Skip to content
Navigation menu
Search
Powered by Algolia
Search
Log in
Create account
DEV Community
Close
npm
Follow
Hide
Node Package Manager
Posts
Left menu
đ
Sign in
for the ability to sort posts by
relevant
,
latest
, or
top
.
Right menu
Lazy SRE's guide to secure systems, part 1: the dependencies you didn't read
Harshit Luthra
Harshit Luthra
Harshit Luthra
Follow
May 18
Lazy SRE's guide to secure systems, part 1: the dependencies you didn't read
#
security
#
lazysre
#
supplychain
#
npm
Comments
Add Comment
7 min read
Hardening Your npm CI in 5 Concrete Layers
ShipWithAI
ShipWithAI
ShipWithAI
Follow
May 7
Hardening Your npm CI in 5 Concrete Layers
#
claudecode
#
ai
#
npm
#
githubactions
1
 reaction
Comments
Add Comment
2 min read
axios npm Supply Chain Attack (March 31, 2026) â What Happened and How to Check Your Lock File Right Now
LazyDev_OH
LazyDev_OH
LazyDev_OH
Follow
Apr 14
axios npm Supply Chain Attack (March 31, 2026) â What Happened and How to Check Your Lock File Right Now
#
security
#
npm
#
javascript
#
webdev
1
 reaction
Comments
Add Comment
6 min read
Why npm supply chain attacks keep happening and how to harden your installs
Alan West
Alan West
Alan West
Follow
May 17
Why npm supply chain attacks keep happening and how to harden your installs
#
npm
#
security
#
javascript
#
devops
Comments
Add Comment
4 min read
All It Took Was npm install (Axios Attack)
Chioma Halim
Chioma Halim
Chioma Halim
Follow
Apr 13
All It Took Was npm install (Axios Attack)
#
npm
#
webdev
#
cybersecurity
#
node
1
 reaction
Comments
Add Comment
4 min read
Completing the Picture: Adding Memory Diagnostics to a CPU Profiler
Bill Tu
Bill Tu
Bill Tu
Follow
Apr 13
Completing the Picture: Adding Memory Diagnostics to a CPU Profiler
#
npm
#
node
#
javascript
Comments
Add Comment
6 min read
Signals, Effects, and the Algebra Between Them
Ja
Ja
Ja
Follow
Apr 13
Signals, Effects, and the Algebra Between Them
#
typescript
#
npm
#
datastructures
#
node
Comments
Add Comment
6 min read
I audited the top 50 npm packages. Almost none ship with supply-chain attestations!
The Crypto Donkey
The Crypto Donkey
The Crypto Donkey
Follow
Apr 13
I audited the top 50 npm packages. Almost none ship with supply-chain attestations!
#
webdev
#
javascript
#
security
#
npm
Comments
Add Comment
10 min read
No, the AI didn't compromise your npm packages. You did.
PRANTA Dutta
PRANTA Dutta
PRANTA Dutta
Follow
May 15
No, the AI didn't compromise your npm packages. You did.
#
security
#
javascript
#
npm
#
ai
3
 reactions
Comments
1
 comment
13 min read
gpushx: The All-in-One CLI That Made My GitHub + Deployment Workflow 10x Faster
vinnugollakoti
vinnugollakoti
vinnugollakoti
Follow
May 16
gpushx: The All-in-One CLI That Made My GitHub + Deployment Workflow 10x Faster
#
npm
#
cli
#
terminal
#
github
6
 reactions
Comments
Add Comment
2 min read
I just hardened my OSS release pipeline to 11 layers of security â here's the playbook
×××× ×××
×××× ×××
×××× ×××
Follow
Apr 11
I just hardened my OSS release pipeline to 11 layers of security â here's the playbook
#
opensource
#
security
#
github
#
npm
Comments
Add Comment
7 min read
npm Scripts: Unlocking the Full Power of package.json
Alex Chen
Alex Chen
Alex Chen
Follow
May 15
npm Scripts: Unlocking the Full Power of package.json
#
javascript
#
node
#
npm
#
tooling
Comments
Add Comment
3 min read
Rust Binary Distribution via npm: Addressing Security Risks and Installation Failures with Native Caching Solutions
Pavel Kostromin
Pavel Kostromin
Pavel Kostromin
Follow
Apr 11
Rust Binary Distribution via npm: Addressing Security Risks and Installation Failures with Native Caching Solutions
#
rust
#
npm
#
security
#
distribution
Comments
Add Comment
12 min read
Your AI keeps recommending these dead npm/PyPI packages â here is the exact migration for each
Freshdeps
Freshdeps
Freshdeps
Follow
May 15
Your AI keeps recommending these dead npm/PyPI packages â here is the exact migration for each
#
javascript
#
python
#
npm
#
devtools
Comments
1
 comment
9 min read
I published mfkvault-cli to npm â install any AI skill in 30 seconds
Faiyaz Khan
Faiyaz Khan
Faiyaz Khan
Follow
Apr 11
I published mfkvault-cli to npm â install any AI skill in 30 seconds
#
claude
#
ai
#
npm
#
productivity
Comments
Add Comment
1 min read
đ
Sign in
for the ability to sort posts by
relevant
,
latest
, or
top
.
We're a place where coders share, stay up-to-date and grow their careers.
Log in
Create account