Critique of npm audit's flaws, arguing its default rollout was rushed and harmful to front-end development workflows.
An in-depth look at how NPM works, covering its core components like the CLI, module resolution, and lockfiles, as part of an 'under-the-hood' series.
A tutorial on integrating Sass into a Blazor web project using npm scripts, without requiring complex build tools like gulp or webpack.
A guide to practical npx packages that streamline daily developer tasks like cleaning node_modules, killing ports, and serving local files.
A curated list of useful NPM packages for productivity, covering frontend/backend frameworks, styling, and utilities for Node.js developers.
A tutorial on setting up a new JavaScript project from scratch, including npm initialization and project configuration.
Introduces mutils, a JavaScript library that extends Array and Set classes to add useful utility methods for array manipulation.
Explains the purpose and mechanics of package-lock.json in Node.js projects, detailing how it ensures consistent dependency installations.
A guide to properly resolving git merge conflicts in package-lock.json files without deleting them, ensuring dependency consistency across teams.
A technical guide on building a blog using Markdown, frontmatter for metadata, and NPM packages like markdown-it for HTML conversion.
Explains the differences and purposes of package.json and package-lock.json files in Node.js projects, focusing on dependency management.
A critique of modern software's over-reliance on dependencies, sparked by a FOSDEM talk on open source sustainability and maintainer burnout.
A guide on using npm link to streamline local development when working across multiple interdependent npm packages.
A beginner's guide to using npm for managing Node.js packages, covering installation, project setup, and dependency management.
Analysis of the 2019 State of Open Source Security Report, focusing on Node.js and npm vulnerabilities like Path Traversal and ReDoS.
An open source funding experiment that displays ethical ads in the console to support maintainer work on packages like StandardJS.
Essential npm security best practices to protect against malicious packages, including ignoring run-scripts and vetting third-party modules.
npm registry hits 1 million packages. Analysis of top packages, vulnerabilities, and download statistics.
A step-by-step tutorial on how to publish your own open source npm package, covering setup, bundling with Babel, and the publishing process.
A developer's journey from a novel idea to launching an open-source project, and the unexpected feedback it receives.
