How I Resolved 15K Circular Dependencies haa )Apr 17, 2026 178 monorepos , nx No One Owes You Supply-Chain Security pur )Apr 11, 2026 177 security , rust The Hidden Blast Radius of the Axios Compromise ahm /soc )Apr 1, 2026 176 npm , axios , security Minimum Release Age Is an Underrated Supply Chain Defense dan )Mar 31, 2026 175 security , npm , bun , pnpm , yarn , deno , renovate , dependabot , axios Axios Compromised on npm—Malicious Versions Drop Remote Access Trojan Mar 30, 2026 174 npm , axios , security Malicious PyPI Package—LiteLLM Supply Chain Compromise Mar 25, 2026 173 vulnerabilities , security Supply-Chain Attack Using Invisible Code Hits GitHub and Other Repositories dan /ars )Mar 13, 2026 172 security , github The Three Pillars of JavaScript Bloat 430 )Mar 12, 2026 171 javascript , complexity , runtimes , architecture , polyfills So Where Are All the AI Apps? alg +)Mar 12, 2026 170 ai , python , metrics Node.js Package Configuration Guide nod )Jan 8, 2026 169 guides , packages , configuration , commonjs , esm Web Dependencies Are Broken—Can We Fix Them? lea )Jan 7, 2026 168 javascript , import-maps , web-platform npm to Implement Staged Publishing After Turbulent Shift Off Classic Tokens sar /soc )Jan 7, 2026 167 npm , security , github The Nine Levels of JavaScript Dependency Hell and )Jan 5, 2026 166 javascript , maintainability The Package Management Landscape and )Jan 3, 2026 165 tooling , overviews , link-lists How We’re Protecting Our Newsroom From npm Supply Chain Attacks rya /pnp )Dec 5, 2025 164 npm , security , case-studies No More Tokens—Locking Down npm Publish Workflows zac )Dec 4, 2025 163 npm , security , github , processes The Shai-Hulud 2.0 npm Worm: Analysis, and What You Need to Know Nov 25, 2025 162 npm , security GitLab Discovers Widespread npm Supply Chain Attack git )Nov 24, 2025 161 npm , security , gitlab , github , aws , gcp , azure Shipping Node.js Packages in 2025 joy )Oct 3, 2025 160 slides , nodejs , esm , commonjs 15 Recent Node.js Features That Replace Popular npm Packages nod )Oct 1, 2025 159 nodejs , npm , maintenance Principles of Simplicity in Frontend Architecture Sep 26, 2025 158 simplicity , principles What Just Happened to RubyGems? chr )Sep 24, 2025 157 ruby , shopify Our Plan for a More Secure npm Supply Chain xco )Sep 22, 2025 156 npm , security , foss This May Be the Worst One the )Sep 17, 2025 155 videos , npm , security Ongoing Supply Chain Attack Targets CrowdStrike npm Packages pvd +/soc )Sep 16, 2025 154 npm , security ctrl/tinycolor and 40+ npm Packages Compromised Sep 15, 2025 153 npm , security Which npm Package Has the Largest Version Number? Sep 14, 2025 152 npm , versioning , semver How to Keep package.json Under Control tmc /val )Sep 11, 2025 151 how-tos , nodejs , npm , maintainability Oh No, Not Again… a Meditation on npm Supply Chain Attacks tan )Sep 9, 2025 150 npm , security , microsoft Anatomy of a Billion-Download npm Supply-Chain Attack Sep 8, 2025 149 npm , security npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack bur +/soc )Sep 8, 2025 148 npm , security Why You Absolutely Need to Have Automated Dependency Management in Place j9t )Aug 28, 2025 147 maintainability , maintenance , security , automation , tooling Speeding Up the JavaScript Ecosystem—SemVer mar )Aug 10, 2025 146 javascript , performance , semver , versioning npm Trusted Publishing With OIDC Is Generally Available Jul 31, 2025 145 npm , provenance , github Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader