DEV Community

Cover image for npm@6.13.0

npm@6.13.0

Ruy Adorno on November 07, 2019

I'm happy to share that I've cut a release of npm for the first time this week! 🎉 npm@6.13.0 is out there! It was a bit stressful making sure I don...
Collapse
 
crates profile image
Crates

In premise, I support what you're doing here, Ruy... developers need funding to help support the work they are doing. However, in practice, I don't necessarily want to see this advertisement every time I run an npm command... primarily because it distracts from a more important message I'm looking for, indicating which packages are vulnerable and need updates.

I need a way to turn this off, please.

Collapse
 
ruyadorno profile image
Ruy Adorno

Worry not @crates , early on the RFC process we realized that would be an important requirement and we shipped it since v6.13.0 with the support to a fund config that allows users to mute the post-install message.

There are multiple ways you can toggle it:

  • As a command option: npm --no-fund
  • As an .npmrc option: just add fund=false to your .npmrc file (either local to a project or global at your $HOME directory) more info on npmrc files here

Thanks for the comment, that can def be useful to other people 😊

Collapse
 
crates profile image
Crates

Thanks so much for the quick response... like any true hacker, I read the docs and inferred this for myself, and I can confirm that it's working fine for me. Thanks again for your awesome contributions. Keep up the good work bruv!

Collapse
 
hikermillerman profile image
Hikermillerman

fund=false in .npmrc local to a project didn't work, still shows packages looking for funding message
Adding --no-fund for npm ci in Dockerfile did work
node -v -> v16.14.2
npm -v -> 8.10.0

Collapse
 
chatiana profile image
Tats

Hi I am new to this and trying to run:
npm install --save express express-handlebars mysql body-parser

then I get the below:

2 packages are looking for funding
run npm fund for details

fixed 0 of 1 vulnerability in 204 scanned packages
1 vulnerability required manual review and could not be updated
tatianacm@huntedhouse cakesOclock % npm fund
cakesoclock@1.0.0
├─┬ glob@7.1.6
│ └── url: github.com/sponsors/isaacs
└─┬ has-symbols@1.0.1
└── url: github.com/sponsors/ljharb

You mean the above is not an error, just a link to their founding page?

Collapse
 
danielleadams profile image
Danielle Adams

This is awesome! Is there a way to see the fund links for the packages installed globally?

Collapse
 
ruyadorno profile image
Ruy Adorno

not yet! 😬 I think we'll def add it at some point 😊

Collapse
 
alebiagini profile image
aleBiagini

Good Job!!

Collapse
 
nickytonline profile image
Nick Taylor

Nice work Ruy! 👏🏻

Collapse
 
pierrefaniel profile image
Pierre Faniel

Well done Ruy! 🎉

Collapse
 
mkuehnel profile image
Michael Kühnel

This is great. Totally slept on the fact that your are working for npm on the CLI. That are great news as well. Congrats.