TLDR: fresh-node now defaults to Node.js 20, and introducing the "fresh-npm" 
security feature.

Get started:


Hi all,

Fresh 24.05 is upon us!

*What's new?*

The fresh-node22 command has been introduced by James Forrester, and is now 
open for early testing. This uses the "releng/node22-test-browser" Docker image 
that is also available to Jenkins jobs in WMF CI. Standalone libraries and 
tools are welcome opt-in and switch their CI jobs in Zuul config if they pass 
under node22.

The default fresh-node command was updated from Node.js 18 to Node.js 20, 
similarly re-using the same Docker images that we use in WMF CI. These feature 
the same Debian Linux version, same pre-installed packages, and versions 
thereof. This makes it as easy as possible to reproduce CI failures locally. 
Vice versa, if you use Fresh in local development, you're unlikely to encounter 
failures in CI. You can continue to develop on older versions via the 
fresh-node18 and fresh-node16 commands. The fresh-node14 command has been 
removed (unsupported since last year 

This release includes the first contribution to Fresh by Marius Hoch (WMDE), 
who fixed a bug <> affecting 
projects with a space in their working directory name. Thanks Marius!

Finally, this release introduces the experimental "fresh-npm" feature. You can 
opt-in by cloning the repo and running `bin/fresh-install --secure-npm`. This 
will shadow the npm command in the shell on your main workstation, and avoids 
accidentally running potentially insecure scripts outside Fresh. Other npm 
commands are unaffected. It can be bypassed as-needed by specifying the full 
path to npm, which is also printed at the end of any fresh-npm help or error 
message. I previously maintained this under the name "secpm" in a local patch 
<> since 2021. It has served 
myself and a handful of others well. I hope it can be useful to others!

To report issues or browse tasks, find us on Phabricator at

*What is Fresh?*

Fresh is a fast way to launch isolated environments from your terminal. These 
can be used to work more securely and responsibly 
<> with 
Node.js-based developer tools, especially those installed from npm such as 
ESLint, QUnit, Grunt, Webdriver, and more. Example guide: Get started

Timo Tijhof,
Principal Engineer,
Wikimedia Foundation.

Wikitech-l mailing list --
To unsubscribe send an email to

Reply via email to