soc )Jul 14, 2025 144 security , npm Ramblings on Dependency Management mpl )Jun 18, 2025 143 maintenance npm Targeted by Malware Campaign Mimicking Familiar Library Names soc )May 2, 2025 142 npm , malware , security , link-lists npm Should Remove the Default License From New Packages (ISC) ext )Apr 30, 2025 141 npm , licensing , foss Eleventy: A GitHub Workflow to Check if an Automated Dependency Update Would Break Your Site j9t )Apr 22, 2025 140 eleventy , nodejs , automation , github-actions LLMs Can’t Stop Making Up Software Dependencies and Sabotaging Everything tho /the )Apr 12, 2025 139 ai , security , slop A Decade of Impact: How Our npm Packages Hit 1 Billion Downloads and Shaped JavaScript Apr 1, 2025 138 npm , history , javascript Breaking Down Circular Dependencies in JavaScript Mar 29, 2025 137 javascript Malware Found on npm Infecting Local Package With Reverse Shell rev )Mar 26, 2025 136 npm , security Lazarus Strikes npm Again With New Wave of Malicious Packages soc )Mar 10, 2025 135 npm , security Tutorial: Publishing ESM-Based npm Packages With TypeScript rau )Feb 4, 2025 134 tutorials , npm , typescript My Failed Attempt to Shrink All npm Packages by 5% eva )Jan 27, 2025 133 npm , compression Build It Yourself mit )Jan 24, 2025 132 maintenance , maintainability , processes 10 Very Important Flutter Packages Jan 24, 2025 131 flutter Double-Keyed Caching: How Browser Cache Partitioning Changed the Web add )Jan 7, 2025 130 browsers , caching , network , content-delivery , performance Do I Need This Node Dependency? bri )Dec 31, 2024 129 nodejs The 20 Commandments of Software Engineering Dec 30, 2024 128 principles , programming , complexity , documentation , commit-messages , code-reviews , maintenance , collaboration On Long Term Software Development ber )Dec 22, 2024 127 maintainability , maintenance , foss , testing , complexity Mastering npm Scripts: Automate Everything in Your Frontend Workflow Dec 22, 2024 126 npm , environments , ci-cd , automation JS Import Maps 5t3 )Dec 20, 2024 125 javascript , import-maps Your JavaScript Bundle Is Too Fat Dec 13, 2024 124 javascript , bundling , performance , code-splitting , lazy-loading , tree-shaking , minification , optimization Publishing a Simple Client-Side JavaScript Package to npm With GitHub Actions sim )Dec 7, 2024 123 javascript , npm , github-actions How to Prerelease an npm Package spa /clo )Nov 19, 2024 122 how-tos , npm , versioning , semver Node.js Corepack: Version Control for Package Managers tre )Nov 19, 2024 121 nodejs , corepack , versioning , tooling Introducing the vlt Package Manager and Serverless Registry Nov 5, 2024 120 introductions , serverless , javascript , tooling cpx—the npx Counterpart of the PHP Ecosystem ami )Oct 3, 2024 119 php The Nine Node Pillars mco /pla )Sep 18, 2024 118 nodejs , principles More npm Packages on Cloudflare Workers: Combining Polyfills and Native Code to Support Node.js APIs jas +)Sep 9, 2024 117 cloudflare , nodejs , npm , apis Hidden Cost of Frontend Frameworks Aug 29, 2024 116 frameworks , simplicity How to Create an npm Package mat )Aug 21, 2024 115 how-tos , npm The Great npm Garbage Patch Aug 6, 2024 114 npm , spam , security Secure Node.js Applications From Supply Chain Attacks Jul 25, 2024 113 nodejs , security , best-practices Publishing a TypeScript Module to npm vs. JSR den )Jul 10, 2024 112 videos , typescript , modules , npm , jsr , comparisons Supply Chain Security in npm—We Can Be Optimistic About the Future