The npm blog has been discontinued.
Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog.
Posts tagged: security
- Binary Planting with the npm CLI (December 11th, 2019)
- npm Security Insights API Preview Part 3: Behavioral Analysis (November 20th, 2019)
- npm Security Insights API Preview Part 2: Malware (October 16th, 2019)
- New Security Insights API: Sneak Peek (October 9th, 2019)
- Better package selection with npm Enterprise (September 11th, 2019)
- AppSec POV on Dependency Management (September 4th, 2019)
- Protecting Package Publishers: npm Token Security and Hygiene now Extend to GitHub (June 18th, 2019)
- Plot to steal cryptocurrency foiled by the npm security team (June 5th, 2019)
- npm On-Call (March 5th, 2019)
- Why we created npm Enterprise (February 26th, 2019)
- Managing JavaScript in the Enterprise (February 21st, 2019)
- The security risks of changing package owners (February 15th, 2019)
- npm Convos: Tripetto (January 16th, 2019)
- Automated token revocation for when you accidentally publish a token (January 14th, 2019)
- Securing Your Site like It’s 1999 (December 3rd, 2018)
- 401 & scoped packages (November 28th, 2018)
- Details about the event-stream incident (November 27th, 2018)
- Writing Quality Vulnerability Reports (October 25th, 2018)
- Three new features to help our users protect themselves (August 22nd, 2018)
- Community questions following the eslint security incident (July 31st, 2018)
- Incident report: npm, Inc. operations incident of July 12, 2018 (July 12th, 2018)
- The Node Security Platform service is shutting down 9/30 (July 3rd, 2018)
- JavaScript Usage by Industry (June 27th, 2018)
- How npm is affected by the recently disclosed git vulnerability (May 30th, 2018)
- `npm audit`: identify and fix insecure dependencies (May 8th, 2018)
- Reported malicious module: getcookies (May 2nd, 2018)
- Announcing npm@6 (April 24th, 2018)
- Attitudes to security in the JavaScript community (April 9th, 2018)
- Customer Convos: Sqreen (February 26th, 2018)
- CouchDB vulnerabilities and the npm registry (November 15th, 2017)
- Protect your npm account with two-factor authentication and read-only tokens (October 4th, 2017)
- Publishing what you mean to publish (September 26th, 2017)
- `crossenv` malware on the npm registry (August 2nd, 2017)
- Securing the npm registry (August 1st, 2017)
- Credentials resets (June 6th, 2017)
- Avoid HTTP URLs in shrinkwrap files (December 12th, 2016)
- "Oh no! I accidentally published private data to the public registry!" (November 6th, 2014)
- Newly Paranoid Maintainers (March 21st, 2014)