Tagged articles

199 articles

Page 1 of 2

May 18, 2026 · Information Security

Why npm Keeps Getting Compromised: A Deep Dive into the Latest node‑ipc Supply‑Chain Attack

On May 14, 2026 three malicious versions of the node‑ipc package were published to npm, injecting obfuscated payloads that steal cloud credentials, SSH keys, AI tool configurations and other sensitive files, and the article analyses the attack stages, historical repeats, npm's structural flaws, and concrete blue‑team mitigation steps.

credential theftdetection rulesnode-ipc

0 likes · 12 min read

Why npm Keeps Getting Compromised: A Deep Dive into the Latest node‑ipc Supply‑Chain Attack

Black & White Path

May 16, 2026 · Information Security

Node‑ipc Hit Again: Inside the Second Wave of npm Supply‑Chain Attacks

On May 14, 2026, security teams uncovered three malicious node‑ipc npm releases that used a Lily‑Pad account‑hijack technique to inject an 80 KB obfuscated payload, exfiltrate credentials via DNS TXT tunneling, and prompt immediate version audits and credential rotation.

Lily Pad attackcredential theftinformation security

0 likes · 5 min read

Node‑ipc Hit Again: Inside the Second Wave of npm Supply‑Chain Attacks

Black & White Path

May 13, 2026 · Information Security

How 84 npm Packages Were Poisoned via a Legitimate CI/CD Pipeline

On May 11, 2024, attackers injected 84 malicious versions across 42 @tanstack packages into the npm registry, all bearing valid SLSA Level 3 signatures, by hijacking TanStack's CI/CD workflow through a Pwn Request, cache poisoning, OIDC token extraction, and rapid release, exposing a critical supply‑chain vulnerability.

OIDCSLSASecurity

0 likes · 18 min read

How 84 npm Packages Were Poisoned via a Legitimate CI/CD Pipeline

AI Architect Hub

Apr 30, 2026 · Operations

Comprehensive Guide to Installing Hermes and Its Web UI

This tutorial walks through installing Hermes with a single curl command that checks Python 3.11+, installs Node v23+, sets up a virtual environment, configures channels like WeChat, QQ and Feishu, and then adds the open‑source Hermes Web UI via npm for full model configuration and chat capabilities.

ConfigurationHermesInstallation

0 likes · 3 min read

Comprehensive Guide to Installing Hermes and Its Web UI

AI Programming Lab

Apr 30, 2026 · Artificial Intelligence

ccmr Update: Switch Among Six Chinese LLMs Like DeepSeek V4, Kimi K2.6, MiMo v2.5 Pro

The ccmr tool has been updated to support six major Chinese large‑language models—including DeepSeek V4, Kimi K2.6, and MiMo v2.5 Pro—offering a lightweight, isolated way to route Claude Code requests without affecting existing Anthropic subscriptions.

Chinese LLMClaude Codeccmr

0 likes · 6 min read

ccmr Update: Switch Among Six Chinese LLMs Like DeepSeek V4, Kimi K2.6, MiMo v2.5 Pro

Geek Labs

Apr 19, 2026 · Frontend Development

Powerful Frontend Tools: AI‑Generated Animations and One‑Click Design Language Extraction

The article introduces two practical frontend utilities—AI_Animation, which offers 300+ AI prompts to instantly create stunning HTML animations, and design‑extract (designlang), an npm package that extracts a website's full design language with a single command, complete with usage steps and output details.

AI_AnimationHTML animationdesign extraction

0 likes · 5 min read

Powerful Frontend Tools: AI‑Generated Animations and One‑Click Design Language Extraction

Alipay Experience Technology

Apr 15, 2026 · Frontend Development

How utoo Redefines npm: Rust‑Powered Performance and Full Compatibility

This article examines utoo, a Rust‑rewritten npm package manager that achieves near‑instant installs and dramatically smaller caches while remaining a drop‑in replacement for npm, detailing its architecture, benchmark comparisons with npm, pnpm and bun, and practical usage guidance.

