Reuse Less Software Jun 11, 2026 188 security , processes How to Evaluate an npm Package—2026 Edition May 29, 2026 187 how-tos , npm , processes , maintainability , quality Mini Shai Hulud: Compromised @antv npm Packages Enable CI/CD Credential Theft May 20, 2026 186 security , npm , ci-cd Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised May 19, 2026 185 security , npm A Worm Just Ate Its Way Through the npm Registry… (fir )May 14, 2026 184 videos , npm , security , tanstack 4 Tiny Mistakes That Secretly Destroy App Performance May 14, 2026 183 performance , web-apps , mistakes , cors , code-splitting , backgrounds , images Weekend at Bernie’s (and )May 8, 2026 182 security , foss , metrics replacements.fyi (430 /e18 )Apr 27, 2026 181 websites , refactoring , migrating , maintenance , javascript How I Resolved 15K Circular Dependencies (haa )Apr 17, 2026 180 monorepos , nx No One Owes You Supply-Chain Security (pur )Apr 11, 2026 179 security , rust The Hidden Blast Radius of the Axios Compromise (ahm /soc )Apr 1, 2026 178 npm , axios , security Minimum Release Age Is an Underrated Supply Chain Defense (dan )Mar 31, 2026 177 security , npm , bun , pnpm , yarn , deno , renovate , dependabot , axios Axios Compromised on npm—Malicious Versions Drop Remote Access Trojan Mar 30, 2026 176 npm , axios , security Malicious PyPI Package—LiteLLM Supply Chain Compromise Mar 25, 2026 175 vulnerabilities , security Supply-Chain Attack Using Invisible Code Hits GitHub and Other Repositories (dan /ars )Mar 13, 2026 174 security , github The Three Pillars of JavaScript Bloat (430 )Mar 12, 2026 173 javascript , complexity , runtimes , architecture , polyfills So Where Are All the AI Apps? (alg +)Mar 12, 2026 172 ai , python , metrics Node.js Package Configuration Guide (nod )Jan 8, 2026 171 guides , packages , configuration , commonjs , esm Web Dependencies Are Broken—Can We Fix Them? (lea )Jan 7, 2026 170 javascript , import-maps , web-platform npm to Implement Staged Publishing After Turbulent Shift Off Classic Tokens (sar /soc )Jan 7, 2026 169 npm , security , github The Nine Levels of JavaScript Dependency Hell (and )Jan 5, 2026 168 javascript , maintainability The Package Management Landscape (and )Jan 3, 2026 167 tooling , overviews , link-lists How We’re Protecting Our Newsroom From npm Supply Chain Attacks (rya /pnp )Dec 5, 2025 166 npm , security , case-studies No More Tokens—Locking Down npm Publish Workflows (zac )Dec 4, 2025 165 npm , security , github , processes The Shai-Hulud 2.0 npm Worm: Analysis, and What You Need to Know Nov 25, 2025 164 npm , security GitLab Discovers Widespread npm Supply Chain Attack (git )Nov 24, 2025 163 npm , security , gitlab , github , aws , gcp , azure Shipping Node.js Packages in 2025 (joy )Oct 3, 2025 162 slides , nodejs , esm , commonjs 15 Recent Node.js Features That Replace Popular npm Packages (nod )Oct 1, 2025 161 nodejs , npm , maintenance Principles of Simplicity in Frontend Architecture Sep 26, 2025 160 simplicity , principles What Just Happened to RubyGems? (chr )Sep 24, 2025 159 ruby , shopify Our Plan for a More Secure npm Supply Chain (xco )Sep 22, 2025 158 npm , security , foss This May Be the Worst One (the )Sep 17, 2025 157 videos , npm , security Ongoing Supply Chain Attack Targets CrowdStrike npm Packages (pvd +/soc )Sep 16, 2025 156 npm , security ctrl/tinycolor and 40+ npm Packages Compromised Sep 15, 2025 155 npm , security Which npm Package Has the Largest Version Number? Sep 14, 2025 154 npm , versioning , semver How to Keep package.json Under Control (tmc /val )Sep 11, 2025 153 how-tos , nodejs , npm , maintainability Oh No, Not Again… a Meditation on npm Supply Chain Attacks (tan )Sep 9, 2025 152 npm , security , microsoft Anatomy of a Billion-Download npm Supply-Chain Attack Sep 8, 2025 151 npm , security npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack (bur +/soc )Sep 8, 2025 150 npm , security Why You Absolutely Need to Have Automated Dependency Management in Place (j9t )Aug 28, 2025 149 maintainability , maintenance , security , automation , tooling Speeding Up the JavaScript Ecosystem—SemVer (mar )Aug 10, 2025 148 javascript , performance , semver , versioning npm Trusted Publishing With OIDC Is Generally Available Jul 31, 2025 147 npm , provenance , github Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader (soc )Jul 14, 2025 146 security , npm Ramblings on Dependency Management (mpl )Jun 18, 2025 145 maintenance npm Targeted by Malware Campaign Mimicking Familiar Library Names (soc )May 2, 2025 144 npm , malware , security , link-lists npm Should Remove the Default License From New Packages (ISC) (ext )Apr 30, 2025 143 npm , licensing , foss Eleventy: A GitHub Workflow to Check if an Automated Dependency Update Would Break Your Site (j9t )Apr 22, 2025 142 eleventy , nodejs , automation , github-actions LLMs Can’t Stop Making Up Software Dependencies and Sabotaging Everything (tho /the )Apr 12, 2025 141 ai , security , slop A Decade of Impact: How Our npm Packages Hit 1 Billion Downloads and Shaped JavaScript Apr 1, 2025 140 npm , history , javascript Breaking Down Circular Dependencies in JavaScript Mar 29, 2025 139 javascript Malware Found on npm Infecting Local Package With Reverse Shell (rev )Mar 26, 2025 138 npm , security Lazarus Strikes npm Again With New Wave of Malicious Packages (soc )Mar 10, 2025 137 npm , security Tutorial: Publishing ESM-Based npm Packages With TypeScript (rau )Feb 4, 2025 136 tutorials , npm , typescript My Failed Attempt to Shrink All npm Packages by 5% (eva )Jan 27, 2025 135 npm , compression Build It Yourself (mit )Jan 24, 2025 134 maintenance , maintainability , processes 10 Very Important Flutter Packages Jan 24, 2025 133 flutter Double-Keyed Caching: How Browser Cache Partitioning Changed the Web (add )Jan 7, 2025 132 browsers , caching , network , content-delivery , performance Do I Need This Node Dependency? (bri )Dec 31, 2024 131 nodejs The 20 Commandments of Software Engineering Dec 30, 2024 130 principles , programming , complexity , documentation , commit-messages , code-reviews , maintenance , collaboration On Long Term Software Development (ber )Dec 22, 2024 129 maintainability , maintenance , foss , testing , complexity Mastering npm Scripts: Automate Everything in Your Frontend Workflow Dec 22, 2024 128 npm , environments , ci-cd , automation JS Import Maps (5t3 )Dec 20, 2024 127 javascript , import-maps Your JavaScript Bundle Is Too Fat Dec 13, 2024 126 javascript , bundling , performance , code-splitting , lazy-loading , tree-shaking , minification , optimization Publishing a Simple Client-Side JavaScript Package to npm With GitHub Actions (sim )Dec 7, 2024 125 javascript , npm , github-actions How to Prerelease an npm Package (spa /clo )Nov 19, 2024 124 how-tos , npm , versioning , semver Node.js Corepack: Version Control for Package Managers (tre )Nov 19, 2024 123 nodejs , corepack , versioning , tooling Introducing the vlt Package Manager and Serverless Registry Nov 5, 2024 122 introductions , serverless , javascript , tooling cpx—the npx Counterpart of the PHP Ecosystem (ami )Oct 3, 2024 121 php The Nine Node Pillars (mco /pla )Sep 18, 2024 120 nodejs , principles More npm Packages on Cloudflare Workers: Combining Polyfills and Native Code to Support Node.js APIs (jas +)Sep 9, 2024 119 cloudflare , nodejs , npm , apis Hidden Cost of Frontend Frameworks Aug 29, 2024 118 frameworks , simplicity How