@pnpm.io getting better by the day
pnpm.io/blog/release...
I still can't believe that a one-person package manager is doing better than npm CLI, owned by a corporate, where the resources of the two projects are incomparable.
Draw your own conclusions.
pnpm.io/blog/release...
I still can't believe that a one-person package manager is doing better than npm CLI, owned by a corporate, where the resources of the two projects are incomparable.
Draw your own conclusions.
pnpm 10.21 | pnpm
Added support for Node.js runtime installation for dependencies and a setting for configuring trust policy.
pnpm.io
November 10, 2025 at 11:37 AM
@pnpm.io getting better by the day
pnpm.io/blog/release...
I still can't believe that a one-person package manager is doing better than npm CLI, owned by a corporate, where the resources of the two projects are incomparable.
Draw your own conclusions.
pnpm.io/blog/release...
I still can't believe that a one-person package manager is doing better than npm CLI, owned by a corporate, where the resources of the two projects are incomparable.
Draw your own conclusions.
Missing libc field from abbreviated package metadata causes huge traffic to npm registry and unnecessary downloads for linux machines.
We found the root cause, wants to help npm, now waiting for reply.
github.com/orgs/commun...
We found the root cause, wants to help npm, now waiting for reply.
github.com/orgs/commun...
Return libc field in npm registry API with `Accept: application/vnd.npm.install-v1+json` header · community · Discussion #179180
Select Topic Area General Body Ref: pnpm/pnpm#9871 (comment) npm/cli#8514 npm/cli#7126 Currently, in order to build the correct dependencies tree, package managers either abandon checking the libc ...
github.com
November 10, 2025 at 7:56 AM
Missing libc field from abbreviated package metadata causes huge traffic to npm registry and unnecessary downloads for linux machines.
We found the root cause, wants to help npm, now waiting for reply.
github.com/orgs/commun...
We found the root cause, wants to help npm, now waiting for reply.
github.com/orgs/commun...
¡Brutal biblioteca de JavaScript!
Transforma elementos en cajas que puedes arrastrar.
Intercambiando posiciones con otros elementos.
Compatible con React, Vue, Angular, Svelte...
> npm install swapy
Transforma elementos en cajas que puedes arrastrar.
Intercambiando posiciones con otros elementos.
Compatible con React, Vue, Angular, Svelte...
> npm install swapy
November 8, 2025 at 2:59 PM
¡Brutal biblioteca de JavaScript!
Transforma elementos en cajas que puedes arrastrar.
Intercambiando posiciones con otros elementos.
Compatible con React, Vue, Angular, Svelte...
> npm install swapy
Transforma elementos en cajas que puedes arrastrar.
Intercambiando posiciones con otros elementos.
Compatible con React, Vue, Angular, Svelte...
> npm install swapy
Den här jävla fixeringen vid diagnoser spelar npm-grejen i händerna. Så länge folk är besatta av sina egna etiketter är det svårt att organisera både tankat och ett ev motstånd
November 7, 2025 at 11:31 AM
Den här jävla fixeringen vid diagnoser spelar npm-grejen i händerna. Så länge folk är besatta av sina egna etiketter är det svårt att organisera både tankat och ett ev motstånd
The 23,000 npm packages that react needs to simply function. 🤣😭😭🤣🤣🤣
November 9, 2025 at 2:25 AM
The 23,000 npm packages that react needs to simply function. 🤣😭😭🤣🤣🤣
Catch up on the latest #Linux news: MX 25, Devuan 6, IncusOS, Hyprland 0.52, Plasma 6.5.2, NPM 2.13, GNOME 50 ends the X11 era, Mint's new Cinnamon menu, and more.
linuxiac.com/linuxiac-wee...
linuxiac.com/linuxiac-wee...
