Tech is political: The people under attack in Palestine 🇵🇸, Iran 🇮🇷, and Lebanon 🇱🇧 are people like us. They’re our brothers and sisters, too. Read up on their history, scrutinize what you’re told, and demand that they be respected and included. Hide

Frontend Dogma

“dependencies” News Archive

Definition, related topics, and tag feed

Definition · Subtopics: dependabot, depfu, packages, renovate (non-exhaustive) · “dependencies” RSS feed (per email)

Entry (Sources) and Additional TopicsDate#
Reuse Less Software188
security, processes
How to Evaluate an npm Package—2026 Edition187
how-tos, npm, processes, maintainability, quality
Mini Shai Hulud: Compromised @antv npm Packages Enable CI/CD Credential Theft186
security, npm, ci-cd
Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised185
security, npm
A Worm Just Ate Its Way Through the npm Registry… (fir)184
videos, npm, security, tanstack
4 Tiny Mistakes That Secretly Destroy App Performance183
performance, web-apps, mistakes, cors, code-splitting, backgrounds, images
Weekend at Bernie’s (and)182
security, foss, metrics
replacements.fyi (430/e18)181
websites, refactoring, migrating, maintenance, javascript
How I Resolved 15K Circular Dependencies (haa)180
monorepos, nx
No One Owes You Supply-Chain Security (pur)179
security, rust
The Hidden Blast Radius of the Axios Compromise (ahm/soc)178
npm, axios, security
Minimum Release Age Is an Underrated Supply Chain Defense (dan)177
security, npm, bun, pnpm, yarn, deno, renovate, dependabot, axios
Axios Compromised on npm—Malicious Versions Drop Remote Access Trojan176
npm, axios, security
Malicious PyPI Package—LiteLLM Supply Chain Compromise175
vulnerabilities, security
Supply-Chain Attack Using Invisible Code Hits GitHub and Other Repositories (dan/ars)174
security, github
The Three Pillars of JavaScript Bloat (430)173
javascript, complexity, runtimes, architecture, polyfills
So Where Are All the AI Apps? (alg+)172
ai, python, metrics
Node.js Package Configuration Guide (nod)171
guides, packages, configuration, commonjs, esm
Web Dependencies Are Broken—Can We Fix Them? (lea)170
javascript, import-maps, web-platform
npm to Implement Staged Publishing After Turbulent Shift Off Classic Tokens (sar/soc)169
npm, security, github
The Nine Levels of JavaScript Dependency Hell (and)168
javascript, maintainability
The Package Management Landscape (and)167
tooling, overviews, link-lists
How We’re Protecting Our Newsroom From npm Supply Chain Attacks (rya/pnp)166
npm, security, case-studies
No More Tokens—Locking Down npm Publish Workflows (zac)165
npm, security, github, processes
The Shai-Hulud 2.0 npm Worm: Analysis, and What You Need to Know164
npm, security
GitLab Discovers Widespread npm Supply Chain Attack (git)163
npm, security, gitlab, github, aws, gcp, azure
Shipping Node.js Packages in 2025 (joy)162
slides, nodejs, esm, commonjs
15 Recent Node.js Features That Replace Popular npm Packages (nod)161
nodejs, npm, maintenance
Principles of Simplicity in Frontend Architecture160
simplicity, principles
What Just Happened to RubyGems? (chr)159
ruby, shopify
Our Plan for a More Secure npm Supply Chain (xco)158
npm, security, foss
This May Be the Worst One (the)157
videos, npm, security
Ongoing Supply Chain Attack Targets CrowdStrike npm Packages (pvd+/soc)156
npm, security
ctrl/tinycolor and 40+ npm Packages Compromised155
npm, security
Which npm Package Has the Largest Version Number?154
npm, versioning, semver
How to Keep package.json Under Control (tmc/val)153
how-tos, nodejs, npm, maintainability
Oh No, Not Again… a Meditation on npm Supply Chain Attacks (tan)152
npm, security, microsoft
Anatomy of a Billion-Download npm Supply-Chain Attack151
npm, security
npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack (bur+/soc)150
npm, security
Why You Absolutely Need to Have Automated Dependency Management in Place (j9t)149
maintainability, maintenance, security, automation, tooling
Speeding Up the JavaScript Ecosystem—SemVer (mar)148
javascript, performance, semver, versioning
