npm (software)

from Wikipedia, the free encyclopedia
npm

Npm-logo.svg
Basic data

developer Isaac Z. Schlueter / npm, Inc.
Publishing year January 12, 2010
Current  version 6.14.7
( July 21, 2020 )
operating system Platform independence
programming language JavaScript
category Package management
License Artistic License 2.0
German speaking No
www.npmjs.com

npm (formerly NPM ) is a package manager for the JavaScript runtime environment Node.js .

Under the name npm registry or npm open source one is the repository operated under about 350,000 packages (as of 13 January 2017) free license are provided. A commercial version is offered for private packages (i.e. not open source ).

Npm, Inc. , based in Oakland , California, is behind the development and operation of the repository .

On March 16, 2020, Microsoft's GitHub announced it was taking over npm.

use

Installation: 

$ npm install %Modulname

safety

Like any repository, the npm registry is susceptible to packages containing malicious code . As soon as such packages are used in a software project via dependencies , various attacks can be carried out. In the past, attacks via typosquatting and social engineering have become known.

Problems

Due to a disagreement regarding the name of a package and the reaction of the npm registry to it, a developer deleted all of his packages from the repository in March 2016, among other things left-pad. As a result, a large number of packages such as Babel (a JSX -to-JavaScript compiler) and React could no longer be compiled because they require the package. This sparked a debate about the use of many micro-modules in the JavaScript community and the dependence on a commercial repository. Furthermore, measures have been taken in the repository to avoid such problems in the future: Published versions of packages can only be withdrawn within 24 hours either independently or by contacting support.

In January 2018, a user was accidentally blocked and with it the download of his 102 packages. For this reason, a large number of known JavaScript projects could not be installed / built.

Surname

npm-expansions on npmjs.com

The name Node Package Manager goes back to the Readme file of the project. In December 2014, however, the name was removed. On the FAQ page of the project between August 2011 and November 2015, npm was defined as the recursive backronym for “npm is not an acronym” (“npm is not an acronym”). Since September 2014, community-based possible explanations for npm have been collected in the GitHub project npm-expansionsand displayed on the website.

See also

  • Bower - Package manager for client-side JavaScript packages

Individual evidence

  1. About
  2. First versions of npm . Retrieved January 5, 2019.
  3. Release 6.14.7 . July 21, 2020 (accessed July 22, 2020).
  4. ^ State of the Union: npm. In: Linux.com | The source for Linux information. Retrieved January 16, 2017 .
  5. npm open source. (No longer available online.) In: npmjs.com. Archived from the original on March 25, 2016 ; accessed on March 24, 2016 (English). Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / www.npmjs.com
  6. npm private packages. In: npmjs.com. Accessed March 24, 2016 .
  7. About npm. In: npmjs.com. Accessed March 24, 2016 .
  8. npm is joining GitHub. In: github.blog. Retrieved March 16, 2020 . npm becomes part of GitHub. In: microsoft.com. Retrieved March 20, 2020 .
  9. `crossenv` malware on the npm registry. In: The npm Blog. August 2, 2017, accessed January 12, 2018 .
  10. ^ David Gilbertson: I'm harvesting credit card numbers and passwords from your site. Here's how. In: Hacker Noon . January 6, 2018 (English, hackernoon.com [accessed January 12, 2018]).
  11. JavaScript package removed from NPM: Node, Babel and Co. failed during the build. In: heise online. March 23, 2016. Retrieved March 25, 2016 .
  12. Azer Koçulu: I've Just Liberated My Modules. In: Medium. March 22, 2016, accessed March 25, 2016 .
  13. ^ Mike Roberts: A discussion about the breaking of the Internet. In: Medium. March 23, 2016, accessed March 25, 2016 .
  14. NPM and Left-Pad: Have We Forgotten How to Program? In: Hacker News. Retrieved March 25, 2016 .
  15. kik, left-pad, and npm. In: blog.npmjs.org. March 23, 2016, accessed March 25, 2016 .
  16. changes to npm's unpublish policy. In: blog.npmjs.org. March 29, 2016, accessed March 30, 2016 .
  17. JavaScript: npm changes unpublish policy for packages. In: heise online. March 30, 2016, accessed March 30, 2016 .
  18. Incident report: npm, Inc. operations incident of January 6, 2018. January 11, 2018, accessed on January 12, 2018 .
  19. Initial drop. Ugly, sketchy, and not even yet quite a "work in progr…" · npm / npm @ 4626dfa. In: GitHub. September 29, 2009, accessed on April 7, 2016 : "npm - The Node Package Manager"
  20. npm is a nice JavaScript package manager npm / npm @ cbb890e. In: GitHub. December 12, 2014, accessed April 7, 2016 .
  21. Question about Capitalization · npm / npm @ 9c0b248. In: GitHub. August 6, 2011, accessed on April 7, 2016 : "Contrary to the belief of many," npm "is not in fact an abbreviation for" Node Package Manager ". It is a recursive bacronymic abbreviation for "npm is not an acronym". "
  22. doc: remove FAQ npm / npm @ b88c37c. In: GitHub. November 25, 2015, accessed April 7, 2016 .
  23. npm / npm expansions. In: GitHub. Accessed April 7, 2016 : "What does npm stand for?"