| npm Targeted by Malware Campaign Mimicking Familiar Library Names (soc) | | 126 |
| npm, malware, security, link-lists |
| npm Should Remove the Default License From New Packages (ISC) (ext) | | 125 |
| npm, licensing, foss |
| Eleventy: A GitHub Workflow to Check if an Automated Dependency Update Would Break Your Site (j9t) | | 124 |
| eleventy, nodejs, automation, github-actions |
| LLMs Can’t Stop Making Up Software Dependencies and Sabotaging Everything (tho/the) | | 123 |
| ai, security |
| A Decade of Impact: How Our npm Packages Hit 1 Billion Downloads and Shaped JavaScript | | 122 |
| npm, history, javascript |
| Breaking Down Circular Dependencies in JavaScript | | 121 |
| javascript |
| Malware Found on npm Infecting Local Package With Reverse Shell (rev) | | 120 |
| npm, security |
| Lazarus Strikes npm Again With New Wave of Malicious Packages (soc) | | 119 |
| npm, security |
| Tutorial: Publishing ESM-Based npm Packages With TypeScript (rau) | | 118 |
| tutorials, npm, typescript |
| My Failed Attempt to Shrink All npm Packages by 5% (eva) | | 117 |
| npm, compression |
| 10 Very Important Flutter Packages | | 116 |
| flutter |
| Build It Yourself (mit) | | 115 |
| maintenance, maintainability, processes |
| Double-Keyed Caching: How Browser Cache Partitioning Changed the Web (add) | | 114 |
| browsers, caching, network, content-delivery, performance |
| Do I Need This Node Dependency? (bri) | | 113 |
| nodejs |
| The 20 Commandments of Software Engineering | | 112 |
| principles, programming, complexity, documentation, commit-messages, code-reviews, maintenance, collaboration |
| Mastering npm Scripts: Automate Everything in Your Frontend Workflow | | 111 |
| npm, environments, ci-cd, automation |
| On Long Term Software Development (ber) | | 110 |
| maintainability, maintenance, foss, testing, complexity |
| JS Import Maps (5t3) | | 109 |
| javascript, import-maps |
| Your JavaScript Bundle Is Too Fat | | 108 |
| javascript, bundling, performance, code-splitting, lazy-loading, tree-shaking, minification, optimization |
| Publishing a Simple Client-Side JavaScript Package to npm With GitHub Actions (sim) | | 107 |
| javascript, npm, github-actions |
| Node.js Corepack: Version Control for Package Managers (tre) | | 106 |
| nodejs, corepack, versioning, tooling |
| How to Prerelease an npm Package (spa/clo) | | 105 |
| how-tos, npm, versioning, semver |
| Introducing the vlt Package Manager and Serverless Registry | | 104 |
| introductions, serverless, javascript, tooling |
| cpx—the npx Counterpart of the PHP Ecosystem (ami) | | 103 |
| php |
| The Nine Node Pillars (mco/pla) | | 102 |
| nodejs, principles |
| More npm Packages on Cloudflare Workers: Combining Polyfills and Native Code to Support Node.js APIs (jas+/clo) | | 101 |
| cloudflare, nodejs, npm, apis |
| Hidden Cost of Frontend Frameworks | | 100 |
| frameworks, simplicity |
| How to Create an npm Package (mat) | | 99 |
| how-tos, npm |
| The Great npm Garbage Patch | | 98 |
| npm, spam, security |
| Secure Node.js Applications From Supply Chain Attacks | | 97 |
| nodejs, security, best-practices |
| Publishing a TypeScript Module to npm vs. JSR (den) | | 96 |
| videos, typescript, modules, npm, jsr, comparisons |
| Supply Chain Security in npm—We Can Be Optimistic About the Future | | 95 |
| npm, security, provenance |
| Create npm Package With CommonJS and ESM Support in TypeScript | | 94 |
| npm, commonjs, esm, typescript |
| What Happens When a Major npm Library Goes Commercial? (mco) | | 93 |
| npm, foss |
| Researchers Uncover npm Registry Vulnerability to Cache Poisoning and DoS Attacks (sar/soc) | | 92 |
| npm, vulnerabilities, caching, security |
| Dual Publishing ESM and CJS Modules With tsup and “Are the Types Wrong?” (joh) | | 91 |
| esm, commonjs, tooling, typescript, type-safety |
| How a Single Vulnerability Can Bring Down the JavaScript Ecosystem | | 90 |
| javascript, npm, caching, vulnerabilities, security |
| How to Use Corepack (mat) | | 89 |
| how-tos, nodejs, corepack |
