what stackpulse tracks
npm releases from GitHub
StackPulse watches npm release notes and keeps the original source link close to every summary.
#stacks/npm/tooling
npm release notes, breaking changes, and upgrade notes.
The package manager for JavaScript StackPulse turns upstream changelogs into scannable summaries with risky changes, deprecations, migration notes, and source links.
releases
10
breaking
5
security
1
deprecated
0
migrations
1
upgrade risk
Breaking changes and deprecations
Risky changes are separated from normal feature notes so you can scan upgrade impact before changing production dependencies.
migration notes
Source-backed next steps
Migration steps and recommended actions are only shown when the upstream release notes support them.
# latest_releases
source-backedlibnpmversion-v9.0.0-pre.1criticalbreakingfeatureprereleaseJun 19, 2026
libnpmversion: v9.0.0-pre.1
This pre-release introduces new Node.js engine requirements and updates dependencies, marking breaking changes for users on unsupported Node versions.
affected
Users with Node.js versions below 22.22.2, between 24.15.0 and 26.0.0, or older than 24.15.0 are affected.
action
Upgrade Node.js to a supported version before using this version of npm.
release_signals
-npm now requires Node.js versions ^22.22.2, ^24.15.0, or >=26.0.0, breaking compatibility with older versions
+Bumps Node.js engine range support to require node ^22.22.2, ^24.15.0, or >=26.0.0
libnpmteam-v9.0.0-pre.0criticalbreakingfeatureprereleaseJun 19, 2026
libnpmteam: v9.0.0-pre.0
This prerelease version of libnpmteam introduces breaking changes by updating the supported Node.js engine range and includes dependency updates.
affected
Users running Node.js versions outside the new supported range will need to upgrade.
action
Upgrade Node.js to a supported version if necessary.
release_signals
-`npm` now supports Node.js `^22.22.2 || ^24.15.0 || >=26.0.0`, which may require users to upgrade their Node.js version.
+Bump to new Node.js engine range: `^22.22.2 || ^24.15.0 || >=26.0.0`
libnpmsearch-v10.0.0-pre.0criticalbreakingprereleaseJun 19, 2026
libnpmsearch: v10.0.0-pre.0
This prerelease version updates the Node.js engine requirements and bumps dependencies. The main change is the new Node.js version support range.
affected
Users running Node.js versions outside the new engine range (^22.22.2 || ^24.15.0 || >=26.0.0) will be affected.
action
Update Node.js to a supported version before upgrading to this release.
release_signals
-Supports Node.js versions ^22.22.2 || ^24.15.0 || >=26.0.0
libnpmpublish-v12.0.0-pre.0highbreakingfeatureprereleaseJun 19, 2026
libnpmpublish: v12.0.0-pre.0
This pre-release includes breaking changes to Node.js engine support and default access behavior, introduces packageExtensions for dependency manifest repairs and native dependency patching, and updates multiple dependencies.
affected
Users with Node.js versions outside the new supported range will need to upgrade, and callers that relied on default public access must now explicitly specify access.
action
Check Node.js version compatibility and explicitly pass access: 'public' if needed when publishing packages.
release_signals
-Support for Node.js versions narrowed to ^22.22.2 || ^24.15.0 || >=26.0.0
-opts.access now defaults to null instead of 'public', requiring explicit passing of access: 'public'
+packageExtensions for root-owned dependency manifest repairs
+native dependency patching (npm patch add/commit/update/ls/rm)
+bump to new node engine range
v12.0.0-pre.1highbreakingmigrationfeaturesecurityprereleaseJun 19, 2026
v12.0.0-pre.1
This prerelease introduces breaking changes around security defaults and git protocol handling, alongside new features for dependency patching and script execution policies. The update also changes npm's default license behavior and requires explicit opt-in for git/remote dependencies.
affected
All users installing git dependencies or relying on permissive script execution policies need to review configurations due to new security defaults.
action
Review breaking changes, test with pre-release, and update configurations for git dependencies and script execution policies.
release_signals
-Preserved https protocol when working with git.
-Changed default license for npm init from ISC to empty string (omitted field).
-Updated node engine requirements to support node ^22.22.2 || ^24.15.0 || >=26.0.0.
-Changed allow-git and allow-remote defaults to "none" (previously allowed by default).
-Unknown configs in .npmrc, unknown CLI flags, and abbreviated flags now throw errors instead of warnings.
!Default-deny install scripts policy mitigates arbitrary script execution risks.
!Hardened inBundle security with allowScripts tooling.
!Blocked forbidden keys in Queryable setter to prevent prototype pollution.
!Default deny for git/remote dependencies reduces supply chain risks.
!Warns when min-release-age blocks an audit fix (security update validation).
+Added packageExtensions for root-owned dependency manifest repairs.
+Introduced native dependency patching with commands like npm patch add/commit/update/ls/rm.
+Added min-release-age-exclude config to bypass audit fix restrictions.
+Implemented default-deny install scripts policy with allowScripts opt-in.
+Added a global npmignore file feature.
migration_steps4 steps
- 01Explicitly set allow-git/allow-remote to "all" if you need git/remote dependencies.
- 02Update node version if using unsupported versions (<22.22.2, <24.15.0, or <26.0.0).
- 03Migrate from ISC license to preferred license or empty string for new packages.
- 04Opt-in to allowScripts if you require install scripts.