Linuxiac Weekly Wrap-Up: Week 45 (Nov 3 – 9, 2025)
Catch up on the latest Linux news: MX 25, Devuan 6, IncusOS, Hyprland 0.52, Plasma 6.5.2, NPM 2.13, GNOME 50 ends the X11 era, Mint's new Cinnamon menu, and more.
linuxiac.com
November 9, 2025 at 11:53 PM
Catch up on the latest #Linux news: MX 25, Devuan 6, IncusOS, Hyprland 0.52, Plasma 6.5.2, NPM 2.13, GNOME 50 ends the X11 era, Mint's new Cinnamon menu, and more.
linuxiac.com/linuxiac-wee...
linuxiac.com/linuxiac-wee...
npm limiting publish tokens to 90 days along with rolling out "trusted publishers" sucks because it's literally a vendor lock-in
like, you either publish from github actions and authorize with oidc, or you have to manually update the tokens every 90 days. and both suck if you don't use github.
like, you either publish from github actions and authorize with oidc, or you have to manually update the tokens every 90 days. and both suck if you don't use github.
November 6, 2025 at 8:50 AM
npm limiting publish tokens to 90 days along with rolling out "trusted publishers" sucks because it's literally a vendor lock-in
like, you either publish from github actions and authorize with oidc, or you have to manually update the tokens every 90 days. and both suck if you don't use github.
like, you either publish from github actions and authorize with oidc, or you have to manually update the tokens every 90 days. and both suck if you don't use github.
ding ding ding we hit gold!!!! (kill me)
November 4, 2025 at 9:05 AM
ding ding ding we hit gold!!!! (kill me)
When your entire project depends on a single npm install 🗡️
Respect to every dev carrying their node_modules like this.
#FullStackDevelopment #NodeJS #WebDevelopment #CodingHumor #JavaScript #Nextjs #Reactjs #Typescript
Respect to every dev carrying their node_modules like this.
#FullStackDevelopment #NodeJS #WebDevelopment #CodingHumor #JavaScript #Nextjs #Reactjs #Typescript
November 5, 2025 at 2:14 PM
When your entire project depends on a single npm install 🗡️
Respect to every dev carrying their node_modules like this.
#FullStackDevelopment #NodeJS #WebDevelopment #CodingHumor #JavaScript #Nextjs #Reactjs #Typescript
Respect to every dev carrying their node_modules like this.
#FullStackDevelopment #NodeJS #WebDevelopment #CodingHumor #JavaScript #Nextjs #Reactjs #Typescript
NPM not supporting globs in --w is driving me insane on a daily basis.
November 7, 2025 at 12:12 PM
NPM not supporting globs in --w is driving me insane on a daily basis.
is it related to a nuxt devtools peer dep? if so @antfu.me is shipping a fix for npm
and you can also work around with --legacy-peer-deps
and you can also work around with --legacy-peer-deps
November 7, 2025 at 7:03 PM
is it related to a nuxt devtools peer dep? if so @antfu.me is shipping a fix for npm
and you can also work around with --legacy-peer-deps
and you can also work around with --legacy-peer-deps
Vem kunde ana att det skulle bli bättre och billigare för alla om man slopar NPM-minutstyrning och istället ger arbetarna inflytande över sin arbetssituation?
www.svt.se/nyheter/loka...
www.svt.se/nyheter/loka...
Här bestämmer hemtjänsten sitt eget schema – och stressar mindre
Hösten 2021 fick hemtjänstpersonalen i Mörbylånga kommun själva ta över ansvaret för sina scheman. ”Mörbylångamodellen” togs fram för att komma från minutstyrningen inom vården och för att ge mer kont...
www.svt.se
November 3, 2025 at 4:19 PM
Vem kunde ana att det skulle bli bättre och billigare för alla om man slopar NPM-minutstyrning och istället ger arbetarna inflytande över sin arbetssituation?
www.svt.se/nyheter/loka...
www.svt.se/nyheter/loka...
I've just released the playable showcase for algo-chip, a high-quality automatic chiptune BGM composition engine available as an npm library. The demo lets you audition motifs, and regenerate loops. abagames.itch.io/algo-chip
algo-chip by ABA Games
Automatic chiptune BGM composition engine
abagames.itch.io
November 9, 2025 at 9:05 AM
I've just released the playable showcase for algo-chip, a high-quality automatic chiptune BGM composition engine available as an npm library. The demo lets you audition motifs, and regenerate loops. abagames.itch.io/algo-chip
Det viktigste for Arbeiderpartiet ser ut til å være og fortsette med sultefôring av offentlig sektor! Det hjelper ikke akkurat at NPM-Jens er finansminister.
