Reuse Less Software Jun 11, 2026 187 security , processes How to Evaluate an npm Package—2026 Edition May 29, 2026 186 how-tos , npm , processes , maintainability , quality Mini Shai Hulud: Compromised @antv npm Packages Enable CI/CD Credential Theft May 20, 2026 185 security , npm , ci-cd Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised May 19, 2026 184 security , npm A Worm Just Ate Its Way Through the npm Registry… fir )May 14, 2026 183 videos , npm , security , tanstack 4 Tiny Mistakes That Secretly Destroy App Performance May 14, 2026 182 performance , web-apps , mistakes , cors , code-splitting , backgrounds , images Weekend at Bernie’s and )May 8, 2026 181 security , foss , metrics replacements.fyi 430 /e18 )Apr 27, 2026 180 websites , refactoring , migrating , maintenance , javascript How I Resolved 15K Circular Dependencies haa )Apr 17, 2026 179 monorepos , nx No One Owes You Supply-Chain Security pur )Apr 11, 2026 178 security , rust The Hidden Blast Radius of the Axios Compromise ahm /soc )Apr 1, 2026 177 npm , axios , security Minimum Release Age Is an Underrated Supply Chain Defense dan )Mar 31, 2026 176 security , npm , bun , pnpm , yarn , deno , renovate , dependabot , axios Axios Compromised on npm—Malicious Versions Drop Remote Access Trojan Mar 30, 2026 175 npm , axios , security Malicious PyPI Package—LiteLLM Supply Chain Compromise Mar 25, 2026 174 vulnerabilities , security Supply-Chain Attack Using Invisible Code Hits GitHub and Other Repositories dan /ars )Mar 13, 2026 173 security , github The Three Pillars of JavaScript Bloat 430 )Mar 12, 2026 172 javascript , complexity , runtimes , architecture , polyfills So Where Are All the AI Apps? alg +)Mar 12, 2026 171 ai , python , metrics Node.js Package Configuration Guide nod )Jan 8, 2026 170 guides , packages , configuration , commonjs , esm Web Dependencies Are Broken—Can We Fix Them? lea )Jan 7, 2026 169 javascript , import-maps , web-platform npm to Implement Staged Publishing After Turbulent Shift Off Classic Tokens sar /soc )Jan 7, 2026 168 npm , security , github The Nine Levels of JavaScript Dependency Hell and )Jan 5, 2026 167 javascript , maintainability The Package Management Landscape and )Jan 3, 2026 166 tooling , overviews , link-lists How We’re Protecting Our Newsroom From npm Supply Chain Attacks rya /pnp )Dec 5, 2025 165 npm , security , case-studies No More Tokens—Locking Down npm Publish Workflows zac )Dec 4, 2025 164 npm , security , github , processes The Shai-Hulud 2.0 npm Worm: Analysis, and What You Need to Know Nov 25, 2025 163 npm , security GitLab Discovers Widespread npm Supply Chain Attack git )Nov 24, 2025 162 npm , security , gitlab , github , aws , gcp , azure Shipping Node.js Packages in 2025 joy )Oct 3, 2025 161 slides , nodejs , esm , commonjs 15 Recent Node.js Features That Replace Popular npm Packages nod )Oct 1, 2025 160 nodejs , npm , maintenance Principles of Simplicity in Frontend Architecture Sep 26, 2025 159 simplicity , principles What Just Happened to RubyGems? chr )Sep 24, 2025 158 ruby , shopify Our Plan for a More Secure npm Supply Chain xco )Sep 22, 2025 157 npm , security , foss This May Be the Worst One the )Sep 17, 2025 156 videos , npm , security Ongoing Supply Chain Attack Targets CrowdStrike npm Packages pvd +/soc )Sep 16, 2025 155 npm , security ctrl/tinycolor and 40+ npm Packages Compromised Sep 15, 2025 154 npm , security Which npm Package Has the Largest Version Number? Sep 14, 2025 153 npm , versioning , semver How to Keep package.json Under Control tmc /val )Sep 11, 2025 152 how-tos , nodejs , npm , maintainability Oh No, Not Again… a Meditation on npm Supply Chain Attacks tan )Sep 9, 2025 151 