Jul 9, 2024 111 npm , security , provenance Create npm Package With CommonJS and ESM Support in TypeScript Jun 29, 2024 110 npm , commonjs , esm , typescript What Happens When a Major npm Library Goes Commercial? mco )Jun 17, 2024 109 npm , foss Dual Publishing ESM and CJS Modules With tsup and “Are the Types Wrong?” joh )Jun 15, 2024 108 esm , commonjs , tooling , typescript , type-safety Researchers Uncover npm Registry Vulnerability to Cache Poisoning and DoS Attacks sar /soc )Jun 15, 2024 107 npm , vulnerabilities , caching , security How a Single Vulnerability Can Bring Down the JavaScript Ecosystem Jun 3, 2024 106 javascript , npm , caching , vulnerabilities , security How to Use Corepack mat )Jun 2, 2024 105 how-tos , nodejs , corepack JSR: The JavaScript Package Registry We’ve Been Waiting For May 24, 2024 104 jsr JavaScript Security: Simple Practices to Secure Your Frontend May 15, 2024 103 javascript , security , csp How to Document Your JavaScript Package den )May 10, 2024 102 how-tos , javascript , documentation , writing , jsdoc , readme JSR Is Not Another Package Manager tin /den )Apr 24, 2024 101 jsr Using Vite to Rebuild Local Dependencies in an npm Workspace Apr 23, 2024 100 npm , vite Building an npm Package Compatible With ESM and CJS in 2024 Apr 18, 2024 99 npm , interoperability , esm , commonjs Microservices Promised Freedom but Delivered Dependencies pur )Mar 21, 2024 98 microservices Another JS Registry—Seriously?! den )Mar 13, 2024 97 videos , jsr , javascript How npm Install Scripts Can Be Weaponized: A Real-World Example of a Harmful npm Package eth )Mar 3, 2024 96 npm , examples , security Introducing JSR—the JavaScript Registry lca +/den )Mar 1, 2024 95 introductions , jsr , deno , javascript Choosing the Right Node.js Package Manager in 2024: A Comparative Guide nod )Feb 29, 2024 94 guides , nodejs , comparisons Why Does “is-number” Package Have 59M Weekly Downloads? Feb 29, 2024 93 npm JSR: What We Know So Far About Deno’s New JavaScript Package Registry sar /soc )Feb 22, 2024 92 jsr , deno , javascript Frontend Application Security: Tips and Tricks Feb 16, 2024 91 web-apps , security , xss , csrf , authentication , csp , validation , tips-and-tricks Node.js Community Debate Intensifies Over Enabling Corepack by Default and Potentially Unbundling npm sar /soc )Feb 8, 2024 90 nodejs , corepack , npm , yarn , pnpm Malicious npm Package Masquerades as Noblox.js, Targeting Roblox Users for Data Theft sar /soc )Feb 6, 2024 89 npm , security Modern JavaScript Library Starter Jan 23, 2024 88 npm , libraries Deceptive Deprecation: The Truth About npm Deprecated Packages Jan 18, 2024 87 deprecation , security , npm , research Secure Your Code: Auto-Fix Vulnerabilities With Dependabot (GitHub Tutorial) Jan 14, 2024 86 videos , security , dependabot Compatibility of Node.js Versions With Packages Jan 11, 2024 85 nodejs , versioning Installing Google Fonts as npm Packages ami )Dec 30, 2023 84 installing , tooling , google , fonts A Comprehensive Guide to npm Workspaces and Monorepos Dec 30, 2023 83 guides , monorepos , npm , yarn I Replaced npm, Yarn, and nvm With pnpm paw )Dec 1, 2023 82 npm , yarn , pnpm , nvm A Complete Guide to pnpm Nov 27, 2023 81 guides , pnpm Understanding Dev Dependencies in Web Development Nov 17, 2023 80 How to Use npm Packages Outside of Node Nov 6, 2023 79 how-tos , npm , javascript Secret Scanning Scans Public npm Packages Oct 26, 2023 78 github , npm , security How We Optimized Package Imports in