DEV Community

npm

Node Package Manager

Posts

👋 Sign in for the ability to sort posts by relevant, latest, or top.
I Built My Own Config Format for Node.js That Separates Server and Client Secrets

I Built My Own Config Format for Node.js That Separates Server and Client Secrets

1
Comments 2
5 min read
Scanning npm Packages for Malware Before You Install, Without Running Them

Scanning npm Packages for Malware Before You Install, Without Running Them

Comments 2
6 min read
date-light: A 1.8KB Alternative to date-fns You Might Actually Like

date-light: A 1.8KB Alternative to date-fns You Might Actually Like

1
Comments 2
3 min read
Scarab Diagnostic Field Test #021 — pnpm Self-Upgrade No-Manifest Boundary

Scarab Diagnostic Field Test #021 — pnpm Self-Upgrade No-Manifest Boundary

2
Comments
4 min read
The NPM Audit Trap: A Thursday Morning Tragedy

The NPM Audit Trap: A Thursday Morning Tragedy

Comments
2 min read
Shipping archkit v0.1: a TypeScript Clean Architecture scaffolder built in one Claude Code session

Shipping archkit v0.1: a TypeScript Clean Architecture scaffolder built in one Claude Code session

Comments 1
7 min read
Hi all

Hi all

Comments
1 min read
I Researched the Red Hat npm Incident — Here's What Every Developer Should Know

I Researched the Red Hat npm Incident — Here's What Every Developer Should Know

5
Comments
1 min read
Modern JavaScript Tooling Explained: npm, npx, pnpm, Yarn & Bun

Modern JavaScript Tooling Explained: npm, npx, pnpm, Yarn & Bun

1
Comments
5 min read
Rust Was Crashing. Go Fixed It. Copilot Showed Me Why

GitHub “Finish-Up-A-Thon” Challenge Submission

Rust Was Crashing. Go Fixed It. Copilot Showed Me Why

6
Comments
4 min read
guard-install now scans GitHub repos before you run them

guard-install now scans GitHub repos before you run them

Comments
1 min read
From pnpm's Cool Feature to npm's Life jacket: The (somewhat accidental) birth of age-install

From pnpm's Cool Feature to npm's Life jacket: The (somewhat accidental) birth of age-install

Comments
6 min read
Malicious npm Packages With Valid SLSA Provenance: Inside the TanStack Attack

Malicious npm Packages With Valid SLSA Provenance: Inside the TanStack Attack

1
Comments 2
5 min read
npm installs packages blindly — I built a CLI to fix that

npm installs packages blindly — I built a CLI to fix that

Comments
1 min read
Add a 50x+ faster duplicate-code gate to GitHub Actions with jscpd-rs

Add a 50x+ faster duplicate-code gate to GitHub Actions with jscpd-rs

3
Comments
5 min read
👋 Sign in for the ability to sort posts by relevant, latest, or top.