npm , security , microsoft Anatomy of a Billion-Download npm Supply-Chain Attack Sep 8, 2025 150 npm , security npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack bur +/soc )Sep 8, 2025 149 npm , security Why You Absolutely Need to Have Automated Dependency Management in Place j9t )Aug 28, 2025 148 maintainability , maintenance , security , automation , tooling Speeding Up the JavaScript Ecosystem—SemVer mar )Aug 10, 2025 147 javascript , performance , semver , versioning npm Trusted Publishing With OIDC Is Generally Available Jul 31, 2025 146 npm , provenance , github Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader soc )Jul 14, 2025 145 security , npm Ramblings on Dependency Management mpl )Jun 18, 2025 144 maintenance npm Targeted by Malware Campaign Mimicking Familiar Library Names soc )May 2, 2025 143 npm , malware , security , link-lists npm Should Remove the Default License From New Packages (ISC) ext )Apr 30, 2025 142 npm , licensing , foss Eleventy: A GitHub Workflow to Check if an Automated Dependency Update Would Break Your Site j9t )Apr 22, 2025 141 eleventy , nodejs , automation , github-actions LLMs Can’t Stop Making Up Software Dependencies and Sabotaging Everything tho /the )Apr 12, 2025 140 ai , security , slop A Decade of Impact: How Our npm Packages Hit 1 Billion Downloads and Shaped JavaScript Apr 1, 2025 139 npm , history , javascript Breaking Down Circular Dependencies in JavaScript Mar 29, 2025 138 javascript Malware Found on npm Infecting Local Package With Reverse Shell rev )Mar 26, 2025 137 npm , security Lazarus Strikes npm Again With New Wave of Malicious Packages soc )Mar 10, 2025 136 npm , security Tutorial: Publishing ESM-Based npm Packages With TypeScript rau )Feb 4, 2025 135 tutorials , npm , typescript My Failed Attempt to Shrink All npm Packages by 5% eva )Jan 27, 2025 134 npm , compression Build It Yourself mit )Jan 24, 2025 133 maintenance , maintainability , processes 10 Very Important Flutter Packages Jan 24, 2025 132 flutter Double-Keyed Caching: How Browser Cache Partitioning Changed the Web add )Jan 7, 2025 131 browsers , caching , network , content-delivery , performance Do I Need This Node Dependency? bri )Dec 31, 2024 130 nodejs The 20 Commandments of Software Engineering Dec 30, 2024 129 principles , programming , complexity , documentation , commit-messages , code-reviews , maintenance , collaboration On Long Term Software Development ber )Dec 22, 2024 128 maintainability , maintenance , foss , testing , complexity Mastering npm Scripts: Automate Everything in Your Frontend Workflow Dec 22, 2024 127 npm , environments , ci-cd , automation JS Import Maps 5t3 )Dec 20, 2024 126 javascript , import-maps Your JavaScript Bundle Is Too Fat Dec 13, 2024 125 javascript , bundling , performance , code-splitting , lazy-loading , tree-shaking , minification , optimization Publishing a Simple Client-Side JavaScript Package to npm With GitHub Actions sim )Dec 7, 2024 124 javascript , npm , github-actions How to Prerelease an npm Package spa /clo )Nov 19, 2024 123 how-tos , npm , versioning , semver Node.js Corepack: Version Control for Package Managers tre )Nov 19, 2024 122 nodejs , corepack , versioning , tooling Introducing the vlt Package Manager and Serverless Registry Nov 5, 2024 121 introductions , serverless , javascript , tooling cpx—the npx Counterpart of the PHP Ecosystem ami )Oct 3, 2024 120 php The Nine Node Pillars mco /pla )Sep 18, 2024 119 nodejs , principles More npm Packages on Cloudflare Workers: Combining Polyfills and Native Code to Support Node.js APIs jas +)Sep 9, 2024 118 cloudflare , nodejs , npm , apis Hidden Cost of Frontend Frameworks Aug 29, 2024 117 