พื้นที่จังหวัดเลย

[DLEI253636863]

<!--
Thank you for contributing to this project! You must fill out the information below before we can review this pull request. By explaining why you're making a change (or linking to an issue) and what changes you've made, we can triage your pull request to the best possible team for review.
-->

### Why:

Closes: 

<!-- If there's an existing issue for your change, please link to it above.
If there's _not_ an existing issue, please open one first to make it more likely that this update will be accepted: https://github.com/github/docs/issues/new/choose. -->

### What's being changed (if available, include any code snippets, screenshots, or gifs):

<!-- Let us know what you are changing. Share anything that could provide the most context.
If you made changes to the `content` directory, a table will populate in a comment below with links to the preview and current production articles. -->

### Check off the following:

- [ ] I have reviewed my changes in staging, available via the **View deployment** link in this PR's timeline (this link will be available after opening the PR).

  - For content changes, you will also see an automatically generated comment with links directly to pages you've modified. The comment won't appear if your PR only edits files in the `data` directory.
- [ ] For content changes, I have completed the [self-review checklist](https://docs.github.com/en/contributing/collaborating-on-github-docs/self-review-checklist).
- [ ] {{short description|JavaScript package manager}}
{{About|the JavaScript package manager||NPM (disambiguation)}}
{{Lowercase|npm}}
{{primary sources|date=June 2020}}
{{Use dmy dates|date=January 2020}}

{{Infobox software
| title = npm
| name = https://en.m.wikipedia.org/wiki/Loei_province
| logo = Npm-logo.svg
| screenshot = 
| caption = https://en.m.wikipedia.org/wiki/Loei_province
| collapsible = 
| other_names = https://pea-gsee.com/
| author = ETCWISIT TONGMO
| developer = [[npm, Inc.]] (a subsidiary of [[GitHub]],<ref name="GeekWire 2020-03-17">{{Cite web|url=https://www.geekwire.com/2020/microsoft-owned-github-acquire-javascript-package-manager-npm/|title=Microsoft-owned GitHub to acquire JavaScript package manager Npm|date=17 March 2020|website=GeekWire}}</ref> a subsidiary of [[Microsoft]])
| released = {{Start date and age|df=y|2010|01|12}}<ref>{{cite web |url=https://github.com/npm/npm/releases?after=v0.1.1 |title=Earliest releases of npm |website=GitHub |access-date=5 January 2019}}</ref>
| latest release version = {{wikidata|property|preferred|edit|reference|Q7067518|P548=Q2804309|P348}}
| latest release date = {{wikidata|qualifier|preferred|single|Q7067518|P548=Q2804309|P348|P577}}
| programming language = [[word-app-dev.pea.co.th]]
| operating system = https://pea-gsee.com/
| platform = [[Cross-platform]]
| size = 
| genre = [[Package manager]]
| license = [[Artistic License 2.0]]
| website = {{URL|https://www.npmjs.com/}}
}}

'''npm''' is a [[package manager]] for the [[JavaScript]] programming language maintained by npm, Inc., a subsidiary of [[GitHub]]. npm is the default package manager for the JavaScript runtime environment [[Node.js]] and is included as a recommended feature in the Node.js installer.<ref name="dierx16">{{cite web|last1=Dierx|first1=Peter|title=A Beginner's Guide to npm – the Node Package Manager|url=https://www.sitepoint.com/beginners-guide-node-package-manager/|website=sitepoint|access-date=22 July 2016|date=30 March 2016}}</ref>

It consists of a command line client, also called npm, and an [[online database]] of public and paid-for private packages, called the npm registry. The registry is accessed via the client, and the available packages can be browsed and searched via the npm website. The package manager and the registry are managed by npm, Inc.