November 7, 2025 at 8:04 PM
Det viktigste for Arbeiderpartiet ser ut til å være og fortsette med sultefôring av offentlig sektor! Det hjelper ikke akkurat at NPM-Jens er finansminister.
RippleJS has changed name, and is now RippleTS! This addresses the issues we had with transferring the GitHub and npm orgs (long story), and also giving the project more identity compared to existing projects with a similar name
November 3, 2025 at 6:53 PM
RippleJS has changed name, and is now RippleTS! This addresses the issues we had with transferring the GitHub and npm orgs (long story), and also giving the project more identity compared to existing projects with a similar name
"npm-ifying python packaging" but it's a good thing
November 6, 2025 at 8:14 PM
"npm-ifying python packaging" but it's a good thing
AI-created VS Code malware and fake npm packages reveal how attackers exploit open-source trust.
Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities
thehackernews.com
November 7, 2025 at 5:02 PM
AI-created VS Code malware and fake npm packages reveal how attackers exploit open-source trust.
Genial Web Component para crear un efecto spoiler en tu página web. Compatible con React, Vue, Angular, Svelte y más.
> npm install spoilerjs
> npm install spoilerjs
November 3, 2025 at 4:15 PM
Genial Web Component para crear un efecto spoiler en tu página web. Compatible con React, Vue, Angular, Svelte y más.
> npm install spoilerjs
> npm install spoilerjs
Xget 今天登上 GitHub Trending(JavaScript)第 3!🚀 超快、安全、全能的开发资源加速引擎:提速 GitHub、npm、AI 推理 API、容器镜像、模型、数据集……欢迎来一颗 ⭐ github.com/xixu-me/Xget #JavaScript #OpenSource
November 6, 2025 at 2:24 AM
Xget 今天登上 GitHub Trending(JavaScript)第 3!🚀 超快、安全、全能的开发资源加速引擎:提速 GitHub、npm、AI 推理 API、容器镜像、模型、数据集……欢迎来一颗 ⭐ github.com/xixu-me/Xget #JavaScript #OpenSource
...do you use UUID package or the native JS crypto.randomUUID()?
But here is why you should ditch the NPM UUID package 👇
dev.to/pierre/you-...
#node #performance #javascript #uuid
But here is why you should ditch the NPM UUID package 👇
dev.to/pierre/you-...
#node #performance #javascript #uuid
Why you should ditch NPM UUIDv4. Faster and native, Node has you covered!
In this post, you will see the reason why you shouldn't use anymore the uuid NPM package anymore for...
dev.to
November 8, 2025 at 1:18 PM
...do you use UUID package or the native JS crypto.randomUUID()?
But here is why you should ditch the NPM UUID package 👇
dev.to/pierre/you-...
#node #performance #javascript #uuid
But here is why you should ditch the NPM UUID package 👇
dev.to/pierre/you-...
#node #performance #javascript #uuid
NPM hit again: 126 malicious packages, 86K+ downloads. Attackers abused “Remote Dynamic Dependencies” to pull code from untrusted sites.
⚠️ 126 bad packages
🕳️ Hidden RDD blind spot
🎣 Credential theft campaign
arstechnica.com/security/202...
#SupplyChainSecurity #NPM #CyberRisk
⚠️ 126 bad packages
🕳️ Hidden RDD blind spot
🎣 Credential theft campaign
arstechnica.com/security/202...
#SupplyChainSecurity #NPM #CyberRisk
NPM flooded with malicious packages downloaded more than 86,000 times
Packages downloaded from NPM can fetch dependencies from untrusted sites.
arstechnica.com
November 6, 2025 at 7:13 PM
NPM hit again: 126 malicious packages, 86K+ downloads. Attackers abused “Remote Dynamic Dependencies” to pull code from untrusted sites.
⚠️ 126 bad packages
🕳️ Hidden RDD blind spot
🎣 Credential theft campaign
arstechnica.com/security/202...
#SupplyChainSecurity #NPM #CyberRisk
⚠️ 126 bad packages
🕳️ Hidden RDD blind spot
🎣 Credential theft campaign
arstechnica.com/security/202...
#SupplyChainSecurity #NPM #CyberRisk