Forem

npm

Node Package Manager

Posts

👋 Sign in for the ability to sort posts by relevant, latest, or top.
Four MCP packages, four ways the supply chain shifted in two weeks of npm monitoring
michael_onyekwere profile

Four MCP packages, four ways the supply chain shifted in two weeks of npm monitoring

#security #supplychain #mcp #npm
Comments
7 min read
You've probably never heard of these npm packages. They're in your production app.
piiiico profile
Pico

You've probably never heard of these npm packages. They're in your production app.

#npm #security #javascript #webdev
Comments
3 min read
How npm Behavioral Risk Scoring Works: The Methodology Behind getcommit.dev
piiiico profile
Pico

How npm Behavioral Risk Scoring Works: The Methodology Behind getcommit.dev

#security #javascript #npm #tutorial
Comments
9 min read
The MCP SDK Looks Safe. Its Supply Chain Has 11 CRITICAL Single-Maintainer Packages.
piiiico profile
Pico

The MCP SDK Looks Safe. Its Supply Chain Has 11 CRITICAL Single-Maintainer Packages.

#ai #javascript #security #npm
Comments
4 min read
Hardening npm dependency security
alexocallaghan profile

Hardening npm dependency security

#security #node #webdev #npm
Comments
4 min read
Hono Has 35M Weekly Downloads and One npm Publisher
piiiico profile
Pico

Hono Has 35M Weekly Downloads and One npm Publisher

#npm #security #javascript #webdev
Comments
3 min read
Three npm Disasters That Were Predictable (And What the Signals Looked Like)
piiiico profile
Pico

Three npm Disasters That Were Predictable (And What the Signals Looked Like)

#npm #security #javascript #opensource
1
Comments
6 min read
npm audit, Socket, Snyk, and Commit: An Honest Comparison
piiiico profile
Pico

npm audit, Socket, Snyk, and Commit: An Honest Comparison

#npm #security #javascript #devops
Comments
5 min read
I audited 25 top npm packages with a zero-install CLI. Here's who passes.
piiiico profile
Pico

I audited 25 top npm packages with a zero-install CLI. Here's who passes.

#npm #security #javascript #opensource
1
Comments
4 min read
I Built a 8.7KB React Animation Library (120+ FPS) on top of GSAP
Cover image for I Built a 8.7KB React Animation Library (120+ FPS) on top of GSAP
youssefzidan1 profile

I Built a 8.7KB React Animation Library (120+ FPS) on top of GSAP

#gsap #npm #webdev #react
3
Comments
1 min read
AI Hallucinated Dependencies Are the New Supply Chain Attack: How to Stop Them
toniantunovic profile

AI Hallucinated Dependencies Are the New Supply Chain Attack: How to Stop Them

#supplychainsecurity #aicode #npm #security
Comments
8 min read
When GitHub Actions Goes Silent: The Pending-Forever Bug I Hit Shipping My MCP Server to npm
achiya-automation profile

When GitHub Actions Goes Silent: The Pending-Forever Bug I Hit Shipping My MCP Server to npm

#github #ci #npm #devops
Comments
5 min read
`npm fund`
edwin_gichira_92748e19bb6 profile

`npm fund`

#jokes #npm #devops #coding
1
Comments
1 min read
How to Automate OTP Extraction and Email Testing in n8n with Disposable Inboxes
Cover image for How to Automate OTP Extraction and Email Testing in n8n with Disposable Inboxes
devnplay profile

How to Automate OTP Extraction and Email Testing in n8n with Disposable Inboxes

#tooling #npm #webdev #productivity
Comments
3 min read
The Anthropic SDK Looks Safe. Two of Its Transitive Dependencies Are Not.
piiiico profile
Pico

The Anthropic SDK Looks Safe. Two of Its Transitive Dependencies Are Not.

#security #npm #javascript #supplychain
Comments
3 min read
👋 Sign in for the ability to sort posts by relevant, latest, or top.