DEV Community

Cover image for npm@6.13.0

npm@6.13.0

Ruy Adorno on November 07, 2019

I'm happy to share that I've cut a release of npm for the first time this week! 🎉 npm@6.13.0 is out there! It was a bit stressful making sure I don...
Collapse
 
crates profile image
Crates

In premise, I support what you're doing here, Ruy... developers need funding to help support the work they are doing. However, in practice, I don't necessarily want to see this advertisement every time I run an npm command... primarily because it distracts from a more important message I'm looking for, indicating which packages are vulnerable and need updates.

I need a way to turn this off, please.

Collapse
 
ruyadorno profile image
Ruy Adorno

Worry not @crates , early on the RFC process we realized that would be an important requirement and we shipped it since v6.13.0 with the support to a fund config that allows users to mute the post-install message.

There are multiple ways you can toggle it:

  • As a command option: npm --no-fund
  • As an .npmrc option: just add fund=false to your .npmrc file (either local to a project or global at your $HOME directory) more info on npmrc files here

Thanks for the comment, that can def be useful to other people 😊

Collapse
 
crates profile image
Crates

Thanks so much for the quick response... like any true hacker, I read the docs and inferred this for myself, and I can confirm that it's working fine for me. Thanks again for your awesome contributions. Keep up the good work bruv!

Collapse
 
hikermillerman profile image
Hikermillerman

fund=false in .npmrc local to a project didn't work, still shows packages looking for funding message
Adding --no-fund for npm ci in Dockerfile did work
node -v -> v16.14.2
npm -v -> 8.10.0

Collapse
 
chatiana profile image
Tats

Hi I am new to this and trying to run:
npm install --save express express-handlebars mysql body-parser

then I get the below:

2 packages are looking for funding
run npm fund for details

fixed 0 of 1 vulnerability in 204 scanned packages
1 vulnerability required manual review and could not be updated
tatianacm@huntedhouse cakesOclock % npm fund
cakesoclock@1.0.0
├─┬ glob@7.1.6
│ └── url: github.com/sponsors/isaacs
└─┬ has-symbols@1.0.1
└── url: github.com/sponsors/ljharb

You mean the above is not an error, just a link to their founding page?

Collapse
 
danielleadams profile image
Danielle Adams

This is awesome! Is there a way to see the fund links for the packages installed globally?

Collapse
 
ruyadorno profile image
Ruy Adorno

not yet! 😬 I think we'll def add it at some point 😊

Collapse
 
alebiagini profile image
aleBiagini

Good Job!!

Collapse
 
mkuehnel profile image
Michael Kühnel

This is great. Totally slept on the fact that your are working for npm on the CLI. That are great news as well. Congrats.

Collapse
 
nickytonline profile image
Nick Taylor

Nice work Ruy! 👏🏻

Collapse
 
pierrefaniel profile image
Pierre Faniel

Well done Ruy! 🎉