npm is the worldโ€™s largest software repository, with over 10 million users and over 40 billion software package downloads every month. Our systems are critical to software engineers all over the world and used in every industry; from the public registry, which serves packages to open source engineers and small organizations, to our new enterprise solution, which provides single tenant registries for medium and large customers.

What You’ll Do

  • Work alongside our feature engineering teams to ensure security is applied through the software development life cycle.
  • Support our engineering teams with security guidance, fixes, and automation
  • Participate in security design reviews, code auditing, and security assessments
  • Submit pull requests to fix security related bugs or implement security forward features
  • Help develop automation to scale common security tasks
  • Help support a secure software development life cycle for our engineering team
  • Write and maintain internal documentation


  • Ability to program in JavaScript /ย js; other languages are a bonus
  • Ability to read code / design documents and identify security flaws and weaknesses
  • Understanding of common application flaws such as the OWASP Top 10
  • Strong communication and interpersonal skills, comfortable collaborating and communicating security topics with a range of people and stakeholders
  • Willingness to adapt with technology and industry trends

Our Code of Conduct

npm exists to facilitate sharing code, by making it easy for JavaScript module developers to publish and distribute packages. npm is a piece of technology, but more importantly, it is a community. We believe that our mission is best served in an environment that is friendly, safe, and accepting; free from intimidation or harassment. We do not tolerate abusive behavior. See our unabridged code of conductย here.

Why You Should Join

In joining the npm team, you’ll become an important part of a small but dedicated engineering team. We strive to provide a sensible working environment that doesn’t ask for or encourage habitual overtime and we offer flexibility in schedule. We have a progressive parental leave policy and vacation time is not just encouraged, but celebrated and enforced. We also understand that healthy schedules lead to better outcomes. To help ensure this balance we have contracted support night coverage so we don’t interrupt anyone’s sleep.

We believe that high-performing teams include people from different backgrounds and experiences who can challenge each other’s assumptions with fresh perspectives. To that end, we actively seek a diverse pool of applicants, including those from historically marginalized groups โ€” women, people with disabilities, people of color, formerly incarcerated people, people who are lesbian, gay, bisexual, transgender, and/or gender nonconforming, first and second generation immigrants, and people from low-income families.

Where We Can Hire

Our headquarters are in Oakland, California. We can best support you if you can overlap with US time zones. We currently have team members across the US time zones and in the UK, Canada, and Mexico. We cannot currently sponsor new work visas, but we can transfer existing H-1Bs.