Skip to content

npm uses GitHub Flavored Markdown

READMEs for npm packages on are now rendered using GitHub Flavored Markdown. was using a custom markdown renderer not fully compatible with GitHub Flavored Markdown. This difference meant a README displayed on did not necessarily match the README displayed on GitHub. Aligning to use the GitHub Flavored Markdown renderer ensures that your README is rendered the same on both sites.

All newly published packages are now rendered with GitHub Flavored Markdown; packages previously published to will be re-rendered over time.

The Meta API endpoint previously contained MD5 signatures for GitHub’s SSH public keys. We have now deprecated these in favor of the newer SHA-256 fingerprints. Developers verifying the authenticity of GitHub’s keys should use the SHA-256 signature because it is a more modern cryptographic hash function. MD5 should not be used for security purposes to verify cryptographic identity, due to known collisions.


If your app dynamically fetches the MD5_RSA and MD5_DSA fields, please ensure that you have migrated to the SHA256_RSA and SHA256_DSA fingerprints. The old fingerprints are reprinted below, if static copies are needed for migration purposes. If your app doesn’t use the MD5_RSA and MD5_DSA fields, then your app will be unaffected by this change.


"MD5_RSA": "16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48"
"MD5_DSA": "ad:1c:08:a4:40:e3:6f:9c:f5:66:26:5d:4b:33:5d:8c"
See more