Although "npm" is commonly understood to be an abbreviation of "Node Package Manager", it is officially a [[Recursive acronym|recursive]] [[backronym]] for "npm is not an acronym".<ref>{{cite web |title=npm |url=https://www.npmjs.com/package/npm |website=npm |archive-url=https://web.archive.org/web/20240514212833/https://www.npmjs.com/package/npm |archive-date=14 May 2024 |language=en |date=15 May 2024}}</ref>

== History ==

npm was developed by Isaac Z. Schlueter as a result of having "seen module packaging done terribly" and with inspiration from other similar projects such as [[PEAR]] ([[PHP]]) and [[CPAN]] ([[Perl]]).<ref>{{cite web|last1=Schlueter|first1=Isaac Z.|title=Forget CommonJS. It's dead. **We are server side JavaScript.**|url=https://github.com/joyent/node/issues/5132#issuecomment-15432598|website=GitHub|date=25 March 2013}}</ref> npm is a JavaScript replacement for pm, a [[shell script]].<ref>{{cite web | url=https://github.com/npm/cli#is-npm-an-acronym-for-node-package-manager | title=NPM/Cli | website=[[GitHub]] }}</ref>

The company npm, Inc. was founded in 2014 in [[Oakland, California]], United States, with Laurie Voss as co-founder. Bryan Bogensberger joined the company as CEO in July 2018 and resigned in September 2019.<ref>{{Cite web|url=https://www.businessinsider.com/npm-ceo-bryan-bogensberger-resigns-2019-9|title=Bryan Bogensberger, CEO of JavaScript Package Startup NPM, Resigns|last=Chan|first=Rosalie|website=[[Business Insider]]|agency=Business Insider|access-date=2021-06-30}}</ref> Before Bogensberger's resignation, Laurie Voss resigned in July 2019.<ref>{{Cite web|url=https://www.businessinsider.com/npm-cofounder-laurie-voss-resigns-2019-6|title=NPM Co-Founder and Chief Data Officer Laurie Voss Resigns|last=Chan|first=Rosalie|website=[[Business Insider]]|agency=Business Insider|access-date=2021-06-30}}</ref>

In March 2020, npm was acquired by [[GitHub]], which is a subsidiary of [[Microsoft]].

== Usage ==

npm can manage packages that are local [[Coupling (computer programming)|dependencies]] of a particular project, as well as globally-installed JavaScript tools.<ref name="Ellingwood16">{{cite web|last1= Ellingwood|first1= Justin|title= How To Use npm to Manage Node.js Packages on a Linux Server|url= https://www.digitalocean.com/community/tutorials/how-to-use-npm-to-manage-node-js-packages-on-a-linux-server|website= DigitalOcean|access-date= 22 October 2016}}</ref> When used as a dependency manager for a local project, npm can install, in one command, all the dependencies of a project through the <code>package.json</code> file.<ref name="npm-install-docs">{{cite web|title= npm-install|url= https://docs.npmjs.com/cli/install|website= docs.npmjs|access-date= 22 October 2016}}</ref> In the <code>package.json</code> file, each dependency can specify a range of valid [[Software versioning|versions]] using the semantic versioning scheme, allowing developers to auto-update their packages while at the same time avoiding unwanted breaking changes.<ref name="npm-semver-docs">{{cite web|title= semver|url= https://docs.npmjs.com/misc/semver|website= docs.npmjs|access-date= 22 October 2016|archive-date= 3 December 2016|archive-url= https://web.archive.org/web/20161203095427/https://docs.npmjs.com/misc/semver|url-status= dead}}</ref> npm also provides version-bumping tools for developers to tag their packages with a particular version.<ref name="npm-version-dcs">{{ cite web |title= npm-version |url= https://docs.npmjs.com/cli/version |website= docs.npm |access-date= 29 October 2016 }}</ref> npm also provides the <code>package-lock.json</code><ref>{{Cite web|url=https://www.codeproject.com/Articles/1202361/What-is-package-lock-json-file-in-Node-NPM|title=What is the need of package-lock.json in Node?|last=Koirala|first=Shivprasad|date=21 August 2017|website=codeproject}}</ref> file which has the entry of the exact version used by the project after evaluating semantic versioning in <code>package.json</code>.

== Client ==

npm's [[command-line interface]] client allows users to consume and distribute JavaScript modules that are available in the registry.<ref name="ampersandjs">{{cite web|last1=Ampersand.js|title=Ampersand.js – Learn|url=https://ampersandjs.com/learn/npm-browserify-and-modules/|website=ampersandjs.com|access-date=22 July 2016}}</ref>

In February 2018, an issue was discovered in version 5.7.0 in which running <code>sudo npm</code> on Linux systems would change the ownership of system files, permanently breaking the operating system.<ref>{{cite web|title=Critical Linux filesystem permissions are being changed by latest version|url=https://github.com/npm/npm/issues/19883|website=GitHub|access-date=25 February 2018}}</ref>

