GitHub Community
Replies: 2 comments 2 replies
-
|
The bulk function is really useful, I happened to set it up manually on dozens of packages just last week, thanks! |
Beta Was this translation helpful? Give feedback.
-
|
Why wasn't |
Beta Was this translation helpful? Give feedback.
-
|
Great question and I don't a better excuse other than I focused only on 2 items for this release's changelog. Saying that, we have another changelog coming relatively soon and I'll include |
Beta Was this translation helpful? Give feedback.
-
|
😄 No problem! It just seemed significant (or at least topical) so I wondered if it wasn't quite ready for prime time or something like that. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
now available in CLI v11.10.0+
We've shipped two new features to make npm publishing safer and easier to manage:
Bulk configuration for OIDC trusted publishing
Maintainers can now add or update trusted publishing configurations across multiple packages in a single operation using the
npm trustcommand, instead of configuring each package individually.This is a first step in making trusted publishing easier to adopt for all users and providers. CircleCI support is already in progress and coming soon, along with additional improvements to make migrating to and managing trusted publishing simpler for maintainers with many packages.
New
--allow-gitflag for npm installGit dependencies — direct or transitive — can include
.npmrcfiles that override the git executable path, enabling arbitrary code execution during install even when using--ignore-scripts. The new--allow-gitflag gives you explicit control over this behavior.The flag defaults to
allfor backward compatibility, but we highly encourage using--allow-git=nonenow and only re-enabling it when git dependencies are truly necessary:--allow-git=noneis expected to become the default in npm CLI v12. See the documentation for details.We'd love to hear your feedback — what's working, what's missing, and what would make these features better for your workflows. Let us know in the comments!
Beta Was this translation helpful? Give feedback.
All reactions