Part of how people can contribute to npm is by submitting public change requests for the npm CLI and associated tooling, called RFC (Request For Comments).
We feel privilege to work with such an amazing community so we will make sure in the future to be more proactive on reviewing the suggestions. We will also write some best practices around writing kick-ass RFCs.
In the meantime, we got caught in the holidays season, and forgot to mention that we reviewed most of the open ones. We are happy to announce that we ratified (approved) five of them in December:
- Run Suggestions: adding additional “help” text when a command name provided to npm run is not found.
- Creating a npm audit xml report: possibility to execute npm audit --owasp and getting an OWASP Dependency Check XML.
- Change how npm update edits package.json: package.json should not be edited by npm update unnecessarily.
- Shallow update support for npm update: change npm update not to update indirect dependencies if not necessary.
- Publish older versions without a tag: npm publish should only update the latest tag if the package being published has a higher version number than the one currently tagged latest.