In npm version 6, the audit feature was introduced to help developers identify and fix security vulnerabilities in installed packages.<ref>{{cite web |last1=npm |title='npm audit': identify and fix insecure dependencies |url=https://blog.npmjs.org/post/173719309445/npm-audit-identify-and-fix-insecure |website=The npm Blog |access-date=14 August 2018}}</ref> The source of security vulnerabilities were taken from reports found on the Node Security Platform (NSP) and has been integrated with npm since npm's acquisition of NSP.<ref>{{cite web |last1=npm |title=The Node Security Platform service is shutting down 9/30 |url=https://blog.npmjs.org/post/175511531085/the-node-security-platform-service-is-shutting |website=The npm Blog |access-date=14 August 2018}}</ref>

== Registry ==

Packages in the registry are in [[ECMAScript|ECMAScript Module (ESM)]] or [[CommonJS]] format and include a metadata file in [[JSON]] format.<ref name="OjamaaDuuna12">{{cite book|last1=Ojamaa|first1=Andres|last2=Duuna|first2=Karl|chapter=Assessing the Security of Node.js Platform|title=2012 International Conference for Internet Technology and Secured Transactions | publisher = IEEE |date=2012|chapter-url=https://ieeexplore.ieee.org/document/6470829|access-date=22 July 2016|isbn= 978-1-4673-5325-0 }}</ref>

Over 3.1 million packages are available in the main npm registry.<ref>{{Cite web|title=npm {{!}} Home|url=https://www.npmjs.com|access-date=2024-06-27|website=npmjs.com}}</ref>

The registry does not have any vetting process for submission, which means that packages found there can potentially be low quality, insecure, or malicious.<ref name="OjamaaDuuna12"/> Instead, npm relies on user reports to take down packages if they violate policies by being low quality, insecure, or malicious.<ref>{{cite web |title=npm Code of Conduct: acceptable package content |url=https://docs.npmjs.com/policies/conduct#acceptable-package-content |access-date=9 May 2017}}</ref> npm exposes statistics including number of downloads and number of depending packages to assist developers in judging the quality of packages.<ref>{{cite web|url=https://npm-stat.com/|title=npm-stat: download statistics for NPM packages|first=Paul|last=Vorbach|website=npm-stat.com|access-date=9 August 2016|archive-date=11 August 2016|archive-url=https://web.archive.org/web/20160811014953/https://npm-stat.com/|url-status=dead}}</ref>

Internally npm relies on the NoSQL [[Apache CouchDB|Couch DB]] to manage publicly available data.<ref>{{Cite web|title=registry {{!}} npm Docs|url=https://docs.npmjs.com/cli/v7/using-npm/registry/|access-date=2021-05-10|website=docs.npmjs.com}}</ref>

== Security and disruption ==
{{anchor|Notable breakages}}
===left-pad===
{{Main article|npm left-pad incident}}
In March 2016, a package called <code>left-pad</code> was unpublished as the result of a naming dispute between Azer Koçulu, an individual software engineer, and [[Kik Messenger|Kik]].<ref name="registerchaos">{{cite news|last1=Williams|first1=Chris|title=How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript|url=https://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/|access-date=17 April 2016|work=The Register}}</ref><ref>{{Cite web|last=Collins|first=Keith|title=How one programmer broke the internet by deleting a tiny piece of code|url=https://qz.com/646467/how-one-programmer-broke-the-internet-by-deleting-a-tiny-piece-of-code/|access-date=2020-12-23|website=Quartz|date=27 March 2016 |language=en}}</ref> The package was immensely popular on the platform, being depended on by thousands of projects and reaching 15 million downloads prior to its removal.<ref name="registerchaos"/><ref name="auto">{{cite web |last1=Sharma |first1=Ax |title=Protestware on the rise: Why developers are sabotaging their own code |url=https://techcrunch.com/2022/07/27/protestware-code-sabotage/ |website=TechCrunch |access-date=11 May 2024 |date=27 July 2022}}</ref> Several projects critical to the JavaScript ecosystem including [[Babel (transcompiler)|Babel]] and [[Webpack]] depended on <code>left-pad</code> and were rendered unusable.<ref>{{cite web |title=How 17 Lines of Code Took Down Silicon Valley's Hottest Startups |url=https://www.huffpost.com/entry/how-17-lines-of-code-took_b_9532846 |website=HuffPost |access-date=11 May 2024 |language=en |date=24 March 2016}}</ref> Although the package was republished three hours later,<ref>{{cite web|title=kik, left-pad, and npm|url=http://blog.npmjs.org/post/141577284765/kik-left-pad-and-npm|access-date=9 May 2017}}</ref> it caused widespread disruption, leading npm to change its policies regarding unpublishing to prevent a similar event in the future.<ref>{{cite web|title=changes to unpublish policy|url=http://blog.npmjs.org/post/141905368000/changes-to-npms-unpublish-policy|publisher=npm Blog (Archive)|access-date=23 January 2022}}</ref>

