Tech is political: The people under attack in Palestine 🇵🇸, Iran 🇮🇷, and Lebanon 🇱🇧 are people like us. They’re our brothers and sisters, too. Read up on their history, scrutinize what you’re told, and demand that they be respected and included. Hide

Frontend Dogma

“npm” News Archive

Definition, related topics, and tag feed

Definition · Supertopics: nodejs, github, package-managers · Subtopics: npx, packages (non-exhaustive) · “npm” RSS feed (per email)

Entry (Sources) and Additional TopicsDate#
Blocking Install Scripts Is Not a Silver Bullet (uli/nod)202
security
Upcoming Breaking Changes for npm v12201
security
npm Tooling Bug Incorrectly Marks One-Character Packages as Security Holders (sar/soc)200
bugs, security
How to Evaluate an npm Package—2026 Edition199
how-tos, dependencies, processes, maintainability, quality
Staged Publishing for npm Packages (nod)198
Mini Shai Hulud: Compromised @antv npm Packages Enable CI/CD Credential Theft197
security, dependencies, ci-cd
Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised196
security, dependencies
A Worm Just Ate Its Way Through the npm Registry… (fir)195
videos, dependencies, security, tanstack
hihtml (j9t)194
packages, html, conformance, links, link-rot, minification, html-minifier, optimization, quality
Postmortem: TanStack npm Supply-Chain Compromise (tan/tan)193
tanstack
What to Know in JavaScript (2026 Edition) (chr/fro)192
javascript, ecmascript, standards, frameworks, runtimes, tooling, testing
Post Mortem: Axios npm Supply Chain Compromise191
axios, security
The Hidden Blast Radius of the Axios Compromise (ahm/soc)190
dependencies, axios, security
Claude Code’s Entire Source Code Got Leaked via a Sourcemap in npm, Let’s Talk About It189
claude, anthropic, ai, source-maps
Minimum Release Age Is an Underrated Supply Chain Defense (dan)188
security, dependencies, bun, pnpm, yarn, deno, renovate, dependabot, axios
Axios Compromised on npm—Malicious Versions Drop Remote Access Trojan187
dependencies, axios, security
A Gentle Intro to npm Workspaces, With Visuals (pre/was)186
introductions
How to Steal npm Publish Tokens by Opening GitHub Issues (nec)185
github, security, ai
How to Publish to npm From GitHub Actions (bah)184
how-tos, github-actions
npmx (dan/npm)183
websites, npmx, packages
Securing npm Is Table Stakes (nza+/cha)182
podcasts, interviews, security, ai
npm to Implement Staged Publishing After Turbulent Shift Off Classic Tokens (sar/soc)181
dependencies, security, github
How We’re Protecting Our Newsroom From npm Supply Chain Attacks (rya/pnp)180
dependencies, security, case-studies
No More Tokens—Locking Down npm Publish Workflows (zac)179
dependencies, security, github, processes
The Shai-Hulud 2.0 npm Worm: Analysis, and What You Need to Know178
security, dependencies
GitLab Discovers Widespread npm Supply Chain Attack (git)177
dependencies, security, gitlab, github, aws, gcp, azure
Automated npm Secret Rotation in GitHub Actions (mhe)176
security, automation, github-actions
Will npm’s New Security Steps Stop Attacks? (rev)175
security, github, maintenance, foss
The State of Node.js 2025 Explained by Its TSC Member (mco/git)174
videos, nodejs
15 Recent Node.js Features That Replace Popular npm Packages (nod)173
nodejs, dependencies, maintenance
How Deno Protects Against npm Exploits (den)172
deno, security
Strengthening npm Security: Important Changes to Authentication and Token Management171
security
Mastering npx: A Cheatsheet for npm and Node.js Power Users170
npx, cheat-sheets, examples, nodejs
Our Plan for a More Secure npm Supply Chain (xco)169
dependencies, security, foss
npm Security Best Practices168
security, provenance, best-practices
This May Be the Worst One (the)167
videos, dependencies, security
Ongoing Supply Chain Attack Targets CrowdStrike npm Packages (pvd+/soc)166
dependencies, security
ctrl/tinycolor and 40+ npm Packages Compromised165
dependencies, security
Which npm Package Has the Largest Version Number?164
dependencies, versioning, semver
How to Keep package.json Under Control (tmc/val)163
how-tos, nodejs, dependencies, maintainability
Oh No, Not Again… a Meditation on npm Supply Chain Attacks (tan)162
dependencies, security, microsoft
Anatomy of a Billion-Download npm Supply-Chain Attack161
security, dependencies
npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack (bur+/soc)160
security, dependencies
npm Trusted Publishing With OIDC Is Generally Available159
