Forem

npm

Node Package Manager

Posts

đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.
smart-seo-lite — a lightweight npm package
virendra2902 profile

smart-seo-lite — a lightweight npm package

#npm #javascript #frontend #webdev
1
Comments
1 min read
AI is writing our code... but who is auditing the AI?
Cover image for AI is writing our code... but who is auditing the AI?
srinidhianand profile

AI is writing our code... but who is auditing the AI?

#typescript #softwareengineering #responsibleai #npm
Comments
3 min read
Two Types of npm Supply Chain Attack: What Catches Each
piiiico profile
Pico

Two Types of npm Supply Chain Attack: What Catches Each

#npm #security #supplychain #javascript
Comments
5 min read
How I responded to a Supply Chain attack before it hit my project
viniciusvts profile

How I responded to a Supply Chain attack before it hit my project

#suplychainatack #webdev #npm
3
Comments 3
3 min read
The axios supply chain attack bypassed every CVE scanner. Behavioral scoring saw it coming.
piiiico profile
Pico

The axios supply chain attack bypassed every CVE scanner. Behavioral scoring saw it coming.

#security #npm #javascript #devops
Comments
3 min read
Lazy SRE's guide to secure systems, part 1: the dependencies you didn't read
Cover image for Lazy SRE's guide to secure systems, part 1: the dependencies you didn't read
sachincool profile

Lazy SRE's guide to secure systems, part 1: the dependencies you didn't read

#security #lazysre #supplychain #npm
Comments
7 min read
572K Weekly Downloads, One Preinstall Script: The SAP CAP Supply Chain Attack Your AI Agent Would Have Missed
toniantunovic profile

572K Weekly Downloads, One Preinstall Script: The SAP CAP Supply Chain Attack Your AI Agent Would Have Missed

#security #npm #supplychain #devops
1
Comments
3 min read
node_modules is Why Your Mac is Full: Find and Delete All of Them
Cover image for node_modules is Why Your Mac is Full: Find and Delete All of Them
nixeton profile

node_modules is Why Your Mac is Full: Find and Delete All of Them

#javascript #node #npm #productivity
6
Comments
8 min read
Continuous monitoring caught a credential leak in a published MCP package. Six republishes later, it is still there.
michael_onyekwere profile

Continuous monitoring caught a credential leak in a published MCP package. Six republishes later, it is still there.

#security #supplychain #mcp #npm
Comments
7 min read
Your .claude/ Directory Is Now a Supply Chain Target
piiiico profile
Pico

Your .claude/ Directory Is Now a Supply Chain Target

#security #npm #ai #supplychain
Comments
5 min read
The Anthropic SDK Looks Safe. Two of Its Transitive Dependencies Aren't.
piiiico profile
Pico

The Anthropic SDK Looks Safe. Two of Its Transitive Dependencies Aren't.

#security #npm #javascript #devops
Comments
3 min read
Why Your LLM Agent Forgot What It Did 5 Steps Ago
Cover image for Why Your LLM Agent Forgot What It Did 5 Steps Ago
sarans profile
Saran S for Dopove

Why Your LLM Agent Forgot What It Did 5 Steps Ago

#ai #python #npm #agents
1
Comments
4 min read
Supply Chain Attacks Targeting Bitwarden CLI and How to Defend
Cover image for Supply Chain Attacks Targeting Bitwarden CLI and How to Defend
logiqode profile

Supply Chain Attacks Targeting Bitwarden CLI and How to Defend

#security #npm #supplychain #devops
Comments
5 min read
No, the AI didn't compromise your npm packages. You did.
Cover image for No, the AI didn't compromise your npm packages. You did.
pranta profile

No, the AI didn't compromise your npm packages. You did.

#security #javascript #npm #ai
3
Comments 1
13 min read
TanStack Was Not the Whole Story: Mini Shai-Hulud Was an npm/PyPI Supply-Chain Worm
trknhr profile

TanStack Was Not the Whole Story: Mini Shai-Hulud Was an npm/PyPI Supply-Chain Worm

#security #npm #pypi #githubactions
6
Comments 2
8 min read
đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.