[go: up one dir, main page]

DEV Community

npm

Node Package Manager

Posts

👋 Sign in for the ability to sort posts by relevant, latest, or top.
Malicious npm Packages With Valid SLSA Provenance: Inside the TanStack Attack

Malicious npm Packages With Valid SLSA Provenance: Inside the TanStack Attack

1
Comments 2
5 min read
42 @tanstack/* Packages Were Compromised on npm: What Happened, How It Works, and What You Must Do Right Now

42 @tanstack/* Packages Were Compromised on npm: What Happened, How It Works, and What You Must Do Right Now

Comments
10 min read
The TanStack npm Attack Shows Why pnpm 11 Matters

The TanStack npm Attack Shows Why pnpm 11 Matters

2
Comments
3 min read
LibKill: Scan Your Machine for Compromised npm, pip, and Bun Packages

LibKill: Scan Your Machine for Compromised npm, pip, and Bun Packages

Comments
3 min read
Mini Shai-Hulud: A persistent supply-chain worm

Mini Shai-Hulud: A persistent supply-chain worm

1
Comments 1
3 min read
How I Built the Two Missing Payload CMS v3 Plugins — Reviews, JSON-LD & Real Production Bugs

How I Built the Two Missing Payload CMS v3 Plugins — Reviews, JSON-LD & Real Production Bugs

Comments
5 min read
Deep Dive: TanStack npm supply-chain compromise

Deep Dive: TanStack npm supply-chain compromise

1
Comments
3 min read
Building a CLI Tool with Node.js (From Zero to npm)

Building a CLI Tool with Node.js (From Zero to npm)

Comments
4 min read
I Built My Own Config Format for Node.js That Separates Server and Client Secrets

I Built My Own Config Format for Node.js That Separates Server and Client Secrets

1
Comments 2
5 min read
Scanning npm Packages for Malware Before You Install, Without Running Them

Scanning npm Packages for Malware Before You Install, Without Running Them

Comments 2
6 min read
date-light: A 1.8KB Alternative to date-fns You Might Actually Like

date-light: A 1.8KB Alternative to date-fns You Might Actually Like

1
Comments 2
3 min read
Scarab Diagnostic Field Test #021 — pnpm Self-Upgrade No-Manifest Boundary

Scarab Diagnostic Field Test #021 — pnpm Self-Upgrade No-Manifest Boundary

2
Comments
4 min read
The NPM Audit Trap: A Thursday Morning Tragedy

The NPM Audit Trap: A Thursday Morning Tragedy

Comments
2 min read
Shipping archkit v0.1: a TypeScript Clean Architecture scaffolder built in one Claude Code session

Shipping archkit v0.1: a TypeScript Clean Architecture scaffolder built in one Claude Code session

Comments 1
7 min read
Hi all

Hi all

Comments
1 min read
👋 Sign in for the ability to sort posts by relevant, latest, or top.