The default fresh-node command was updated from Node.js 18 to Node.js 20, similarly re-using the same Docker images that we use in WMF CI. These feature the same Debian Linux version, same pre-installed packages, and versions thereof. This makes it as easy as possible to reproduce CI failures locally. Vice versa, if you use Fresh in local development, you're unlikely to encounter failures in CI. You can continue to develop on older versions via the fresh-node18 and fresh-node16 commands. The fresh-node14 command has been removed (unsupported since last year).

This release includes the first contribution to Fresh by Marius Hoch (WMDE), who fixed a bug affecting projects with a space in their working directory name. Thanks Marius!

Finally, this release introduces the experimental "fresh-npm" feature. You can opt-in by cloning the repo and running `bin/fresh-install --secure-npm`. This will shadow the npm command in the shell on your main workstation, and avoids accidentally running potentially insecure scripts outside Fresh. Other npm commands are unaffected. It can be bypassed as-needed by specifying the full path to npm, which is also printed at the end of any fresh-npm help or error message. I previously maintained this under the name "secpm" in a local patch since 2021. It has served myself and a handful of others well. I hope it can be useful to others!

To report issues or browse tasks, find us on Phabricator at https://phabricator.wikimedia.org/tag/fresh/.

Fresh is a fast way to launch isolated environments from your terminal. These can be used to work more securely and responsibly with Node.js-based developer tools, especially those installed from npm such as ESLint, QUnit, Grunt, Webdriver, and more. Example guide: https://www.mediawiki.org/wiki/Manual:JavaScript_unit_testing. Get started https://gerrit.wikimedia.org/g/fresh#fresh-environment

--

Timo Tijhof,

Principal Engineer,

Wikimedia Foundation.