REPOSCOPE
Linux repositories inspector

npm6 - Package manager for Node.js

Overview
Dependencies
A package manager for Node.js that allows developers to install and publish packages to a package registry.
Homepagehttps://nodejs.org
6.17.0
OpenSUSE iconOpenSUSE Leap 42.3
6.16.0
OpenSUSE iconOpenSUSE Leap 42.3
6.14.4
OpenSUSE iconOpenSUSE Leap 42.3
6.14.3
OpenSUSE iconOpenSUSE Leap 42.3
6.14.1
OpenSUSE iconOpenSUSE Leap 42.3
6.12.2
OpenSUSE iconOpenSUSE Leap 42.3
6.11.1
OpenSUSE iconOpenSUSE Leap 42.3
6.9.5
OpenSUSE iconOpenSUSE Leap 42.3
DistributionVersionSincePackageInstalledPackager
OpenSUSE iconOpenSUSE Leap 42.3 ossrpm6.9.5-1.22019-01-171.93 MiB7.68 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm6.17.0-21.12019-04-081.92 MiB8.06 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm6.16.0-18.12019-02-221.92 MiB8.06 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm6.14.4-15.12019-01-211.91 MiB8.06 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm6.14.3-12.12019-01-211.91 MiB8.06 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm6.14.1-9.22019-01-211.91 MiB8.06 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm6.12.2-6.12019-01-211.91 MiB8.06 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm6.11.1-3.12019-01-211.91 MiB8.06 MiBhttp://bugs.opensuse.org

Manual pages

npm(1)

npm - javascript package manager

npm-access(1)

npm-access - Set access level on published packages

npm-adduser(1)

npm-adduser - Add a registry user account

npm-bin(1)

npm-bin - Display npm bin folder Synopsis npm bin [-g|--global] Description Print the folder where npm will install executables. See Also o npm help prefix o npm help root o npm help folders o npm help config o npm help npmrc

npm-bugs(1)

npm-bugs - Bugs for a package in a web browser maybe

npm-build(1)

npm-build - Build a package

npm-bundle(1)

npm-bundle - REMOVED

npm-cache(1)

npm-cache - Manipulates packages cache

npm-completion(1)

npm-completion - Tab Completion for npm

npm-config(1)

npm-config - Manage the npm configuration files

npm-dedupe(1)

npm-dedupe - Reduce duplication

npm-deprecate(1)

npm-deprecate - Deprecate a version of a package

npm-dist-tag(1)

npm-dist-tag - Modify package distribution tags

npm-docs(1)

npm-docs - Docs for a package in a web browser maybe

npm-edit(1)

npm-edit - Edit an installed package

npm-explore(1)

npm-explore - Browse an installed package

npm-help(1)

npm-help - Get help on npm

npm-help-search(1)

npm-help-search - Search npm help documentation

npm-init(1)

npm-init - create a package.json file

npm-install(1)

npm-install - Install a package

npm-install-test(1)

npm

npm-link(1)

npm-link - Symlink a package folder

npm-logout(1)

npm-logout - Log out of the registry

npm-ls(1)

npm-ls - List installed packages

npm-outdated(1)

npm-outdated - Check for outdated packages

npm-owner(1)

npm-owner - Manage package owners

npm-pack(1)

npm-pack - Create a tarball from a package

npm-ping(1)

npm-ping - Ping npm registry

npm-prefix(1)

npm-prefix - Display prefix

npm-prune(1)

npm-prune - Remove extraneous packages

npm-publish(1)

npm-publish - Publish a package

npm-README(1)

npm - a JavaScript package manager Build Status https://img.shields.io/travis/npm/cli/latest.svg https://travis-ci.org/npm/cli

npm-rebuild(1)

npm-rebuild - Rebuild a package

npm-repo(1)

npm-repo - Open package repository page in the browser

npm-restart(1)

npm-restart - Restart a package

npm-root(1)

