News

npm v6 is out!

2 min read

After the recent release of Node 10.0.0, npm have released version 6 in collaboration with node.js. npm v6 is a major update of the popular package manager for the JavaScript runtime environment Node.js. Typically, npm release their newer versions every year around spring time and following this pattern npm v6 was introduced as on April 26, 2018. This update introduces powerful security features for every developer who works with open source code.

Built in security features

npm v6 is the result of the collaboration between npm and their acquisition of the Node Security Platform. This introduces two new security features:

npm registry

Every user of the npm v6 Registry will begin receiving automatic warnings if the code used has a known security issue. npm will automatically review install requests against the NSP database and return a warning if the code contains a vulnerability.

npm audit

npm v6, has a new command, ‘npm audit’, which allows developers to recursively analyze their dependency trees to identify specific insecurities, following which developers can swap in a new version or find a safer alternate dependency.

Both these security features are available free of charge to every npm user, with no purchase or registration required. These resources are open sourced to maximize the community benefit. By alerting the entire community to security vulnerabilities within a tool, npm can make JavaScript development safer for everyone.

Additional Features

Apart from the security features, there are also a large number of other performance updates:

  • npm v6 is up to 17x faster than the npm of one year ago.
  • npm ci is optimized to use npm within the continuous integration/continuous deployment (CI/CD) workflow almost 2x–3x faster.
  • Webhooks are now configurable directly within the npm CLI.
  • Easy verification of package with respect to tampering and corruption, with more visibly integrated metadata.
  • Teams can now more easily share reproducible builds with automatic resolution of lockfile conflicts.

Also checkout the release notes for npm v6 release, and the roadmap of the year ahead.

Read Next

Node 10.0.0 released, packed with exciting new features
How is Node.js Changing Web Development?
How to deploy Node.js application to the web using Heroku

Sugandha Lahoti

Content Marketing Editor at Packt Hub. I blog about new and upcoming tech trends ranging from Data science, Web development, Programming, Cloud & Networking, IoT, Security and Game development.

Leave a Comment
Share
Published by
Sugandha Lahoti
Tags: Node.jsnpmJavascript package managernpm registrynpm audit
6 years ago

Recent Posts

Top life hacks for prepping for your IT certification exam

I remember deciding to pursue my first IT certification, the CompTIA A+. I had signed…

3 years ago

Learn Transformers for Natural Language Processing with Denis Rothman

Key takeaways The transformer architecture has proved to be revolutionary in outperforming the classical RNN…

3 years ago

Learning Essential Linux Commands for Navigating the Shell Effectively

Once we learn how to deploy an Ubuntu server, how to manage users, and how…

3 years ago

Clean Coding in Python with Mariano Anaya

Key-takeaways:   Clean code isn’t just a nice thing to have or a luxury in software projects; it's a necessity. If we…

3 years ago

Exploring Forms in Angular – types, benefits and differences   

While developing a web application, or setting dynamic pages and meta tags we need to deal with…

3 years ago

Gain Practical Expertise with the Latest Edition of Software Architecture with C# 9 and .NET 5

Software architecture is one of the most discussed topics in the software industry today, and…

3 years ago