frameworks , simplicity How to Create an npm Package mat )Aug 21, 2024 116 how-tos , npm The Great npm Garbage Patch Aug 6, 2024 115 npm , spam , security Secure Node.js Applications From Supply Chain Attacks Jul 25, 2024 114 nodejs , security , best-practices Publishing a TypeScript Module to npm vs. JSR den )Jul 10, 2024 113 videos , typescript , modules , npm , jsr , comparisons Supply Chain Security in npm—We Can Be Optimistic About the Future Jul 9, 2024 112 npm , security , provenance Create npm Package With CommonJS and ESM Support in TypeScript Jun 29, 2024 111 npm , commonjs , esm , typescript What Happens When a Major npm Library Goes Commercial? mco )Jun 17, 2024 110 npm , foss Dual Publishing ESM and CJS Modules With tsup and “Are the Types Wrong?” joh )Jun 15, 2024 109 esm , commonjs , tooling , typescript , type-safety Researchers Uncover npm Registry Vulnerability to Cache Poisoning and DoS Attacks sar /soc )Jun 15, 2024 108 npm , vulnerabilities , caching , security How a Single Vulnerability Can Bring Down the JavaScript Ecosystem Jun 3, 2024 107 javascript , npm , caching , vulnerabilities , security How to Use Corepack mat )Jun 2, 2024 106 how-tos , nodejs , corepack JSR: The JavaScript Package Registry We’ve Been Waiting For May 24, 2024 105 jsr JavaScript Security: Simple Practices to Secure Your Frontend May 15, 2024 104 javascript , security , csp How to Document Your JavaScript Package den )May 10, 2024 103 how-tos , javascript , documentation , writing , jsdoc , readme JSR Is Not Another Package Manager tin /den )Apr 24, 2024 102 jsr Using Vite to Rebuild Local Dependencies in an npm Workspace Apr 23, 2024 101 npm , vite Building an npm Package Compatible With ESM and CJS in 2024 Apr 18, 2024 100 npm , interoperability , esm , commonjs Microservices Promised Freedom but Delivered Dependencies pur )Mar 21, 2024 99 microservices Another JS Registry—Seriously?! den )Mar 13, 2024 98 videos , jsr , javascript How npm Install Scripts Can Be Weaponized: A Real-World Example of a Harmful npm Package eth )Mar 3, 2024 97 npm , examples , security Introducing JSR—the JavaScript Registry lca +/den )Mar 1, 2024 96 introductions , jsr , deno , javascript Choosing the Right Node.js Package Manager in 2024: A Comparative Guide nod )Feb 29, 2024 95 guides , nodejs , comparisons Why Does “is-number” Package Have 59M Weekly Downloads? Feb 29, 2024 94 npm JSR: What We Know So Far About Deno’s New JavaScript Package Registry sar /soc )Feb 22, 2024 93 jsr , deno , javascript Frontend Application Security: Tips and Tricks Feb 16, 2024 92 web-apps , security , xss , csrf , authentication , csp , validation , tips-and-tricks Node.js Community Debate Intensifies Over Enabling Corepack by Default and Potentially Unbundling npm sar /soc )Feb 8, 2024 91 nodejs , corepack , npm , yarn , pnpm Malicious npm Package Masquerades as Noblox.js, Targeting Roblox Users for Data Theft sar /soc )Feb 6, 2024 90 npm , security Modern JavaScript Library Starter Jan 23, 2024 89 npm , libraries Deceptive Deprecation: The Truth About npm Deprecated Packages Jan 18, 2024 88 deprecation , security , npm , research Different Node.js Versions and Package Managers per Project—a Solved Problem wem )Jan 17, 2024 87 nodejs , nvm Secure Your Code: Auto-Fix Vulnerabilities With Dependabot (GitHub Tutorial) Jan 14, 2024 86 videos , security , dependabot Compatibility of Node.js Versions With Packages Jan 11, 2024 85 nodejs , versioning Installing Google Fonts as npm Packages ami )Dec 30, 2023 84 installing , tooling , google , fonts A Comprehensive Guide to npm Workspaces and Monorepos Dec 30, 2023 83 guides , monorepos , npm , yarn I Replaced npm, Yarn, and nvm With