DEV Community

npm

Node Package Manager

Posts

👋 Sign in for the ability to sort posts by relevant, latest, or top.
Setting GitHub as a trusted publisher for npm

Setting GitHub as a trusted publisher for npm

1
Comments
2 min read
The Worm in the Registry

The Worm in the Registry

2
Comments
10 min read
Mini Shai-Hulud: un gusano de cadena de suministro que explotó TanStack y el ecosistema npm.

Mini Shai-Hulud: un gusano de cadena de suministro que explotó TanStack y el ecosistema npm.

2
Comments
5 min read
Malicious `axios@1.14.1` Published: Exfiltrated CI/CD Secrets; Pin Dependency Versions to Mitigate

Malicious `axios@1.14.1` Published: Exfiltrated CI/CD Secrets; Pin Dependency Versions to Mitigate

Comments
12 min read
Why you keep attacking npm?

Why you keep attacking npm?

2
Comments
1 min read
npm Publish Without Tokens

npm Publish Without Tokens

Comments
3 min read
Debugging Node.js in Docker and Kubernetes Without Restarting

Debugging Node.js in Docker and Kubernetes Without Restarting

Comments
6 min read
7 Bugs That Taught Us How to Build Better Diagnostic Tools

7 Bugs That Taught Us How to Build Better Diagnostic Tools

1
Comments
8 min read
Beyond the Event Loop: Tracking Slow I/O in Production Node.js

Beyond the Event Loop: Tracking Slow I/O in Production Node.js

Comments
8 min read
Validando CNPJ de forma definitiva: Conheça a cnpj-universal (JS/TS)

Validando CNPJ de forma definitiva: Conheça a cnpj-universal (JS/TS)

Comments
2 min read
The Axios Supply Chain Attack Explained — npm's Biggest Security Breach in 2026

The Axios Supply Chain Attack Explained — npm's Biggest Security Breach in 2026

Comments
16 min read
The Axios Attack Proved npm audit Is Broken. Here's What Would Have Caught It

The Axios Attack Proved npm audit Is Broken. Here's What Would Have Caught It

1
Comments
6 min read
The Documentation Attack Surface: How npm Libraries Teach Insecure Patterns

The Documentation Attack Surface: How npm Libraries Teach Insecure Patterns

Comments
4 min read
I built Material Symbols SVG, an icon library for using Material Symbols as SVG components

I built Material Symbols SVG, an icon library for using Material Symbols as SVG components

Comments
5 min read
Supply chain npm vs PyPI: I compared both simulations and the most dangerous vector isn't what everyone thinks

Supply chain npm vs PyPI: I compared both simulations and the most dangerous vector isn't what everyone thinks

Comments
9 min read
👋 Sign in for the ability to sort posts by relevant, latest, or top.