#npm

I built a supply chain security scanner in Rust — here's what I learned

🖼️

0

I built a supply chain security scanner in Rust — here's what I learned

DEV Community·Daniel·17 days ago

#rucLjhN1

#npm #bunjs #security #software #database #scan

If you've ever run npm install and thought "what exactly did I just put on my machine?", this one's...

15s

Deep Dive: TanStack npm supply-chain compromise

🖼️

0

Deep Dive: TanStack npm supply-chain compromise

DEV Community·Shruti Kapoor·17 days ago

#LwXVZQXx

#githubactions #javascript #npm #security #tanstack #github

This post is part of my weekly newsletter - Top 5 in Frontend and AI. Subscribe so you can deep dives...

15s

I Published My First npm Package — Here's Everything I Wish I Knew

🖼️

0

I Published My First npm Package — Here's Everything I Wish I Knew

DEV Community·Alex Chen·17 days ago

#DyoPvh18

#beginners #javascript #npm #fullscreen #package #index

I Published My First npm Package — Here's Everything I Wish I Knew Publishing to npm is...

15s

🖼️

0

I Published My First npm Package — Here's Everything I Wish I Knew

DEV Community·Alex Chen·17 days ago

#XC9oEOaS

#beginners #javascript #npm #package #fullscreen #name

I Published My First npm Package — Here's Everything I Wish I Knew Publishing to npm isn't...

15s

OpenAI caught in TanStack npm supply chain chaos after employee devices compromised

🖼️

0

OpenAI caught in TanStack npm supply chain chaos after employee devices compromised

theregister·Carly Page·17 days ago

#pep0crQD

#x2f #security #openai #npm #tanstack #credentials

Attackers stole a limited amount of internal credential material after malware hidden in poisoned packages reached two staff machines

15s

Attempt to stop npm postinstall scripts from stealing your secrets

🖼️

0

Attempt to stop npm postinstall scripts from stealing your secrets

DEV Community·Alex·18 days ago

#M5MzEOA1

#npm #supplychainattack #shaihulud #software #ringfence #files

Every time you run npm install, you're rolling dice. A postinstall script from some dependency three...

15s

npm Is on Fire: Why the Architecture Is the Product

🖼️

0

npm Is on Fire: Why the Architecture Is the Product

DEV Community·Vivian Voss·18 days ago

#D9iOwURQ

#if #npm #supplychain #packages #install #package

Wire Fire: Episode 01 The Permanent State npm (the open registry that nearly every...

15s

New npm package, check it out and hope it will be helpful for frontend engineers.

🖼️

0

New npm package, check it out and hope it will be helpful for frontend engineers.

DEV Community·Collins Mbathi·19 days ago

#qZs3muiQ

#frontend #npm #showdev #typescript #hide #comment

From Dev.to - typescript: New npm package, check it out and hope it will be helpful for frontend engineers.

15s

Sonner vs. robot-toast: When "Invisible" UI Isn't Enough

🖼️

0

Sonner vs. robot-toast: When "Invisible" UI Isn't Enough

DEV Community·Pratham Kumar·19 days ago

#wj8aXSOP

#javascript #webdev #npm #opensource #toast #robot

I used Sonner for almost everything before robot-toast existed. Genuinely liked it. Clean, premium,...

15s

The TanStack npm Attack Shows Why pnpm 11 Matters

🖼️

0

The TanStack npm Attack Shows Why pnpm 11 Matters

DEV Community·Chioma Halim·19 days ago

#QOemZ3dw

#cicd #javascript #npm #security #packages #pnpm

On April 28, 2026, pnpm 11 was released with some of the strongest security defaults we've seen from...

15s

LibKill: Scan Your Machine for Compromised npm, pip, and Bun Packages

🖼️

0

LibKill: Scan Your Machine for Compromised npm, pip, and Bun Packages

DEV Community·Firat Celik·19 days ago

#bBgF33aj

#why #security #npm #ai #libkill #fullscreen

Over the last few weeks, supply chain security has once again become a very real problem for...

