Blocking Install Scripts Is Not a Silver Bullet
npm v12 blocks install scripts by default, but supply chain attacks won't disappear. Learn why runtime execution, the Node.js permission model, and sandboxing still matter.
Choosing the Right Node.js Package Manager in 2024: A Comparative Guide
Explore the top Node.js package managers in 2024: npm, Yarn, pnpm. Compare features, performance, and choose the best for your project.
Strengthening Node.js Security: NodeSource-GitHub Partnership
NCM GitHub App: Secure your Node.js and JavaScript applications against third-party package vulnerabilities.
Understanding dependencies inside your Package.json
In this blog post, you can find a list and description of `dependencies` and other host Specs inside `package.json`.
The Basics of Package.json
In this chapter, we'll give you a kickstart introduction to effectively using `package.json` with `Node.js` and `npm`.
The Basics: Getting started with npm
Understanding npm as a tool —particularly the core concepts— can be difficult for beginners. We've written up this guide for getting a grasp on npm.
The Node.js Application Maintainer Guide
Maintaining a Node.js code base in three categories: dependencies, Node.js versions, and Main dependencies and architecture.
A High Level Post Mortem of the eslint-scope Security Incident
A post mortem of the incident surrounding eslint-scope, in which additional code was published with the module to
Understanding Vulnerabilities in Node.js Applications with N|Solid
Take a deep dive into the N|Solid dashboard and the in-production Node.js vulnerability monitoring tooling it provides.
Cover Your Apps While Still Using npm
The npm registry is a platform. There are outages. That's normal. Most worry about npm as a single point of failure–so what can you do to prevent that?
How to Reduce Risk and Improve Security Around npm
With recent security issues around npm, we wanted to share tools, resources, and projects to help cover your apps and services that depend on npm modules.