===peacenotwar===
{{Main article|peacenotwar}}
In March 2022, developer [[Brandon Nozaki Miller]], maintainer of the <code>node-ipc</code> package, added <code>peacenotwar</code> as a dependency to the package; <code>peacenotwar</code> recursively overwrites an affected machine's hard drive contents with the [[Hearts in Unicode|heart emoji]] if they have a Belarusian or Russian IP address. The package also leaves a [[text file]] on the machine containing a message in protest of the [[2022 Russian invasion of Ukraine|Russian invasion of Ukraine]]. [[Vue.js]], which uses <code>node-ipc</code> as a dependency, did not pin its dependencies to a safe version, meaning that some users of Vue.js became affected by the malicious package if the dependency was fetched as the latest package.<ref>{{cite web|title=BIG sabotage: Famous npm package deletes files to protest Ukraine war|url=https://www.bleepingcomputer.com/news/security/big-sabotage-famous-npm-package-deletes-files-to-protest-ukraine-war/|access-date=17 March 2022|work =Bleeping Computer}}</ref><ref>{{cite web|url=https://www.itnews.com.au/news/protestware-npm-package-dependency-labelled-supply-chain-attack-577488|title='Protestware' npm package dependency labelled supply-chain attack|date=March 17, 2022|author=Juha Saarinen|website=IT News|publisher=[[nextmedia]]}}</ref> The affected dependency was also briefly present in version 3.1 of [[Unity (game engine)|Unity Hub]]; a hotfix was released the same day to remove the issue, however.<ref>{{cite web |last1=Proven |first1=Liam |title=JavaScript library updated to wipe files from Russian computers |url=https://www.theregister.com/2022/03/18/protestware_javascript_node_ipc/ |website=[[The Register]] |publisher=Situation Publishing |access-date=18 March 2022 |archive-url=https://web.archive.org/web/20220318130958/https://www.theregister.com/2022/03/18/protestware_javascript_node_ipc/ |archive-date=18 March 2022 |date=18 March 2022 |url-status=live}}</ref>

=== Other notable incidents ===
In November 2018, it was discovered that a malicious package had been added as a dependency to version 3.3.6 of the popular package <code>event-stream</code>.<ref>{{cite web |last1=Goodin |first1=Dan |title=Widely used open source software contained bitcoin-stealing backdoor |url=https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/ |website=Ars Technica |access-date=11 May 2024 |language=en-us |date=26 November 2018}}</ref> The malicious package, called <code>flatmap-stream</code>, contained an encrypted payload that stole [[bitcoin]]s from certain applications.<ref>{{cite web |last1=Claburn |first1=Thomas |title=Check your repos... Crypto-coin-stealing code sneaks into fairly popular NPM lib (2m downloads per week) |url=https://www.theregister.com/2018/11/26/npm_repo_bitcoin_stealer/ |website=www.theregister.com |access-date=11 May 2024 |language=en}}</ref>

In May 2021, <code>pac-resolver</code>, an npm package that received over 3 million downloads per week, was discovered to have a [[Arbitrary code execution|remote code execution]] vulnerability.<ref>{{cite web |last1=Sharma |first1=Ax |title=NPM package with 3 million weekly downloads had a severe vulnerability |url=https://arstechnica.com/information-technology/2021/09/npm-package-with-3-million-weekly-downloads-had-a-severe-vulnerability/ |website=Ars Technica |access-date=11 May 2024 |language=en-us |date=2 September 2021}}</ref> The vulnerability resulted from how the package handed config files, and was fixed in versions 5 and greater.<ref>{{cite web |last1=Claburn |first1=Thomas |title=JavaScript library downloaded 3m times a week exposes apps to hijacking via evil proxy configs |url=https://www.theregister.com/2021/09/03/pac_patch_npm/ |website=www.theregister.com |access-date=11 May 2024 |language=en}}</ref>