npm-root - Display npm root Synopsis npm root [-g] Description Print the effective node_modules folder to standard out. See Also o npm help prefix o npm help bin o npm help folders o npm help config o npm help npmrc

npm-run-script(1)

npm-run-script - Run arbitrary package scripts

npm-search(1)

npm-search - Search for packages

npm-shrinkwrap(1)

npm-shrinkwrap - Lock down dependency versions for publication

npm-star(1)

npm-star - Mark your favorite packages

npm-stars(1)

npm-stars - View packages marked as favorites

npm-start(1)

npm-start - Start a package

npm-stop(1)

npm-stop - Stop a package Synopsis npm stop [-- <args>] Description This runs a package’s "stop" script, if one was provided. See Also o npm help run-script o npm help scripts o npm help test o npm help start o npm help restart

npm-tag(1)

npm-tag - Tag a published version

npm-team(1)

npm-team - Manage organization teams and team memberships

npm-test(1)

npm-test - Test a package

npm-uninstall(1)

npm-uninstall - Remove a package

npm-unpublish(1)

npm-unpublish - Remove a package from the registry

npm-update(1)

npm-update - Update a package

npm-version(1)

npm-version - Bump a package version

npm-view(1)

npm-view - View registry info

npm-whoami(1)

npm-whoami - Display npm username Synopsis npm whoami [--registry <registry>] Description Print the username config to standard output. See Also o npm help config o npm help npmrc o npm help adduser

npm6(1)

npm6 - javascript package manager

npm-folders(5)

npm-folders - Folder Structures Used by npm

npm-global(5)

npm-folders - Folder Structures Used by npm

npm-json(5)

package.json - Specifics of npm’s package.json handling

npmrc(5)

npmrc - The npm config files

package.json(5)

package.json - Specifics of npm’s package.json handling

npm-coding-style(7)

npm-coding-style - npm’s "funny" coding style

npm-config(7)

npm-config - More than you probably want to know about npm configuration

npm-developers(7)

npm-developers - Developer Guide

npm-disputes(7)

npm-disputes - Handling Module Name Disputes

npm-index(7)

npm-index - Index of all npm documentation npm help README a JavaScript package manager

npm-orgs(7)

npm-orgs - Working with Teams & Orgs

npm-registry(7)

npm-registry - The JavaScript Package Registry

npm-scope(7)

npm-scope - Scoped packages

npm-scripts(7)

npm-scripts - How npm handles the "scripts" field

removing-npm(7)

npm-removal - Cleaning the Slate

semver(7)

semver - The semantic versioner for npm

Latest updates

OpenSUSE icon

OpenSUSE Leap 42.3 update/oss: Updated from 6.16.0-18.1 to 6.17.0-21.1

2019-04-08
  • New upstream LTS release 6.17.0:
    • deps: OpenSSL has been upgraded to 1.0.2r. Under certain circumstances, a TLS server can be forced to respond differently to a client if a zero-byte record is received with an invalid padding compared to a zero-byte record with an invalid MAC. This can be used as the basis of a padding oracle attack to decrypt data.
      (CVE-2019-1559, bsc#1127080)
    • http:
      • Backport server.keepAliveTimeout to prevent keep-alive
      HTTP and HTTPS connections remaining open and inactive for an extended period of time, leading to a potential
      Denial of Service (DoS). (CVE-2019-5739, bsc#1127533)
      • Further prevention of "Slowloris" attacks on HTTP and HTTPS
      connections by consistently applying the receive timeout set by server.headersTimeout to connections in keep-alive mode. (CVE-2019-5737, bsc#1127532)
OpenSUSE icon

