DEV Community

Cover image for npm@6.13.0
Ruy Adorno
Ruy Adorno

Posted on

npm@6.13.0

I'm happy to share that I've cut a release of npm for the first time this week! 🎉 npm@6.13.0 is out there! It was a bit stressful making sure I don't get anything wrong but all in all it's a very straightforward process as you can see in the Release process wiki page and I had the support of my entire team. ❤️

This release comes with 2 exciting new features, the first being the work from @koste4 on the new look of the browser CLI docs (the one that pops up docs in your browser when you run npm help <command> --viewer browser):

new browser cli docs screenshot


And the second new feature we shipped in this version is the work I've put together to support a new funding property in package.json - in a bid to help the open source community npm decided to add a new command:
npm fund that will provide more visibility to npm users on what dependencies are actively looking for ways to fund their work.

As part of that change, npm install will also show a single message at the end in order to let the user aware that dependencies are looking for funding, it looks like this:

$ npm install
3 packages are looking for funding.
Run "npm fund" to find out more.
Enter fullscreen mode Exit fullscreen mode

Here is a quick preview of what the output from npm fund looks like:

$ npm fund
tmp4@1.0.0
├─┬ fund-dev-dep@1.0.0
│ ├── type: dev dep
│ └── url: http://example.com/fund
├─┬ fund-project@1.0.0
│ ├── type: individual
│ └── url: https://example.com/project/support
└─┬ sub-fund-foo@1.0.0
  ├── type: corporate
  └── url: https://corp.example.com/sponsor

Enter fullscreen mode Exit fullscreen mode

Running npm fund <package> will open the url listed for that given package right in your browser.

I'm excited to see how this will evolve as we collect feedback from the community and iterate on it in the following months. 😊


For more info on this release and the latest news about the Community & Open Source team, go check out the npm blog post: https://blog.npmjs.org/post/188841555980/updates-to-community-docs-more

Photo by Paul Esch-Laurent on Unsplash

Top comments (11)

Collapse
 
crates profile image
Crates

In premise, I support what you're doing here, Ruy... developers need funding to help support the work they are doing. However, in practice, I don't necessarily want to see this advertisement every time I run an npm command... primarily because it distracts from a more important message I'm looking for, indicating which packages are vulnerable and need updates.

I need a way to turn this off, please.

Collapse
 
ruyadorno profile image
Ruy Adorno

Worry not @crates , early on the RFC process we realized that would be an important requirement and we shipped it since v6.13.0 with the support to a fund config that allows users to mute the post-install message.

There are multiple ways you can toggle it:

  • As a command option: npm --no-fund
  • As an .npmrc option: just add fund=false to your .npmrc file (either local to a project or global at your $HOME directory) more info on npmrc files here

Thanks for the comment, that can def be useful to other people 😊

Collapse
 
crates profile image
Crates

Thanks so much for the quick response... like any true hacker, I read the docs and inferred this for myself, and I can confirm that it's working fine for me. Thanks again for your awesome contributions. Keep up the good work bruv!

Collapse
 
hikermillerman profile image
Hikermillerman

fund=false in .npmrc local to a project didn't work, still shows packages looking for funding message
Adding --no-fund for npm ci in Dockerfile did work
node -v -> v16.14.2
npm -v -> 8.10.0

Collapse
 
chatiana profile image
Tats

Hi I am new to this and trying to run:
npm install --save express express-handlebars mysql body-parser

then I get the below:

2 packages are looking for funding
run npm fund for details

fixed 0 of 1 vulnerability in 204 scanned packages
1 vulnerability required manual review and could not be updated
tatianacm@huntedhouse cakesOclock % npm fund
cakesoclock@1.0.0
├─┬ glob@7.1.6
│ └── url: github.com/sponsors/isaacs
└─┬ has-symbols@1.0.1
└── url: github.com/sponsors/ljharb

You mean the above is not an error, just a link to their founding page?

Collapse
 
danielleadams profile image
Danielle Adams

This is awesome! Is there a way to see the fund links for the packages installed globally?

Collapse
 
ruyadorno profile image
Ruy Adorno

not yet! 😬 I think we'll def add it at some point 😊

Collapse
 
alebiagini profile image
aleBiagini

Good Job!!

Collapse
 
mkuehnel profile image
Michael Kühnel

This is great. Totally slept on the fact that your are working for npm on the CLI. That are great news as well. Congrats.

Collapse
 
nickytonline profile image
Nick Taylor

Nice work Ruy! 👏🏻

Collapse
 
pierrefaniel profile image
Pierre Faniel

Well done Ruy! 🎉