| Malware Found on npm Infecting Local Package With Reverse Shell (rev) | | 136 |
| dependencies, security |
| Lazarus Strikes npm Again With New Wave of Malicious Packages (soc) | | 135 |
| dependencies, security |
| @ 11ty/image-color (zac) | | 134 |
| packages, images, colors |
| Tutorial: Publishing ESM-Based npm Packages With TypeScript (rau) | | 133 |
| tutorials, dependencies, typescript |
| Is npm Enough? Why Startups Are Coming After This JavaScript Package Registry (kat/red) | | 132 |
| jsr, bun, pnpm, yarn, javascript |
| Keep Your Node.js Apps Secure With “npx is-my-node-vulnerable” (tre) | | 131 |
| packages, nodejs, security |
| My Failed Attempt to Shrink All npm Packages by 5% (eva) | | 130 |
| dependencies, compression |
| How I Open-Sourced My Secret Access Tokens From GitHub, Slack, and npm—and Who Actually Cares | | 129 |
| security, github, slack |
| Mastering npm Scripts: Automate Everything in Your Frontend Workflow | | 128 |
| dependencies, environments, ci-cd, automation |
| HTML Conformance: A Comparison of 6.5 npm Validator Packages (With 1.5 Recommendations) (j9t) | | 127 |
| html, conformance, tooling, comparisons |
| Publishing a Simple Client-Side JavaScript Package to npm With GitHub Actions (sim) | | 126 |
| dependencies, javascript, github-actions, github |
| How to Prerelease an npm Package (spa/clo) | | 125 |
| how-tos, dependencies, versioning, semver |
| Understanding “npm audit” and Fixing Vulnerabilities | | 124 |
| security, vulnerabilities, nodejs |
| npm vs. npx | | 123 |
| nodejs, npx, comparisons |
| Significance of package-lock.json or yarn-lock.json | | 122 |
| yarn, comparisons |
| More npm Packages on Cloudflare Workers: Combining Polyfills and Native Code to Support Node.js APIs (jas+/clo) | | 121 |
| cloudflare, nodejs, apis, dependencies |
| caniuse-cli (bra) | | 120 |
| packages, support, browsers, web-platform, caniuse, command-line |
| CSS Style Observer (bra) | | 119 |
| packages, css |
| How to Create an npm Package (mat) | | 118 |
| how-tos, dependencies |
| ObsoHTML, the Obsolete HTML Checker (j9t) | | 117 |
| packages, html, quality |
| The Great npm Garbage Patch | | 116 |
| dependencies, spam, security |
| Building an “npm create” Package (ach) | | 115 |
|
| Publishing a TypeScript Module to npm vs. JSR (den) | | 114 |
| videos, typescript, modules, dependencies, jsr, comparisons |
| Supply Chain Security in npm—We Can Be Optimistic About the Future | | 113 |
| dependencies, security, provenance |
| Leaner npm Packument (Metadata) Contents (git) | | 112 |
|
| Create npm Package With CommonJS and ESM Support in TypeScript | | 111 |
| dependencies, commonjs, esm, typescript |
| npm and Node.js Should Do More to Make ES Modules Easy to Use | | 110 |
| nodejs, esm |
| What Happens When a Major npm Library Goes Commercial? (mco) | | 109 |
| dependencies, foss |
| Researchers Uncover npm Registry Vulnerability to Cache Poisoning and DoS Attacks (sar/soc) | | 108 |
| dependencies, vulnerabilities, caching, security |
| How a Single Vulnerability Can Bring Down the JavaScript Ecosystem | | 107 |
| javascript, dependencies, caching, vulnerabilities, security |
| CodeFlattener | | 106 |
| packages, javascript |
| Using Vite to Rebuild Local Dependencies in an npm Workspace | | 105 |
| dependencies, vite |
| Building an npm Package Compatible With ESM and CJS in 2024 (lir/sny) | | 104 |
| dependencies, interoperability, esm, commonjs |
| npm Basics for New Developers (nim) | | 103 |
| fundamentals |
| Node.js TSC Confirms: No Intention to Remove npm From Distribution (sar/soc) | | 102 |
| nodejs |
| The Ultimate Guide to Understanding npx vs. npm | | 101 |
| guides, npx, nodejs |
| eslint-plugin-depend | | 100 |
| packages, maintenance, simplicity |
| How npm Install Scripts Can Be Weaponized: A Real-World Example of a Harmful npm Package | | 99 |
| dependencies, examples, security |
| Why Does “is-number” Package Have 59M Weekly Downloads? | | 98 |
| dependencies |
| Node.js Community Debate Intensifies Over Enabling Corepack by Default and Potentially Unbundling npm (sar/soc) | | 97 |
| nodejs, corepack, yarn, pnpm, dependencies |
| Malicious npm Package Masquerades as Noblox.js, Targeting Roblox Users for Data Theft (sar/soc) | | 96 |
| dependencies, security |
| GitHub, npm Registry Abused to Host SSH Key-Stealing Malware | | 95 |
