Skip to content
Navigation menu
Search
Powered by Algolia
Search
Log in
Create account
DEV Community
Close
npm
Follow
Hide
Node Package Manager
Posts
Left menu
đź‘‹
Sign in
for the ability to sort posts by
relevant
,
latest
, or
top
.
Right menu
42 @tanstack/* Packages Were Compromised on npm: What Happened, How It Works, and What You Must Do Right Now
VIKAS
VIKAS
VIKAS
Follow
May 13
42 @tanstack/* Packages Were Compromised on npm: What Happened, How It Works, and What You Must Do Right Now
#
javascript
#
security
#
npm
#
webdev
Comments
Add Comment
10 min read
The TanStack npm Attack Shows Why pnpm 11 Matters
Chioma Halim
Chioma Halim
Chioma Halim
Follow
May 13
The TanStack npm Attack Shows Why pnpm 11 Matters
#
cicd
#
javascript
#
npm
#
security
2
 reactions
Comments
Add Comment
3 min read
LibKill: Scan Your Machine for Compromised npm, pip, and Bun Packages
Firat Celik
Firat Celik
Firat Celik
Follow
May 13
LibKill: Scan Your Machine for Compromised npm, pip, and Bun Packages
#
security
#
npm
#
ai
#
programming
Comments
Add Comment
3 min read
Mini Shai-Hulud: A persistent supply-chain worm
Dwayne McDaniel
Dwayne McDaniel
Dwayne McDaniel
Follow
for
GitGuardian
May 26
Mini Shai-Hulud: A persistent supply-chain worm
#
security
#
supplychain
#
npm
#
securityresearch
1
 reaction
Comments
1
 comment
3 min read
The Worm in the Registry
Vektor Memory
Vektor Memory
Vektor Memory
Follow
May 13
The Worm in the Registry
#
ai
#
cybersecurity
#
npm
#
github
2
 reactions
Comments
Add Comment
10 min read
Docker Caching Strategies That Actually Work with npm ci
Sohana Akbar
Sohana Akbar
Sohana Akbar
Follow
May 26
Docker Caching Strategies That Actually Work with npm ci
#
docker
#
npm
#
node
#
caching
Comments
Add Comment
2 min read
Deep Dive: TanStack npm supply-chain compromise
Shruti Kapoor
Shruti Kapoor
Shruti Kapoor
Follow
May 15
Deep Dive: TanStack npm supply-chain compromise
#
githubactions
#
javascript
#
npm
#
security
1
 reaction
Comments
Add Comment
3 min read
Building a CLI Tool with Node.js (From Zero to npm)
Alex Chen
Alex Chen
Alex Chen
Follow
May 15
Building a CLI Tool with Node.js (From Zero to npm)
#
cli
#
node
#
npm
#
tutorial
Comments
Add Comment
4 min read
I Built My Own Config Format for Node.js That Separates Server and Client Secrets
KANISHQ R PUROHIT
KANISHQ R PUROHIT
KANISHQ R PUROHIT
Follow
May 11
I Built My Own Config Format for Node.js That Separates Server and Client Secrets
#
node
#
npm
#
security
#
opensource
1
 reaction
Comments
2
 comments
5 min read
Scanning npm Packages for Malware Before You Install, Without Running Them
Pavel Espitia
Pavel Espitia
Pavel Espitia
Follow
Jun 2
Scanning npm Packages for Malware Before You Install, Without Running Them
#
security
#
javascript
#
npm
#
devops
Comments
2
 comments
6 min read
Supply chain en npm vs PyPI: comparé mis dos simulaciones y el vector más peligroso no es el que todos creen
Juan Torchia
Juan Torchia
Juan Torchia
Follow
May 8
Supply chain en npm vs PyPI: comparé mis dos simulaciones y el vector más peligroso no es el que todos creen
#
spanish
#
espanol
#
npm
#
node
Comments
Add Comment
10 min read
Supply chain npm vs PyPI: I compared both simulations and the most dangerous vector isn't what everyone thinks
Juan Torchia
Juan Torchia
Juan Torchia
Follow
May 8
Supply chain npm vs PyPI: I compared both simulations and the most dangerous vector isn't what everyone thinks
#
english
#
npm
#
node
#
devops
Comments
Add Comment
9 min read
Stop Shipping Broken Env Configs — I Built a Fix
Rohan Mirjankar
Rohan Mirjankar
Rohan Mirjankar
Follow
May 8
Stop Shipping Broken Env Configs — I Built a Fix
#
npm
#
javascript
#
node
#
webdev
Comments
Add Comment
2 min read
Why I Stopped Writing 15 * 60 * 1000 in Every Project
Ch. Abdul Wahab
Ch. Abdul Wahab
Ch. Abdul Wahab
Follow
May 21
Why I Stopped Writing 15 * 60 * 1000 in Every Project
#
node
#
javascript
#
npm
#
webdev
3
 reactions
Comments
5
 comments
5 min read
AGENTS.md moved AI performance up a model tier. Package trust needs the same.
Pico
Pico
Pico
Follow
May 8
AGENTS.md moved AI performance up a model tier. Package trust needs the same.
#
npm
#
security
#
javascript
#
supplychain
Comments
Add Comment
2 min read
đź‘‹
Sign in
for the ability to sort posts by
relevant
,
latest
, or
top
.
We're a place where coders share, stay up-to-date and grow their careers.
Log in
Create account