CompatibilityRustfrontend

0 likes · 16 min read

How utoo Redefines npm: Rust‑Powered Performance and Full Compatibility

Black & White Path

Apr 2, 2026 · Information Security

North Korean UNC1069 Hijacks Axios: How a Supply‑Chain Attack Targets Developers

In March 2026, the North Korean hacker group UNC1069 compromised the popular JavaScript HTTP client Axios by injecting a remote‑access trojan into the npm package, exposing millions of developers to a sophisticated supply‑chain attack that lasted nearly three hours before detection.

JavaScriptRemote Access TrojanUNC1069

0 likes · 9 min read

North Korean UNC1069 Hijacks Axios: How a Supply‑Chain Attack Targets Developers

ShiZhen AI

Mar 31, 2026 · Information Security

Claude Code source map leak exposes 1,900+ files and hidden features

A mistakenly published source‑map file in Anthropic’s @anthropic‑ai/claude‑code npm package revealed over 1,900 TypeScript source files, 512,000 lines of code, and several unreleased “easter‑egg” features, prompting a community scramble and highlighting repeat supply‑chain oversights.

AnthropicClaude Codehidden features

0 likes · 9 min read

Claude Code source map leak exposes 1,900+ files and hidden features

Node.js Tech Stack

Mar 31, 2026 · Information Security

Axios Supply‑Chain Attack: 300 Million Weekly Downloads, Remote‑Control Trojan Inserted

The widely used Axios library, with 300 million weekly installs, was compromised through a short‑lived npm supply‑chain attack that injected a postinstall trojan delivering cross‑platform malware and a C2 callback, prompting detailed mitigation and long‑term prevention guidance.

Node.jsSecurityaxios

0 likes · 8 min read

Axios Supply‑Chain Attack: 300 Million Weekly Downloads, Remote‑Control Trojan Inserted

Frontend AI Walk

Mar 31, 2026 · Artificial Intelligence

How to Build an AI‑Agent Friendly npm Package: From Concept to Full Implementation

This guide walks developers through the shift from traditional deterministic npm libraries to AI‑agent compatible components, covering conceptual changes, three‑layer architecture, schema design, context awareness, error handling, observability, and step‑by‑step implementation with real code examples and integration adapters for LangChain and LlamaIndex.

AI agentsNode.jsObservability

0 likes · 19 min read

How to Build an AI‑Agent Friendly npm Package: From Concept to Full Implementation

Coder Trainee

Mar 25, 2026 · Frontend Development

Step-by-Step Docsify Tutorial: Build a Dynamic Documentation Site

This guide introduces Docsify, outlines its key advantages, walks through installing the docsify‑cli, setting up a project, configuring index.html, cover page, navbar and sidebar files, and shows how to serve the site locally.

ConfigurationDocsifyDocumentation

0 likes · 4 min read

Step-by-Step Docsify Tutorial: Build a Dynamic Documentation Site

IT Services Circle

Mar 23, 2026 · Artificial Intelligence

Connect OpenClaw AI Bot to WeChat Using the New ClawBot Plugin

WeChat's latest version introduces the official ClawBot plugin, enabling users to link OpenClaw AI robots directly through WeChat without risking account bans, and this guide walks you through installation, configuration, and important usage notes.

AI botClawbotInstallation

0 likes · 4 min read

Connect OpenClaw AI Bot to WeChat Using the New ClawBot Plugin

AI Architecture Path

Mar 8, 2026 · Cloud Computing

Unlock Google Workspace with gws: The All‑In‑One CLI for AI‑Powered Office Automation

The gws CLI bundles every Google Workspace API into a single command‑line tool, offering dynamic command generation, structured JSON output, and native MCP support for AI agents, with easy npm installation, step‑by‑step usage examples, OpenClaw integration, and essential tips to avoid common pitfalls.

AI automationCLIGoogle Workspace

0 likes · 12 min read

Unlock Google Workspace with gws: The All‑In‑One CLI for AI‑Powered Office Automation

vivo Internet Technology

Feb 25, 2026 · Frontend Development

How We Built a Multi‑Region H5 Platform with One Codebase and 90% Cost Savings

This article details the design and implementation of a multi‑region H5 platform that uses a single codebase and unified architecture, covering platform UI internationalisation, unified login, three‑layer region storage, environment‑aware configuration, ZooKeeper service discovery, region‑specific DLL builds, and npm private‑registry strategies to achieve seamless deployment across multiple data centres while cutting development effort by up to ninety percent.

DeploymentVuefrontend

0 likes · 21 min read

How We Built a Multi‑Region H5 Platform with One Codebase and 90% Cost Savings

AI Software Product Manager

Feb 25, 2026 · Backend Development

Step‑by‑Step Guide to Install and Use MCP MySQL Server with Cursor

This guide walks through installing the MCP MySQL server npm package, using its five command‑line tools, testing with the Inspector client, configuring the Cursor environment via JSON, restarting Cursor, and executing basic SQL commands through the @mysql‑local interface.

CLICursorInspector

0 likes · 4 min read

Step‑by‑Step Guide to Install and Use MCP MySQL Server with Cursor

SpringMeng

Dec 19, 2025 · Frontend Development

Fully Open‑Source Vue‑Office: One‑Minute Online Preview for Word, Excel, PDF, and PPT

This article introduces vue-office, a Vue 3 component library that enables pure front‑end preview of Word, Excel, PDF and PPT files without any server‑side conversion, and walks through its advantages, installation, and detailed usage examples including data sources, file upload and document switching.

Document PreviewFront-endVue

0 likes · 8 min read

Fully Open‑Source Vue‑Office: One‑Minute Online Preview for Word, Excel, PDF, and PPT

IT Services Circle

Dec 6, 2025 · Information Security

Critical RCE Vulnerability in React Server Components (CVE‑2025‑55182) – What You Must Patch Now

React’s Server Components contain a critical remote code execution flaw (CVE‑2025‑55182) with a CVSS score of 10.0, affecting versions 19.0.0‑19.2.0 and frameworks like Next.js, and the advisory provides detailed impact analysis, mitigation steps, and upgrade commands for affected stacks.

CVE-2025-55182Next.jsReact

0 likes · 7 min read

Critical RCE Vulnerability in React Server Components (CVE‑2025‑55182) – What You Must Patch Now

Rare Earth Juejin Tech Community

Sep 29, 2025 · Backend Development

Why pnpm Beats npm: Mastering Efficient Node.js Dependency Management

This article explains how pnpm improves on npm by using OS‑level hard links and symbolic links to eliminate duplicate package copies, dramatically speed up installations, and guarantee dependency consistency, making it a superior choice for modern Node.js projects.

Symbolic Linksdependency managementhard links

0 likes · 16 min read

Why pnpm Beats npm: Mastering Efficient Node.js Dependency Management

Ops Development & AI Practice

Sep 28, 2025 · Frontend Development

Mastering npm Script Arguments: When and Why to Use "--"

This article explains how npm scripts handle command‑line arguments, compares using the double‑dash separator versus omitting it, shows visual flow diagrams, and provides best‑practice recommendations to ensure clear, safe, and POSIX‑compliant parameter passing in JavaScript projects.

Nodeargumentscommand-line

0 likes · 7 min read

Mastering npm Script Arguments: When and Why to Use "--"

IT Services Circle

Sep 27, 2025 · Information Security

GitHub’s New Moves to Harden npm Supply‑Chain Security

The article examines recent supply‑chain attacks on the front‑end ecosystem, explains pnpm’s cooling‑off feature, and details GitHub’s multi‑layered plan—including mandatory 2FA, package signing, backend refactoring, and automatic detection—to transform the time gap of attacks into a difficulty gap, while acknowledging the added overhead for maintainers.

2FAGitHubdigital signature

0 likes · 5 min read

GitHub’s New Moves to Harden npm Supply‑Chain Security

21CTO

Sep 24, 2025 · Information Security

How GitHub’s New npm Security Measures Aim to Stop Supply‑Chain Worms

GitHub is tightening npm security by removing infected packages, enforcing two‑factor authentication for publishing, shortening token lifespans, and expanding trusted publishing to curb the Shai‑Hulud worm and protect the open‑source supply chain.

GitHubSoftware SecurityTwo-Factor Authentication

0 likes · 3 min read

How GitHub’s New npm Security Measures Aim to Stop Supply‑Chain Worms

Ops Development & AI Practice

Sep 22, 2025 · Backend Development

Mastering Jest: Run All, Specific, and Coverage Tests with npm Scripts

This guide explains how to configure Jest test scripts in a package.json file and use npm commands to run the full test suite, generate coverage reports, watch for changes, and target individual test files or cases for faster, more focused development.

CLIJavaScriptJest

0 likes · 6 min read

Mastering Jest: Run All, Specific, and Coverage Tests with npm Scripts

Linux Tech Enthusiast

Sep 18, 2025 · Operations

Introducing sharing: A CLI Tool for Cross-Platform File and Clipboard Sharing

The article introduces 'sharing', a Node-based command-line utility that enables seamless sharing of directories, files, and clipboard content between a computer and iOS/Android devices without extra client software, covering installation via npm, key features such as SSL and basic authentication, and step-by-step usage examples.

CLIcross-platformfile sharing

0 likes · 4 min read

Introducing sharing: A CLI Tool for Cross-Platform File and Clipboard Sharing

Ops Development & AI Practice

Jul 22, 2025 · Backend Development

Why npx Beats npm for One‑Off Commands and How It Powers Hardhat

This article explains how npx, bundled with npm since version 5.2.0, lets developers run package executables without global installs, contrasts its core functions with npm, and shows practical examples—including using npx hardhat to compile and test Ethereum smart contracts.

nodejsnpmnpx

0 likes · 5 min read

Why npx Beats npm for One‑Off Commands and How It Powers Hardhat

Bilibili Tech

Jul 18, 2025 · Frontend Development

How We Built a Unified Frontend Material Platform to Replace cnpm and Boost Efficiency

This article describes the design and implementation of a new frontend material platform that consolidates npm packages, UMD scripts, and icons, introduces a custom publishing tool (bpm), integrates with Nexus3, adds unified authentication, improves search with MeiliSearch, and outlines migration, classification, and documentation strategies.

DocumentationSearchfrontend

0 likes · 27 min read

How We Built a Unified Frontend Material Platform to Replace cnpm and Boost Efficiency

IT Services Circle

Jun 27, 2025 · Backend Development

How CPAN Shaped Modern Package Management and Sparked the npm Era

This article traces the history of Perl's CPAN from its 1995 origins, explains how its centralized module repository and automated testing infrastructure pioneered package management, and shows how CPAN's concepts spread to Python, Ruby, Java, and JavaScript, ultimately influencing the massive npm ecosystem.

CPANSoftware ecosystemcontinuous integration

0 likes · 12 min read

How CPAN Shaped Modern Package Management and Sparked the npm Era

Code Mala Tang

Jun 2, 2025 · Backend Development

Why Node.js 24 Is a Game-Changer for Backend Development

Node.js 24 introduces native fetch support, a faster V8 engine, enhanced module interoperability, full Web Streams API, and numerous ecosystem upgrades, making it a compelling upgrade for developers seeking modern, high‑performance server‑side JavaScript.

