📰 npm

Benchmarks of JavaScript Package Managers

Was not aware of that: pnpm regularly updates this benchmarks that compares npm, yarn and pnpm

weeklyfoo #18 / 2024-02-05

benchmarkpnpmyarnnpm

Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar

Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.

weeklyfoo #69 / 2025-01-27

Open

securitynpm

Leaner npm packument (metadata) contents

And by doing that reducing the size of packuments.

weeklyfoo #42 / 2024-07-22

Open

npm

Modern JavaScript library starter

How to publish a package with TypeScript, testing, GitHub Actions, and auto-publish to NPM

weeklyfoo #18 / 2024-02-05

Open

npmpackagestarter

Nightmares on npm: How Two Malicious Packages Facilitate Data Theft and Destruction

Our threat research team breaks down two malicious npm packages designed to exploit developer trust, steal your data, and destroy data on your machine.

weeklyfoo #54 / 2024-10-14

Open

securitynpm

npm in Review: A 2023 Retrospective on Growth, Security, and Quirky Facts

A look back, and some funny suprises.

weeklyfoo #16 / 2024-01-22

Open

npm2023

npm malware

Get informed about malicious npm packages in realtime

weeklyfoo #17 / 2024-01-28

Open

npmmalware

NPM registry prank leaves developers unable to unpublish packages

everything fetches everything

weeklyfoo #14 / 2024-01-07

Open

npm

The Great npm Garbage Patch

Thousands of spam npm packages are polluting the system.

weeklyfoo #46 / 2024-08-19

Open

npmspam

The package that broke NPM (accidentally)

The story behing the &lteverything> npm package that stressed npm

weeklyfoo #15 / 2024-01-14

Open

npm

Why Does 'is-number' Package Have 59M Weekly Downloads?

Just saying: chain of dependencies!

weeklyfoo #22 / 2024-03-04

Open

npm