npm, Inc.,
which runs the world's largest software registry and maintains the npm
software package management application, today announced the public
availability of npm@5, a free update to the npm developer tool featuring
significant speed, security, and reliability improvements.
With
npm@5, common package management tasks such as package installation and
version updates are now approximately five times faster than in prior
versions. The update benefits nearly 8 million npm users worldwide, as
well as customers of npm's Orgs collaboration tool and npm Enterprise
self-hosted product. Benchmarks show that when all npm users download
and use the npm@5 update, it will save over 70 years of developer time
each day.
npm@5 is the product of
more than four years of planning and collaboration within the open
source software development community, and coincides with the Node.js
Project's release of Node.js v8.0.0. Starting today, developers who
download and install Node.js 8 will automatically receive npm@5, as
well.
"Having Node.js 8.0.0 and
npm@5 come out at the same time is a huge benefit to Node.js users who
can instantly reap the performance, security and reliability benefits of
npm@5 with any version of Node.js," said Mark Hinkle, executive
director of the Node.js Foundation. "This is also a testament to the
amazing collaboration happening in our shared community and strong
relationship with npm."
With a
rewrite of its entire download subsystem and a major overhaul of its
user experience, npm@5's features and benefits include:
- Self-healing cache and automatic error recovery eliminate hours of troubleshooting associated with faulty network connections or corrupted files.
- Industry-first SHA-512 code verification protects against data corruption and malicious attacks.
- Lockfiles provide
peace of mind that software packages will install identically on each
developer's computer, regardless of the specifics of their development
environment.
- A refreshed command-line interface produces more informative and helpful output to allow developers to easily assess the software packages they build and install.
As
the default package manager for the npm Registry, npm@5 supports a
broad set of use cases across multiple platforms. More than 60 percent
of the world's JavaScript software developers use npm packages every
day, and software managed by npm is deployed in a wide range of
applications including front-end, back-end, robotics, IoT hardware, and
NASA spacesuits.
"Tens of thousands
of our customers deploy npm-powered applications, on average, once a
minute, so npm@5's speed improvements will make a noticeable
difference," said Guillermo Rauch, CEO and co-founder of ZEIT. "npm lets
us move quickly, and we let others move quickly."
In
a typical example of npm@5's performance improvements, the time
required to install dependencies for the popular library React-native
has decreased nearly 80 percent, from 52.61 seconds under npm@4 to 11.53
seconds under npm@5.
"npm is how
the world makes software. Every week, developers use npm to download
over 2.1 billion packages. npm@5 represents a significant advance in
meeting the evolving needs of the JavaScript community," said Isaac Z.
Schlueter, CEO of npm, Inc. "We're proud of the innovation and
contributions we've made that will benefit all software developers,
especially users of Node.js."
To download the free npm@5 update, visit https://go.npm.me/npm5.