Düzenle

SharePoint Framework v1.22.2 release notes

This is a minor bump that addresses known npm vulnerabilities which were reported since the last minor release.

Tip

It's safe to keep on using SharePoint Framework 1.22.x version, but we do recommend using always the latest version in the production, which in this case would be the 1.22.1, which has fix on the reported GitHub issues as listed below.

Released: January 28, 2026

Important

This page addresses details related to a specific SPFx release version. This page doesn't include additional SPFx prerequisites that must be installed in order to develop SPFx solutions, including Node.js, Yeoman, and other tools.

To learn more about these prerequisites, see Set up your SharePoint Framework development environment.

Install the latest version

Install the latest release of the SharePoint Framework (SPFx) by including the @latest tag:

npm install @microsoft/generator-sharepoint@latest --global

Upgrading projects from v1.22.1 to v1.22.2

In the project's package.json file, identify all SPFx v1.22 packages. For each SPFx package:

  1. Uninstall the existing v1.22.1 package:

    npm uninstall @microsoft/{spfx-package-name}@1.22.1
    
  2. Install the new v1.22.2 package:

    npm install @microsoft/{spfx-package-name}@latest --save --save-exact
    

Warning

Upgrading from a previous minor version requires changes across package versions, build configuration files, and toolchain settings that vary depending on your source version. Manually updating package.json alone will result in build failures.

Tip

To upgrade this project, run:

npx -p @pnp/cli-microsoft365 m365 spfx project upgrade --toVersion 1.22.2 --output md

This analyzes your project and outputs all required changes, including a single script to apply them in one go.

Note

The CLI for Microsoft 365 is an open-source solution with active community providing support for it. There is no SLA for the open-source tool support from Microsoft.

Fixed Issues

Starting January 2026, we are introducing a monthly minor release cycle focused on keeping the SharePoint Framework developer environment clean from known npm vulnerabilities. The goal is to avoid confusion when npm audit reports issues during solution scaffolding on local development machines.

Critical runtime vulnerabilities will still be fixed as fast as possible. The monthly cadence is specifically for addressing npm audit findings that are not runtime vulnerabilities. These findings originate from server-side npm packages that are only used during local development.

The SharePoint Framework toolchain relies on server-side npm packages for build and debugging operations, but these packages are never included in the final sppkg package that runs in SharePoint Online or Microsoft 365. Because these packages only support the localhost experience and are not exposed to end users, they do not create risks in production environments.

This model ensures predictable updates, reduces unnecessary concern, and keeps npm audit reports clean when creating new SPFx solutions.

See more details on understanding this model from following document: