loading...
Cover image for npm@6.13.0

npm@6.13.0

ruyadorno profile image Ruy Adorno ・2 min read

I'm happy to share that I've cut a release of npm for the first time this week! πŸŽ‰ npm@6.13.0 is out there! It was a bit stressful making sure I don't get anything wrong but all in all it's a very straightforward process as you can see in the Release process wiki page and I had the support of my entire team. ❀️

This release comes with 2 exciting new features, the first being the work from @koste4 on the new look of the browser CLI docs (the one that pops up docs in your browser when you run npm help <command> --viewer browser):

new browser cli docs screenshot


And the second new feature we shipped in this version is the work I've put together to support a new funding property in package.json - in a bid to help the open source community npm decided to add a new command:
npm fund that will provide more visibility to npm users on what dependencies are actively looking for ways to fund their work.

As part of that change, npm install will also show a single message at the end in order to let the user aware that dependencies are looking for funding, it looks like this:

$ npm install
3 packages are looking for funding.
Run "npm fund" to find out more.

Here is a quick preview of what the output from npm fund looks like:

$ npm fund
tmp4@1.0.0
β”œβ”€β”¬ fund-dev-dep@1.0.0
β”‚ β”œβ”€β”€ type: dev dep
β”‚ └── url: http://example.com/fund
β”œβ”€β”¬ fund-project@1.0.0
β”‚ β”œβ”€β”€ type: individual
β”‚ └── url: https://example.com/project/support
└─┬ sub-fund-foo@1.0.0
  β”œβ”€β”€ type: corporate
  └── url: https://corp.example.com/sponsor

Running npm fund <package> will open the url listed for that given package right in your browser.

I'm excited to see how this will evolve as we collect feedback from the community and iterate on it in the following months. 😊


For more info on this release and the latest news about the Community & Open Source team, go check out the npm blog post: https://blog.npmjs.org/post/188841555980/updates-to-community-docs-more

Photo by Paul Esch-Laurent on Unsplash

Posted on by:

ruyadorno profile

Ruy Adorno

@ruyadorno

Immigrant to beautiful Canada πŸ‡¨πŸ‡¦ Front-End β€’ Node.js collaborator β€’ JavaScript β€’ CLI β€’ Open Source [he/him]

Discussion

markdown guide
 

In premise, I support what you're doing here, Ruy... developers need funding to help support the work they are doing. However, in practice, I don't necessarily want to see this advertisement every time I run an npm command... primarily because it distracts from a more important message I'm looking for, indicating which packages are vulnerable and need updates.

I need a way to turn this off, please.

 

Worry not @crates , early on the RFC process we realized that would be an important requirement and we shipped it since v6.13.0 with the support to a fund config that allows users to mute the post-install message.

There are multiple ways you can toggle it:

  • As a command option: npm --no-fund
  • As an .npmrc option: just add fund=false to your .npmrc file (either local to a project or global at your $HOME directory) more info on npmrc files here

Thanks for the comment, that can def be useful to other people 😊

 

Thanks so much for the quick response... like any true hacker, I read the docs and inferred this for myself, and I can confirm that it's working fine for me. Thanks again for your awesome contributions. Keep up the good work bruv!

 

Hi I am new to this and trying to run:
npm install --save express express-handlebars mysql body-parser

then I get the below:

2 packages are looking for funding
run npm fund for details

fixed 0 of 1 vulnerability in 204 scanned packages
1 vulnerability required manual review and could not be updated
tatianacm@huntedhouse cakesOclock % npm fund
cakesoclock@1.0.0
β”œβ”€β”¬ glob@7.1.6
β”‚ └── url: github.com/sponsors/isaacs
└─┬ has-symbols@1.0.1
└── url: github.com/sponsors/ljharb

You mean the above is not an error, just a link to their founding page?

 

This is awesome! Is there a way to see the fund links for the packages installed globally?

 

not yet! 😬 I think we'll def add it at some point 😊

 
 

This is great. Totally slept on the fact that your are working for npm on the CLI. That are great news as well. Congrats.