tanepiper, to node
@tanepiper@tane.codes avatar

Here's me trying to make sure we ship as secure as possible software, and there's someone who doesn't know how to use an npm ignore file to not ship their shitty docker files in their modules

tanepiper,
@tanepiper@tane.codes avatar

So many projects have a lot of crap in node_modules that are really not needed when deploying apps - SO MANY DOT FILES. I built a script that will clear them all out recursively, just leaving required files. Will probably add *.ts when creating containers.

A screenshot showing that over 4300 files will be deleted and clean up 27Mb of files
A screenshot showing a list of files in node_modules including a lot of dot files

tanepiper, to programming
@tanepiper@tane.codes avatar

Anyone else seeing more segfaults with #nodejs 22 and #npm

Going to have to go back to LTS as pipeline keep failing now when installing dependencies when using caching.

ecmascript_news, to javascript
@ecmascript_news@mastodon.online avatar

npm feedback migrates from discussions in a GitHub repository to GitHub Community
https://github.blog/changelog/2024-04-30-npm-feedback-is-now-available-on-github-community/

nebyoolae, to random
@nebyoolae@masto.neb.host avatar

I created my first node module, it's publicly available, and it's usefulness is low. Regardless, here it is: https://www.npmjs.com/package/node-neb-muz.

What does it need to run? The Entire Jar of Sauce.

https://music.nebyoolae.com/song/the-entire-jar-of-sauce

#node #npm #javascript

casraf, to typescript
@casraf@fosstodon.org avatar

Help me reach 50 stars! 🙏 🤩

https://github.com/chenasraf/simple-scaffold

nebyoolae, to node
@nebyoolae@masto.neb.host avatar

I've now moved a few of my personal projects that used regular ol' to the superior . It was a bit of setup, and Github Actions erred out for a while until I figured out a fix, but all in all I think I'm better off. Thank you, project, for shining the light.

sarahjelm, to ukteachers Swedish
@sarahjelm@mastodon.social avatar

Sunday…
And one new post in this searchable & translatable collection of links to free access #education content …
https://saraslistofedresources.wordpress.com
Thanks to @pragmarxist an example of the #Swedish #edupolitics debate, this time from university level (read last week’s post if you missed it)

I’m grateful if you boost this here or in networks elsewhere 🙏🏻‼️ Website is meant to be used
Have a great day …

@edutooters @education #TeachersOfMastadon
@edutooter
@socialscience
@politicalscience
#NPM

Crell, to node
@Crell@phpc.social avatar

We often joke about the billion-dependency problems with #npm. But I haven't seen anyone complain about the equivalent one in #Java/#JVM.

He says, looking at the 9000+ line generated dependencies file for this #Kotlin project...

thomasfuchs, to random
@thomasfuchs@hachyderm.io avatar

As developers we pay Apple 30% to have a great App Store platform that they keep free of garbage...

...after being told what the garbage is by journalists.

https://www.404media.co/apple-removes-nonconsensual-ai-nude-apps-following-404-media-investigation/

docRekd,

@thomasfuchs say what you want about or they have far less bullshit in it than those app stores for a fraction of the funding

ascherbaum, to node
@ascherbaum@mastodon.social avatar

Today 4 years ago, the is-promise package was released.

Yet another package which broke the NPM ecosystem. But are they in a better shape today?

https://snyk.io/blog/why-did-is-promise-happen-and-what-can-we-learn-from-it/

nebyoolae, to node
@nebyoolae@masto.neb.host avatar

OK, I should really change all my projects that use / to use . If you barely use Node then it's probably not worth it, but for a webdev it now seems like a no-brainer.

linuxiac, to node
@linuxiac@mastodon.social avatar

Learn to set up a reverse proxy with Nginx Proxy Manager, enhancing server management and security in just a few easy steps.
https://linuxiac.com/how-to-set-up-reverse-proxy-with-nginx-proxy-manager/

linuxtldr, to linux
@linuxtldr@noc.social avatar

How to Install and Use NPX in Linux

https://linuxtldr.com/npx-package-runner/

muhdiekuh, to node German
@muhdiekuh@ruhr.social avatar

Considering that every year we have a new ambitious replacement for in the JavaScript world, @naderman and @seldaek apparently did a very good job when building and maintaining for . Thanks a lot to you two and everyone else involved.

melroy, to random
@melroy@mastodon.melroy.org avatar

@lukekarrys How to buy you a coffee? I want to thank you for all your npm contributions, especially the maxSockets issue was a big deal to fix.

