The npm blog has been discontinued.
Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog.
npm Acquires ^Lift Security and Node Security Platform
Today, we’re excited to announce that npm, Inc. has acquired the team and assets of ^Lift Security, including their work on the Node Security Platform. Adam Baldwin and his team have joined npm to work full time on keeping the npm Registry and npm applications safe, and to develop new products to help developers and their companies securely develop JavaScript.
We go way back
^Lift Security has been working with npm longer than npm, Inc. has been a company. They review npm’s own code to ensure it’s safe before we take it live, and conduct periodic security audits, including penetration tests of our services. Most prominently, their Node Security Platform has become a definitive catalogue of JavaScript vulnerabilities for developers and security vendors.
npm is where the Node Security Platform belongs. All NSP users are npm users, and the security of open source code is core to npm’s mission. By combining our resources, we can deliver a continuous approach to security at scale, empowering millions of developers to build more secure code.
As one team, we’ll continue keeping the Registry safe, and develop new ways to help individuals and companies understand and trust the JavaScript code that they write and share.
Watch this space
Today’s announcement is the first in a series of strategic security initiatives we’ll be announcing in coming weeks. In conjunction with the next version of npm, shipping with Node.js version 10, we’ll introduce a series of new security features available to every npm user, directly integrated into the npmjs.com registry and the npm command line tool. Soon, we’ll also introduce a series of security products specifically tailored to the unique requirements of corporate developers and enterprises.
Security is everyone’s responsibility (including yours).
Security is the responsibility of every part of an organization. It needs to be intermixed with engineering, operations, and application development. npm is at the center of these workflows, so we are uniquely positioned to help you secure your code.
We know that the safety of the code you use is important to you, whether you’re a beginner or a seasoned expert. Together, we’ll ensure that the world’s largest community of software developers is also its safest.