| github, security, foss |
| Modern JavaScript Library Starter (sas) | | 94 |
| dependencies, libraries |
| Deceptive Deprecation: The Truth About npm Deprecated Packages | | 93 |
| security, dependencies, research |
| npm in Review: A 2023 Retrospective on Growth, Security, and Quirky Facts (soc) | | 92 |
| retrospectives |
| When “Everything” Becomes Too Much: The npm Package Chaos of 2024 (soc) | | 91 |
| foss |
| A Comprehensive Guide to npm Workspaces and Monorepos | | 90 |
| guides, monorepos, yarn, dependencies |
| I Replaced npm, Yarn, and nvm With pnpm (paw) | | 89 |
| dependencies, yarn, pnpm, nvm |
| How to Use npm Packages Outside of Node | | 88 |
| how-tos, dependencies, javascript |
| Secret Scanning Scans Public npm Packages (git) | | 87 |
| github, dependencies, security |
| TypeScript Monorepo With npm Workspaces (skw) | | 86 |
| monorepos, typescript, architecture |
| SSH Keys Stolen by Stream of Malicious PyPI and npm Packages (ble) | | 85 |
| security, ssh, dependencies |
| Honey, I Shrunk the npm Package | | 84 |
| dependencies, compression |
| npm Provenance General Availability (git) | | 83 |
| github, provenance, security |
| How to Migrate From npm to pnpm | | 82 |
| how-tos, migrating, pnpm |
| dependency-time-machine | | 81 |
| packages, dependencies, maintenance, automation |
| Sophisticated, Highly-Targeted Attacks Continue to Plague npm | | 80 |
| security |
| Publishing With npm Provenance From Private Source Repositories Is No Longer Supported (git) | | 79 |
| github, provenance, security, foss |
| Social Engineering Campaign Targeting Tech Employees Spreading Through npm Malware (soc) | | 78 |
| security |
| A Comprehensive Beginner’s Guide to npm: Simplifying Package Management | | 77 |
| guides, dependencies |
| Making the Switch: From Yarn/npm to pnpm | | 76 |
| yarn, pnpm |
| Identify Unused npm Packages in Your Project (ami) | | 75 |
| dependencies, maintenance |
| The Massive Bug at the Heart of the npm Ecosystem | | 74 |
| dependencies, security |
| Create React UI Lib: Component Library Speedrun | | 73 |
| typescript, react, components |
| npm Won’t Publish Packages Containing the Word “keygen” | | 72 |
| discussions, dependencies |
| Comparing the Best Node.js Version Managers: nvm, Volta, and asdf | | 71 |
| nodejs, nvm |
| npm vs. Yarn vs. pnpm | | 70 |
| yarn, pnpm, comparisons |
| Generating Provenance Statements | | 69 |
| provenance, security |
| Introducing npm Package Provenance (git) | | 68 |
| introductions, github, provenance, security, foss |
| Dissecting npm Malware: Five Packages and Their Evil Install Scripts | | 67 |
| security |
| Understanding npm Versioning | | 66 |
| dependencies, versioning, semver |
| One in Two New npm Packages Is SEO Spam Right Now | | 65 |
| seo |
| The Landscape of npm Packages for CLI Apps | | 64 |
| nodejs, dependencies, command-line |
| Automatic npm Publishing With GitHub Actions and npm Granular Tokens | | 63 |
| github-actions, github, automation |
| Why We Added package.json Support to Deno (tin/den) | | 62 |
| deno, support, nodejs |
| Speeding Up the JavaScript Ecosystem—npm Scripts (mar) | | 61 |
| javascript, performance, bundling |
| Unlocking Security Updates for Transitive Dependencies With npm (git) | | 60 |
| dependencies, security, maintenance |
| Lockfile Trick: Package an npm Project With Nix in 20 Lines | | 59 |
| tips-and-tricks |
| New npm Features for Secure Publishing and Safe Consumption (git) | | 58 |
| security, dependencies |
| Migrating From npm to pnpm | | 57 |
| migrating, pnpm |
| npm Security: Preventing Supply Chain Attacks (lir/sny) | | 56 |
| dependencies, security |
| How to Build, Test, and Publish a TypeScript npm Package in 2022 | | 55 |
| how-tos, typescript |
| Use “npm query” and jq to Dig Into Your Dependencies | | 54 |
| videos, dependencies, auditing |
| Phylum Detects Active Typosquatting Campaign Targeting npm Developers | | 53 |
| dependencies, security |
| depngn | | 52 |
| packages, nodejs, dependencies |
| Best Practices for Creating a Modern npm Package (sny) | | 51 |
| best-practices |
| Dependabot Unlocks Transitive Dependencies for npm Projects (git) | | 50 |
| dependencies, security |
| 4 Ways to Minimize Your Dependencies in Node.js (app) | | 49 |
| nodejs, dependencies |