OpenSUSE Tumbleweed oss: Version 6.17.0-1.1 removed

2019-03-15
OpenSUSE icon

OpenSUSE Tumbleweed oss: Updated from 6.16.0-1.5 to 6.17.0-1.1

2019-03-10
  • New upstream LTS release 6.17.0:
    • deps: OpenSSL has been upgraded to 1.0.2r. Under certain circumstances, a TLS server can be forced to respond differently to a client if a zero-byte record is received with an invalid padding compared to a zero-byte record with an invalid MAC. This can be used as the basis of a padding oracle attack to decrypt data.
      (CVE-2019-1559, bsc#1127080)
    • http:
      • Backport server.keepAliveTimeout to prevent keep-alive
      HTTP and HTTPS connections remaining open and inactive for an extended period of time, leading to a potential
      Denial of Service (DoS). (CVE-2019-5739, bsc#1127533)
      • Further prevention of "Slowloris" attacks on HTTP and HTTPS
      connections by consistently applying the receive timeout set by server.headersTimeout to connections in keep-alive mode. (CVE-2019-5737, bsc#1127532)
OpenSUSE icon

OpenSUSE Leap 42.3 update/oss: Updated from 6.14.4-15.1 to 6.16.0-18.1

2019-02-22
  • Update upstream LTS release 6.16.0:
    • cli: add --max-http-header-size flag
    • http: add maxHeaderSize property
  • Changes in LTS release 6.15.0:
    • debugger: prevent the debugger from listening on 0.0.0.0. It now defaults to 127.0.0.1. (CVE-2018-12120, bsc#1117625)
    • deps: Upgrade to OpenSSL 1.0.2q, fixing
      CVE-2018-0734 (bsc#1113652) and CVE-2018-5407 (bsc#1113534)
    • http:
      • Headers received by HTTP servers must not exceed 8192 bytes
      in total to prevent possible Denial of Service attacks.
      (CVE-2018-12121, bsc#1117626)
      • A timeout of 40 seconds now applies to servers receiving
      HTTP headers. This value can be adjusted with
      server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with
      server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. (CVE-2018-12122, bsc#1117627)
      • Two-byte characters are now strictly disallowed for the path
      option in HTTP client requests. Paths containing characters outside of the range \u0021 - \u00ff will now be rejected with a TypeError. This behavior can be reverted if necessary by supplying the --security-revert=CVE-2018-12116 command line argument (this is not recommended).
      (CVE-2018-12116, bsc#1117630)
    • util: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol. (CVE-2018-12123, bsc#1117629)
  • skip_test_on_lowmem.patch: skip test on low-memory build machine
OpenSUSE icon

OpenSUSE Tumbleweed oss: Updated from 6.16.0-1.4 to 6.16.0-1.5

2019-02-15
  • Update upstream LTS release 6.16.0:
    • cli: add --max-http-header-size flag
    • http: add maxHeaderSize property
  • Changes in LTS release 6.15.0:
    • debugger: prevent the debugger from listening on 0.0.0.0. It now defaults to 127.0.0.1. (CVE-2018-12120, bsc#1117625)
    • deps: Upgrade to OpenSSL 1.0.2q, fixing
      CVE-2018-0734 (bsc#1113652) and CVE-2018-5407 (bsc#1113534)
    • http:
      • Headers received by HTTP servers must not exceed 8192 bytes
      in total to prevent possible Denial of Service attacks.
      (CVE-2018-12121, bsc#1117626)
      • A timeout of 40 seconds now applies to servers receiving
      HTTP headers. This value can be adjusted with
      server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with
      server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. (CVE-2018-12122, bsc#1117627)
      • Two-byte characters are now strictly disallowed for the path
      option in HTTP client requests. Paths containing characters outside of the range \u0021 - \u00ff will now be rejected with a TypeError. This behavior can be reverted if necessary by supplying the --security-revert=CVE-2018-12116 command line argument (this is not recommended).
      (CVE-2018-12116, bsc#1117630)
    • util: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol. (CVE-2018-12123, bsc#1117629)
  • skip_test_on_lowmem.patch: skip test on low-memory build machine
OpenSUSE icon

