

Read Next

Node 10.0.0 released, packed with exciting new features
How is Node.js Changing Web Development?
How to deploy a Node.js application to the web using Heroku

Sugandha Lahoti
Content Marketing Editor at Packt Hub. I blog about new and upcoming tech trends ranging from Data science, Web development, Programming, Cloud & Networking, IoT, Security and Game development.

LEAVE A REPLY

Please enter your comment!
Please enter your name here