Rob_Bos, to github
@Rob_Bos@mstdn.social avatar

Have you seen the first edition of the #OctoInsider newsletter we created @xebia? You can also read along online: https://pages.xebia.com/octoinsider. Stay in the know with all the #GitHub news regularly!

melroy,
@melroy@mastodon.melroy.org avatar

@Rob_Bos Great! naming-confusion is indeed a big issue and becoming more prominently present in the open source world, which is not good. I'm a package maintainer for various projects, and I notice that my projects also get cloned with malicious code. Too bad PyPi isn't handle those security issues fast enough IMO.

#security #devops #namingconfusion #pypi #pip #npm

hongminhee, to node
@hongminhee@todon.eu avatar

A pre-released version of is now available on !

https://www.npmjs.com/package/@fedify/fedify/v/0.5.0-dev.90

thisismissem, to programming
@thisismissem@hachyderm.io avatar

So I just saw a PR for a Node.js project, where the developer had used an npm command I'm unfamiliar with.. or at least, I didn't know of:

npm clean-install

Now, I'm familiar with npm ci, but I had absolutely no idea that the alias of npm clean-install existed. I didn't even realise that's what "ci" stood for "clean install”.

I always thought npm ci meant “the npm command you wanna run in CI environments”

🤯

thisismissem, (edited )
@thisismissem@hachyderm.io avatar

Did you know that npm ci stood for npm clean-install ?

nurkiewicz, to node
@nurkiewicz@fosstodon.org avatar

From https://blog.vlt.sh/blog/the-massive-hole-in-the-npm-ecosystem

  • a package's manifest is published independently from its tarball
    manifests are never fully validated against the tarball's contents
  • the ecosystem has broadly assumed the contents of the manifest & tarball are consistent
  • any tools or insights using the public registry are susceptible to exploitation/likely inaccurate
  • bad actors can hide malware & scripts in direct or transitive dependencies that go undetected

stvfrnzl, to node
@stvfrnzl@mastodon.online avatar

If you run into a "EACCES: permission denied" issue with , try clearing your cache. This article saved the day for me, as I'm not a terminal wizard and rather deal with something else:

https://sebhastian.com/npm-clear-cache/

voxpelli, to node
@voxpelli@mastodon.social avatar

Released a new major version of my npm engine range validator – now also supports peerDependency range validation and supports running on workspaces.

To ensure you don’t promise more than your dependencies can deliver, start using “installed-check” 9.0.0 now: https://github.com/voxpelli/node-installed-check/releases/tag/v9.0.0

rauschma, to node
@rauschma@fosstodon.org avatar

1/ package scripts: Windows vs. Unixes.

On macOS, I’m using these scripts:
"build": "npm run clean && tsc && npm run chmod",
"clean": "shx rm -rf ./dist/*",
"chmod": "chmod u+x ./dist/src/cmd.js",

Alas, the last script won’t work on Windows. What’s a good way to fix this?

cory, to 11ty
@cory@social.lol avatar

On the off chance anyone's using my tabler-icons plugin, I've split it out into two separate packages following their 3.0.1 release with the default implementation being the outlined variation (https://www.npmjs.com/package/@cdransf/eleventy-plugin-tabler-icons) and a separate package + shortcode for the filled variation (https://www.npmjs.com/package/@cdransf/eleventy-tabler-icons-filled)

  • All
  • Subscribed
  • Moderated
  • Favorites
  • provamag3
  • kavyap
  • DreamBathrooms
  • everett
  • magazineikmin
  • InstantRegret
  • ngwrru68w68
  • Youngstown
  • Durango
  • slotface
  • rosin
  • GTA5RPClips
  • tester
  • PowerRangers
  • anitta
  • thenastyranch
  • mdbf
  • osvaldo12
  • ethstaker
  • vwfavf
  • cubers
  • normalnudes
  • tacticalgear
  • khanakhh
  • cisconetworking
  • modclub
  • Leos
  • megavids
  • All magazines
    •