0 views collected around this technical thread.
Node.js 24 introduces native fetch support, a faster V8 engine, enhanced module interoperability, full Web Streams API, and numerous ecosystem upgrades, making it a compelling upgrade for developers seeking modern, high‑performance server‑side JavaScript.
Developers often struggle with choosing the right npm command for CI/CD pipelines, so this guide compares npm install and npm ci, explains version specifiers, and details how --legacy-peer-deps and --force can resolve dependency conflicts, registry issues, and build failures.
This guide explains why node‑sass often fails due to mismatched Node.js versions, shows how to check project dependencies, provides version‑mapping tables, and offers three practical solutions—including switching Node versions with nvm, adjusting dependency versions, or replacing node‑sass with sass—to get the project building and running reliably.
This article explains the evolution of JavaScript package managers, the shortcomings of npm and Yarn such as duplicated installations, phantom dependencies and unpredictable dependency trees, and demonstrates how pnpm’s content‑addressable store, hard‑link and symlink strategy provides faster installs, reduced disk usage, and more reliable dependency isolation for frontend projects.
This article examines the evolution of JavaScript package managers—from npm's nested node_modules structure to Yarn's flat dependencies and finally pnpm's global store with hard‑ and soft‑link mechanisms—highlighting how each approach addresses path length, disk‑space waste, installation speed, and ghost‑dependency issues.
A recent supply‑chain poisoning incident injected malicious post‑install scripts into the popular Vant component library and Rspack build tool, stealing cloud credentials and mining Monero, prompting developers to upgrade to safe versions and reconsider npm dependency risks.
While npm has powered JavaScript’s growth, its ecosystem suffers from manifest inconsistencies, security vulnerabilities, bloated dependencies, versioning ambiguities, and supply‑chain attacks; the newly announced vlt package manager and vsr serverless registry aim to address these flaws with faster installs, smart queries, visual tools, and fine‑grained access control.
The article explains why removing the massive node_modules folder can take a long time, then shows how to instantly delete it using the rimraf tool, compares rimraf with other deletion commands, and discusses its advantages for Node.js‑based frontend projects.
This step‑by‑step guide shows how to initialize a Git repository, configure TypeScript, Prettier, Vitest, CI with GitHub Actions, set up package metadata, use Changesets for versioning, and finally build and publish a production‑ready npm package.
This step‑by‑step guide shows how to create, configure, test, and publish a TypeScript npm package using Git, Prettier, tsup, Vitest, GitHub Actions CI, and Changesets for versioning and release automation.
This article introduces the Varlet icon builder toolchain, which enables rapid creation of enterprise or open‑source icon libraries, supporting SVG to Vue 3, React, ESM/CJS modules, web fonts, automatic component import, Figma integration, and provides CLI commands for development, building, and publishing.
By consolidating seven repositories into a pnpm‑powered monorepo and automating releases with Nx, changesets, and OCI, Tencent’s Basic Development Center cut CI time over 80%, shrank bundle sizes, accelerated builds from seven to two minutes, and eliminated fragile manual publishing steps.
This article explains how to use Jenkins to automatically pull a front‑end Angular project from a GitLab repository, install the required Node.js and npm versions, build the static files, compress them, and deploy the resulting package to a Linux server with backup and verification steps.
This guide explains how to create a Node.js script that automatically generates export statements for component libraries, covering script basics, file operations with fs‑extra, package imports, npm integration, and debugging techniques using VS Code.
This article introduces autolog.js, a tiny pure‑JavaScript toast plugin that provides lightweight, customizable notifications without external UI libraries, explains its implementation details, shows the full source code, and demonstrates simple installation and usage via npm.
This article explores the hidden complexities of dependency management in modern Node.js development, covering the risks of unstable package structures, versioning pitfalls, various dependency types, ghost and circular dependencies, and provides practical strategies and best‑practice recommendations to keep dependency graphs stable, secure, and maintainable.
The article examines how command‑injection flaws in popular Node.js npm packages such as find‑exec and fs‑git arise from unsafe concatenation of user input into shell commands, and recommends rigorous validation, using execFile or spawn, and regular dependency audits to prevent catastrophic system compromise.
This article walks through the conception, implementation, and deployment of a highly configurable image‑generation CLI tool built with node‑canvas, covering the npm package design, command‑line usage, custom font handling, a React‑based visual website, backend services, CI/CD with GitHub Actions, and server setup.
This article surveys a series of high‑profile supply‑chain attacks on the JavaScript/npm ecosystem—such as left‑pad removal, malicious faker.js updates, cross‑env hijacking, is‑promise bugs, getcookies backdoors, event‑stream social‑engineering, ESLint credential leaks, manifest obfuscation, and politically‑motivated code injections—highlighting how tiny, widely‑used packages can become vectors for large‑scale compromise and what developers can do to mitigate the risk.
This article introduces the npm package tree-node-cli, explains how to install it globally, demonstrates its powerful visual tree output, customizable options, and how it can efficiently help developers understand and manage complex project file hierarchies.