@@ -680,6 +680,12 @@ Here is an example URL::
NPM Fetcher (``npm://``)
------------------------
+.. warning::
+
+ The NPM fetcher is currently disabled due to security concerns. See
+ `355cd226e0720a9ed7683bb01c8c0a58eee03664 <https://git.openembedded.org/bitbake/commit/?id=355cd226e0720a9ed7683bb01c8c0a58eee03664>`__
+ for more information.
+
This submodule fetches source code from an
`NPM <https://en.wikipedia.org/wiki/Npm_(software)>`__
Javascript package registry.
@@ -719,6 +725,12 @@ to automatically create a recipe from an NPM URL.
NPM shrinkwrap Fetcher (``npmsw://``)
-------------------------------------
+.. warning::
+
+ The NPM fetcher is currently disabled due to security concerns. See
+ `355cd226e0720a9ed7683bb01c8c0a58eee03664 <https://git.openembedded.org/bitbake/commit/?id=355cd226e0720a9ed7683bb01c8c0a58eee03664>`__
+ for more information.
+
This submodule fetches source code from an
`NPM shrinkwrap <https://docs.npmjs.com/cli/v8/commands/npm-shrinkwrap>`__
description file, which lists the dependencies
@@ -1738,6 +1738,12 @@ overview of their function and contents.
- ``npm://``: Fetches JavaScript modules from a registry.
+ .. warning::
+
+ The NPM fetcher is currently disabled due to security concerns. See
+ `355cd226e0720a9ed7683bb01c8c0a58eee03664 <https://git.openembedded.org/bitbake/commit/?id=355cd226e0720a9ed7683bb01c8c0a58eee03664>`__
+ for more information.
+
- ``p4://``: Fetches files from a Perforce (``p4``) revision
control repository.
Add warning notes in bitbake-user-manual-fetching.rst and bitbake-user-manual-ref-variables.rst regarding the disabled NPM fetcher. Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> --- doc/bitbake-user-manual/bitbake-user-manual-fetching.rst | 12 ++++++++++++ .../bitbake-user-manual-ref-variables.rst | 6 ++++++ 2 files changed, 18 insertions(+) --- base-commit: 112bddd8fc684fbdd71139429251b127739f863b change-id: 20260326-disabled-npm-fetcher-docs-0cac7e792a2b