Backend DevelopmentJavaScriptNode.js

0 likes · 7 min read

Why Node.js 24 Is a Game-Changer for Backend Development

Code Mala Tang

Apr 24, 2025 · Operations

When npm install Fails: npm ci, --legacy-peer-deps & --force Explained

Developers often struggle with choosing the right npm command for CI/CD pipelines, so this guide compares npm install and npm ci, explains version specifiers, and details how --legacy-peer-deps and --force can resolve dependency conflicts, registry issues, and build failures.

ci/cddependency-managementforce

0 likes · 9 min read

When npm install Fails: npm ci, --legacy-peer-deps & --force Explained

Alibaba Cloud Developer

Apr 24, 2025 · Backend Development

Turn an Alibaba Cloud Baileian Workflow into a Deployable MCP Service

This tutorial walks you through creating a Node.js MCP service for an Alibaba Cloud Baileian workflow, packaging it as an npm module, publishing it, and finally integrating the custom MCP into Baileian to enable AI‑driven market research within intelligent agents.

APIAlibaba CloudBackend

0 likes · 13 min read

Turn an Alibaba Cloud Baileian Workflow into a Deployable MCP Service

Rare Earth Juejin Tech Community

Apr 18, 2025 · Frontend Development

Resolving node‑sass Compatibility Issues in Frontend Projects

This guide explains why node‑sass often fails due to mismatched Node.js versions, shows how to check project dependencies, provides version‑mapping tables, and offers three practical solutions—including switching Node versions with nvm, adjusting dependency versions, or replacing node‑sass with sass—to get the project building and running reliably.

NVMnode versionnode-sass

0 likes · 16 min read

Resolving node‑sass Compatibility Issues in Frontend Projects

Rare Earth Juejin Tech Community

Feb 21, 2025 · Frontend Development

Understanding pnpm: Solving Dependency Management Issues in Modern Frontend Development

This article explains the evolution of JavaScript package managers, the shortcomings of npm and Yarn such as duplicated installations, phantom dependencies and unpredictable dependency trees, and demonstrates how pnpm’s content‑addressable store, hard‑link and symlink strategy provides faster installs, reduced disk usage, and more reliable dependency isolation for frontend projects.

YARNdependency managementfrontend development

0 likes · 22 min read

Understanding pnpm: Solving Dependency Management Issues in Modern Frontend Development

Rare Earth Juejin Tech Community

Jan 14, 2025 · Backend Development

Understanding npm, Yarn, and pnpm: Dependency Management, Flat Dependencies, and pnpm's Store Mechanism

This article examines the evolution of JavaScript package managers—from npm's nested node_modules structure to Yarn's flat dependencies and finally pnpm's global store with hard‑ and soft‑link mechanisms—highlighting how each approach addresses path length, disk‑space waste, installation speed, and ghost‑dependency issues.

Hard LinkYARNdependency management

0 likes · 8 min read

Understanding npm, Yarn, and pnpm: Dependency Management, Flat Dependencies, and pnpm's Store Mechanism

Code Mala Tang

Dec 19, 2024 · Information Security

How a Supply‑Chain Attack Compromised Vant and Rspack – Frontend Security Lessons

A recent supply‑chain poisoning incident injected malicious post‑install scripts into the popular Vant component library and Rspack build tool, stealing cloud credentials and mining Monero, prompting developers to upgrade to safe versions and reconsider npm dependency risks.

RspackVantfrontend security

0 likes · 5 min read

How a Supply‑Chain Attack Compromised Vant and Rspack – Frontend Security Lessons

Code Mala Tang

Dec 7, 2024 · Backend Development

Can vlt and vsr Solve npm’s Biggest Security and Dependency Headaches?

While npm has powered JavaScript’s growth, its ecosystem suffers from manifest inconsistencies, security vulnerabilities, bloated dependencies, versioning ambiguities, and supply‑chain attacks; the newly announced vlt package manager and vsr serverless registry aim to address these flaws with faster installs, smart queries, visual tools, and fine‑grained access control.

