npm weekly #170: How to submit quality security reports, we’re hiring a Senior Security Engineer, and npm heads to Colombia in June!

Help sick kids by watching video games on Saturday, we’re serious! [View this email in your browser]( [npm loves you]( Writing quality vulnerability reports If you’ve ever considered using the “Report a vulnerability” button on npm package pages, [Adam {NAME} has written up some advice]( for you! [Image shows a screenshot of npmjs.com, with the “Report a vulnerability” button highlighted]( [Adam]( offers some some pointers on how to submit a high quality security report, such as making sure to include the specific details of the environment in which you experienced a vulnerability. [H]( to the blog to read the example report](. Recommended package: typed-install Created by David Brownman, [typed-install]( is a CLI utility that makes it easier to install TypeScript... you guessed it, types! It installs your packages and then checks which include types and which don’t, checks for types available on npm, then fetches those as well. Give it a try! npm will be at NodeConf Colombia this summer! The organizers at [NodeConf Colombia]( recently announced a few of the speakers for their 2019 event in Medellín and [Kat Marchán]( was on the list! Tickets are available for the June conference, so head to [colombia.nodeconf.com]( to get yours now. What we’re reading: For Node.js builds, `cache: npm` shortcut is available This was just [a quick update]( to the Travis CI changelog, but it’s an update we’re really excited about. Now you have a handy shortcut for caching your Node.js builds in Travis CI. Take a look at `cache:npm` and [read the full documentation]( for yourself. Cool stuff! We’re hiring [Senior Security Engineer]( who will work with the npm Security team to make the npm ecosystem a safer, more secure environment. We’re also looking for the right person to join the Marketing team as a [Growth Marketer](. Head to [npmjs.com/jobs]( and fill out your application right now. npm.community Corner 📣 In case you missed it, [npm.community]( has added new category: [#development](. The first topic of discussion in #development is [tink: State of the Unwinder]( in which the CLI team gives some insight into where things are heading with tink development. To find out more about the current state of tink or npm in general, head to [npm.community]( now. Open source JavaScript is taking over software development Over 97% of professional JavaScript developers now rely on open source code. Learn how large teams seamlessly combine proprietary code and OSS and automatically protect against security vulnerabilities. [Learn more about npm Enterprise »]( [Empower your team to collaborate more securely]( 1 in 4 developers don’t use code review or other security methods to evaluate their code. npm Orgs with automatic vulnerability scanning ensures best practices and secure collaboration. [Learn More]( Watch Brenna play video games this weekend to raise money for Seattle Children’s Hospital [Brenna Flood is playing video games for 24 hours on November 3rd to raise money for Seattle Children’s Hospital.]( This Saturday, November 3, [Brenna Flood]( will be streaming her video game play on Twitch for 24 hours straight, all in the name of raising money for sick kids in her local community. She'll be doing a speed run of [The Legend of Zelda: Link to the Past]( and possibly some other games. [Donate to Brenna’s Extra Life game play to help out!]( Copyright © 2018 npm, Inc., All rights reserved. You (or someone impersonating you) signed up for this email list on our site... but you can feel free to remove yourself at any time. Our mailing address is: npm, Inc. 1999 Harrison St. Ste 1150Oakland, CA 94612 [Add us to your address book]( [unsubscribe from this list]( [update subscription preferences]( [Share]( [Tweet]( [Forward]( [Share](