npm Trusted Publishing With OIDC Is Generally Available147
npm, provenance, github
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader (soc)146
security, npm
Ramblings on Dependency Management (mpl)145
maintenance
npm Targeted by Malware Campaign Mimicking Familiar Library Names (soc)144
npm, malware, security, link-lists
npm Should Remove the Default License From New Packages (ISC) (ext)143
npm, licensing, foss
Eleventy: A GitHub Workflow to Check if an Automated Dependency Update Would Break Your Site (j9t)142
eleventy, nodejs, automation, github-actions
LLMs Can’t Stop Making Up Software Dependencies and Sabotaging Everything (tho/the)141
ai, security, slop
A Decade of Impact: How Our npm Packages Hit 1 Billion Downloads and Shaped JavaScript140
npm, history, javascript
Breaking Down Circular Dependencies in JavaScript139
javascript
Malware Found on npm Infecting Local Package With Reverse Shell (rev)138
npm, security
Lazarus Strikes npm Again With New Wave of Malicious Packages (soc)137
npm, security
Tutorial: Publishing ESM-Based npm Packages With TypeScript (rau)136
tutorials, npm, typescript
My Failed Attempt to Shrink All npm Packages by 5% (eva)135
npm, compression
Build It Yourself (mit)134
maintenance, maintainability, processes
10 Very Important Flutter Packages133
flutter
Double-Keyed Caching: How Browser Cache Partitioning Changed the Web (add)132
browsers, caching, network, content-delivery, performance
Do I Need This Node Dependency? (bri)131
nodejs
The 20 Commandments of Software Engineering130
principles, programming, complexity, documentation, commit-messages, code-reviews, maintenance, collaboration
On Long Term Software Development (ber)129
maintainability, maintenance, foss, testing, complexity
Mastering npm Scripts: Automate Everything in Your Frontend Workflow128
npm, environments, ci-cd, automation
JS Import Maps (5t3)127
javascript, import-maps
Your JavaScript Bundle Is Too Fat126
javascript, bundling, performance, code-splitting, lazy-loading, tree-shaking, minification, optimization
Publishing a Simple Client-Side JavaScript Package to npm With GitHub Actions (sim)125
javascript, npm, github-actions
How to Prerelease an npm Package (spa/clo)124
how-tos, npm, versioning, semver
Node.js Corepack: Version Control for Package Managers (tre)123
nodejs, corepack, versioning, tooling
Introducing the vlt Package Manager and Serverless Registry122
introductions, serverless, javascript, tooling
cpx—the npx Counterpart of the PHP Ecosystem (ami)121
php
The Nine Node Pillars (mco/pla)120
nodejs, principles
More npm Packages on Cloudflare Workers: Combining Polyfills and Native Code to Support Node.js APIs (jas+)119
cloudflare, nodejs, npm, apis
Hidden Cost of Frontend Frameworks118
frameworks, simplicity
How to Create an npm Package (mat)117
how-tos, npm
The Great npm Garbage Patch116
npm, spam, security
Secure Node.js Applications From Supply Chain Attacks115
nodejs, security, best-practices
Publishing a TypeScript Module to npm vs. JSR (den)114
videos, typescript, modules, npm, jsr, comparisons
Supply Chain Security in npm—We Can Be Optimistic About the Future113
npm, security, provenance
Create npm Package With CommonJS and ESM Support in TypeScript112
npm, commonjs, esm, typescript
What Happens When a Major npm Library Goes Commercial? (mco)111
npm, foss
Dual Publishing ESM and CJS Modules With tsup and “Are the Types Wrong?” (joh)110
esm, commonjs, tooling, typescript, type-safety
Researchers Uncover npm Registry Vulnerability to Cache Poisoning and DoS Attacks (sar/soc)109
npm, vulnerabilities, caching, security
How a Single Vulnerability Can Bring Down the JavaScript Ecosystem108
javascript, npm, caching, vulnerabilities, security
How to Use Corepack (mat)107
how-tos, nodejs, corepack
JSR: The JavaScript Package Registry We’ve Been Waiting For106
jsr
JavaScript Security: Simple Practices to Secure Your Frontend105
javascript, security, csp
How to Document Your JavaScript Package (lca+/den)104
how-tos, javascript, documentation, writing, jsdoc, readme
