The npm blog has been discontinued.
Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog.
npm Security 2019 in Review
A year in review from VP of Security Adam Baldwin (in the style of Harper’s Index):
Number of npm tokens revoked that were erroneously published to either the registry or to GitHub: 737
Value, in millions of dollars, of cryptocurrency saved from theft by catching the Komodo Agama wallet backdoor: 13
Total security advisories in the npm database: 1,285
Created in 2019: 595
Number, in thousands, of inbound security alert tickets triaged by @eleuterio_ via security@npmjs.com: 2.2
Percentage of maintainers now covered by 2FA: 9.27
Percentage of maintainers who should: 100
Percentage of new account passwords improved by rejecting reused passwords compromised in previous breaches (h/t haveibeenpwned): 13.37
Number of transactions––including torrents and movie advertisements––blocked by our anti-spam system: 11,526
Number, in millions, of run-time reports generated by our behavioral analysis API: 1.4
Terabytes of behavioral analysis data generated: 15.6
###
Source: