Robuta

While 2FA and trusted publishing will help, you need tools that give visibility into how packages behave — not just who is publishing.

In-depth documentation, guides, and reference materials for building secure, high-performance JavaScript and TypeScript applications with Deno

Which NPM package should you use? Compare packages download stats, bundle sizes, github stars and more. Spot trends, pick the winner.

Nov 25, 2025 - NPM hit again by Shai-Hulud worm. More than 1,000 package versions compromised. Developers must reset credentials.

Starter Template for creating NPM Packages

Jul 13, 2025 - Node Package Manager (npm) provides a set of scripts for developers and package maintainers to maintain the life cycle events of a package.

Sep 10, 2025 - Malware en NPM afecta bibliotecas de JavaScript: robo cripto mínimo, paquetes deshabilitados y pasos para proteger tus proyectos.

Nuxt module that shows hints for aspects of your application such as Performance, Security, and more!

Nov 25, 2025 - NPM opnieuw getroffen door Shai-Hulud worm. Meer dan 1000 pakketversies gecompromitteerd. Ontwikkelaars moeten credentials resetten.

Présentation de Verdaccio, un outil alternatif au registry npm pour tester une publication d’un paquet.

Eight Million npm Downloads! — Eleventy

npm supply chain attacks continue. This time targeting @ctrl/tinycolor and multiple other packages with credential stealer malware. In this blog, we will...

Here's what you need to know about the discovery of the first self-replicating npm worm, which compromised packages with cloud token-stealing malware.

A new wave of North Korea's 'Contagious Interview' campaign is targeting job seekers with malicious npm packages that infect dev's devices with infostealers...

Dec 23, 2025 - Latest update to the Node.js rival also brings more granular control over permissions and a faster, experimental type checker.

freesewing - Freesewing's monorepo holding all our NPM packages, including our core library

Documentation for the npm registry, website, and command-line interface

Sep 16, 2025 - ‘This is a new frontier’ of malware in open source repositories, says one expert.

JSR is a new open source JavaScript package registry focused on modern JavaScript and TypeScript, with advanced features like publishing TypeScript directly,...

Nov 14, 2025 - : Amazon spilled the TEA

Dec 8, 2025 - Read in-depth SolarWinds NPM reviews from real customers and learn about the pricing, features, and more.

SSL/TLS is the encryption standard or protocol which encrypts the session between a website (server) and the browser (client). This protects us from potential...

May 3, 2023 - The latest version of npm no longer accepts deprecated commands and the Travis nodeJS build is pulling this command in from somewhere that isn’t the project...

Deno Deploy becomes the first isolate serverless platform to natively support more than two million modules on npm.

Safely install NPM packages. Contribute to kevinslin/safe-npm development by creating an account on GitHub.

One common way to import npm packages is with transpile services like esm.sh or unpkg.com, which converts npm modules to esm and hosts them on the web....

Feb 13, 2024 - The npm engineering team recently transitioned to using GitHub Codespaces for local development for npm registry services. This shift to Codespaces has...

Aug 11, 2025 - A free, fast, and reliable CDN for jquery. JavaScript library for DOM operations

Oct 31, 2025 - Enhance network visibility with Riverbed NPM+. Gain comprehensive observability in cloud, Zero Trust, and remote work environments for optimal performance.

npm package ansi-universal-ui delivers GWagon infostealer targeting 100+ crypto wallets, browser credentials, and cloud keys. We analyzed all 10 versions as...

A UI Library for Modern Web Apps, powered by Vue & Tailwind CSS.

Feb 22, 2022 - We’re announcing version 7 of the npm CLI is now generally available.

Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new...

Deno 1.29 ships with many npm compatibility improvements, lots of quality of life improvements and TypeScript 4.9

May 29, 2024 - Using npm packages inevitably exposes you to certain security risks. Follow these points to reduce your security exposure substantially.

Learn how to detect the September 2025 NPM supply chain attack that compromised debug, chalk. Includes a bash script to scan your repositories for malicious...

Beginner's tutorial on how to get started with Node.js (nodejs) and npm installation on Windows.

Device detection module for Nuxt

Oct 6, 2022 - A free, fast, and reliable CDN for semantic-ui. Semantic empowers designers and developers by creating a shared vocabulary for UI.

Oct 19, 2024 - The Unable to resolve dependency tree error when installing npm packages occurs when you install the node dependencies with the latest version of NPM(v7).

Angular - the core framework

Dec 9, 2025 - A free, fast, and reliable CDN for ua-parser-js. Detect Browser, Engine, OS, CPU, and Device type/model from User-Agent & Client Hints data. Supports...

Sep 10, 2025 - Learn about the npm debug / chalk Supply-Chain Attack and how it affects popular packages and your projects.

Jan 11, 2018 - A free, fast, and reliable CDN for mark.js. Highlight keywords using JavaScript. Intended for every use case. Can e.g. be used to mark text in search results.

Day.JS Module for Nuxt

In the JavaScript and Node.js world, some packages are essential—downloaded millions of times daily and powering apps worldwide. Behind these tools are...

Bundlephobia helps you find the performance impact of npm packages. Find the size of any javascript package and its effect on your frontend bundle.

Load third-party scripts with better performance, privacy and DX in Nuxt Apps.

