4 posts tagged with "npm"

(for security purposes)

• Globally:
  • run npm config set ignore-scripts true
  • this will populate ~/.npmrc
• Per repo:
  • create ./.npmrc
  • add ignore-scripts=true into that file

Npm has recently been making a lot of changes around package publish security because of recent supply-chain attacks targeting Npm.

What does this mean for the lonely dev self-publishing packages from their local CLI?

What is "semantic versioning" (often called "semver")? (Specifically, semver v2.0.0.) It's detailed in full on its website (https://semver.org) but here's a quick summary and some notes on how it is used in npm.

Npm is a package manager for JavaScript projects. What this means is that it enables easy installation of packages (published to the public registry, https://www.npmjs.com, or private registries) while also installing nested dependencies between packages. I received a bunch of questions about npm, and here are the answers! Note that I haven't looked at implementation details or any specs on how npm works, these answers are merely based on my observations after nearly a decade of using npm.