A beginner's guide to using npm for managing Node.js packages, covering installation, project setup, and dependency management.
Analysis of the 2019 State of Open Source Security Report, focusing on Node.js and npm vulnerabilities like Path Traversal and ReDoS.
An open source funding experiment that displays ethical ads in the console to support maintainer work on packages like StandardJS.
Essential npm security best practices to protect against malicious packages, including ignoring run-scripts and vetting third-party modules.
npm registry hits 1 million packages. Analysis of top packages, vulnerabilities, and download statistics.
A step-by-step tutorial on how to publish your own open source npm package, covering setup, bundling with Babel, and the publishing process.
Explains three methods to control which files are included in an npm package: .gitignore, .npmignore, and the files property.
Explains the optimal timing for running `npm init` in open-source projects to automatically generate helpful metadata links in package.json.
A developer's journey from a novel idea to launching an open-source project, and the unexpected feedback it receives.
A guide to publishing npm packages following industry best practices, covering account setup, package creation, and advanced publishing techniques.
Learn how to use npm outdated and npm doctor commands to assess your project's dependency health and environment setup.
A guide explaining what JSDelivr is, how it works as a CDN for JavaScript libraries, and when and how to use it in web projects.
Explains the risks of inconsistent package lockfiles in npm/Yarn and how to enforce strict dependency installation using `npm ci` or `--frozen-lockfile`.
Analyzes security risks in npm package installation, highlighting the dangers of arbitrary code execution and advocating for cautious dependency management.
Explains the purpose and usage of the .gitignore file in Git, including how to ignore files, folders, and extensions.
A detailed analysis of the malicious event-stream npm package backdoor, its timeline, and the social engineering attack that led to its inclusion.
A guide on packaging and publishing a reusable Vue.js component to the NPM registry for easy sharing and installation.
Explains the philosophy and benefits of creating small, focused modules in Node.js, comparing them to Lego blocks for building complex systems.
Explains npm's evolving naming rules to combat typosquatting attacks, detailing case sensitivity and character restrictions for package names.
Explains security risks in the npm ecosystem, including malicious modules, typosquatting, and compromised contributors, with mitigation advice.