pnpm paw )Dec 1, 2023 82 npm , yarn , pnpm , nvm A Complete Guide to pnpm Nov 27, 2023 81 guides , pnpm Understanding Dev Dependencies in Web Development Nov 17, 2023 80 How to Use npm Packages Outside of Node Nov 6, 2023 79 how-tos , npm , javascript Secret Scanning Scans Public npm Packages Oct 26, 2023 78 github , npm , security How We Optimized Package Imports in Next.js Oct 13, 2023 77 nextjs , optimization , case-studies Honey, I Shrunk the npm Package Sep 27, 2023 76 npm , compression SSH Keys Stolen by Stream of Malicious PyPI and npm Packages ble )Sep 27, 2023 75 security , ssh , npm Upgrading Frontend Dependencies With Confidence Sep 22, 2023 74 maintenance , testing , regressions , playwright Bun Hype: How We Learned Nothing From Yarn Sep 16, 2023 73 bun , yarn , history dependency-time-machine Aug 12, 2023 72 packages , npm , maintenance , automation My Experience Modernizing Packages to ESM Aug 8, 2023 71 modernization , esm A Comprehensive Beginner’s Guide to npm: Simplifying Package Management Jul 14, 2023 70 guides , npm Identify Unused npm Packages in Your Project ami )Jul 1, 2023 69 npm , maintenance The Massive Bug at the Heart of the npm Ecosystem Jun 27, 2023 68 npm , security , bugs It Depends—Exploring My Favourite Renovate Features for Dependency Updates kal )Jun 18, 2023 67 maintenance , renovate , configuration npm Won’t Publish Packages Containing the Word “keygen” Jun 14, 2023 66 discussions , npm Before Your Next Frontend Pull Request, Use This Checklist tra /evi )Jun 7, 2023 65 checklists , performance , compression , accessibility , legibility , naming Building a Frontend Framework—Reactivity and Composability With Zero Dependencies May 13, 2023 64 frameworks , reactivity The Case Against Automatic Dependency Updates ben )Apr 21, 2023 63 automation , ci-cd , maintenance , security Automating Dependency Updates: The Big Debate Apr 21, 2023 62 automation , ci-cd , security Deno vs. Node: No One Is Ready for the Move Apr 17, 2023 61 deno , nodejs , comparisons Understanding npm Versioning Apr 4, 2023 60 npm , versioning , semver The Landscape of npm Packages for CLI Apps Mar 24, 2023 59 nodejs , npm , command-line npx: The Easy Way to Run Node.js Packages Mar 22, 2023 58 nodejs , npx Node.js Toolbox Feb 23, 2023 57 websites , nodejs , packages Unlocking Security Updates for Transitive Dependencies With npm Jan 19, 2023 56 npm , security , maintenance Using Renovate With Codeberg nic )Jan 15, 2023 55 codeberg , maintenance , renovate New npm Features for Secure Publishing and Safe Consumption Dec 6, 2022 54 npm , security npm Security: Preventing Supply Chain Attacks Nov 7, 2022 53 npm , security Use “npm query” and jq to Dig Into Your Dependencies Oct 5, 2022 52 videos , npm , auditing Phylum Detects Active Typosquatting Campaign Targeting npm Developers Oct 2, 2022 51 npm , security depngn Sep 30, 2022 50 packages , npm , nodejs Dependabot Unlocks Transitive Dependencies for npm Projects Sep 7, 2022 49 npm , security , dependabot 4 Ways to Minimize Your Dependencies in Node.js app )Aug 31, 2022 48 nodejs , npm JavaScript Bugs Aplenty in Node.js Ecosystem—Found Automatically Aug 30, 2022 47 studies , research , nodejs , javascript , security , quality , bugs Everything You Need to Know About JavaScript Import Maps hon )Jul 25, 2022 46 javascript , import-maps Optimizing Node.js Dependencies in AWS Lambda Jul 13, 2022 45 nodejs , aws , serverless , lambda , optimization Alternatives to Installing npm Packages Globally rau )Jun 18, 2022 44 installing , npm Sponsoring Dependencies: The Next Step in Open Source Sustainability nza )Jun 14, 2022 43 economics , foss Don’t Sink Your Website With Third Parties sma )Jun 1, 2022 42 embed-code , performance Snyk Finds 200+ Malicious npm Packages, Including Cobalt Strike Dependency Confusion Attacks May 24, 2022 41 javascript , npm , security Lerna Has Gone—Which Monorepo Is Right for a Node.js Backend Now? May 3, 2022 40 monorepos , comparisons , nodejs , lerna 8 Industry-Standard Tools to Reduce Dependency Risks Apr 26, 2022 39 tooling , maintenance , renovate , depfu , link-lists How to Respond to Growing Supply Chain Security Risks? Apr 3, 2022 38 how-tos , security , nodejs , npm On the Weaponisation of Open Source ben )Mar 18, 2022 37 foss , mongodb , nodejs Update Node Dependencies Automatically, Selectively, or Incrementally Mar 14, 2022 36 nodejs , npm , yarn What’s Really Going On Inside Your node_modules Folder? soc )Mar 1, 2022 35 nodejs , npm How to Publish Deno Modules to npm kit /den )Feb 28, 2022 34 how-tos , deno , modules , npm Understanding Dependencies Inside Your package.json nod )Feb 24, 2022 33 nodejs , npm , yarn How to Fix Your Security Vulnerabilities With npm Override Feb 23, 2022 32 how-tos , security , vulnerabilities , npm The Basics of package.json nod )Feb 15, 2022 31 fundamentals , nodejs , npm , yarn How to Keep Your Repo Package Dependencies Up to Date Automatically Feb 10, 2022 30 how-tos , tooling , github-actions Dependency Risk and Funding mit )Jan 10, 2022 29 github , economics pkg.land Dec 30, 2021 28 websites , packages , npm Why You Should Check in Your Node Dependencies Dec 6, 2021 27 nodejs Ain’t No Party Like a Third Party ada /css )Dec 3, 2021 26 embed-code , security Open Source Insights Jun 3, 2021 25 websites , foss , security , licensing Use Depfu and Mergify to Automatically Merge Dependency Updates May 3, 2021 24 maintenance , automation , depfu Find Unused npm Dependencies Apr 25, 2021 23 packages Uninstalling Dev Dependencies With npm Mar 21, 2021 22 npm Why We Developed the Node.js Reference Architecture Mar 8, 2021 21 nodejs , architecture Automated Dependency Management With Depfu May 4, 2020 20 automation , depfu How to Publish an Updated Version of an npm Package spa /clo )Feb 10, 2020 19 how-tos , npm How to Automatically Update Your JavaScript Dependencies spa /clo )Jan 30, 2020 18 how-tos , javascript , automation , processes , security How to Worry About npm Package Weight chr /css )Dec 18, 2018 17 npm Lerna: A Tale of Renaming npm Packages Jul 24, 2018 16 refactoring , npm , lerna Validating Dependencies in the Project With npm-check and depcheck Jun 1, 2018 15 security , maintenance , auditing , tooling , npm HTML, CSS, and Dependency Direction j9t )Feb 14, 2018 14 html , css , maintainability , best-practices Distribution Packages Considered Insecure Feb 13, 2016 13 unix-like , security How to Solve the Global npm Module Dependency Problem Sep 4, 2015 12 how-tos , npm The Tedium of Managing Code lyz /ali )Aug 6, 2015 11 maintenance , maintainability , javascript , tooling Peer Dependencies dom )Feb 8, 2013 10 npm , nodejs Madge May 20, 2012 9 packages , npm , visualization Sprockets: Build Time JavaScript Dependency Management dal /aja )Feb 20, 2009 8 tooling , javascript , ruby Dealing With Dependencies tro )Feb 4, 2008 7 php npm Package Size Checker 6 tools , exploration , auditing , debugging , npm npm Package Types Checker 5 tools , exploration , auditing , debugging , npm , typescript , type-safety npm Dependency Visualizer 4 tools , exploration , auditing , debugging , npm , visualization npm Package Download Statistics Checker 3 tools , exploration , auditing , debugging , npm , metrics npm Package Checker 2 tools , exploration , auditing , debugging , npm Dependencies Badge Generator 1 tools , exploration , images , npm 