to Create an npm Package (mat )Aug 21, 2024 117 how-tos , npm The Great npm Garbage Patch Aug 6, 2024 116 npm , spam , security Secure Node.js Applications From Supply Chain Attacks Jul 25, 2024 115 nodejs , security , best-practices Publishing a TypeScript Module to npm vs. JSR (den )Jul 10, 2024 114 videos , typescript , modules , npm , jsr , comparisons Supply Chain Security in npm—We Can Be Optimistic About the Future Jul 9, 2024 113 npm , security , provenance Create npm Package With CommonJS and ESM Support in TypeScript Jun 29, 2024 112 npm , commonjs , esm , typescript What Happens When a Major npm Library Goes Commercial? (mco )Jun 17, 2024 111 npm , foss Dual Publishing ESM and CJS Modules With tsup and “Are the Types Wrong?” (joh )Jun 15, 2024 110 esm , commonjs , tooling , typescript , type-safety Researchers Uncover npm Registry Vulnerability to Cache Poisoning and DoS Attacks (sar /soc )Jun 15, 2024 109 npm , vulnerabilities , caching , security How a Single Vulnerability Can Bring Down the JavaScript Ecosystem Jun 3, 2024 108 javascript , npm , caching , vulnerabilities , security How to Use Corepack (mat )Jun 2, 2024 107 how-tos , nodejs , corepack JSR: The JavaScript Package Registry We’ve Been Waiting For May 24, 2024 106 jsr JavaScript Security: Simple Practices to Secure Your Frontend May 15, 2024 105 javascript , security , csp How to Document Your JavaScript Package (lca +/den )May 10, 2024 104 how-tos , javascript , documentation , writing , jsdoc , readme JSR Is Not Another Package Manager (tin /den )Apr 24, 2024 103 jsr Using Vite to Rebuild Local Dependencies in an npm Workspace Apr 23, 2024 102 npm , vite Building an npm Package Compatible With ESM and CJS in 2024 Apr 18, 2024 101 npm , interoperability , esm , commonjs Microservices Promised Freedom but Delivered Dependencies (pur )Mar 21, 2024 100 microservices Another JS Registry—Seriously?! (den )Mar 13, 2024 99 videos , jsr , javascript How npm Install Scripts Can Be Weaponized: A Real-World Example of a Harmful npm Package (eth )Mar 3, 2024 98 npm , examples , security Introducing JSR—the JavaScript Registry (lca +/den )Mar 1, 2024 97 introductions , jsr , deno , javascript Choosing the Right Node.js Package Manager in 2024: A Comparative Guide (nod )Feb 29, 2024 96 guides , nodejs , comparisons Why Does “is-number” Package Have 59M Weekly Downloads? Feb 29, 2024 95 npm JSR: What We Know So Far About Deno’s New JavaScript Package Registry (sar /soc )Feb 22, 2024 94 jsr , deno , javascript Frontend Application Security: Tips and Tricks Feb 16, 2024 93 web-apps , security , xss , csrf , authentication , csp , validation , tips-and-tricks Node.js Community Debate Intensifies Over Enabling Corepack by Default and Potentially Unbundling npm (sar /soc )Feb 8, 2024 92 nodejs , corepack , npm , yarn , pnpm Malicious npm Package Masquerades as Noblox.js, Targeting Roblox Users for Data Theft (sar /soc )Feb 6, 2024 91 npm , security Modern JavaScript Library Starter Jan 23, 2024 90 npm , libraries Deceptive Deprecation: The Truth About npm Deprecated Packages Jan 18, 2024 89 deprecation , security , npm , research Different Node.js Versions and Package Managers per Project—a Solved Problem (wem )Jan 17, 2024 88 nodejs , nvm Secure Your Code: Auto-Fix Vulnerabilities With Dependabot (GitHub Tutorial) Jan 14, 2024 87 videos , security , dependabot Compatibility of Node.js Versions With Packages Jan 11, 2024 86 nodejs , versioning Installing Google Fonts as npm Packages (ami )Dec 30, 2023 85 installing , tooling , google , fonts A Comprehensive Guide to npm Workspaces and Monorepos Dec 30, 2023 84 guides , monorepos , npm , yarn I Replaced npm, Yarn, and nvm With pnpm (paw )Dec 1, 2023 83 npm , yarn , pnpm , nvm A Complete Guide to pnpm Nov 27, 2023 82 guides , pnpm Understanding Dev Dependencies in Web Development Nov 17, 2023 81 How to Use npm Packages Outside of Node Nov 6, 2023 80 how-tos , npm , javascript Secret Scanning Scans Public npm Packages Oct 26, 2023 79 github , npm , security How We Optimized Package Imports in Next.js Oct 13, 2023 78 nextjs , optimization , case-studies Honey, I Shrunk the npm Package Sep 27, 2023 77 npm , compression SSH Keys Stolen by Stream of Malicious PyPI and npm Packages (ble )Sep 27, 2023 76 security , ssh , npm Upgrading Frontend Dependencies With Confidence Sep 22, 2023 75 maintenance , testing , regressions , playwright Bun Hype: How We Learned Nothing From Yarn Sep 16, 2023 74 bun , yarn , history dependency-time-machine Aug 12, 2023 73 packages , npm , maintenance , automation My Experience Modernizing Packages to ESM Aug 8, 2023 72 modernization , esm A Comprehensive Beginner’s Guide to npm: Simplifying Package Management Jul 14, 2023 71 guides , npm Identify Unused npm Packages in Your Project (ami )Jul 1, 2023 70 npm , maintenance The Massive Bug at the Heart of the npm Ecosystem Jun 27, 2023 69 npm , security , bugs It Depends—Exploring My Favourite Renovate Features for Dependency Updates (kal )Jun 18, 2023 68 maintenance , renovate , configuration npm Won’t Publish Packages Containing the Word “keygen” Jun 14, 2023 67 discussions , npm Before Your Next Frontend Pull Request, Use This Checklist (tra /evi )Jun 7, 2023 66 checklists , performance , compression , accessibility , legibility , naming Building a Frontend Framework—Reactivity and Composability With Zero Dependencies May 13, 2023 65 frameworks , reactivity The Case Against Automatic Dependency Updates (ben )Apr 21, 2023 64 automation , ci-cd , maintenance , security Automating Dependency Updates: The Big Debate Apr 21, 2023 63 automation , ci-cd , security Deno vs. Node: No One Is Ready for the Move Apr 17, 2023 62 deno , nodejs , comparisons Understanding npm Versioning Apr 4, 2023 61 npm , versioning , semver The Landscape of npm Packages for CLI Apps Mar 24, 2023 60 nodejs , npm , command-line npx: The Easy Way to Run Node.js Packages Mar 22, 2023 59 nodejs , npx Node.js Toolbox Feb 23, 2023 58 websites , nodejs , packages Unlocking Security Updates for Transitive Dependencies With npm Jan 19, 2023 57 npm , security , maintenance Using Renovate With Codeberg (nic )Jan 15, 2023 56 codeberg , maintenance , renovate New npm Features for Secure Publishing and Safe Consumption Dec 6, 2022 55 npm , security npm Security: Preventing Supply Chain Attacks Nov 7, 2022 54 npm , security Use “npm query” and jq to Dig Into Your Dependencies Oct 5, 2022 53 videos , npm , auditing Phylum Detects Active Typosquatting Campaign Targeting npm Developers Oct 2, 2022 52 npm , security depngn Sep 30, 2022 51 packages , npm , nodejs Dependabot Unlocks Transitive Dependencies for npm Projects Sep 7, 2022 50 npm , security , dependabot 4 Ways to Minimize Your Dependencies in Node.js (app )Aug 31, 2022 49 nodejs , npm JavaScript Bugs Aplenty in Node.js Ecosystem—Found Automatically Aug 30, 2022 48 studies , research , nodejs , javascript , security , quality , bugs Everything You Need to Know About JavaScript Import Maps (hon )Jul 25, 2022 47 javascript , import-maps Optimizing Node.js Dependencies in AWS Lambda Jul 13, 2022 46 nodejs , aws , serverless , lambda , optimization Alternatives to Installing npm Packages Globally (rau )Jun 18, 2022 45 installing , npm Sponsoring Dependencies: The Next Step in Open Source Sustainability (nza )Jun 14, 2022 44 economics , foss Don’t Sink Your Website With Third Parties (sma )Jun 1, 2022 43 embed-code , performance Snyk Finds 200+ Malicious npm Packages, Including Cobalt Strike Dependency Confusion Attacks May 24, 2022 42 javascript , npm , security Lerna Has Gone—Which Monorepo Is Right for a Node.js Backend Now? May 3, 2022 41 monorepos , comparisons , nodejs , lerna 8 Industry-Standard Tools to Reduce Dependency Risks Apr 26, 2022 40 tooling , maintenance , renovate , depfu , link-lists How to Respond to Growing Supply Chain Security Risks? Apr 3, 2022 39 how-tos , security , nodejs , npm On the Weaponisation of Open Source (ben )Mar 18, 2022 38 foss , mongodb , nodejs Update Node Dependencies Automatically, Selectively, or Incrementally Mar 14, 2022 37 nodejs , npm , yarn What’s Really Going On Inside Your node_modules Folder? (soc )Mar 1, 2022 36 nodejs , npm How to Publish Deno Modules to npm (kit /den )Feb 28, 2022 35 how-tos , deno , modules , npm Understanding Dependencies Inside Your package.json (nod )Feb 24, 2022 34 nodejs , npm , yarn How to Fix Your Security Vulnerabilities With npm Override Feb 23, 2022 33 how-tos , security , vulnerabilities , npm The Basics of package.json (nod )Feb 15, 2022 32 fundamentals , nodejs , npm , yarn How to Keep Your Repo Package Dependencies Up to Date Automatically Feb 10, 2022 31 how-tos , tooling , github-actions Dependency Risk and Funding (mit )Jan 10, 2022 30 github , economics pkg.land Dec 30, 2021 29 websites , packages , npm Why You Should Check in Your Node Dependencies Dec 6, 2021 28 nodejs Ain’t No Party Like a Third Party (ada /css )Dec 3, 2021 27 embed-code , security Open Source Insights Jun 3, 2021 26 websites , foss , security , licensing Use Depfu and Mergify to Automatically Merge Dependency Updates May 3, 2021 25 maintenance , automation , depfu Find Unused npm Dependencies Apr 25, 2021 24 packages Uninstalling Dev Dependencies With npm Mar 21, 2021 23 npm Why We Developed the Node.js Reference Architecture Mar 8, 2021 22 nodejs , architecture Automated Dependency Management With Depfu May 4, 2020 21 automation , depfu How to Publish an Updated Version of an npm Package (spa /clo )Feb 10, 2020 20 how-tos , npm How to Automatically Update Your JavaScript Dependencies (spa /clo )Jan 30, 2020 19 how-tos , javascript , automation , processes , security How to Worry About npm Package Weight (chr /css )Dec 18, 2018 18 npm Lerna: A Tale of Renaming npm Packages Jul 24, 2018 17 refactoring , npm , lerna Validating Dependencies in the Project With npm-check and depcheck Jun 1, 2018 16 security , maintenance , auditing , tooling , npm HTML, CSS, and Dependency Direction (j9t )Feb 14, 2018 15 html , css , maintainability , best-practices npm Proxy for Installing Dependencies Mar 1, 2016 14 translations , npm , tooling Distribution Packages Considered Insecure Feb 13, 2016 13 unix-like , security How to Solve the Global npm Module Dependency Problem Sep 4, 2015 12 how-tos , npm The Tedium of Managing Code (lyz /ali )Aug 6, 2015 11 maintenance , maintainability , javascript , tooling Peer Dependencies (dom )Feb 8, 2013 10 npm , nodejs Madge May 20, 2012 9 packages , npm , visualization Sprockets: Build Time JavaScript Dependency Management (dal /aja )Feb 20, 2009 8 tooling , javascript , ruby Dealing With Dependencies (tro )Feb 4, 2008 7 php npm Package Size Checker 6 tools , exploration , auditing , debugging , npm npm Package Types Checker 5 tools , exploration , auditing , debugging , npm , typescript , type-safety npm Dependency Visualizer 4 tools , exploration , auditing , debugging , npm , visualization npm Package Download Statistics Checker 3 tools , exploration , auditing , debugging , npm , metrics npm Package Checker 2 tools , exploration , auditing , debugging , npm Dependencies Badge Generator 1 tools , exploration , images , npm