Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This is a minor bump that addresses known npm vulnerabilities which were reported since the last minor release.
Tip
It's safe to keep on using SharePoint Framework 1.22.x version, but we do recommend using always the latest version in the production, which in this case would be the 1.22.1, which has fix on the reported GitHub issues as listed below.
Released: January 28, 2025
Important
This page addresses details related to a specific SPFx release version. This page doesn't include additional SPFx prerequisites that must be installed in order to develop SPFx solutions, including Node.js, Yeoman, and other tools.
To learn more about these prerequisites, see Set up your SharePoint Framework development environment.
Install the latest version
Install the latest release of the SharePoint Framework (SPFx) by including the @latest tag:
npm install @microsoft/generator-sharepoint@latest --global
Upgrading projects from v1.22.1 to v1.22.2
In the project's package.json file, identify all SPFx v1.22 packages. For each SPFx package:
Uninstall the existing v1.22.1 package:
npm uninstall @microsoft/{spfx-package-name}@1.22.1Install the new v1.22.2 package:
npm install @microsoft/{spfx-package-name}@latest --save --save-exact
Tip
The CLI for Microsoft 365 provides an easy step-by-step guidance to upgrade your solutions to latest SharePoint Framework version.
Fixed Issues
Starting January 2026, we are introducing a monthly minor release cycle focused on keeping the SharePoint Framework developer environment clean from known npm vulnerabilities. The goal is to avoid confusion when npm audit reports issues during solution scaffolding on local development machines.
Critical runtime vulnerabilities will still be fixed as fast as possible. The monthly cadence is specifically for addressing npm audit findings that are not runtime vulnerabilities. These findings originate from server-side npm packages that are only used during local development.
The SharePoint Framework toolchain relies on server-side npm packages for build and debugging operations, but these packages are never included in the final sppkg package that runs in SharePoint Online or Microsoft 365. Because these packages only support the localhost experience and are not exposed to end users, they do not create risks in production environments.
This model ensures predictable updates, reduces unnecessary concern, and keeps npm audit reports clean when creating new SPFx solutions.
See more details on understanding this model from following document: