npm version 9.9.0 introduces several dependency updates and a few key changes for developers. The most notable updates are in the dependencies section, including sigstore (bumped from 1.7.0 to 1.9.0), @npmcli/config (upgraded from 6.2.1 to 6.4.0), libnpmdiff (from 5.0.19 to 5.0.20), libnpmexec (from 6.0.3 to 6.0.4), libnpmfund (from 4.0.19 to 4.2.1), and @npmcli/arborist (6.3.0 to 6.5.0). These updates likely include bug fixes, performance improvements, and potentially new features within those respective libraries. Another important update is npm-install-checks (6.1.1 to 6.2.0) suggesting improvements to npm's installation process, potentially including enhanced error handling or better compatibility checks.
Furthermore, there appears to be a new dependency in 9.9.0, spdx-expression-parse":"^3.0.1", which might indicate increased focus on support for SPDX license expressions when dealing with packages. The devDependencies see fewer changes, but @npmcli/template-oss moves from version 4.18.0 to 4.19.0, and ajv is introduced at version 8.12.0 with the same dependencies (ajv-formats and ajv-formats-draft2019). The number of files included in the package increased from 2264 to 2285 and the unpacked size grew from 11100170 to 11223223, which isn't necessarily a negative as it can show the inclusion of new features and better dependency management. Developers should review these updated dependencies to ensure compatibility with their projects and take advantage of any new features or improvements. The bump also indicates a consistent attempt to keep the package secure and up-to-date with the most recent dependency versions.
The are not vulnerabilities for the version 9.9.0 of the package npm
