| Lazarus Strikes npm Again With New Wave of Malicious Packages (soc) | | 133 |
| dependencies, security |
| @ 11ty/image-color (zac) | | 132 |
| packages, images, colors |
| Tutorial: Publishing ESM-Based npm Packages With TypeScript (rau) | | 131 |
| tutorials, dependencies, typescript |
| Is npm Enough? Why Startups Are Coming After This JavaScript Package Registry (kat/red) | | 130 |
| jsr, bun, pnpm, yarn, javascript |
| Keep Your Node.js Apps Secure With “npx is-my-node-vulnerable” (tre) | | 129 |
| packages, nodejs, security |
| My Failed Attempt to Shrink All npm Packages by 5% (eva) | | 128 |
| dependencies, compression |
| How I Open-Sourced My Secret Access Tokens From GitHub, Slack, and npm—and Who Actually Cares (iva) | | 127 |
| security, github, slack |
| Mastering npm Scripts: Automate Everything in Your Frontend Workflow (the/fro) | | 126 |
| dependencies, environments, ci-cd, automation |
| HTML Conformance: A Comparison of 6.5 npm Validator Packages (With 1.5 Recommendations) (j9t) | | 125 |
| html, conformance, tooling, comparisons |
| Publishing a Simple Client-Side JavaScript Package to npm With GitHub Actions (sim) | | 124 |
| dependencies, javascript, github-actions, github |
| How to Prerelease an npm Package (spa/clo) | | 123 |
| how-tos, dependencies, versioning, semver |
| Understanding “npm audit” and Fixing Vulnerabilities (nir) | | 122 |
| security, vulnerabilities, nodejs |
| npm vs. npx | | 121 |
| nodejs, npx, comparisons |
| Significance of package-lock.json or yarn-lock.json | | 120 |
| yarn, comparisons |
| More npm Packages on Cloudflare Workers: Combining Polyfills and Native Code to Support Node.js APIs (jas+/clo) | | 119 |
| cloudflare, nodejs, apis, dependencies |
| caniuse-cli (bra) | | 118 |
| packages, support, browsers, web-platform, caniuse, command-line |
| CSS Style Observer (bra) | | 117 |
| packages, css |
| How to Create an npm Package (mat) | | 116 |
| how-tos, dependencies |
| ObsoHTML, the Obsolete HTML Checker (j9t) | | 115 |
| packages, html, quality |
| The Great npm Garbage Patch (phy) | | 114 |
| dependencies, spam, security |
| Building an “npm create” Package (ach) | | 113 |
|
| Publishing a TypeScript Module to npm vs. JSR (den) | | 112 |
| videos, typescript, modules, dependencies, jsr, comparisons |
| Supply Chain Security in npm—We Can Be Optimistic About the Future (rw/sco) | | 111 |
| dependencies, security, provenance |
| Leaner npm Packument (Metadata) Contents (git) | | 110 |
|
| Create npm Package With CommonJS and ESM Support in TypeScript (wal) | | 109 |
| dependencies, commonjs, esm, typescript |
| npm and Node.js Should Do More to Make ES Modules Easy to Use (bch) | | 108 |
| nodejs, esm |
| What Happens When a Major npm Library Goes Commercial? (mco) | | 107 |
| dependencies, foss |
| Researchers Uncover npm Registry Vulnerability to Cache Poisoning and DoS Attacks (sar/soc) | | 106 |
| dependencies, vulnerabilities, caching, security |
| How a Single Vulnerability Can Bring Down the JavaScript Ecosystem (0xl) | | 105 |
| javascript, dependencies, caching, vulnerabilities, security |
| CodeFlattener (bch) | | 104 |
| packages, javascript |
| Using Vite to Rebuild Local Dependencies in an npm Workspace (pro) | | 103 |
| dependencies, vite |
| Building an npm Package Compatible With ESM and CJS in 2024 (lir/sny) | | 102 |
| dependencies, interoperability, esm, commonjs |
| npm Basics for New Developers (nim/dai) | | 101 |
| fundamentals |
| Node.js TSC Confirms: No Intention to Remove npm From Distribution (sar/soc) | | 100 |
| nodejs |
| The Ultimate Guide to Understanding npx vs. npm (sa/dhi) | | 99 |
| guides, npx, nodejs |
| eslint-plugin-depend (430) | | 98 |
| packages, maintenance, simplicity |
| How npm Install Scripts Can Be Weaponized: A Real-World Example of a Harmful npm Package (eth/sta) | | 97 |
| dependencies, examples, security |
| Why Does “is-number” Package Have 59M Weekly Downloads? (shu) | | 96 |
| dependencies |
| Node.js Community Debate Intensifies Over Enabling Corepack by Default and Potentially Unbundling npm (sar/soc) | | 95 |
| nodejs, corepack, yarn, pnpm, dependencies |
| Malicious npm Package Masquerades as Noblox.js, Targeting Roblox Users for Data Theft (sar/soc) | | 94 |
| dependencies, security |
| GitHub, npm Registry Abused to Host SSH Key-Stealing Malware (scm) | | 93 |
| github, security, foss |
