Tags: npm

Compromised npm Package: event-stream

Ownership of a popular npm package, event-stream, was transferred by the original author to a malicious user, right9ctrl. This package receives over 1.5mm weekly downloads and is depended on by nearly 1,600 other packages. The malicious user was able to gain the trust of the original author by...
Read 0 Comments

This Week in Numbers: Managing JavaScript Packages with NPM and Yarn

This week we analyze more data from the Node.js Foundation‘s user survey. Almost three-quarters (73 percent) of survey respondents said they use a package manager. NPM was used by 60 percent and Yarn cited by 13 percent. Since Yarn sits on top of NPM, in reality these respondents are referring to...
Read 0 Comments

Why (and How) to Use eslint in Your Project

This story was written by Sam Roberts, a Senior Software Engineer at IBM Canada. It was first published in IBM developerWorks blog. npmjs.org has 100s of thousands of packages, but that doesn’t mean they are of equal quality. Its important to check how well managed your direct dependencies are...
Read 0 Comments

Deploy Atomically with Travis & npm

I think I am a software developer because I am lazy. The second or third time I have to perform the same exact task, I find myself saying, “Ugh, can’t I tell the computer how to do it?”  So imagine my reaction when our team’s deployment process started looking like this: git pull npm run build to...
Read 0 Comments


npm / Yarn
How does npm compare to Yarn when it comes to the cache, integration, and scalability? We take a look in this article.

Untangling Package Management in JavaScript Applications

If a JavaScript developer was frozen in 2005 and miraculously thawed in our present world of 2017, the thing that would likely amaze them is the massive proliferation of JavaScript packages. The video below gives us a fascinating visual representation of the package explosion over time. The...
Read 0 Comments


Front end tooling simplified
This article looks at the revolution in JavaScript development over the past few years.

A Modern Day Front-End Development Stack

Application development methodologies have seen a lot of change in recent years. With the rise and adoption of microservice architectures, cloud computing, single-page applications, and responsive design to name a few, developers have many decisions to make, all while still keeping project...
Read 0 Comments

Npm Password Resets Show Developers Need Better Security Practices

Thousands of developers who publish JavaScript packages in the npm repository have had their passwords reset since May because their login credentials were too weak or had been publicly exposed. The affected accounts were in control of tens of thousands of Node.js modules that, in turn, were direct...
Read 0 Comments

Web Developer Security Checklist

Developing secure, robust web applications in the cloud is hard, very hard. If you think it is easy, you are either a higher form of life or you have a painful awakening ahead of you. If you have drunk the MVP Kool-aid and believe that you can create a product in one month that is both valuable and...
Read 0 Comments

Open Source JavaScript, Node.js Devs Get NPM Orgs for Free

NPM Inc.'s NPM Orgs tool, which has been available as a paid service for JavaScript and Node.js development teams collaborating on private code, is now available for free use by teams working on open source code. The SaaS-based tool, which features capabilities like role-based access control,...
Read 0 Comments

NPM or Yarn? Node.js Devs Pick Their Package Manager

Mere months since it was open-sourced by Facebook, Yarn has NPM on the run. The upstart JavaScript package manager has gained a quick foothold in the Node.js community, particularly among users of the React JavaScript UI library. Known for faster installation, Yarn gives developers an improved...
Read 0 Comments


Click Here!