DEV Community

npm

Node Package Manager

Posts

👋 Sign in for the ability to sort posts by relevant, latest, or top.
I audited every npm package with >10M weekly downloads. Here is the risk map.
piiiico profile
Pico

I audited every npm package with >10M weekly downloads. Here is the risk map.

#security #npm #javascript #devops
Comments
4 min read
esbuild has 190M weekly downloads and one maintainer — I audited 25 top npm packages
piiiico profile
Pico

esbuild has 190M weekly downloads and one maintainer — I audited 25 top npm packages

#npm #security #javascript #devops
Comments
3 min read
Launching gh-dep-risk: a GitHub CLI extension for npm dependency PR review
rad1092 profile

Launching gh-dep-risk: a GitHub CLI extension for npm dependency PR review

#github #cli #security #npm
Comments
1 min read
thusdev-fetch atteint 256 téléchargements npm en 2 jours !
amthus profile

thusdev-fetch atteint 256 téléchargements npm en 2 jours !

#node #javascript #opensource #npm
3
Comments
1 min read
My AI told me to pip install a package that doesn't exist. Turns out someone already weaponized that.
xihegoddess profile

My AI told me to pip install a package that doesn't exist. Turns out someone already weaponized that.

#ai #npm #security #testing
Comments
2 min read
Le migliori librerie di notifiche per React Native nel 2026: quale scegliere?
marco_crupi profile

Le migliori librerie di notifiche per React Native nel 2026: quale scegliere?

#reactnative #react #opensource #npm
Comments
7 min read
npm audit --json Is Unreadable. I Wrote a Formatter With Zero Dependencies.
sendotltd profile

npm audit --json Is Unreadable. I Wrote a Formatter With Zero Dependencies.

#typescript #npm #security #tutorial
2
Comments
8 min read
axios npm Supply Chain Attack (March 31, 2026) — What Happened and How to Check Your Lock File Right Now
lazydev_oh profile

axios npm Supply Chain Attack (March 31, 2026) — What Happened and How to Check Your Lock File Right Now

#security #npm #javascript #webdev
1
Comments
6 min read
All It Took Was npm install (Axios Attack)
audreyhal profile

All It Took Was npm install (Axios Attack)

#npm #webdev #cybersecurity #node
1
Comments
4 min read
Completing the Picture: Adding Memory Diagnostics to a CPU Profiler
iwtxokhtd83 profile

Completing the Picture: Adding Memory Diagnostics to a CPU Profiler

#npm #node #javascript
Comments
6 min read
Signals, Effects, and the Algebra Between Them
jasuperior profile
Ja

Signals, Effects, and the Algebra Between Them

#typescript #npm #datastructures #node
Comments
6 min read
I audited the top 50 npm packages. Almost none ship with supply-chain attestations!
thecryptodonkey profile

I audited the top 50 npm packages. Almost none ship with supply-chain attestations!

#webdev #javascript #security #npm
Comments
10 min read
I just hardened my OSS release pipeline to 11 layers of security — here's the playbook
achiya-automation profile

I just hardened my OSS release pipeline to 11 layers of security — here's the playbook

#opensource #security #github #npm
Comments
7 min read
Rust Binary Distribution via npm: Addressing Security Risks and Installation Failures with Native Caching Solutions
pavkode profile

Rust Binary Distribution via npm: Addressing Security Risks and Installation Failures with Native Caching Solutions

#rust #npm #security #distribution
Comments
12 min read
I published mfkvault-cli to npm — install any AI skill in 30 seconds
faiyaz_khan_e1dc60ac68c7f profile

I published mfkvault-cli to npm — install any AI skill in 30 seconds

#claude #ai #npm #productivity
Comments
1 min read
👋 Sign in for the ability to sort posts by relevant, latest, or top.