The developers worked hard on improvements of the security of npm and now we have the ability to block bad package downloads from npm Enterprise. It is a great achievement because it allows you to get compliance policies that are automatically switched by the tools that you use.
Of course, there are some things you need to take in mind:
- CLI’s older versions don’t break and they the ability to choose a version that suits your purposes and security policy.
- If your version of npm is 6.11.0 or newer, the new system can differentiate packages.
- Using unlimited namespaces, you can connect all your teams and projects to the collections of packages, allowing them to share and still manage your code.
We hope you will explore more of it here.
It also can be interesting fo you to find out more about Pika/Pack, a new approach to npm package building that can solve your problems. Read and use!