Next.js Oct 13, 2023 77 nextjs , optimization , case-studies Honey, I Shrunk the npm Package Sep 27, 2023 76 npm , compression SSH Keys Stolen by Stream of Malicious PyPI and npm Packages ble )Sep 27, 2023 75 security , ssh , npm Upgrading Frontend Dependencies With Confidence Sep 22, 2023 74 maintenance , testing , regressions , playwright Bun Hype: How We Learned Nothing From Yarn Sep 16, 2023 73 bun , yarn , history dependency-time-machine Aug 12, 2023 72 packages , npm , maintenance , automation My Experience Modernizing Packages to ESM Aug 8, 2023 71 modernization , esm A Comprehensive Beginner’s Guide to npm: Simplifying Package Management Jul 14, 2023 70 guides , npm Identify Unused npm Packages in Your Project ami )Jul 1, 2023 69 npm , maintenance The Massive Bug at the Heart of the npm Ecosystem Jun 27, 2023 68 npm , security , bugs It Depends—Exploring My Favourite Renovate Features for Dependency Updates kal )Jun 18, 2023 67 maintenance , renovate , configuration npm Won’t Publish Packages Containing the Word “keygen” Jun 14, 2023 66 discussions , npm Before Your Next Frontend Pull Request, Use This Checklist tra /evi )Jun 7, 2023 65 checklists , performance , compression , accessibility , legibility , naming Building a Frontend Framework—Reactivity and Composability With Zero Dependencies May 13, 2023 64 frameworks , reactivity The Case Against Automatic Dependency Updates ben )Apr 21, 2023 63 automation , ci-cd , maintenance , security Automating Dependency Updates: The Big Debate Apr 21, 2023 62 automation , ci-cd , security Deno vs. Node: No One Is Ready for the Move Apr 17, 2023 61 deno , nodejs , comparisons Understanding npm Versioning Apr 4, 2023 60 npm , versioning , semver The Landscape of npm Packages for CLI Apps Mar 24, 2023 59 nodejs , npm , command-line npx: The Easy Way to Run Node.js Packages Mar 22, 2023 58 nodejs , npx Node.js Toolbox Feb 23, 2023 57 websites , nodejs , packages Unlocking Security Updates for Transitive Dependencies With npm Jan 19, 2023 56 npm , security , maintenance Using Renovate With Codeberg nic )Jan 15, 2023 55 codeberg , maintenance , renovate New npm Features for Secure Publishing and Safe Consumption Dec 6, 2022 54 npm , security npm Security: Preventing Supply Chain Attacks Nov 7, 2022 53 npm , security Use “npm query” and jq to Dig Into Your Dependencies Oct 5, 2022 52 videos , npm , auditing Phylum Detects Active Typosquatting Campaign Targeting npm Developers Oct 2, 2022 51 npm , security depngn Sep 30, 2022 50 packages , npm , nodejs Dependabot Unlocks Transitive Dependencies for npm Projects Sep 7, 2022 49 npm , security , dependabot 4 Ways to Minimize Your Dependencies in Node.js app )Aug 31, 2022 48 nodejs , npm JavaScript Bugs Aplenty in Node.js Ecosystem—Found Automatically Aug 30, 2022 47 studies , research , nodejs , javascript , security , quality , bugs Everything You Need to Know About JavaScript Import Maps hon )Jul 25, 2022 46 javascript , import-maps Optimizing Node.js Dependencies in AWS Lambda Jul 13, 2022 45 nodejs , aws , serverless , lambda , optimization Alternatives to Installing npm Packages Globally rau )Jun 18, 2022 44 installing , npm Sponsoring Dependencies: The Next Step in Open Source Sustainability nza )Jun 14, 2022 43 economics , foss Don’t Sink Your Website With Third Parties sma )Jun 1, 2022 42 embed-code , performance Snyk Finds 200+ Malicious npm Packages, Including Cobalt Strike Dependency Confusion Attacks May 24, 2022 41 javascript , npm , security Lerna Has