dependencies, provenance, github
npm “Accidentally” Removes Stylus Package, Breaks Builds and Pipelines (ax/ble)158
stylus
eslint-config-prettier Compromised: How npm Package With 30 Million Downloads Spread Malware157
prettier, eslint, security, malware
npm Phishing Email Targets Developers With Typosquatted Domain (sar/soc)156
security
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader (soc)155
security, dependencies
30 Years of JavaScript: 10 Milestones That Changed the Web (ric)154
javascript, anniversaries, history, ecmascript, ajax, jquery, web-2.0, nodejs, react, typescript, webassembly
npm Targeted by Malware Campaign Mimicking Familiar Library Names (soc)153
malware, security, dependencies, link-lists
npm Should Remove the Default License From New Packages (ISC) (ext)152
dependencies, licensing, foss
A Decade of Impact: How Our npm Packages Hit 1 Billion Downloads and Shaped JavaScript151
dependencies, history, javascript
Malware Found on npm Infecting Local Package With Reverse Shell (rev)150
dependencies, security
Lazarus Strikes npm Again With New Wave of Malicious Packages (soc)149
dependencies, security
@11ty/image-color (zac)148
packages, images, colors
Tutorial: Publishing ESM-Based npm Packages With TypeScript (rau)147
tutorials, dependencies, typescript
Is npm Enough? Why Startups Are Coming After This JavaScript Package Registry (kat/red)146
jsr, bun, pnpm, yarn, javascript
Keep Your Node.js Apps Secure With “npx is-my-node-vulnerable” (tre)145
packages, nodejs, security
My Failed Attempt to Shrink All npm Packages by 5% (eva)144
dependencies, compression
How I Open-Sourced My Secret Access Tokens From GitHub, Slack, and npm—and Who Actually Cares143
security, github, slack
Mastering npm Scripts: Automate Everything in Your Frontend Workflow142
dependencies, environments, ci-cd, automation
HTML Conformance: A Comparison of 6.5 npm Validator Packages (With 1.5 Recommendations) (j9t)141
html, conformance, tooling, comparisons
Publishing a Simple Client-Side JavaScript Package to npm With GitHub Actions (sim)140
dependencies, javascript, github-actions
How to Prerelease an npm Package (spa/clo)139
how-tos, dependencies, versioning, semver
Understanding “npm audit” and Fixing Vulnerabilities138
security, vulnerabilities, nodejs
npm vs. npx137
nodejs, npx, comparisons
Significance of package-lock.json or yarn-lock.json136
yarn, comparisons
More npm Packages on Cloudflare Workers: Combining Polyfills and Native Code to Support Node.js APIs (jas+)135
cloudflare, nodejs, apis, dependencies
caniuse-cli (bra)134
packages, support, browsers, web-platform, caniuse, command-line
CSS Style Observer (bra)133
packages, css
How to Create an npm Package (mat)132
how-tos, dependencies
ObsoHTML, the Obsolete HTML Checker (j9t)131
packages, html, quality
The Great npm Garbage Patch130
dependencies, spam, security
Building an “npm create” Package (ach)129
Publishing a TypeScript Module to npm vs. JSR (den)128
videos, typescript, modules, dependencies, jsr, comparisons
Supply Chain Security in npm—We Can Be Optimistic About the Future127
dependencies, security, provenance
Leaner npm Packument (Metadata) Contents126
Create npm Package With CommonJS and ESM Support in TypeScript125
dependencies, commonjs, esm, typescript
npm and Node.js Should Do More to Make ES Modules Easy to Use124
nodejs, esm
What Happens When a Major npm Library Goes Commercial? (mco)123
dependencies, foss
Researchers Uncover npm Registry Vulnerability to Cache Poisoning and DoS Attacks (sar/soc)122
dependencies, vulnerabilities, caching, security
How a Single Vulnerability Can Bring Down the JavaScript Ecosystem121
javascript, dependencies, caching, vulnerabilities, security
CodeFlattener120
packages, javascript
Using Vite to Rebuild Local Dependencies in an npm Workspace119
dependencies, vite
Building an npm Package Compatible With ESM and CJS in 2024118
dependencies, interoperability, esm, commonjs
npm Basics for New Developers (nim)117
fundamentals
Node.js TSC Confirms: No Intention to Remove npm From Distribution (sar/soc)116
nodejs
The Ultimate Guide to Understanding npx vs. npm115
guides, npx, nodejs
eslint-plugin-depend114
packages, maintenance, simplicity
How npm Install Scripts Can Be Weaponized: A Real-World Example of a Harmful npm Package (eth)113
dependencies, examples, security
Why Does “is-number” Package Have 59M Weekly Downloads?112
dependencies