JSR Is Not Another Package Manager (tin/den)103
jsr
Using Vite to Rebuild Local Dependencies in an npm Workspace102
npm, vite
Building an npm Package Compatible With ESM and CJS in 2024101
npm, interoperability, esm, commonjs
Microservices Promised Freedom but Delivered Dependencies (pur)100
microservices
Another JS Registry—Seriously?! (den)99
videos, jsr, javascript
How npm Install Scripts Can Be Weaponized: A Real-World Example of a Harmful npm Package (eth)98
npm, examples, security
Introducing JSR—the JavaScript Registry (lca+/den)97
introductions, jsr, deno, javascript
Choosing the Right Node.js Package Manager in 2024: A Comparative Guide (nod)96
guides, nodejs, comparisons
Why Does “is-number” Package Have 59M Weekly Downloads?95
npm
JSR: What We Know So Far About Deno’s New JavaScript Package Registry (sar/soc)94
jsr, deno, javascript
Frontend Application Security: Tips and Tricks93
web-apps, security, xss, csrf, authentication, csp, validation, tips-and-tricks
Node.js Community Debate Intensifies Over Enabling Corepack by Default and Potentially Unbundling npm (sar/soc)92
nodejs, corepack, npm, yarn, pnpm
Malicious npm Package Masquerades as Noblox.js, Targeting Roblox Users for Data Theft (sar/soc)91
npm, security
Modern JavaScript Library Starter90
npm, libraries
Deceptive Deprecation: The Truth About npm Deprecated Packages89
deprecation, security, npm, research
Different Node.js Versions and Package Managers per Project—a Solved Problem (wem)88
nodejs, nvm
Secure Your Code: Auto-Fix Vulnerabilities With Dependabot (GitHub Tutorial)87
videos, security, dependabot
Compatibility of Node.js Versions With Packages86
nodejs, versioning
Installing Google Fonts as npm Packages (ami)85
installing, tooling, google, fonts
A Comprehensive Guide to npm Workspaces and Monorepos84
guides, monorepos, npm, yarn
I Replaced npm, Yarn, and nvm With pnpm (paw)83
npm, yarn, pnpm, nvm
A Complete Guide to pnpm82
guides, pnpm
Understanding Dev Dependencies in Web Development81
How to Use npm Packages Outside of Node80
how-tos, npm, javascript
Secret Scanning Scans Public npm Packages79
github, npm, security
How We Optimized Package Imports in Next.js78
nextjs, optimization, case-studies
Honey, I Shrunk the npm Package77
npm, compression
SSH Keys Stolen by Stream of Malicious PyPI and npm Packages (ble)76
security, ssh, npm
Upgrading Frontend Dependencies With Confidence75
maintenance, testing, regressions, playwright
Bun Hype: How We Learned Nothing From Yarn74
bun, yarn, history
dependency-time-machine73
packages, npm, maintenance, automation
My Experience Modernizing Packages to ESM72
modernization, esm
A Comprehensive Beginner’s Guide to npm: Simplifying Package Management71
guides, npm
Identify Unused npm Packages in Your Project (ami)70
npm, maintenance
The Massive Bug at the Heart of the npm Ecosystem69
npm, security, bugs
It Depends—Exploring My Favourite Renovate Features for Dependency Updates (kal)68
maintenance, renovate, configuration
npm Won’t Publish Packages Containing the Word “keygen”67
discussions, npm
Before Your Next Frontend Pull Request, Use This Checklist (tra/evi)66
checklists, performance, compression, accessibility, legibility, naming
Building a Frontend Framework—Reactivity and Composability With Zero Dependencies65
frameworks, reactivity
The Case Against Automatic Dependency Updates (ben)64
automation, ci-cd, maintenance, security
Automating Dependency Updates: The Big Debate63
automation, ci-cd, security
Deno vs. Node: No One Is Ready for the Move62
deno, nodejs, comparisons
Understanding npm Versioning61
npm, versioning, semver
The Landscape of npm Packages for CLI Apps60
nodejs, npm, command-line
npx: The Easy Way to Run Node.js Packages59
nodejs, npx
Node.js Toolbox58
websites, nodejs, packages
Unlocking Security Updates for Transitive Dependencies With npm57
npm, security, maintenance
Using Renovate With Codeberg (nic)56
codeberg, maintenance, renovate
New npm Features for Secure Publishing and Safe Consumption55
npm, security
npm Security: Preventing Supply Chain Attacks54
npm, security
