#npm
Loot, blog posts and adjacent themes connected to this topic. Follow the tag to keep it in your orbit.
More from this topic
When the community shares matching finds, they will appear here. For now, browse all loot or submit the first drop.
Related reads
Fix Dependabot npm registry scope before private package updates drift
GitHub changed how Dependabot handles npm registry configuration: teams can now make dependabot.yml the authoritative source for scoped npm …
Protect npm releases: high-impact accounts now get a 72-hour safety pause
GitHub has added a preventive 72-hour read-only state for high-impact npm accounts after sensitive account changes, closing a common supply-…
npm v12 will make install scripts and remote sources opt-in
GitHub says npm v12 will change install defaults in July 2026: dependency install scripts, Git dependencies, and remote URL dependencies wil…
npm staged publishing adds a human approval gate for package releases
npm CLI 11.15.0 adds generally available staged publishing plus explicit install-source controls, giving maintainers a safer release path fo…