| JSR: The JavaScript Package Registry We’ve Been Waiting For | | 88 |
| jsr |
| JavaScript Security: Simple Practices to Secure Your Frontend | | 87 |
| javascript, security, csp |
| How to Document Your JavaScript Package (den) | | 86 |
| how-tos, javascript, documentation, writing, jsdoc, readme |
| JSR Is Not Another Package Manager (tin/den) | | 85 |
| jsr |
| Using Vite to Rebuild Local Dependencies in an npm Workspace | | 84 |
| npm, vite |
| Building an npm Package Compatible With ESM and CJS in 2024 (lir/sny) | | 83 |
| npm, interoperability, esm, commonjs |
| Microservices Promised Freedom but Delivered Dependencies (pur) | | 82 |
| microservices |
| Another JS Registry—Seriously?! (den) | | 81 |
| videos, jsr, javascript |
| How npm Install Scripts Can Be Weaponized: A Real-World Example of a Harmful npm Package (eth) | | 80 |
| npm, examples, security |
| Introducing JSR—the JavaScript Registry (lca+/den) | | 79 |
| introductions, jsr, deno, javascript |
| Choosing the Right Node.js Package Manager in 2024: A Comparative Guide (nod) | | 78 |
| guides, nodejs, comparisons |
| Why Does “is-number” Package Have 59M Weekly Downloads? | | 77 |
| npm |
| JSR: What We Know So Far About Deno’s New JavaScript Package Registry (sar/soc) | | 76 |
| jsr, deno, javascript |
| Frontend Application Security: Tips and Tricks | | 75 |
| web-apps, security, xss, csrf, authentication, csp, validation, tips-and-tricks |
| Node.js Community Debate Intensifies Over Enabling Corepack by Default and Potentially Unbundling npm (sar/soc) | | 74 |
| nodejs, corepack, npm, yarn, pnpm |
| Malicious npm Package Masquerades as Noblox.js, Targeting Roblox Users for Data Theft (sar/soc) | | 73 |
| npm, security |
| Modern JavaScript Library Starter (sas) | | 72 |
| npm, libraries |
| Deceptive Deprecation: The Truth About npm Deprecated Packages | | 71 |
| security, npm, research |
| Compatibility of Node.js Versions With Packages | | 70 |
| nodejs, versioning |
| Installing Google Fonts as npm Packages (ami) | | 69 |
| installing, tooling, google, fonts |
| A Comprehensive Guide to npm Workspaces and Monorepos | | 68 |
| guides, monorepos, npm, yarn |
| I Replaced npm, Yarn, and nvm With pnpm (paw) | | 67 |
| npm, yarn, pnpm, nvm |
| A Complete Guide to pnpm | | 66 |
| guides, pnpm |
| Understanding Dev Dependencies in Web Development | | 65 |
|
| How to Use npm Packages Outside of Node | | 64 |
| how-tos, npm, javascript |
| Secret Scanning Scans Public npm Packages (git) | | 63 |
| github, npm, security |
| How We Optimized Package Imports in Next.js (ver) | | 62 |
| nextjs, optimization, case-studies |
| SSH Keys Stolen by Stream of Malicious PyPI and npm Packages (ble) | | 61 |
| security, ssh, npm |
| Honey, I Shrunk the npm Package | | 60 |
| npm, compression |
| Upgrading Frontend Dependencies With Confidence | | 59 |
| maintenance, testing, regressions, playwright |
| Bun Hype: How We Learned Nothing From Yarn | | 58 |
| bun, yarn, history |
| dependency-time-machine | | 57 |
| packages, npm, maintenance, automation |
| My Experience Modernizing Packages to ESM | | 56 |
| modernization, esm |
| A Comprehensive Beginner’s Guide to npm: Simplifying Package Management | | 55 |
| guides, npm |
| Identify Unused npm Packages in Your Project (ami) | | 54 |
| npm, maintenance |
| The Massive Bug at the Heart of the npm Ecosystem | | 53 |
| npm, security |
| npm Won’t Publish Packages Containing the Word “keygen” | | 52 |
| discussions, npm |
| Before Your Next Frontend Pull Request, Use This Checklist (evi) | | 51 |
| checklists, performance, compression, accessibility, legibility, naming |
| Building a Frontend Framework—Reactivity and Composability With Zero Dependencies | | 50 |
| frameworks, reactivity |
| Deno vs. Node: No One Is Ready for the Move | | 49 |
| deno, nodejs, comparisons |
| Understanding npm Versioning | | 48 |
| npm, versioning, semver |
| The Landscape of npm Packages for CLI Apps | | 47 |
| nodejs, npm, command-line |
| npx: The Easy Way to Run Node.js Packages | | 46 |
| nodejs, npx |