Use “npm query” and jq to Dig Into Your Dependencies53
videos, npm, auditing
Phylum Detects Active Typosquatting Campaign Targeting npm Developers52
npm, security
depngn51
packages, npm, nodejs
Dependabot Unlocks Transitive Dependencies for npm Projects50
npm, security, dependabot
4 Ways to Minimize Your Dependencies in Node.js (app)49
nodejs, npm
JavaScript Bugs Aplenty in Node.js Ecosystem—Found Automatically48
studies, research, nodejs, javascript, security, quality, bugs
Everything You Need to Know About JavaScript Import Maps (hon)47
javascript, import-maps
Optimizing Node.js Dependencies in AWS Lambda46
nodejs, aws, serverless, lambda, optimization
Alternatives to Installing npm Packages Globally (rau)45
installing, npm
Sponsoring Dependencies: The Next Step in Open Source Sustainability (nza)44
economics, foss
Don’t Sink Your Website With Third Parties (sma)43
embed-code, performance
Snyk Finds 200+ Malicious npm Packages, Including Cobalt Strike Dependency Confusion Attacks42
javascript, npm, security
Lerna Has Gone—Which Monorepo Is Right for a Node.js Backend Now?41
monorepos, comparisons, nodejs, lerna
8 Industry-Standard Tools to Reduce Dependency Risks40
tooling, maintenance, renovate, depfu, link-lists
How to Respond to Growing Supply Chain Security Risks?39
how-tos, security, nodejs, npm
On the Weaponisation of Open Source (ben)38
foss, mongodb, nodejs
Update Node Dependencies Automatically, Selectively, or Incrementally37
nodejs, npm, yarn
What’s Really Going On Inside Your node_modules Folder? (soc)36
nodejs, npm
How to Publish Deno Modules to npm (kit/den)35
how-tos, deno, modules, npm
Understanding Dependencies Inside Your package.json (nod)34
nodejs, npm, yarn
How to Fix Your Security Vulnerabilities With npm Override33
how-tos, security, vulnerabilities, npm
The Basics of package.json (nod)32
fundamentals, nodejs, npm, yarn
How to Keep Your Repo Package Dependencies Up to Date Automatically31
how-tos, tooling, github-actions
Dependency Risk and Funding (mit)30
github, economics
pkg.land29
websites, packages, npm
Why You Should Check in Your Node Dependencies28
nodejs
Ain’t No Party Like a Third Party (ada/css)27
embed-code, security
Open Source Insights26
websites, foss, security, licensing
Use Depfu and Mergify to Automatically Merge Dependency Updates25
maintenance, automation, depfu
Find Unused npm Dependencies24
packages
Uninstalling Dev Dependencies With npm23
npm
Why We Developed the Node.js Reference Architecture22
nodejs, architecture
Automated Dependency Management With Depfu21
automation, depfu
How to Publish an Updated Version of an npm Package (spa/clo)20
how-tos, npm
How to Automatically Update Your JavaScript Dependencies (spa/clo)19
how-tos, javascript, automation, processes, security
How to Worry About npm Package Weight (chr/css)18
npm
Lerna: A Tale of Renaming npm Packages17
refactoring, npm, lerna
Validating Dependencies in the Project With npm-check and depcheck16
security, maintenance, auditing, tooling, npm
HTML, CSS, and Dependency Direction (j9t)15
html, css, maintainability, best-practices
npm Proxy for Installing Dependencies14
translations, npm, tooling
Distribution Packages Considered Insecure13
unix-like, security
How to Solve the Global npm Module Dependency Problem12
how-tos, npm
The Tedium of Managing Code (lyz/ali)11
maintenance, maintainability, javascript, tooling
Peer Dependencies (dom)10
npm, nodejs
Madge9
packages, npm, visualization
Sprockets: Build Time JavaScript Dependency Management (dal/aja)8
tooling, javascript, ruby
Dealing With Dependencies (tro)7
php
npm Package Size Checker6
tools, exploration, auditing, debugging, npm
npm Package Types Checker5
tools, exploration, auditing, debugging, npm, typescript, type-safety
npm Dependency Visualizer4
tools, exploration, auditing, debugging, npm, visualization
npm Package Download Statistics Checker3
tools, exploration, auditing, debugging, npm, metrics
npm Package Checker2
tools, exploration, auditing, debugging, npm
Dependencies Badge Generator1
tools, exploration, images, npm