| Installing and Running Node.js Bin Scripts (rau) | | 48 |
| installing, nodejs |
| Introducing the New npm Dependency Selector Syntax (git) | | 47 |
| introductions |
| Introducing Even More Security Enhancements to npm (git) | | 46 |
| introductions, security |
| Top 5 npm Vulnerability Scanners | | 45 |
| security, vulnerabilities, tooling |
| css-browser-support (5t3) | | 44 |
| packages, css, browsers, support |
| Imagemin Guard (j9t) | | 43 |
| packages, images, compression, performance, jpeg, png, gif, webp, avif |
| Alternatives to Installing npm Packages Globally (rau) | | 42 |
| installing, dependencies |
| How to Migrate From Yarn/npm to pnpm | | 41 |
| how-tos, migrating, yarn, pnpm |
| You May Not Need a Bundler for Your npm Library | | 40 |
| bundling |
| npm Security Update: Attack Campaign Using Stolen OAuth Tokens (git) | | 39 |
| security, oauth, version-control, github |
| What npm Can Learn From Go | | 38 |
|
| Snyk Finds 200+ Malicious npm Packages, Including Cobalt Strike Dependency Confusion Attacks (sny) | | 37 |
| javascript, dependencies, security |
| 4 Reasons to Avoid Using “npm link” | | 36 |
|
| How to Respond to Growing Supply Chain Security Risks? | | 35 |
| how-tos, security, dependencies, nodejs |
| Update Node Dependencies Automatically, Selectively, or Incrementally | | 34 |
| nodejs, dependencies, yarn |
| What’s Really Going On Inside Your node_modules Folder? (soc) | | 33 |
| nodejs, dependencies |
| How to Publish Deno Modules to npm (kit/den) | | 32 |
| how-tos, deno, modules, dependencies |
| Understanding Dependencies Inside Your package.json | | 31 |
| nodejs, dependencies, yarn |
| How to Fix Your Security Vulnerabilities With npm Override | | 30 |
| how-tos, security, vulnerabilities, dependencies |
| The Basics of package.json | | 29 |
| fundamentals, nodejs, dependencies, yarn |
| pkg.land | | 28 |
| websites, packages, dependencies |
| GitHub’s Commitment to npm Ecosystem Security (git) | | 27 |
| github, security |
| Yarn vs. npm: Everything You Need to Know | | 26 |
| yarn, comparisons |
| timefind | | 25 |
| packages, history |
| Common npm Mistakes Every Developer Should Avoid | | 24 |
| mistakes |
| npm Security Best Practices (lir/owa) | | 23 |
| security, best-practices |
| Simple Monorepos via npm Workspaces and TypeScript Project References (rau) | | 22 |
| monorepos, typescript |
| NPM Global Audit | | 21 |
| packages, security, quality, auditing |
| What Is Node and When Should I Use It? | | 20 |
| nodejs, javascript |
| How to Publish an Updated Version of an npm Package (spa/clo) | | 19 |
| how-tos, dependencies |
| How to Add CSS Vendor Prefixes Automatically (luk) | | 18 |
| how-tos, css, vendor-extensions, automation, tooling, postcss, webpack, gulp |
| a11y-syntax-highlighting (eri) | | 17 |
| packages, accessibility, syntax-highlighting |
| Validating Dependencies in the Project With npm-check and depcheck | | 16 |
| dependencies, security, maintenance, auditing, tooling |
| Introducing npx: An npm Package Runner (zka) | | 15 |
| introductions, npx, nodejs |
| 10 Node.js Best Practices: Enlightenment From the Node Gurus | | 14 |
| nodejs, best-practices, environments, event-loop, naming, scalability, caching, express |
| Why npm Scripts? (css) | | 13 |
| nodejs, conversion, linting, minification, compression, sprites, images, examples |
| why-is-node-running | | 12 |
| packages, nodejs |
| How to Solve the Global npm Module Dependency Problem | | 11 |
| how-tos, dependencies |
| image-dimensions (sin) | | 10 |
| packages, images |
| Learning Node.js: The “npm link” | | 9 |
| videos, nodejs |
| 9 Quick Tips About npm | | 8 |
| tips-and-tricks, nvm, command-line |
| Peer Dependencies (dom) | | 7 |
| nodejs, dependencies |
| Madge | | 6 |
| packages, dependencies, visualization |
| npm Package Download Statistics Checker | | 5 |
| tools, exploration, auditing, debugging, dependencies, metrics |
| npm Dependency Visualizer | | 4 |
| tools, exploration, auditing, debugging, dependencies, visualization |
| npm Package Types Checker | | 3 |
| tools, exploration, auditing, debugging, dependencies, typescript, type-safety |
| npm, Yarn, and pnpm Command Converter | | 2 |
| tools, exploration, conversion, yarn, pnpm, command-line |
| npm Package Size Checker | | 1 |
| tools, exploration, auditing, debugging, dependencies |