| Node.js Toolbox | | 45 |
| websites, nodejs, packages |
| Unlocking Security Updates for Transitive Dependencies With npm (git) | | 44 |
| npm, security, maintenance |
| New npm Features for Secure Publishing and Safe Consumption (git) | | 43 |
| npm, security |
| npm Security: Preventing Supply Chain Attacks (lir/sny) | | 42 |
| npm, security |
| Use “npm query” and jq to Dig Into Your Dependencies | | 41 |
| videos, npm, auditing |
| Phylum Detects Active Typosquatting Campaign Targeting npm Developers | | 40 |
| npm, security |
| depngn | | 39 |
| packages, npm, nodejs |
| Dependabot Unlocks Transitive Dependencies for npm Projects (git) | | 38 |
| npm, security |
| 4 Ways to Minimize Your Dependencies in Node.js (app) | | 37 |
| nodejs, npm |
| JavaScript Bugs Aplenty in Node.js Ecosystem—Found Automatically | | 36 |
| studies, research, nodejs, javascript, security, quality |
| Everything You Need to Know About JavaScript Import Maps (hon) | | 35 |
| javascript, import-maps |
| Optimizing Node.js Dependencies in AWS Lambda | | 34 |
| nodejs, aws, serverless, optimization |
| Alternatives to Installing npm Packages Globally (rau) | | 33 |
| installing, npm |
| Don’t Sink Your Website With Third Parties (sma) | | 32 |
| embed-code, performance |
| Snyk Finds 200+ Malicious npm Packages, Including Cobalt Strike Dependency Confusion Attacks (sny) | | 31 |
| javascript, npm, security |
| Lerna Has Gone—Which Monorepo Is Right for a Node.js Backend Now? | | 30 |
| monorepos, comparisons, nodejs, tooling |
| How to Respond to Growing Supply Chain Security Risks? | | 29 |
| how-tos, security, nodejs, npm |
| Update Node Dependencies Automatically, Selectively, or Incrementally | | 28 |
| nodejs, npm, yarn |
| What’s Really Going On Inside Your node_modules Folder? (soc) | | 27 |
| nodejs, npm |
| How to Publish Deno Modules to npm (kit/den) | | 26 |
| how-tos, deno, modules, npm |
| Understanding Dependencies Inside Your package.json (nod) | | 25 |
| nodejs, npm, yarn |
| How to Fix Your Security Vulnerabilities With npm Override | | 24 |
| how-tos, security, vulnerabilities, npm |
| The Basics of package.json (nod) | | 23 |
| fundamentals, nodejs, npm, yarn |
| How to Keep Your Repo Package Dependencies Up to Date Automatically | | 22 |
| how-tos, tooling, github-actions |
| Dependency Risk and Funding (mit) | | 21 |
| github, economics |
| pkg.land | | 20 |
| websites, packages, npm |
| Why You Should Check in Your Node Dependencies | | 19 |
| nodejs |
| Ain’t No Party Like a Third Party (ada/css) | | 18 |
| embed-code, security |
| Open Source Insights | | 17 |
| websites, foss, security, licensing |
| Why We Developed the Node.js Reference Architecture | | 16 |
| nodejs, architecture |
| How to Publish an Updated Version of an npm Package (spa/clo) | | 15 |
| how-tos, npm |
| How to Automatically Update Your JavaScript Dependencies (spa/clo) | | 14 |
| how-tos, javascript, automation, processes, security |
| How to Worry About npm Package Weight (chr/css) | | 13 |
| npm |
| Validating Dependencies in the Project With npm-check and depcheck | | 12 |
| security, maintenance, auditing, tooling, npm |
| HTML, CSS, and Dependency Direction (j9t) | | 11 |
| html, css, maintainability, best-practices |
| Distribution Packages Considered Insecure | | 10 |
| unix-like, security |
| How to Solve the Global npm Module Dependency Problem | | 9 |
| how-tos, npm |
| The Tedium of Managing Code (lyz/ali) | | 8 |
| maintenance, maintainability, javascript, tooling |
| Peer Dependencies (dom) | | 7 |
| npm, nodejs |
| Madge | | 6 |
| packages, npm, visualization |
| Dealing With Dependencies (tro) | | 5 |
| php |
| npm Package Download Statistics Checker | | 4 |
| tools, exploration, auditing, debugging, npm, metrics |
| npm Dependency Visualizer | | 3 |
| tools, exploration, auditing, debugging, npm, visualization |
| npm Package Types Checker | | 2 |
| tools, exploration, auditing, debugging, npm, typescript, type-safety |
| npm Package Size Checker | | 1 |
| tools, exploration, auditing, debugging, npm |
