I'm happy to share that I've cut a release of npm for the first time this week! 🎉 npm@6.13.0 is out there! It was a bit stressful making sure I don't get anything wrong but all in all it's a very straightforward process as you can see in the Release process wiki page and I had the support of my entire team. ❤️
This release comes with 2 exciting new features, the first being the work from @koste4 on the new look of the browser CLI docs (the one that pops up docs in your browser when you run npm help <command> --viewer browser):
And the second new feature we shipped in this version is the work I've put together to support a new funding property in package.json - in a bid to help the open source community npm decided to add a new command:npm fund that will provide more visibility to npm users on what dependencies are actively looking for ways to fund their work.
As part of that change, npm install will also show a single message at the end in order to let the user aware that dependencies are looking for funding, it looks like this:
$ npm install
3 packages are looking for funding.
Run "npm fund" to find out more.
Here is a quick preview of what the output from npm fund looks like:
$ npm fund
tmp4@1.0.0
├─┬ fund-dev-dep@1.0.0
│ ├── type: dev dep
│ └── url: http://example.com/fund
├─┬ fund-project@1.0.0
│ ├── type: individual
│ └── url: https://example.com/project/support
└─┬ sub-fund-foo@1.0.0
├── type: corporate
└── url: https://corp.example.com/sponsor
Running npm fund <package> will open the url listed for that given package right in your browser.
I'm excited to see how this will evolve as we collect feedback from the community and iterate on it in the following months. 😊
For more info on this release and the latest news about the Community & Open Source team, go check out the npm blog post: https://blog.npmjs.org/post/188841555980/updates-to-community-docs-more
Top comments (11)
In premise, I support what you're doing here, Ruy... developers need funding to help support the work they are doing. However, in practice, I don't necessarily want to see this advertisement every time I run an npm command... primarily because it distracts from a more important message I'm looking for, indicating which packages are vulnerable and need updates.
I need a way to turn this off, please.
Worry not @crates , early on the RFC process we realized that would be an important requirement and we shipped it since
v6.13.0with the support to afundconfig that allows users to mute the post-install message.There are multiple ways you can toggle it:
npm --no-fund.npmrcoption: just addfund=falseto your.npmrcfile (either local to a project or global at your $HOME directory) more info on npmrc files hereThanks for the comment, that can def be useful to other people 😊
Thanks so much for the quick response... like any true hacker, I read the docs and inferred this for myself, and I can confirm that it's working fine for me. Thanks again for your awesome contributions. Keep up the good work bruv!
fund=false in .npmrc local to a project didn't work, still shows packages looking for funding message
Adding --no-fund for npm ci in Dockerfile did work
node -v -> v16.14.2
npm -v -> 8.10.0
Hi I am new to this and trying to run:
npm install --save express express-handlebars mysql body-parser
then I get the below:
2 packages are looking for funding
run
npm fundfor detailsfixed 0 of 1 vulnerability in 204 scanned packages
1 vulnerability required manual review and could not be updated
tatianacm@huntedhouse cakesOclock % npm fund
cakesoclock@1.0.0
├─┬ glob@7.1.6
│ └── url: github.com/sponsors/isaacs
└─┬ has-symbols@1.0.1
└── url: github.com/sponsors/ljharb
You mean the above is not an error, just a link to their founding page?
This is awesome! Is there a way to see the fund links for the packages installed globally?
not yet! 😬 I think we'll def add it at some point 😊
Good Job!!
This is great. Totally slept on the fact that your are working for npm on the CLI. That are great news as well. Congrats.
Nice work Ruy! 👏🏻
Well done Ruy! 🎉