https://npmtrends.com/
Which NPM package should you use? Compare packages download stats, bundle sizes, github stars and more. Spot trends, pick the winner.
npmtrendscomparepackagedownloads
https://www.yagiz.co/using-insecure-npm-defaults/
Jul 13, 2025 - Node Package Manager (npm) provides a set of scripts for developers and package maintainers to maintain the life cycle events of a package.
npm packageusinginsecuremanagerdefaults
https://syntax.fm/show/737/jsr-the-new-typescript-package-registry-npm-killer
JSR is a new open source JavaScript package registry focused on modern JavaScript and TypeScript, with advanced features like publishing TypeScript directly,...
package registryjsrnewtypescriptnpm
https://www.aikido.dev/blog/npm-malware-g-wagon-python-stealer-crypto-wallets
npm package ansi-universal-ui delivers GWagon infostealer targeting 100+ crypto wallets, browser credentials, and cloud keys. We analyzed all 10 versions as...
npm packagewagondeployspythonstealer
https://www.csoonline.com/article/4088529/malicious-npm-package-sneaks-into-github-actions-builds.html
Nov 12, 2025 - The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious artifacts under GitHub’s own...
npm packagegithub actionscso onlinemalicioussneaks
https://nodejs.org/en/learn/getting-started/an-introduction-to-the-npm-package-manager
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
node jsnpm packageintroductionmanager
https://blog.logrocket.com/javascript-package-managers-compared/
Jun 4, 2024 - With the spate of popular JavaScript package managers reaching relative feature parity, it's time to compare: npm, Yarn, or pnpm?
package managersjavascriptcomparednpmyarn
https://github.blog/security/supply-chain-security/introducing-npm-package-provenance/
May 12, 2023 - How to verifiably link npm packages to their source repository and build instructions.
npm packagegithub blogintroducingprovenance
https://www.bleepingcomputer.com/news/security/malicious-npm-package-steals-whatsapp-accounts-and-messages/
A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal WhatsApp messages, collect contacts,...
npm packagemaliciousstealswhatsappaccounts
https://www.raresportan.com/how-to-make-an-npm-package/
All the steps you need to follow to share your JavaScript code with the world as an NPM package
npm packagecreate
https://checkmarx.com/blog/new-protestware-found-lurking-in-highly-popular-npm-package/
Jan 3, 2025 - Two popular packages, styled-components and es5-ext, with millions of weekly downloads and thousands of dependent projects, released new Protestware...
npm packagenewfoundhighlypopular
https://darn.es/github-directory-as-npm-package/
The following tutorial explains how to use a GitHub repo directory, or folder, as if it were an npm package.
npm packageusinggithubrepodirectory
https://deno.com/blog/kv-npm
Access our zero config distributed database, Deno KV, in your Node projects with our new npm package.
usedenokvnodenew
https://www.infoworld.com/article/4088533/malicious-npm-package-sneaks-into-github-actions-builds-2.html
Nov 12, 2025 - The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious artifacts under GitHub’s own...
npm packagegithub actionsmalicioussneaksbuilds
https://www.freecodecamp.org/news/how-to-use-tailwind-sidebar-npm-package-in-react-nextjs/
These days, developers are increasingly preferring utility-first CSS frameworks like Tailwind CSS to help them build fast, scalable, and highly customizable...
npm packageusetailwindsidebar