Log in

Home » Oreps » npm » All Releases » v11.17.0 Release

npm/cli

the package manager for JavaScript

2

Commit Activity

Directory Browser

Velocity History

Releasesv11.17.0

Basic Details Issues Addressed Top Contributors Directory Browser Release Notes

npm v11.17.0

npm: v11.17.0 Release

Release date:

June 11, 2026

Previous version:

v11.16.0 (released May 27, 2026)

Magnitude:

1,623 Diff Delta

Contributors:

5 total committers

Data confidence:

Commits:

29

29 Features Released with v11.17.0

Browse Other Releases

Latest Pending Unreleased 😎

v12.0.0-pre.0.0 Released May 20, 2026

v12.0.0-pre.0 Released May 20, 2026

v11.17.0 Released June 11, 2026

v11.16.0 Released May 27, 2026

v11.15.0 Released May 20, 2026

v11.14.1 Released May 8, 2026

v11.14.0 Released May 6, 2026

v11.13.0 Released April 22, 2026

v11.12.1 Released March 26, 2026

v11.12.0 Released March 18, 2026

Top Contributors in v11.17.0

github-actions[bot]

JamieMagee

owlstronaut

manzoorwanijk

reggi

Directory Browser for v11.17.0

We haven't yet finished calculating and confirming the files and directories changed in this release. Please check back soon.

Release Notes Published

11.17.0 (2026-06-11)

Features

ae8ac4e #9534 add min-release-age-exclude config (@JamieMagee, @caseyjhol)
8ff3e48 #9483 allowScripts tooling and inBundle hardening (#9483) (@github-actions[bot], @JamieMagee) ### Bug Fixes
847cdf8 #9541 match dotted and versioned args in approve-scripts/deny-scripts (@owlstronaut)
d99f7cb #9535 emit valid JSON from approve-scripts/deny-scripts --json (@owlstronaut)
351a309 #9499 pass script-shell to publish lifecycle hooks (#9499) (@github-actions[bot])
4fa81df #9497 recognize allowScripts for local link targets (#9497) (@github-actions[bot], @cyphercodes, @cyphercodes)
95cf2e9 #9489 validate registry path for allow-remote tarballs (@Abhinav-143x)
9dd219b #9462 respect allowScripts policy in prune, dedupe, uninstall, audit, and link (#9462) (@github-actions[bot], @JamieMagee)
cd8d18a #9482 list pending scripts in approve-scripts when ignore-scripts is set (#9482) (@github-actions[bot], @JamieMagee)
c14e87c #9481 suggest --allow-scripts for global installs in unreviewed-scripts warnings (#9481) (@github-actions[bot], @JamieMagee)
7ade52e #9465 invalid issue template YAML indentation (#9465) (@github-actions[bot], @fallintoplace)
c069622 #9464 show full parent command path in subcommand usage errors (#9464) (@owlstronaut)
1bb62bb #9454 config: clarify --all help so it's accurate for approve-scripts and deny-scripts (@JamieMagee)
84eeb5f #9431 audit: don't apply min-release-age before filter when verifying installed signatures (@JamieMagee)
3bd3377 #9426 block forbidden keys in Queryable setter to prevent prototype pollution (@12122J, @claude) ### Documentation
a86a7a9 #9522 approve-scripts only throws EGLOBAL when run with -g (@JamieMagee)
693bb3d #9508 clarify package.json override value specs (#9508) (@github-actions[bot], @ded-furby)
ccffe4a #9501 use the latest version for global update and outdated's wanted (#9501) (@github-actions[bot], @liangmiQwQ)
66e97c2 #9478 update minimum npm required for npm trust (@meeech) ### Dependencies
bd09b87 #9542 postcss-selector-parser@7.1.4
95bfc4c #9542 tinyglobby@0.2.17
8c0d5fd #9542 tar@7.5.16
967d377 #9542 semver@7.8.4
cdaac1b #9542 pacote@21.5.1
25c8a9e #9542 node-gyp@12.4.0 ### Chores
2922fa4 #9542 dev dependency updates (@owlstronaut)
workspace: @npmcli/arborist@9.8.0
workspace: @npmcli/config@10.11.0
workspace: libnpmdiff@8.1.10
workspace: libnpmexec@10.3.0
workspace: libnpmfund@7.0.24
workspace: libnpmpack@9.1.10