OpenSUSE Tumbleweed oss: Updated from 6.16.0-1.3 to 6.16.0-1.4

2019-02-05
  • Update upstream LTS release 6.16.0:
    • cli: add --max-http-header-size flag
    • http: add maxHeaderSize property
  • Changes in LTS release 6.15.0:
    • debugger: prevent the debugger from listening on 0.0.0.0. It now defaults to 127.0.0.1. (CVE-2018-12120, bsc#1117625)
    • deps: Upgrade to OpenSSL 1.0.2q, fixing
      CVE-2018-0734 (bsc#1113652) and CVE-2018-5407 (bsc#1113534)
    • http:
      • Headers received by HTTP servers must not exceed 8192 bytes
      in total to prevent possible Denial of Service attacks.
      (CVE-2018-12121, bsc#1117626)
      • A timeout of 40 seconds now applies to servers receiving
      HTTP headers. This value can be adjusted with
      server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with
      server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. (CVE-2018-12122, bsc#1117627)
      • Two-byte characters are now strictly disallowed for the path
      option in HTTP client requests. Paths containing characters outside of the range \u0021 - \u00ff will now be rejected with a TypeError. This behavior can be reverted if necessary by supplying the --security-revert=CVE-2018-12116 command line argument (this is not recommended).
      (CVE-2018-12116, bsc#1117630)
    • util: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol. (CVE-2018-12123, bsc#1117629)
  • skip_test_on_lowmem.patch: skip test on low-memory build machine
OpenSUSE icon

OpenSUSE Tumbleweed oss: Updated from 6.16.0-1.1 to 6.16.0-1.3

2019-02-03
  • Update upstream LTS release 6.16.0:
    • cli: add --max-http-header-size flag
    • http: add maxHeaderSize property
  • Changes in LTS release 6.15.0:
    • debugger: prevent the debugger from listening on 0.0.0.0. It now defaults to 127.0.0.1. (CVE-2018-12120, bsc#1117625)
    • deps: Upgrade to OpenSSL 1.0.2q, fixing
      CVE-2018-0734 (bsc#1113652) and CVE-2018-5407 (bsc#1113534)
    • http:
      • Headers received by HTTP servers must not exceed 8192 bytes
      in total to prevent possible Denial of Service attacks.
      (CVE-2018-12121, bsc#1117626)
      • A timeout of 40 seconds now applies to servers receiving
      HTTP headers. This value can be adjusted with
      server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with
      server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. (CVE-2018-12122, bsc#1117627)
      • Two-byte characters are now strictly disallowed for the path
      option in HTTP client requests. Paths containing characters outside of the range \u0021 - \u00ff will now be rejected with a TypeError. This behavior can be reverted if necessary by supplying the --security-revert=CVE-2018-12116 command line argument (this is not recommended).
      (CVE-2018-12116, bsc#1117630)
    • util: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol. (CVE-2018-12123, bsc#1117629)
  • skip_test_on_lowmem.patch: skip test on low-memory build machine
OpenSUSE icon

OpenSUSE Tumbleweed oss: Version 6.16.0-1.1 reintroduced

2019-01-23
  • Update upstream LTS release 6.16.0:
    • cli: add --max-http-header-size flag
    • http: add maxHeaderSize property
  • Changes in LTS release 6.15.0:
    • debugger: prevent the debugger from listening on 0.0.0.0. It now defaults to 127.0.0.1. (CVE-2018-12120, bsc#1117625)
    • deps: Upgrade to OpenSSL 1.0.2q, fixing
      CVE-2018-0734 (bsc#1113652) and CVE-2018-5407 (bsc#1113534)
    • http:
      • Headers received by HTTP servers must not exceed 8192 bytes
      in total to prevent possible Denial of Service attacks.
      (CVE-2018-12121, bsc#1117626)
      • A timeout of 40 seconds now applies to servers receiving
      HTTP headers. This value can be adjusted with
      server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with
      server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. (CVE-2018-12122, bsc#1117627)
      • Two-byte characters are now strictly disallowed for the path
      option in HTTP client requests. Paths containing characters outside of the range \u0021 - \u00ff will now be rejected with a TypeError. This behavior can be reverted if necessary by supplying the --security-revert=CVE-2018-12116 command line argument (this is not recommended).
      (CVE-2018-12116, bsc#1117630)
    • util: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol. (CVE-2018-12123, bsc#1117629)
  • skip_test_on_lowmem.patch: skip test on low-memory build machine
OpenSUSE icon

