Update - We are currently working on re-building our search index to remedy any out of sequence processing. Until this process is complete, we recommend using npms.io for searches.
Jul 18, 20:27 UTC
Identified - We’ve identified the issue and are working on a resolution.
Jul 6, 21:16 UTC
Investigating - Updated versions in search results on the website are either not populating or are slow to populate
Jul 5, 18:52 UTC

About This Site

npm loves you. Here is some info about how well it's doing. (You can also follow these updates at @npmstatus on Twitter!)

Registry Reads   ? Operational
Website Reads   ? Operational
US East (NYC)   Operational
US East (ASH)   Operational
US East (IAD)   Operational
US East (ATL)   Operational
US Central (DAL)   Operational
US Central (CHI)   Operational
US West (LAX)   Operational
US West (SJC)   Operational
Europe (FRA)   Operational
Europe (AMS)   Operational
Europe (LON)   Operational
Asia/Pacific (AU)   Operational
Asia/Pacific (TYO)   Operational
Asia/Pacific (NZ)   Operational
Asia/Pacific (SIN)   Operational
ec2-us-east-1   Operational
ec2-us-west-2   Operational
www   ? Operational
replicate.npmjs.com   ? Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Registry Uptime
Fetching
Registry Response Time
Fetching
Website Uptime
Fetching
Website Response Time
Fetching
Past Incidents
Jul 22, 2018

No incidents reported today.

Jul 21, 2018

No incidents reported.

Jul 20, 2018

No incidents reported.

Jul 19, 2018

No incidents reported.

Jul 17, 2018

No incidents reported.

Jul 16, 2018

No incidents reported.

Jul 15, 2018

No incidents reported.

Jul 14, 2018

No incidents reported.

Jul 13, 2018

No incidents reported.

Jul 12, 2018
Resolved - This incident has been resolved.
Jul 12, 20:34 UTC
Identified - The problem is understood and we are working on finalizing a solution. Download counts are coming in regularly.
Jul 9, 16:15 UTC
Investigating - We are currently investigating this issue.
Jun 30, 13:02 UTC
Monitoring - A fix has been implemented and download counts are returning to normal.
Jun 13, 16:19 UTC
Update - We are currently working on implementing a fix for this issue.
Jun 7, 15:49 UTC
Identified - We've identified the issue and are working on a resolution.
Jun 4, 20:48 UTC
Investigating - We're investigating a known issue with download counts not being updated properly in the past few days.
Jun 4, 17:30 UTC
Postmortem - Read details
Jul 12, 20:45 UTC
Resolved - We have now invalidated all npm tokens issued before 2018-07-12 12:30 UTC, eliminating the possibility of stolen tokens being used maliciously. This is the final immediate operational action we expect to take today.

We will be conducting a forensic analysis of this incident to fully establish how many packages and users were affected, but our current belief is that it was a very small number. We will be conducting a deep audit of all the packages in the Registry to confirm this.
Jul 12, 18:52 UTC
Update - The website load incident is now resolved.
Jul 12, 18:39 UTC
Update - Invalidating tokens has created some load issues that are currently affecting npmjs.com. We are working on a solution.
Jul 12, 18:31 UTC
Update - Further clarifying: npm will revoke all tokens issued before 2018-07-12 12:30 UTC. If you rolled your tokens after that time you will not need to re-issue them.
Jul 12, 17:54 UTC
Update - We are aware that many of you have already taken action to roll your auth tokens in the last few hours. We have the ability to invalidate only older tokens, and we'll be doing so to avoid making you repeat work.
Jul 12, 17:36 UTC
Update - npm intends to invalidate all active tokens, to completely prevent the possibility of stolen tokens being used for malicious purposes. This work is ongoing, but you should expect to need to re-generate tokens for build systems etc. in the next few hours.
Jul 12, 17:15 UTC
Monitoring - To protect potentially compromised accounts, npm is invalidating all npm login tokens created between 2018-07-11 00:00 UTC and 2018-07-12 12:30 UTC (about 2 hours ago). If you believe your account specifically was compromised we still recommend visiting https://www.npmjs.com/settings/~/tokens to revoke all your tokens.
Jul 12, 16:42 UTC
Update - We continue to work on identifying and notifying affected users.

We believe the vector for this compromise was stolen credentials from one of the authorized publishers of the eslint-scope package. We recommend all package authors enable two-factor auth to protect their accounts from this kind of attack. You can find instructions on how to enable 2FA for your account here: https://docs.npmjs.com/getting-started/using-two-factor-authentication
Jul 12, 16:32 UTC
Update - We are continuing to investigate this issue.
Jul 12, 16:13 UTC
Investigating - Version 3.7.2 of the popular package `eslint-scope` was published without authorization ( see https://github.com/eslint/eslint-scope/issues/39 ). This version contained apparently malicious code that attempted to steal npm login tokens. It has been unpublished and is no longer available.

npm is aware of this issue and is actively taking steps to investigate, identify and notify affected users, and further protect our users.

Your npm login token does not give an attacker your npm password. You can revoke all existing tokens by visiting https://www.npmjs.com/settings/~/tokens .
Jul 12, 16:13 UTC
Jul 11, 2018

No incidents reported.

Jul 10, 2018

No incidents reported.

Jul 8, 2018

No incidents reported.