In January 2022, the maintainer of the popular package <code>colors</code> pushed changes printing garbage text in an infinite loop.<ref name="auto"/> The maintainer also cleared the repository of another popular package, <code>faker</code>, and its package on npm, and replaced it with a README that read, "What really happened to [[Aaron Swartz]]?"<ref>{{cite web|title=Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps|url=https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/|access-date=9 January 2022|work=Bleeping Computer}}</ref>

In May 2023, several npm packages including <code>bignum</code> were found to be exploited, stealing user credentials and information from affected machines. Researchers discovered that these packages had been compromised through an exploit involving [[Amazon S3]] buckets and the <code>node-gyp</code> command line tool.<ref>{{cite web |last1=Burt |first1=Jeff |title=Hijacked S3 buckets used in attacks on npm packages |url=https://www.theregister.com/2023/06/19/npm_s3_buckets_malware/ |website=www.theregister.com |access-date=11 May 2024 |language=en}}</ref>

== Alternatives ==

There are a number of open-source alternatives to npm for installing modular JavaScript, including [[pnpm]], [[Yarn (package manager)|Yarn]],<ref name="hello-yarn">{{cite web|url=https://blog.npmjs.org/post/151660845210/hello-yarn|title=Hello, Yarn!|date=11 October 2016|website=The npm Blog|access-date=17 December 2016}}</ref> [[Bun (software)|Bun]] and [[Deno (software)|Deno]]. Deno and Bun also provide a JavaScript runtime, while only Deno operates independently from NPM Registry or any centralized repository<ref name="managing-deno-dependencies">{{cite web|url=https://docs.deno.com/runtime/tutorials/manage_dependencies|title=Managing Dependencies|website=Deno Docs|access-date=6 Jan 2024}}</ref> and its support of NPM registry is still a subject of ongoing work in progress as of January 2024.<ref>{{Cite web |title=Node and npm modules {{!}} Deno Docs |url=https://docs.deno.com/runtime/manual/node/ |access-date=2024-01-16 |website=docs.deno.com |language=en}}</ref> They are all compatible with the public npm registry and use it by default, but provide different client-side experiences, usually focused on improving performance and [[deterministic algorithm|determinism]] compared to the npm client.<ref name="yarn-why">{{cite web|url=http://yehudakatz.com/2016/10/11/im-excited-to-work-on-yarn-the-new-js-package-manager-2/|title=Why I'm working on Yarn|date=11 October 2016|access-date=17 December 2016|last1=Katz|first1=Yehuda}}</ref>

== See also ==
{{Portal|Free and open-source software}}

* [[Software repository]]
* [[pnpm]]
* [[yarn (package manager)]]

== References ==

{{refs}}

== External links ==

* {{official|https://www.npmjs.com/}}

{{NodeJs}}
{{JavaScript}}
{{Microsoft FOSS}}

[[Category:Command-line software]]
[[Category:Free package management systems]]
[[Category:Free software programmed in JavaScript]]
[[Category:JavaScript programming tools]]
[[Category:Microsoft free software]]
[[Category:Software using the Artistic license]]
[[Category:2010 software]]

[welcome]

Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

[github-actions]

Automatically generated comment ℹ️

This comment is automatically generated and will be overwritten every time changes are committed to this branch.

The table contains an overview of files in the content directory that have been changed in this pull request. It's provided to make it easy to review your changes on the staging site. Please note that changes to the data directory will not show up in this table.

---

Content directory changes

You may find it useful to copy this table into the pull request summary. There you can edit it to share links to important articles or changes and to give a high-level overview of how the changes in your pull request support the overall goals of the pull request.

Source	Preview	Production	What Changed
get-started/start-your-journey/index.md	fpt ghec ghes@ 3.14 3.13 3.12 3.11 3.10	fpt ghec ghes@ 3.14 3.13 3.12 3.11 3.10

---

fpt: Free, Pro, Team
ghec: GitHub Enterprise Cloud
ghes: GitHub Enterprise Server