Nov 24, 2025 - Na początku listopada Paul McCarty odkrył złośliwą kampanię w menadżerze pakietów npm. Składa się ona z ponad 43 tysięcy pakietów publikowanych...

Apr 15, 2020 - We're excited to announce that npm will be joining GitHub.

Before you can start installing a JavaScript library, you need to choose which package manager you will use. (Our community loves flexibility and choices, so...

Guide to using Node.js modules and npm packages in Deno. Learn about compatibility features, importing npm packages, and differences between Node.js and Deno...

Nov 25, 2025

PhantomRaven NPM malware hides in invisible dependencies, silently compromising projects and putting entire software supply chains at risk.

Jul 31, 2023 - The Deno team has released version 1.28 which “stabilizes npm compatibility,” according to a post today. This is […]

Should you run npm ci or stick with good old npm install? Here's exactly what I learned.

Jan 15, 2026 - A dramatic spike in npm-focused intrusions shows how attackers have shifted from opportunistic typosquatting to systematic, credential-driven supply chain...

Predstava “Bajka o pozorištu” autora Vladimira Đurđevića, u režiji Ferida Karajice bit će odigrana na Velikoj sceni Narodnog pozorišta (NP) u...

Nov 12, 2025 - The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious artifacts under GitHub’s own...

Sep 30, 2025 - As part of our ongoing commitment to securing the npm ecosystem, we’re implementing the first phase of security improvements outlined in our recent...

Dark and light mode for Nuxt with auto detection

Nov 17, 2025 - Goal is to steal Tea tokens by inflating package downloads, possibly for profit when the system can be monetized.

ESLint module for Nuxt

Dec 4, 2025 - Supply chain risk is unavoidable, but not unmanageable. Proactively prevent supply chain attacks by embedding YARA into developer workflows.

Jan 12, 2026 - Researchers discovered malicious npm packages posing as n8n integrations, exfiltrating OAuth tokens and API keys from enterprise workflows.

Jan 20, 2022 - This npm guide helps you understand what npm is, what what makes npm a package manager, and how to use npm from a beginner's view.

Nov 24, 2025 - The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, say researchers.

Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals...

In-depth documentation, guides, and reference materials for building secure, high-performance JavaScript and TypeScript applications with Deno

Nuxt integration for Kinde authentication

Are The Types Wrong? - Tool for analyzing TypeScript types of npm packages

Sep 23, 2025 - Software Development News

Four Million npm Downloads! — Eleventy

Cybernetically enhanced web apps

Sep 3, 2025 - Ethereum smart contracts used to hide URL to secondary malware payloads in an attack chain triggered by a malicious GitHub repo.

Dec 9, 2025 - 🚨 Recent NPM Supply Chain Attacks — What Happened, Why It Matters, and How to Protect... Tagged with discuss, node, webdev, javascript.

A libraries.io API client - 3.3.8 - a TypeScript package on npm

Investigadores alertam para ataque massivo à cadeia de fornecimento que afeta npm e GitHub, expondo segredos críticos e comprometendo projetos

A targeted npm supply chain attack installs an Express backdoor, enables remote SQL/file access, and rewrites gambling balances while keeping logs consistent.

RL researchers detected the first self-replicating worm that compromised npm packages with cloud token-stealing malware. Here's what you need to know.

Dec 3, 2025 - A new version of the Shai-Hulud worm has infected hundreds of npm packages and caused disruption to global CI/CD workflows

npm is a package manager for the JavaScript runtime environment Node.js, and rsync can be used to synchronise the data with the remote server. First steps: Set...

Dec 1, 2023 - NPM breaks $30B in total volume transacted and records most programs in a first quarter since its inception. Through quarter close, NPM has surpassed more than...

Sep 19, 2025 - Discover how a recent npm account compromise led to the injection of advanced malware with worm-like capabilities, threatening the security of the software...

Oct 17, 2025 - Recent updates in the Svelte ecosystem, including a significant supply chain attack.

Over the past two months, we’ve seen some of the most serious supply chain attacks in npm history: phishing campaigns, maintainer account takeovers, and...

Dec 14, 2025 - A free, fast, and reliable CDN for daisyui. daisyUI 5 - The Tailwind CSS Component Library

Native-ESM powered web dev build tool

Dec 2, 2025 - Learn about the ongoing Shai Hulud npm supply chain attack, including all currently known compromised packages

Deno 2.3 adds new features for deno compile and deno fmt, support for using local npm packages, several performance improvements, and more. Here are the...

Deno 1.44 adds support for private npm registries, gRPC connections, improved Node.js compat with initial Next.js support, and significant performance...

A free CDN for GitHub, GitLab, Bitbucket, and npm packages. Convert your repository URLs to CDN links instantly.

Sep 10, 2025 - The Sept 2025 npm breach: 18+ packages, 2B+ weekly downloads, and crypto-stealing malware. We break down the phishing attack & its impact.

Nest - modern, fast, powerful node.js web framework (@core)

Sep 23, 2025 - GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing.

Jan 4, 2026 - In January 2026, I encountered a series of cryptic authentication errors while publishing an npm... Tagged with npm, githubactions, cicd, security.

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Two Million npm Downloads! — Eleventy

Feb 4, 2026 - Stop memorizing Heft flags in SPFx 1.22. Learn how npm scripts give you short, reusable build commands that work across every SharePoint Framework project and...