Blog
Design, engineering, and product updates from the vlt team.
Command Palette
Search for a command to run...

Beyond disabling postinstalls: how npm install will change in npm 12
As part of its planned 12th release, the npm CLI drops automatically running lifecycle scripts on installs as part of multiple planned breaking changes
Ruy Adorno Staff Software Engineer
Why Drizzle ORM couldn't publish new releases on NPM for a month

Drizzle ORM recently hit a 100 MB limit in the npm registry and couldn't ship new releases for weeks. What is this limit?
Evert Pot Staff Software Engineer
Doubling Down on Open Source

We've doubled our open source pledge contribution to $14,000 ($3,500 per full-time engineer)
Darcy Clarke CEO
Introducing Phased Package Installations

When you run vlt install, packages are downloaded and extracted to node_modules, but no lifecycle scripts execute.
Query Across Projects with host-context

Release subsets of your monorepo with the new version, pack, and publish commands using powerful selectors and a publish directory.
Ruy Adorno Staff Software Engineer
Interactive Query Building

Compose queries visually in the GUI, without needing to know the dependency selector syntax.
Jason Korol Design Engineer
Scoped Releases: New version, pack, and publish commands

Release subsets of your monorepo with the new version, pack, and publish commands using powerful selectors and a publish directory.
Luke Karrys Staff Software Engineer
Query Powered vlt Commands
!['New Feature — Selectors Everywhere: Commands now support powerful dependency filtering across your projects. Example command: vlr --scope='[name^=devtools-]' test.'](/_next/image?url=%2Fimages%2Fblog%2Frun-exec-query-support%2Fbanner.png&w=3840&q=75&dpl=dpl_7ap4pPi31nKyMKEzGPyFJkuTZENA)
Run scripts across your dependency graph using powerful query selectors and the --scope config.
Luke Karrys Staff Software Engineer
Taking Control with Graph Modifiers

Managing dependencies in complex JavaScript projects just got easier. vlt now offers Graph Modifiers, a new way to take precise control of your dependency graph.
Ruy Adorno Staff Software Engineer
Centralized Dependency Management Made Simple

We are excited to share catalog support - a powerful new feature for centralized dependency management that reduces duplication and simplifies version orchestration across your projects.
Darcy Clarke CEO
Introducing `jsr:` Support

Introducing `jsr:` Support
Isaac Schlueter
Introducing the new `exec` and `exec-cache` commands

Introducing the New `vlt exec` Command
Isaac Schlueter
Package Insights Selectors Powered by Socket

Unlock deep, actionable insights into your dependencies with vlts new security-first selectors — powered by metadata from Socket.
Ruy Adorno Staff Software Engineer
Reproducibility vs. Provenance: Trusting the JavaScript Supply Chain

We launched a new tool to detect package integrity issues in the JavaScript ecosystem. Learn how `reproduce` is changing the game.
Darcy Clarke CEO
Fresh New GUI Features

A look under the hood of a vlt install.
Jason Korol Design Engineer
HalfStack Phoenix Recap

Recapping the HalfStack Phoenix conference.
Luke Karrys Staff Software Engineer
NodeConf EU and Collab Summit Recap

Recapping the vlt team's week in Ireland.
Luke Karrys Staff Software Engineer
Introducing the vlt Package Manager & Serverless Registry

Announcing our foundational Package Manager Client & Serverless Registry.
Making Open Source More Sustainable

vlt joins Sentry, Astral, Val Town & more in contributing back to the open source ecosystem!
Darcy Clarke CEO
vlt i @lukekarrys

Luke Karrys joins vlt!
Luke Karrys Staff Software Engineer
Collision Conf 2024: Join vlt in Toronto!

Join vlt in Toronto for Collision Conf 2024!
Darcy Clarke CEO
Introducing our team, investors & more...

We put together an incredible team, with top-notch investors & a bold product vision.
Darcy Clarke CEO
The massive bug at the heart of the npm ecosystem

An article detailing the massive bug at the heart of the npm ecosystem; encompassing a lack of validation by the public registry, package manifest inconsistancies & assumptions about package managers & security products
Darcy Clarke CEO