Node.js Community Debate Intensifies Over Enabling Corepack by Default and Potentially Unbundling npm (sar/soc)111
nodejs, corepack, yarn, pnpm, dependencies
Malicious npm Package Masquerades as Noblox.js, Targeting Roblox Users for Data Theft (sar/soc)110
dependencies, security
GitHub, npm Registry Abused to Host SSH Key-Stealing Malware109
github, security, malware, foss
Modern JavaScript Library Starter108
dependencies, libraries
Deceptive Deprecation: The Truth About npm Deprecated Packages107
deprecation, security, dependencies, research
npm in Review: A 2023 Retrospective on Growth, Security, and Quirky Facts (soc)106
retrospectives
When “Everything” Becomes Too Much: The npm Package Chaos of 2024 (soc)105
foss
A Comprehensive Guide to npm Workspaces and Monorepos104
guides, monorepos, yarn, dependencies
I Replaced npm, Yarn, and nvm With pnpm (paw)103
dependencies, yarn, pnpm, nvm
How to Use npm Packages Outside of Node102
how-tos, dependencies, javascript
Secret Scanning Scans Public npm Packages101
github, dependencies, security
TypeScript Monorepo With npm Workspaces (skw)100
monorepos, typescript, architecture
Honey, I Shrunk the npm Package99
dependencies, compression
SSH Keys Stolen by Stream of Malicious PyPI and npm Packages (ble)98
security, ssh, dependencies
npm Provenance General Availability97
github, provenance, security
How to Migrate From npm to pnpm96
how-tos, migrating, pnpm
dependency-time-machine95
packages, dependencies, maintenance, automation
Sophisticated, Highly-Targeted Attacks Continue to Plague npm94
security
Publishing With npm Provenance From Private Source Repositories Is No Longer Supported93
github, provenance, security, foss
Social Engineering Campaign Targeting Tech Employees Spreading Through npm Malware (soc)92
security, malware
A Comprehensive Beginner’s Guide to npm: Simplifying Package Management91
guides, dependencies
Making the Switch: From Yarn/npm to pnpm90
migrating, yarn, pnpm
Identify Unused npm Packages in Your Project (ami)89
dependencies, maintenance
Comparing npm, Yarn, and pnpm Package Managers: Which One Is Right for Your Distributed Project to Handle High Loads?88
yarn, pnpm, comparisons, performance, best-practices
The Massive Bug at the Heart of the npm Ecosystem87
dependencies, security, bugs
Create React UI Lib: Component Library Speedrun86
typescript, react, components
npm Won’t Publish Packages Containing the Word “keygen”85
discussions, dependencies
Comparing the Best Node.js Version Managers: nvm, Volta, and asdf84
nodejs, nvm
npm vs. Yarn vs. pnpm83
yarn, pnpm, comparisons
Introducing npm Package Provenance82
introductions, github, provenance, security, foss
Generating Provenance Statements81
provenance, security
Dissecting npm Malware: Five Packages and Their Evil Install Scripts80
security, malware
Understanding npm Versioning79
dependencies, versioning, semver
One in Two New npm Packages Is SEO Spam Right Now78
seo
The Landscape of npm Packages for CLI Apps77
nodejs, dependencies, command-line
Automatic npm Publishing With GitHub Actions and npm Granular Tokens76
github-actions, automation
Why We Added package.json Support to Deno (tin/den)75
deno, support, nodejs
Speeding Up the JavaScript Ecosystem—npm Scripts (mar)74
javascript, performance, bundling
Unlocking Security Updates for Transitive Dependencies With npm73
dependencies, security, maintenance
Lockfile Trick: Package an npm Project With Nix in 20 Lines72
tips-and-tricks
New npm Features for Secure Publishing and Safe Consumption71
security, dependencies
Migrating From npm to pnpm70
migrating, pnpm
npm Security: Preventing Supply Chain Attacks69
dependencies, security
npm ESM vs. CJS (woo)68
esm, commonjs, metrics, comparisons
How to Build, Test, and Publish a TypeScript npm Package in 202267
how-tos, typescript
Why You Should Prefer Using pnpm Over npm and Yarn?66
pnpm, yarn, comparisons
Use “npm query” and jq to Dig Into Your Dependencies65
videos, dependencies, auditing
Phylum Detects Active Typosquatting Campaign Targeting npm Developers64
dependencies, security
depngn63
packages, nodejs, dependencies
Best Practices for Creating a Modern npm Package62
best-practices
Dependabot Unlocks Transitive Dependencies for npm Projects61
dependencies, security, dependabot
4 Ways to Minimize Your Dependencies in Node.js (app)60
nodejs, dependencies
Installing and Running Node.js Bin Scripts (rau)59
installing, nodejs
Introducing the New npm Dependency Selector Syntax58
