tanepiper, 1 month ago to node

Here's me trying to make sure we ship as secure as possible software, and there's someone who doesn't know how to use an npm ignore file to not ship their shitty docker files in their modules #node #npm

tanepiper, 1 month ago to programming

Anyone else seeing more segfaults with #nodejs 22 and #npm

Going to have to go back to LTS as pipeline keep failing now when installing dependencies when using caching.

casraf, 1 month ago to typescript

Help me reach 50 stars! 🙏 🤩

https://github.com/chenasraf/simple-scaffold

#typescript #javascript #scaffold #npm #nodejs #github

nebyoolae, 1 month ago to node

OK, I should really change all my projects that use #npm/#yarn to use #pnpm. If you barely use Node then it's probably not worth it, but for a webdev it now seems like a no-brainer.

linuxtldr, 1 month ago to linux

How to Install and Use NPX in Linux
#Linux #NPX #NPM #NodeJs #Programming #Coding
https://linuxtldr.com/npx-package-runner/

muhdiekuh, 2 months ago to node German

Considering that every year we have a new ambitious replacement for #npm in the JavaScript world, @naderman and @seldaek apparently did a very good job when building and maintaining #composer for #php. Thanks a lot to you two and everyone else involved.

melroy, 2 months ago to random

@lukekarrys How to buy you a coffee? I want to thank you for all your npm contributions, especially the maxSockets issue was a big deal to fix.

#npm #nodejs #maxSockets #socket #openconnections

hongminhee, 2 months ago to node

A pre-released version of #Fedify is now available on #npm!

https://www.npmjs.com/package/@fedify/fedify/v/0.5.0-dev.90

thisismissem, 2 months ago to programming

So I just saw a PR for a Node.js project, where the developer had used an npm command I'm unfamiliar with.. or at least, I didn't know of:

npm clean-install

Now, I'm familiar with npm ci, but I had absolutely no idea that the alias of npm clean-install existed. I didn't even realise that's what "ci" stood for "clean install”.

I always thought npm ci meant “the npm command you wanna run in CI environments”

🤯

#nodejs #npm

nurkiewicz, 2 months ago to node

From https://blog.vlt.sh/blog/the-massive-hole-in-the-npm-ecosystem

• a #npm package's manifest is published independently from its tarball
  manifests are never fully validated against the tarball's contents
• the ecosystem has broadly assumed the contents of the manifest & tarball are consistent
• any tools or insights using the public registry are susceptible to exploitation/likely inaccurate
• bad actors can hide malware & scripts in direct or transitive dependencies that go undetected

#JavaScript #NodeJS

rauschma, 3 months ago to node

1/ #npm package scripts: Windows vs. Unixes.

On macOS, I’m using these scripts:
"build": "npm run clean && tsc && npm run chmod",
"clean": "shx rm -rf ./dist/*",
"chmod": "chmod u+x ./dist/src/cmd.js",

Alas, the last script won’t work on Windows. What’s a good way to fix this?

cory, 3 months ago to 11ty

On the off chance anyone's using my #Eleventy tabler-icons plugin, I've split it out into two separate packages following their 3.0.1 release with the default implementation being the outlined variation (https://www.npmjs.com/package/@cdransf/eleventy-plugin-tabler-icons) and a separate package + shortcode for the filled variation (https://www.npmjs.com/package/@cdransf/eleventy-tabler-icons-filled) #NPM #JavaScript

aral, 3 months ago (edited 3 months ago) to node

If you’re doing an npm publish and you get the following error:

404 Not Found - PUT … <your package name@version> is not in this registry

It might be because you’re not logged in.

From terminal, run:

npm login  

#npm #publish #npmPublish #error #notFound #login

rauschma, 3 months ago to node

If an #npm package has "exports", it can “self-reference” them via its package name. That’s useful for tests (which demo how importing packages would use the code).

// util_test.js
import {helperFunc} from 'my-package/misc/util.js';

https://nodejs.org/api/packages.html#self-referencing-a-package-using-its-name

paladin, 3 months ago to php German

Your daily php-dev fitness:

composer selfupdate && composer global update && npm -g i npm npm-check-updates && ncu -g

You are welcome ;)
#php #nodejs #npm

anant, 3 months ago to node

#NPM based packages should mandatorily disclose whats the code size and what will be the nodes-modules folders count and total size. coz that combined together could what kind of liability i am getting myself into. #supplychain issues arise from being unaware / ignorant about your liabilities mostly.

arendjr, 3 months ago to typescript

Received an invite for the https://jsr.io beta. This looks like a potential winner!

• First-class @deno_land support
• ESM-only
• Built-in #TypeScript
• Auto-doc generation from your TS sources
• Seamless publishing from #GitHub Actions
• #NPM integration

Especially the part where you can just publish your TypeScript package without transpilation, and they handle #NodeJS /NPM compatibility is pretty big for IMO.

andre, 4 months ago to node

I discovered a glitch in the Matrix!

A situation so unlikely I never considered it possible!

There is no #npm package for generating #Gemtext (for #Gemini resp. #Gopher)!

The closest I could find is a parser from 2020.

Plus plenty of cryptocurrency garbage.

Excuse me, there's a framework waiting to be written 😸

(If you want to turn Markdown into Gemtext, recommendations go to a Python package)

ecmascript_news, 4 months ago to javascript

How to protect your projects from the risks of deprecated npm packages
@sarahgooding @SocketSecurity
https://socket.dev/blog/the-risks-of-deprecated-npm-packages

#ECMAScript #JavaScript #npm

Wuzzy, 4 months ago to node

This is defintely the funniest headline of the week: "npm flooded with 748 packages that store movies" 🤣

Well, that's ONE creative way to use #npm. 😉
Of course the movies are already deleted but still.

https://blog.sonatype.com/npm-flooded-with-748-packages-that-store-movies

phylum, 4 months ago to opensource

We continue to identify sophisticated threats originating from the use of #opensource software packages. This time the attacker uses a signed #Microsoft executable to initiate the attack chain through an #npm package.

#malware #cybersec #infosec #javascript #reverseengineering #software #cybersecurity

https://blog.phylum.io/npm-package-found-delivering-sophisticated-rat/

rpetrich, 4 months ago to node

I spelunked into steganography to create a new feature in https://www.deciduous.app/ that lets you reimport PNGs and SVGs of your decision trees to derive the underlying YAML.

It involves some neat tricks inspired by Macromedia Fireworks (RIP), so I wrote a blog post about it: https://rpetrich.com/blog/posts/steganographic-trees-deciduous/

Deciduous now also sports a CLI (so you can #npm install it), and a bunch of lil things @shortridge and I added towards the goal of fast, easy, collaborative #threatmodeling of potential failures.

joelanman, 4 months ago to node

It's odd that this isn't built into #npm: update all packages to their latest versions

npx npm-check-updates -u  

https://www.npmjs.com/package/npm-check-updates

#nodeJS

richard, 4 months ago to node

Is there a way (or a package) to show the installed versions of npm node modules (npm list) and what is defined in your package.json?

#packagejson #node #npm #nodemodules

maartenballiauw, 5 months ago to node

Everyone: "Hahaha, #npm downloads the entire Internet!"

#Maven: "Hold my beer."