Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon

npm v6 is out!

Save for later
  • 2 min read
  • 02 May 2018

article-image
After the recent release of Node 10.0.0, npm have released version 6 in collaboration with node.js. npm v6 is a major update of the popular package manager for the JavaScript runtime environment Node.js. Typically, npm release their newer versions every year around spring time and following this pattern npm v6 was introduced as on April 26, 2018. This update introduces powerful security features for every developer who works with open source code.

Built in security features


npm v6 is the result of the collaboration between npm and their acquisition of the Node Security Platform. This introduces two new security features:

npm registry


Every user of the npm v6 Registry will begin receiving automatic warnings if the code used has a known security issue. npm will automatically review install requests against the NSP database and return a warning if the code contains a vulnerability.

npm audit


npm v6, has a new command, ‘npm audit’, which allows developers to recursively analyze their dependency trees to identify specific insecurities, following which developers can swap in a new version or find a safer alternate dependency.

Both these security features are available free of charge to every npm user, with no purchase or registration required. These resources are open sourced to maximize the community benefit. By alerting the entire community to security vulnerabilities within a tool, npm can make JavaScript development safer for everyone.

Additional Features


Apart from the security features, there are also a large number of other performance updates:

  • npm v6 is up to 17x faster than the npm of one year ago.
  • npm ci is optimized to use npm within the continuous integration/continuous deployment (CI/CD) workflow almost 2x–3x faster.
  • Unlock access to the largest independent learning library in Tech for FREE!
    Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
    Renews at £16.99/month. Cancel anytime
  • Webhooks are now configurable directly within the npm CLI.
  • Easy verification of package with respect to tampering and corruption, with more visibly integrated metadata.
  • Teams can now more easily share reproducible builds with automatic resolution of lockfile conflicts.


Also checkout the release notes for npm v6 release, and the roadmap of the year ahead.

Node 10.0.0 released, packed with exciting new features
How is Node.js Changing Web Development?
How to deploy a Node.js application to the web using Heroku