introductions
Introducing Even More Security Enhancements to npm57
introductions, security
Top 5 npm Vulnerability Scanners56
security, vulnerabilities, tooling
css-browser-support (5t3)55
packages, css, browsers, support
Image Guard (j9t)54
packages, images, compression, performance, jpeg, png, gif, webp, avif
Alternatives to Installing npm Packages Globally (rau)53
installing, dependencies
How to Migrate From Yarn/npm to pnpm52
how-tos, migrating, yarn, pnpm
You May Not Need a Bundler for Your npm Library51
bundling
What npm Can Learn From Go50
npm Security Update: Attack Campaign Using Stolen OAuth Tokens49
security, oauth, version-control, github
Snyk Finds 200+ Malicious npm Packages, Including Cobalt Strike Dependency Confusion Attacks48
javascript, dependencies, security
4 Reasons to Avoid Using “npm link”47
How to Respond to Growing Supply Chain Security Risks?46
how-tos, security, dependencies, nodejs
Update Node Dependencies Automatically, Selectively, or Incrementally45
nodejs, dependencies, yarn
What’s Really Going On Inside Your node_modules Folder? (soc)44
nodejs, dependencies
How to Publish Deno Modules to npm (kit/den)43
how-tos, deno, modules, dependencies
Understanding Dependencies Inside Your package.json (nod)42
nodejs, dependencies, yarn
How to Fix Your Security Vulnerabilities With npm Override41
how-tos, security, vulnerabilities, dependencies
The Basics of package.json (nod)40
fundamentals, nodejs, dependencies, yarn
pkg.land39
websites, packages, dependencies
Monorepos—How the Pros Scale Huge Software Projects (fir)38
videos, monorepos, yarn, pnpm, lerna, nx, comparisons
GitHub’s Commitment to npm Ecosystem Security37
github, security
Yarn vs. npm: Everything You Need to Know36
yarn, comparisons
timefind35
packages, history
Common npm Mistakes Every Developer Should Avoid34
mistakes
npm Security Best Practices (owa)33
security, best-practices
Simple Monorepos via npm Workspaces and TypeScript Project References (rau)32
monorepos, typescript
NPM Global Audit31
packages, security, quality, auditing
Uninstalling Dev Dependencies With npm30
dependencies
“npm ruin dev” (ada/css)29
html, css, javascript, nodejs
What Is Node and When Should I Use It?28
nodejs, javascript
How to Publish an Updated Version of an npm Package (spa/clo)27
how-tos, dependencies
How to Add CSS Vendor Prefixes Automatically (luk)26
how-tos, css, vendor-extensions, automation, tooling, postcss, webpack, gulp
Using npx and npm Scripts to Reduce the Burden of Developer Tools (bnb)25
npx, tooling, productivity
a11y-syntax-highlighting (eri)24
packages, accessibility, syntax-highlighting
How to Worry About npm Package Weight (chr/css)23
dependencies
Lerna: A Tale of Renaming npm Packages22
dependencies, refactoring, lerna
Validating Dependencies in the Project With npm-check and depcheck21
dependencies, security, maintenance, auditing, tooling
Introducing npx: An npm Package Runner (zka)20
introductions, npx, nodejs
10 Node.js Best Practices: Enlightenment From the Node Gurus19
nodejs, best-practices, environments, event-loop, naming, scalability, caching, express
Solving npm Scripts Problems in JavaScript Projects (hcr)18
yarn, javascript
npm Fails to Restrict the Actions of Malicious npm Packages17
vulnerabilities, security
npm Proxy for Installing Dependencies16
translations, dependencies, tooling
Why npm Scripts? (css)15
nodejs, conversion, linting, minification, compression, sprites, images, examples
why-is-node-running14
packages, nodejs
How to Solve the Global npm Module Dependency Problem13
how-tos, dependencies
image-dimensions (sin)12
packages, images
Learning Node.js: The “npm link”11
videos, nodejs
9 Quick Tips About npm10
tips-and-tricks, nvm, command-line
Peer Dependencies (dom)9
nodejs, dependencies
Madge8
packages, dependencies, visualization
npm Package Size Checker7
tools, exploration, auditing, debugging, dependencies
npm, Yarn, and pnpm Command Converter6
tools, exploration, conversion, yarn, pnpm, command-line
npm Package Types Checker5
tools, exploration, auditing, debugging, dependencies, typescript, type-safety
npm Dependency Visualizer4
tools, exploration, auditing, debugging, dependencies, visualization
npm Package Download Statistics Checker3
tools, exploration, auditing, debugging, dependencies, metrics
npm Package Checker2
tools, exploration, auditing, debugging, dependencies
Dependencies Badge Generator1
tools, exploration, images, dependencies