The npm blog has been discontinued.
Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog.
v5.5.0 (2017-10-04)
Hey y'all, this is a big new feature release! We’ve got some security related goodies plus a some quality-of-life improvements for anyone who uses the public registry (so, virtually everyone).
To get this version, run: npm install "npm@^5.5.0" -g
Barring any major bugs, it will be the default npm version on 2017-10-11, which you can install by running: npm install -g npm@latest.
The changes largely came together in one piece, so I’m just gonna leave the commit line here:
f6ebf5e8bf97ad6a38f644018e68af91528c346a34260Two factor authentication, profile editing and token management. (@iarna)
TWO FACTOR AUTHENTICATION
You can now enable two-factor authentication for your npm account. You can even do it from the CLI. In fact, you have to, for the time being:
npm profile enable-tfa
With the default two-factor authentication mode you’ll be prompted to enter a one-time password when logging in, when publishing and when modifying access rights to your modules.
TOKEN MANAGEMENT
You can now create, list and delete authentication tokens from the comfort of the command line. Authentication tokens created this way can have NEW restrictions placed on them. For instance, you can create a read-only token to give to your CI. It will be able to download your private modules but it won’t be able to publish or modify modules. You can also create tokens that can only be used from certain network addresses. This way you can lock down access to your corporate VPN or other trusted machines.
Deleting tokens isn’t new, you could do it via the website but now you can do it via the CLI as well.
CHANGE YOUR PASSWORD, SET YOUR EMAIL
You can finally change your password from the CLI with npm profile set password! You can also update your email address with npm profile set email <address>. If you change your email address we’ll send you a new verification email so you verify that its yours.
AND EVERYTHING ELSE ON YOUR PROFILE
You can also update all of the other attributes of your profile that previously you could only update via the website: fullname, homepage, freenode, twitter and github.
AVAILABLE STAND ALONE
All of these features were implemented in a stand alone library, so if you have use for them in your own project you can find them in npm-profile on the registry. There’s also a little mini-cli written just for it at npm-profile-cli. You might also be interested in the API documentation for these new features: user profile editing and authentication.
BUG FIXES
5ee55dc71install.sh: Drop support for upgrading from npm@1 as npm@5 can’t run on any Node.js version that ships npm@1. This fixes an issue some folks were seeing when trying to upgrade usingcurl | http://npmjs.com/install.sh. (@iarna)5cad1699anpm-lifecycle@1.0.3Fix a bug where when more than one lifecycle script got queued to run, npm would crash. (@zkat)cd256cbb2npm-packlist@1.1.9Fix a bug where test directories would always be excluded from published modules. (@isaacs)2a11f0215Fix formatting of unsupported version warning (@iarna)
DEPENDENCY UPDATES
6d2a285a5npm-registry-client@8.5.069e64e27brequest@2.83.034e0f4209abbrev@1.1.110d31739daproba@1.2.02b02e86c0meant@1.0.1b81fff808rimraf@2.6.2: Fixes a long standing bug in rimraf’s attempts to work around Windows limitations where it owns a file and can change its perms but can’t remove it without first changing its perms. This may be an improvement for Windows users of npm under some circumstances. (@isaacs)