| Modern JavaScript Library Starter (sas) | | 92 |
| dependencies, libraries |
| Deceptive Deprecation: The Truth About npm Deprecated Packages (gol+/aqu) | | 91 |
| security, dependencies, research |
| npm in Review: A 2023 Retrospective on Growth, Security, and Quirky Facts (bur/soc) | | 90 |
| retrospectives |
| When “Everything” Becomes Too Much: The npm Package Chaos of 2024 (fer/soc) | | 89 |
| foss |
| A Comprehensive Guide to npm Workspaces and Monorepos | | 88 |
| guides, monorepos, yarn, dependencies |
| I Replaced npm, Yarn, and nvm With pnpm (paw) | | 87 |
| dependencies, yarn, pnpm, nvm |
| How to Use npm Packages Outside of Node (neo) | | 86 |
| how-tos, dependencies, javascript |
| Secret Scanning Scans Public npm Packages (git) | | 85 |
| github, dependencies, security |
| TypeScript Monorepo With npm Workspaces (skw) | | 84 |
| monorepos, typescript, architecture |
| SSH Keys Stolen by Stream of Malicious PyPI and npm Packages (bil/ble) | | 83 |
| security, ssh, dependencies |
| Honey, I Shrunk the npm Package (jam) | | 82 |
| dependencies, compression |
| npm Provenance General Availability (git) | | 81 |
| github, provenance, security |
| How to Migrate From npm to pnpm (run) | | 80 |
| how-tos, migrating, pnpm |
| Sophisticated, Highly-Targeted Attacks Continue to Plague npm (phy) | | 79 |
| security |
| dependency-time-machine (pil) | | 78 |
| packages, dependencies, maintenance, automation |
| Publishing With npm Provenance From Private Source Repositories Is No Longer Supported (git) | | 77 |
| github, provenance, security, foss |
| Social Engineering Campaign Targeting Tech Employees Spreading Through npm Malware (soc) | | 76 |
| security |
| A Comprehensive Beginner’s Guide to npm: Simplifying Package Management (abh) | | 75 |
| guides, dependencies |
| Making the Switch: From Yarn/npm to pnpm (rau) | | 74 |
| yarn, pnpm |
| Identify Unused npm Packages in Your Project (ami) | | 73 |
| dependencies, maintenance |
| The Massive Bug at the Heart of the npm Ecosystem (dar/vlt) | | 72 |
| dependencies, security |
| Create React UI Lib: Component Library Speedrun (mis) | | 71 |
| typescript, react, components |
| npm Won’t Publish Packages Containing the Word “keygen” | | 70 |
| discussions, dependencies |
| Comparing the Best Node.js Version Managers: nvm, Volta, and asdf (liz/sta) | | 69 |
| nodejs, nvm |
| npm vs. Yarn vs. pnpm (rax) | | 68 |
| yarn, pnpm, comparisons |
| Introducing npm Package Provenance (bde+/git) | | 67 |
| introductions, github, provenance, security, foss |
| Generating Provenance Statements (myl/npm) | | 66 |
| provenance, security |
| Dissecting npm Malware: Five Packages and Their Evil Install Scripts (gab/san) | | 65 |
| security |
| Understanding npm Versioning (ben/typ) | | 64 |
| dependencies, versioning, semver |
| One in Two New npm Packages Is SEO Spam Right Now (gab/san) | | 63 |
| seo |
| The Landscape of npm Packages for CLI Apps | | 62 |
| nodejs, dependencies, command-line |
| Automatic npm Publishing With GitHub Actions and npm Granular Tokens (pim/htt) | | 61 |
| github-actions, github, automation |
| Why We Added package.json Support to Deno (tin/den) | | 60 |
| deno, support, nodejs |
| Speeding Up the JavaScript Ecosystem—npm Scripts (mar) | | 59 |
| javascript, performance, bundling |
| Unlocking Security Updates for Transitive Dependencies With npm (bry/git) | | 58 |
| dependencies, security, maintenance |
| Lockfile Trick: Package an npm Project With Nix in 20 Lines (nas) | | 57 |
| tips-and-tricks |
| New npm Features for Secure Publishing and Safe Consumption (mon/git) | | 56 |
| security, dependencies |
| Migrating From npm to pnpm | | 55 |
| migrating, pnpm |
| npm Security: Preventing Supply Chain Attacks (lir/sny) | | 54 |
| dependencies, security |
| How to Build, Test, and Publish a TypeScript npm Package in 2022 (jan) | | 53 |
| how-tos, typescript |
| Use “npm query” and jq to Dig Into Your Dependencies (eli) | | 52 |
| videos, dependencies, auditing |
| Phylum Detects Active Typosquatting Campaign Targeting npm Developers (phy) | | 51 |
| dependencies, security |
| depngn (jsu) | | 50 |
| packages, nodejs, dependencies |
| Best Practices for Creating a Modern npm Package (cl/sny) | | 49 |
| best-practices |
| Dependabot Unlocks Transitive Dependencies for npm Projects (git) | | 48 |
| dependencies, security |
| 4 Ways to Minimize Your Dependencies in Node.js (skw/app) | | 47 |