15s

I got tired of calculating commercial lease billing by hand, so I built a tool

🖼️

0

I got tired of calculating commercial lease billing by hand, so I built a tool

DEV Community·Coco·19 days ago

#c7m1kMAJ

#realestate #javascript #npm #proptech #rate #month

From Dev.to - javascript: I got tired of calculating commercial lease billing by hand, so I built a tool

15s

TanStack Was Not the Whole Story: Mini Shai-Hulud Was an npm/PyPI Supply-Chain Worm

🖼️

0

TanStack Was Not the Whole Story: Mini Shai-Hulud Was an npm/PyPI Supply-Chain Worm

DEV Community·Teruo Kunihiro·19 days ago

#nuInJIyz

#pypi #comment #security #npm #tanstack #github

How the TanStack npm compromise fits into the broader Mini Shai-Hulud campaign across npm, PyPI, GitHub Actions, IDE hooks, and CI/CD secrets.

15s

🖼️

0

The Worm in the Registry

DEV Community·Vektor Memory·20 days ago

#Q68gfM6S

#ai #cybersecurity #npm #github #packages #code

Yesterday, between 19:20 and 19:26 UTC, six minutes of automated publishing destroyed the trust model...

15s

🖼️

0

Why you keep attacking npm?

DEV Community·Axel Espinosa·20 days ago

#9oVGYR1H

#npm #node #javascript #discuss #socket #packages

Honestly, it's exhausting to wake up and find out there's yet another attack on the npm...

15s

Can you stop attacking #npm packages? I'm scared of installing packages. Now it's time to switch 100% to PNPM...

🖼️

0

Can you stop attacking #npm packages? I'm scared of installing packages. Now it's time to switch 100% to PNPM...

DEV Community·Axel Espinosa·20 days ago

#Jm0uagyi

#npm #node #discuss #javascript #software #engineer

From Dev Community: Can you stop attacking #npm packages? I'm scared of installing packages. Now it's time to switch 100% to PNPM...

15s

Automate Social Media Image Generation with n8n + RenderPix

🖼️

0

Automate Social Media Image Generation with n8n + RenderPix

DEV Community·Özgür S.·20 days ago

#IsDZ1Iwx

#n8n #automation #npm #html #renderpix #const

From Dev.to - nodejs: Automate Social Media Image Generation with n8n + RenderPix

15s

I Built a 8.7KB React Animation Library (120+ FPS) on top of GSAP

🖼️

0

I Built a 8.7KB React Animation Library (120+ FPS) on top of GSAP

DEV Community·Yousef Zedan·20 days ago

#lTlSnh64

#implementation #gsap #npm #proximity #engine #react

After weeks of development, I'm excited to share ZProximity Engine - a React library for creating...

15s

I Built My Own Config Format for Node.js That Separates Server and Client Secrets

🖼️

0

I Built My Own Config Format for Node.js That Separates Server and Client Secrets

DEV Community·KANISHQ R PUROHIT·21 days ago

#u5x9sP8u

#security #node #npm #fullscreen #server #config

From Dev Community: I Built My Own Config Format for Node.js That Separates Server and Client Secrets

15s

Automate NPM Package Publishing with GitHub Actions

🖼️

0

Automate NPM Package Publishing with GitHub Actions

DEV Community·PEAKIQ·23 days ago

#GThna80M

#node #githubactions #npm #cicd #package #github

Learn to automate NPM package publishing using GitHub Actions. This guide covers setting up build steps, secure token management, and CI/CD best practices for

15s

Menu

I built a supply chain security scanner in Rust — here's what I learned

Deep Dive: TanStack npm supply-chain compromise

I Published My First npm Package — Here's Everything I Wish I Knew

I Published My First npm Package — Here's Everything I Wish I Knew

OpenAI caught in TanStack npm supply chain chaos after employee devices compromised

Attempt to stop npm postinstall scripts from stealing your secrets

npm Is on Fire: Why the Architecture Is the Product

New npm package, check it out and hope it will be helpful for frontend engineers.

Sonner vs. robot-toast: When "Invisible" UI Isn't Enough

The TanStack npm Attack Shows Why pnpm 11 Matters

LibKill: Scan Your Machine for Compromised npm, pip, and Bun Packages

I got tired of calculating commercial lease billing by hand, so I built a tool

TanStack Was Not the Whole Story: Mini Shai-Hulud Was an npm/PyPI Supply-Chain Worm

The Worm in the Registry

Why you keep attacking npm?

Can you stop attacking #npm packages? I'm scared of installing packages. Now it's time to switch 100% to PNPM...

Automate Social Media Image Generation with n8n + RenderPix

I Built a 8.7KB React Animation Library (120+ FPS) on top of GSAP

I Built My Own Config Format for Node.js That Separates Server and Client Secrets

Automate NPM Package Publishing with GitHub Actions