Published package manager release NPM 7.3 , included with Node.js and used to distribute JavaScript modules. The NPM repository serves over 1.3 million packages, which are used by about 12 million developers. About 75 billion downloads are recorded per month. To install NPM 7.3 without waiting for the new version of Node.js, you can run the command “npm i -g npm @ 7”.
NPM 7.3 adds the ability to install or retrieve multiple configuration parameters at once via the command “npm config “. For example, you can now use commands like “npm config get foo bar baz” and “npm config set [email protected] _auth = xxxx”.
In addition, the “npm rebuild” command now supports specifying file paths as an argument on the command line (for example, “npm rebuild ./node_modules/foo/”).
Additionally, you can note vulnerability ( CVE-2020-26274 ) in the npm package systeminformation with almost 800 thousand weekly downloads. This issue was fixed in release 4.31.1. The vulnerability was caused by incomplete validation of the string in the sanitizeShellString () function used when running shell commands. The problem allowed us to substitute our commands into the command line when performing the operation inetLatency> inetLatency> characters “”” in the hostname, which was passed without proper escaping as an argument when running the “ping” utility.