OpenSUSE Leap 42.3 update/oss: Updated from 6.14.3-12.1 to 6.14.4-15.1

2019-01-21
  • New upstream LTS release 6.14.4:
    • buffer: Fix out-of-bounds (OOB) write in Buffer.write() for UCS-2 encoding (CVE-2018-12115, bsc#1105019)
    • deps: Upgrade to OpenSSL 1.0.2p, fixing:
      • Client DoS due to large DH parameter
      (CVE-2018-0732, bsc#1097158)
      • ECDSA key extraction via local side-channel
OpenSUSE icon

OpenSUSE Leap 42.3 update/oss: Updated from 6.14.1-9.2 to 6.14.3-12.1

2019-01-21
  • New upstream LTS release 6.14.3:
    • buffer: Fixes Denial of Service vulnerability where calling Buffer.fill() could hang (CVE-2018-7167, bsc#1097375)
OpenSUSE icon

OpenSUSE Leap 42.3 update/oss: Updated from 6.12.2-6.1 to 6.14.1-9.2

2019-01-21
  • Fix some node-gyp permissions
OpenSUSE icon

OpenSUSE Leap 42.3 update/oss: Updated from 6.11.1-3.1 to 6.12.2-6.1

2019-01-21
  • Dropped 8334.diff - no longer needed
OpenSUSE icon

OpenSUSE Leap 42.3 update/oss: Version 6.11.1-3.1 introduced

2019-01-21
  • Fix update-alternative handling in %postun - don't remove links on upgrades.
OpenSUSE icon

OpenSUSE Leap 42.3 oss: Version 6.9.5-1.2 introduced

2019-01-17
OpenSUSE icon

OpenSUSE Tumbleweed oss: Version 6.16.0-1.1 removed

2019-01-17
OpenSUSE icon

OpenSUSE Tumbleweed oss: Version 6.16.0-1.1 introduced

2019-01-17
  • Update upstream LTS release 6.16.0:
    • cli: add --max-http-header-size flag
    • http: add maxHeaderSize property
  • Changes in LTS release 6.15.0:
    • debugger: prevent the debugger from listening on 0.0.0.0. It now defaults to 127.0.0.1. (CVE-2018-12120, bsc#1117625)
    • deps: Upgrade to OpenSSL 1.0.2q, fixing
      CVE-2018-0734 (bsc#1113652) and CVE-2018-5407 (bsc#1113534)
    • http:
      • Headers received by HTTP servers must not exceed 8192 bytes
      in total to prevent possible Denial of Service attacks.
      (CVE-2018-12121, bsc#1117626)
      • A timeout of 40 seconds now applies to servers receiving
      HTTP headers. This value can be adjusted with
      server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with
      server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. (CVE-2018-12122, bsc#1117627)
      • Two-byte characters are now strictly disallowed for the path
      option in HTTP client requests. Paths containing characters outside of the range \u0021 - \u00ff will now be rejected with a TypeError. This behavior can be reverted if necessary by supplying the --security-revert=CVE-2018-12116 command line argument (this is not recommended).
      (CVE-2018-12116, bsc#1117630)
    • util: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol. (CVE-2018-12123, bsc#1117629)
  • skip_test_on_lowmem.patch: skip test on low-memory build machine
⇧ Top