DEV Community

npm

Node Package Manager

Posts

👋 Sign in for the ability to sort posts by relevant, latest, or top.
Lazy SRE's guide to secure systems, part 1: the dependencies you didn't read

Lazy SRE's guide to secure systems, part 1: the dependencies you didn't read

Comments
7 min read
Hardening Your npm CI in 5 Concrete Layers

Hardening Your npm CI in 5 Concrete Layers

1
Comments
2 min read
axios npm Supply Chain Attack (March 31, 2026) — What Happened and How to Check Your Lock File Right Now

axios npm Supply Chain Attack (March 31, 2026) — What Happened and How to Check Your Lock File Right Now

1
Comments
6 min read
Why npm supply chain attacks keep happening and how to harden your installs

Why npm supply chain attacks keep happening and how to harden your installs

Comments
4 min read
All It Took Was npm install (Axios Attack)

All It Took Was npm install (Axios Attack)

1
Comments
4 min read
Completing the Picture: Adding Memory Diagnostics to a CPU Profiler

Completing the Picture: Adding Memory Diagnostics to a CPU Profiler

Comments
6 min read
Signals, Effects, and the Algebra Between Them

Signals, Effects, and the Algebra Between Them

Comments
6 min read
I audited the top 50 npm packages. Almost none ship with supply-chain attestations!

I audited the top 50 npm packages. Almost none ship with supply-chain attestations!

Comments
10 min read
No, the AI didn't compromise your npm packages. You did.

No, the AI didn't compromise your npm packages. You did.

3
Comments 1
13 min read
gpushx: The All-in-One CLI That Made My GitHub + Deployment Workflow 10x Faster

gpushx: The All-in-One CLI That Made My GitHub + Deployment Workflow 10x Faster

6
Comments
2 min read
I just hardened my OSS release pipeline to 11 layers of security — here's the playbook

I just hardened my OSS release pipeline to 11 layers of security — here's the playbook

Comments
7 min read
npm Scripts: Unlocking the Full Power of package.json

npm Scripts: Unlocking the Full Power of package.json

Comments
3 min read
Rust Binary Distribution via npm: Addressing Security Risks and Installation Failures with Native Caching Solutions

Rust Binary Distribution via npm: Addressing Security Risks and Installation Failures with Native Caching Solutions

Comments
12 min read
Your AI keeps recommending these dead npm/PyPI packages — here is the exact migration for each

Your AI keeps recommending these dead npm/PyPI packages — here is the exact migration for each

Comments 1
9 min read
I published mfkvault-cli to npm — install any AI skill in 30 seconds

I published mfkvault-cli to npm — install any AI skill in 30 seconds

Comments
1 min read
👋 Sign in for the ability to sort posts by relevant, latest, or top.