https://github.blog/2021-08-23-npm-registry-deprecating-tls-1-0-tls-1-1/ Back to GitHub.com The GitHub Blog * Blog Categories + Community + Company + Education + Engineering + Enterprise + Open Source + Policy + Product + Security * Changelog Search by Keyword [ ] Search Primary Menu * Blog Categories + Community + Company + Education + Engineering + Enterprise + Open Source + Policy + Product + Security * Changelog Search by Keyword [ ] Search [npm-github] August 23, 2021 Product The npm registry is deprecating TLS 1.0 and TLS 1.1 Image of Edward Thomson Edward Thomson Beginning October 4, 2021, all connections to npm websites and the npm registry--including for package installation--must use TLS 1.2 or higher. GitHub is committed to ensuring the security of our services and the privacy of our users. Previously, we removed support for TLS 1.0 and TLS 1.1 for GitHub services. This year, we will similarly deprecate non-HTTPS access and TLS 1.0 and TLS 1.1 for npmjs.com, the public npm registry. Fortunately, 99% of traffic to the npm registry is already using TLS 1.2, and we expect that the majority of users will not be affected by this deprecation. All Node.js binary releases beginning with v0.10.0 include support for TLS 1.2, so most users of recent Node.js and npm versions do not need to make any changes. However, some users may be on an unsupported version or may be using a custom-compiled Node.js binary without support. Detailed timeline While we will enforce a minimum of TLS 1.2 beginning October 4, 2021, we will also take steps to alert affected users to this change ahead of the deprecation. * Beginning on August 24, users who are not using TLS 1.2 will see a notification when they run npm commands with a link to this blog post. * On September 22, we will enforce TLS 1.2 for one hour starting at 05:00 UTC. * On September 27, we will enforce TLS 1.2 for one hour starting at 10:00 UTC and again for one hour at 18:00 UTC. * Finally, on September 29, we will enforce TLS 1.2 for six hours beginning at 13:00 UTC. Ensuring your compatibility To make sure that your version of npm supports TLS 1.2, you can install a test package from an HTTPS endpoint that already has TLS 1.0 and TLS 1.1 disabled: npm install -g https://tls-test.npmjs.com/tls-test-1.0.0.tgz You should see this message: Hello! The tls-test package was successfully downloaded and installed. Congratulations! Your package manager appears to support TLS 1.2. If you see a TLS error message instead, we encourage you to upgrade to a currently supported version of Node.js and the latest version of npm v7. Tags: npm Share * Twitter Share on Twitter * Facebook Share on Facebook * LinkedIn Share on LinkedIn Related posts August 24, 2021 Open Source GitHub CLI 2.0 includes extensions! GitHub CLI 2.0 is now available, making it easy to create and share your own custom commands to make your experience even more powerful. Image of Billy Griffin Billy Griffin August 17, 2021 Community GitHub Discussions is out of beta GitHub Discussions is now out of beta, with features that include labels, Discussions GraphQL API and webhooks, and mobile functionality. Image of Evi Liu Evi Liu August 12, 2021 Product What's new from GitHub Changelog? July 2021 Recap A public beta for CodeQL package manager, additional options to manage Actions runs from first-time contributors, GitHub Discussions translation, and more. Image of Sidi Merzouk Sidi Merzouk Product * Features * Security * Enterprise * Customer Stories * Pricing * Resources Platform * Developer API * Partners * Atom * Electron * GitHub Desktop Support * Docs * Community Forum * Training * Status * Contact Company * About * Blog * Careers * Press * Shop * Github Twitter link * Github Facebook link * Github Youtube link * Github LinkedIn link * Github link * (c) 2021 GitHub, Inc. * Terms * Privacy