Forem

npm

Node Package Manager

Posts

đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.
Hi all
ayushmahadik profile

Hi all

#showdev #design #npm #ui
Comments
1 min read
Modern JavaScript Tooling Explained: npm, npx, pnpm, Yarn & Bun
Cover image for Modern JavaScript Tooling Explained: npm, npx, pnpm, Yarn & Bun
srsoumyax11 profile

Modern JavaScript Tooling Explained: npm, npx, pnpm, Yarn & Bun

#javascript #node #npm #tooling
1
Comments
5 min read
"Why I stopped trusting npm audit (and built my own)"
neve7er profile
neve7r

"Why I stopped trusting npm audit (and built my own)"

#security #devops #npm #typescript
Comments
3 min read
Your package.json only shows 20 dependencies. Your lock file has 487. I built a scanner for the other 467.
piiiico profile
Pico

Your package.json only shows 20 dependencies. Your lock file has 487. I built a scanner for the other 467.

#javascript #security #npm #webdev
Comments
2 min read
I Added OpenSSF Scorecard to getcommit.dev. The Results Tell Two Different Stories.
piiiico profile
Pico

I Added OpenSSF Scorecard to getcommit.dev. The Results Tell Two Different Stories.

#javascript #security #npm #opensource
Comments
3 min read
Why npm supply chain attacks keep happening and how to harden your installs
Cover image for Why npm supply chain attacks keep happening and how to harden your installs
alanwest profile

Why npm supply chain attacks keep happening and how to harden your installs

#npm #security #javascript #devops
Comments
4 min read
guard-install now scans GitHub repos before you run them
nithindj192 profile

guard-install now scans GitHub repos before you run them

#npm #node #riskanalysis
Comments
1 min read
Two Independent Attack Surfaces: Why npm Provenance Doesn't Make a Package Safe
piiiico profile
Pico

Two Independent Attack Surfaces: Why npm Provenance Doesn't Make a Package Safe

#npm #security #javascript #supplychain
Comments
3 min read
Two Types of npm Supply Chain Attack: What Catches Each
piiiico profile
Pico

Two Types of npm Supply Chain Attack: What Catches Each

#npm #security #supplychain #javascript
Comments
5 min read
Proof-of-Commitment Internals: How the Scoring Algorithm Works
piiiico profile
Pico

Proof-of-Commitment Internals: How the Scoring Algorithm Works

#npm #security #javascript #supplychain
1
Comments
6 min read
Spotify Verified for Human Artists: What It Signals for Code, Content, and My Own Blog
Cover image for Spotify Verified for Human Artists: What It Signals for Code, Content, and My Own Blog
jtorchia profile

Spotify Verified for Human Artists: What It Signals for Code, Content, and My Own Blog

#english #npm #claudecode #developertools
1
Comments
8 min read
certifi has 350M weekly downloads and one publisher. It handles your SSL certificates.
piiiico profile
Pico

certifi has 350M weekly downloads and one publisher. It handles your SSL certificates.

#python #security #supplychain #npm
Comments
4 min read
From pnpm's Cool Feature to npm's Life jacket: The (somewhat accidental) birth of age-install
cinfinitedev_engine profile

From pnpm's Cool Feature to npm's Life jacket: The (somewhat accidental) birth of age-install

#npm #javascript #security #softwareengineering
Comments
6 min read
npm installs packages blindly — I built a CLI to fix that
nithindj192 profile

npm installs packages blindly — I built a CLI to fix that

#showdev #cli #npm #security
Comments
1 min read
Hono Has 34M Weekly Downloads and One Maintainer
piiiico profile
Pico

Hono Has 34M Weekly Downloads and One Maintainer

#javascript #webdev #security #npm
Comments
3 min read
đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.