Learn how to use npm outdated and npm doctor commands to assess your project's dependency health and environment setup.
Explains the risks of inconsistent package lockfiles in npm/Yarn and how to enforce strict dependency installation using `npm ci` or `--frozen-lockfile`.
Analyzes security risks in npm package installation, highlighting the dangers of arbitrary code execution and advocating for cautious dependency management.
A detailed analysis of the malicious event-stream npm package backdoor, its timeline, and the social engineering attack that led to its inclusion.
A guide on packaging and publishing a reusable Vue.js component to the NPM registry for easy sharing and installation.
Explains the philosophy and benefits of creating small, focused modules in Node.js, comparing them to Lego blocks for building complex systems.
Explains npm's evolving naming rules to combat typosquatting attacks, detailing case sensitivity and character restrictions for package names.
Explains security risks in the npm ecosystem, including malicious modules, typosquatting, and compromised contributors, with mitigation advice.
A guide to setting up a modern JavaScript open source project, covering dependency management, coding style tools, and automation.
Introduces `thanks`, an npm tool to help developers discover and donate to open source maintainers of their project dependencies.
Analyzes the recent panic over npm security, arguing it's based on social engineering in PRs, not a flaw in npm itself.
A guide to freeing up disk space by using a terminal command to recursively delete node_modules folders from local Node.js projects.
Overview of npm 5's major new features, including performance improvements, offline modes, and a standardized lockfile.
A guide to automating dependency updates in Java, JavaScript, and Gradle projects using CI tools and commit hooks.
Reveals three lesser-known technical facts about the Yarn package manager, including its dependency on npm and built-in spellcheck.
A guide on publishing Angular libraries to npm, covering platform independence, bundling, and AOT compilation.
A tutorial on extending a Node.js Twitter bot to automatically reply to new followers using the Twitter Streaming API and the 'twit' npm module.
A tutorial on creating a Twitter bot with Node.js and the Twit npm module to retweet, favorite, and reply based on hashtags.
Announcing Voca, an open-source JavaScript library for comprehensive and modular string manipulation.
A tutorial on building a simple Twitter bot using Node.js and the Twit npm module to retweet and favorite posts based on hashtags.
