Forem

npm

Node Package Manager

Posts

đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.
npm package commitment scores: zod has 139M weekly downloads and one maintainer
piiiico profile
Pico

npm package commitment scores: zod has 139M weekly downloads and one maintainer

#security #npm #opensource #webdev
Comments
4 min read
I audited 10 common npm packages. Three came back CRITICAL. One was just attacked last week.
piiiico profile
Pico

I audited 10 common npm packages. Three came back CRITICAL. One was just attacked last week.

#npm #security #supplychain #mcp
Comments
3 min read
The Axios Attack Proved npm audit Is Broken. Here's What Would Have Caught It
poolcamacho profile

The Axios Attack Proved npm audit Is Broken. Here's What Would Have Caught It

#npm #security #javascript #opensource
1
Comments
6 min read
The Documentation Attack Surface: How npm Libraries Teach Insecure Patterns
ethan_kreloff_4a7339e3d1d profile

The Documentation Attack Surface: How npm Libraries Teach Insecure Patterns

#security #javascript #npm #webdev
Comments
4 min read
I built Material Symbols SVG, an icon library for using Material Symbols as SVG components
Cover image for I built Material Symbols SVG, an icon library for using Material Symbols as SVG components
k-s-h-r profile

I built Material Symbols SVG, an icon library for using Material Symbols as SVG components

#react #npm #typescript #frontend
Comments
5 min read
Why Your AI Coding Agent Keeps Recommending Dead Packages
the_bookmaster profile

Why Your AI Coding Agent Keeps Recommending Dead Packages

#agents #ai #npm #programming
1
Comments
2 min read
I never expected this response ~robot-toast
pratham_kumar_8cc837c51ed profile

I never expected this response ~robot-toast

#javascript #webdev #opensource #npm
Comments
2 min read
Malicious npm Packages Disguised as Strapi Plugins Enable Data Exfiltration and Remote Code Execution
kornilovconstru profile

Malicious npm Packages Disguised as Strapi Plugins Enable Data Exfiltration and Remote Code Execution

#npm #strapi #malware #exfiltration
Comments
7 min read
Supply Chain Security measures
Cover image for Supply Chain Security measures
0xkoji profile
0xkoji

Supply Chain Security measures

#security #npm #uv #githubactions
Comments
1 min read
Shipping a Go CLI to Every Ecosystem: GitHub Releases, Homebrew, and npm
Cover image for Shipping a Go CLI to Every Ecosystem: GitHub Releases, Homebrew, and npm
_402ccbd6e5cb02871506 profile
Kazu

Shipping a Go CLI to Every Ecosystem: GitHub Releases, Homebrew, and npm

#cli #github #go #npm
Comments
5 min read
npm audit isn't enough: I simulated a supply chain attack on my Node dependencies and found what the scanner can't see
Cover image for npm audit isn't enough: I simulated a supply chain attack on my Node dependencies and found what the scanner can't see
jtorchia profile

npm audit isn't enough: I simulated a supply chain attack on my Node dependencies and found what the scanner can't see

#english #typescript #npm #devops
1
Comments
9 min read
npm audit no alcanza: simulé un supply chain attack sobre mis dependencias de Node y encontré lo que el scanner no ve
Cover image for npm audit no alcanza: simulé un supply chain attack sobre mis dependencias de Node y encontré lo que el scanner no ve
jtorchia profile

npm audit no alcanza: simulé un supply chain attack sobre mis dependencias de Node y encontré lo que el scanner no ve

#spanish #espanol #typescript #npm
1
Comments
10 min read
The Axios/npm Incident & Why AI Won’t Replace Devs
cyberjanitor profile

The Axios/npm Incident & Why AI Won’t Replace Devs

#ai #javascript #npm #security
Comments
1 min read
I built an npm malware scanner and found 21 malicious packages in 24 hours
yurithecoder profile

I built an npm malware scanner and found 21 malicious packages in 24 hours

#security #npm #javascript #opensource
Comments 1
1 min read
How the axios@1.14.1 supply chain attack worked (and how to protect yourself)
bigjenkie profile

How the axios@1.14.1 supply chain attack worked (and how to protect yourself)

#javascript #opensource #security #npm
Comments
4 min read
đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.