The npm blog has been discontinued.
The Node Security Platform service is shutting down 9/30
Since joining npm, we’ve worked to bring these protections to the larger developer community.
npm now automatically reviews every install request against the NSP vulnerability database and warns you if you try to use unsafe code. Additionally, beginning with npm@6, a new command,
npm audit, recursively analyzes your dependency trees to identify specifically what’s insecure, recommend a replacement, or fix it automatically with
npm audit fix.
The Node Security Platform service will stop working on September 28, 2018.
We encourage you to update to npm@6 — just type
npm i -g npm@latest — to take advantage of powerful, automatic protection built right into your workflow, along with a host of other enhancements and features. If you have been a subscriber to NSP’s pre-publication advisories, your account will cancel automatically (these advisories are now available to customers of any of npm’s paid services).
We’re proud of the ways we work to keep you safe and excited for what’s still in store. As always, don’t hesitate to reach out with your feedback or questions.