npm Blog (Archive)

The npm blog has been discontinued.

Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog.

Correction to previous post about security

In our post earlier today about a major security vulnerability we found and fixed, I stated that a security breach had resulted in packages being compromised. I believed this was true at the time, but it was incorrect. While did have a security vulnerability of equivalent scope disclosed, they, like us, were not maliciously breached.

The post went through a few drafts and was reviewed by five people, none of whom noticed this error. My sincere apologies to the maintainers and the Ruby community in general for repeating this misunderstanding.