本文最初发布于 RedMonk。 最近，JavaScript 软件包管理领域发生了重大变化。虽然 npm 仍是 Node.js 运行时环境中使用的 JavaScript 软件包注册中心和管理器，但值得讨论的是，对于 JavaScript 代码交付这个更大的问题，这些变化有什么影响。具体来说，我想到了最近出现 ...

Microsoft is acquiring Node package manager npm Inc., officials announced on March 16. (Neither company is sharing the purchase price.) Microsoft plans to integrate GitHub with npm with the intent of ...

Is the public NPM JavaScript package registry going away? NPM, the company behind the popular online repository of Node.js and JavaScript code, insists it will remain, despite a recent rumor to the ...

OAKLAND, Calif.--(BUSINESS WIRE)--npm, Inc., the JavaScript developer tools provider and operator of the world’s largest software registry, today announced a significant upgrade to npm Enterprise, its ...

Here's how the JavaScript Registry evolves makes building, sharing, and using JavaScript packages simpler and more secure ...

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...

OAKLAND, Calif.--(BUSINESS WIRE)--npm, Inc., the open source JavaScript developer tools provider and operator of the world’s largest software registry, today announced npm Pro, the first professional ...

Tens of thousands of developers using weak credentials to secure their npm accounts inadvertently put more than half of the npm packages (JavaScript libraries and tools) at risk of getting hijacked ...

The NPM JavaScript registry has experienced a jump in malware, including packages related to data theft, crypto mining, botnets, and remote code execution, according to security company WhiteSource.

这一警告来自Koi Security的Oren Yomtov，他在周一的博客中披露了在多个包管理器中发现的六个零日漏洞，这些漏洞可能允许黑客绕过去年11月Shai-Hulud攻击npm并破坏超过700个包后推荐的防护措施。