| nodejs, dependencies |
| Installing and Running Node.js Bin Scripts (rau) | | 46 |
| installing, nodejs |
| Introducing the New npm Dependency Selector Syntax (git) | | 45 |
| introductions |
| Introducing Even More Security Enhancements to npm (myl+/git) | | 44 |
| introductions, security |
| Top 5 npm Vulnerability Scanners (get) | | 43 |
| security, vulnerabilities, tooling |
| css-browser-support (5t3) | | 42 |
| packages, css, browsers, support |
| Imagemin Guard (j9t) | | 41 |
| packages, images, compression, performance, jpeg, png, gif, webp, avif |
| Alternatives to Installing npm Packages Globally (rau) | | 40 |
| installing, dependencies |
| How to Migrate From Yarn/npm to pnpm | | 39 |
| how-tos, migrating, yarn, pnpm |
| You May Not Need a Bundler for Your npm Library (cmd) | | 38 |
| bundling |
| What npm Can Learn From Go (bos/har) | | 37 |
|
| npm Security Update: Attack Campaign Using Stolen OAuth Tokens (gos/git) | | 36 |
| security, oauth, version-control, github |
| Snyk Finds 200+ Malicious npm Packages, Including Cobalt Strike Dependency Confusion Attacks (byt/sny) | | 35 |
| javascript, dependencies, security |
| 4 Reasons to Avoid Using “npm link” (pri) | | 34 |
|
| How to Respond to Growing Supply Chain Security Risks? (mak) | | 33 |
| how-tos, security, dependencies, nodejs |
| Update Node Dependencies Automatically, Selectively, or Incrementally (eli) | | 32 |
| nodejs, dependencies, yarn |
| What’s Really Going On Inside Your node_modules Folder? (soc) | | 31 |
| nodejs, dependencies |
| How to Publish Deno Modules to npm (kit/den) | | 30 |
| how-tos, deno, modules, dependencies |
| Understanding Dependencies Inside Your package.json (the+/nod) | | 29 |
| nodejs, dependencies, yarn |
| How to Fix Your Security Vulnerabilities With npm Override (azu) | | 28 |
| how-tos, security, vulnerabilities, dependencies |
| The Basics of package.json (the+/nod) | | 27 |
| fundamentals, nodejs, dependencies, yarn |
| pkg.land (dor/pkg) | | 26 |
| websites, packages, dependencies |
| GitHub’s Commitment to npm Ecosystem Security (mp/git) | | 25 |
| github, security |
| Yarn vs. npm: Everything You Need to Know (cod/sit) | | 24 |
| yarn, comparisons |
| timefind (cyk) | | 23 |
| packages, history |
| Common npm Mistakes Every Developer Should Avoid (bit) | | 22 |
| mistakes |
| npm Security Best Practices (lir/owa) | | 21 |
| security, best-practices |
| Simple Monorepos via npm Workspaces and TypeScript Project References (rau) | | 20 |
| monorepos, typescript |
| NPM Global Audit | | 19 |
| packages, security, quality, auditing |
| What Is Node and When Should I Use It? (jch/sit) | | 18 |
| nodejs, javascript |
| How to Publish an Updated Version of an npm Package (spa/clo) | | 17 |
| how-tos, dependencies |
| How to Add CSS Vendor Prefixes Automatically (luk/not) | | 16 |
| how-tos, css, vendor-extensions, automation, tooling, postcss, webpack, gulp |
| a11y-syntax-highlighting (eri) | | 15 |
| packages, accessibility, syntax-highlighting |
| Validating Dependencies in the Project With npm-check and depcheck | | 14 |
| dependencies, security, maintenance, auditing, tooling |
| Introducing npx: An npm Package Runner (zka) | | 13 |
| introductions, npx, nodejs |
| 10 Node.js Best Practices: Enlightenment From the Node Gurus (sit) | | 12 |
| nodejs, best-practices, environments, event-loop, naming, scaling, caching, express |
| why-is-node-running (maf) | | 11 |
| packages, nodejs |
| How to Solve the Global npm Module Dependency Problem (joe/sit) | | 10 |
| how-tos, dependencies |
| image-dimensions (sin) | | 9 |
| packages, images |
| Learning Node.js: The “npm link” (lea) | | 8 |
| videos, nodejs |
| Peer Dependencies (dom) | | 7 |
| nodejs, dependencies |
| Madge (pah) | | 6 |
| packages, dependencies, visualization |
| npm Package Download Statistics Checker (ati) | | 5 |
| tools, exploration, auditing, debugging, dependencies, metrics |
| npm Dependency Visualizer (fre) | | 4 |
| tools, exploration, auditing, debugging, dependencies, visualization |
| npm Package Types Checker | | 3 |
| tools, exploration, auditing, debugging, dependencies, typescript, type-safety |
| npm, Yarn, and pnpm Command Converter (neb) | | 2 |
| tools, exploration, conversion, yarn, pnpm, command-line |
| npm Package Size Checker (jsb) | | 1 |
| tools, exploration, auditing, debugging, dependencies |