Gone—Which Monorepo Is Right for a Node.js Backend Now? May 3, 2022 40 monorepos , comparisons , nodejs , lerna 8 Industry-Standard Tools to Reduce Dependency Risks Apr 26, 2022 39 tooling , maintenance , renovate , depfu , link-lists How to Respond to Growing Supply Chain Security Risks? Apr 3, 2022 38 how-tos , security , nodejs , npm On the Weaponisation of Open Source ben )Mar 18, 2022 37 foss , mongodb , nodejs Update Node Dependencies Automatically, Selectively, or Incrementally Mar 14, 2022 36 nodejs , npm , yarn What’s Really Going On Inside Your node_modules Folder? soc )Mar 1, 2022 35 nodejs , npm How to Publish Deno Modules to npm kit /den )Feb 28, 2022 34 how-tos , deno , modules , npm Understanding Dependencies Inside Your package.json nod )Feb 24, 2022 33 nodejs , npm , yarn How to Fix Your Security Vulnerabilities With npm Override Feb 23, 2022 32 how-tos , security , vulnerabilities , npm The Basics of package.json nod )Feb 15, 2022 31 fundamentals , nodejs , npm , yarn How to Keep Your Repo Package Dependencies Up to Date Automatically Feb 10, 2022 30 how-tos , tooling , github-actions Dependency Risk and Funding mit )Jan 10, 2022 29 github , economics pkg.land Dec 30, 2021 28 websites , packages , npm Why You Should Check in Your Node Dependencies Dec 6, 2021 27 nodejs Ain’t No Party Like a Third Party ada /css )Dec 3, 2021 26 embed-code , security Open Source Insights Jun 3, 2021 25 websites , foss , security , licensing Use Depfu and Mergify to Automatically Merge Dependency Updates May 3, 2021 24 maintenance , automation , depfu Find Unused npm Dependencies Apr 25, 2021 23 packages Uninstalling Dev Dependencies With npm Mar 21, 2021 22 npm Why We Developed the Node.js Reference Architecture Mar 8, 2021 21 nodejs , architecture Automated Dependency Management With Depfu the )May 4, 2020 20 automation , depfu How to Publish an Updated Version of an npm Package spa /clo )Feb 10, 2020 19 how-tos , npm How to Automatically Update Your JavaScript Dependencies spa /clo )Jan 30, 2020 18 how-tos , javascript , automation , processes , security How to Worry About npm Package Weight chr /css )Dec 18, 2018 17 npm Lerna: A Tale of Renaming npm Packages Jul 24, 2018 16 refactoring , npm , lerna Validating Dependencies in the Project With npm-check and depcheck Jun 1, 2018 15 security , maintenance , auditing , tooling , npm HTML, CSS, and Dependency Direction j9t )Feb 14, 2018 14 html , css , maintainability , best-practices Distribution Packages Considered Insecure Feb 13, 2016 13 unix-like , security How to Solve the Global npm Module Dependency Problem Sep 4, 2015 12 how-tos , npm The Tedium of Managing Code lyz /ali )Aug 6, 2015 11 maintenance , maintainability , javascript , tooling Peer Dependencies dom )Feb 8, 2013 10 npm , nodejs Madge May 20, 2012 9 packages , npm , visualization Sprockets: Build Time JavaScript Dependency Management dal /aja )Feb 20, 2009 8 tooling , javascript , ruby Dealing With Dependencies tro )Feb 4, 2008 7 php npm Package Size Checker 6 tools , exploration , auditing , debugging , npm npm Package Types Checker 5 tools , exploration , auditing , debugging , npm , typescript , type-safety npm Dependency Visualizer 4 tools , exploration , auditing , debugging , npm , visualization npm Package Download Statistics Checker 3 tools , exploration , auditing , debugging , npm , metrics npm Package Checker 2 tools , exploration , auditing , debugging , npm Dependencies Badge Generator 1 tools , exploration , images , npm 