Npm, Inc. has announced the release of the npm@6 package manager. It will feature powerful new security features, such as automatic warnings when developers try to use open source code with known vulnerabilities, and ‘npm audit,’ which is an npm command that allows developers to analyze complex code and pinpoint specific vulnerabilities.
A recent npm survey found that 97 percent of JavaScript developers use open source code and that 77 percent of them express concern about whether the open source software they use is secure. Additionally, 52 percent of developers don’t think there are satisfactory ways to evaluate whether code is safe.
“Node.js has proven to be a reliable platform for applications at any scale. It is used across industries to build everything from APIs to cloud, mobile and IoT applications,” said Mark Hinkle, executive director of the Node.js Foundation. “The release of npm@6 is another great testament to the Node.js ecosystem’s focus and work on making security a top priority, and helping developers build the world’s most scalable, mission-critical JavaScript applications.”
Other new features include performance enhancements, optimizations for continuous integration, webhooks management, more visible package integrity metadata, and automatic resolution of lockfile conflicts.
“Before npm security, people were just hoping for the best,” Adam Baldwin, Head of Security at npm, Inc. “Every developer needs to know that the code they use is safe. By alerting the entire npm community to security vulnerabilities within a tool they already use, we can make JavaScript development safer for everyone.”