Node.jsnpmpackage manager

0 likes · 11 min read

Can vlt and vsr Solve npm’s Biggest Security and Dependency Headaches?

Full-Stack Cultivation Path

Dec 6, 2024 · Frontend Development

Corepack: The Next‑Generation Node.js Package Manager

The article reviews the evolution of JavaScript package managers, compares npm, Yarn, and pnpm, introduces Corepack as Node.js 16.9.0's experimental tool for consistent manager versions, explains its features and usage steps, and discusses remaining challenges such as version conflicts and limited advanced capabilities.

CorepackNode.jsYARN

0 likes · 8 min read

Corepack: The Next‑Generation Node.js Package Manager

Eric Tech Circle

Nov 11, 2024 · Mobile Development

How to Build a WeChat Mini Program from Scratch Using the Native Framework

This guide walks beginners through creating a WeChat Mini Program with the native framework, covering file structure, project initialization, npm integration, UI component setup, custom TabBar implementation, and page title configuration, enabling a solid foundation for further development.

Custom TabBarNative DevelopmentTDesign UI

0 likes · 9 min read

How to Build a WeChat Mini Program from Scratch Using the Native Framework

Rare Earth Juejin Tech Community

Oct 25, 2024 · Frontend Development

Why Deleting node_modules Is Slow and How to Delete It Instantly with rimraf

The article explains why removing the massive node_modules folder can take a long time, then shows how to instantly delete it using the rimraf tool, compares rimraf with other deletion commands, and discusses its advantages for Node.js‑based frontend projects.

Node.jsfile deletionfrontend

0 likes · 6 min read

Why Deleting node_modules Is Slow and How to Delete It Instantly with rimraf

Goodme Frontend Team

Oct 8, 2024 · Frontend Development

Why Remote Components Fail in Mini‑Programs and How to Debug NPM Packages Efficiently

This article examines the challenges of using remote components in DingTalk and WeChat mini‑programs, compares them with traditional npm packages, and presents a practical Taro‑based debugging workflow that leverages alias configuration and hot‑module replacement to streamline development.

DebuggingMonorepoTaro

0 likes · 8 min read

Why Remote Components Fail in Mini‑Programs and How to Debug NPM Packages Efficiently

Code Mala Tang

Sep 2, 2024 · Backend Development

How to Publish a Fully Production‑Ready npm Package from Scratch

This step‑by‑step guide shows how to initialize a Git repository, configure TypeScript, Prettier, Vitest, CI with GitHub Actions, set up package metadata, use Changesets for versioning, and finally build and publish a production‑ready npm package.

CIGitHub ActionsPrettier

0 likes · 19 min read

How to Publish a Fully Production‑Ready npm Package from Scratch

Code Mala Tang

Aug 29, 2024 · Backend Development

How to Publish a Fully Production‑Ready TypeScript Package to npm

This step‑by‑step guide shows how to create, configure, test, and publish a TypeScript npm package using Git, Prettier, tsup, Vitest, GitHub Actions CI, and Changesets for versioning and release automation.

CIGitHub ActionsPackage

0 likes · 25 min read

How to Publish a Fully Production‑Ready TypeScript Package to npm

Rare Earth Juejin Tech Community

Jul 30, 2024 · Frontend Development

Varlet Icon Builder: Fast Creation of Enterprise Icon Libraries with Vue and React Support

This article introduces the Varlet icon builder toolchain, which enables rapid creation of enterprise or open‑source icon libraries, supporting SVG to Vue 3, React, ESM/CJS modules, web fonts, automatic component import, Figma integration, and provides CLI commands for development, building, and publishing.

CLIFigmaReact

0 likes · 7 min read

Varlet Icon Builder: Fast Creation of Enterprise Icon Libraries with Vue and React Support

The Dominant Programmer

Jul 4, 2024 · Frontend Development

Getting Started with Docker Compose, Jenkins Pipeline, and Node to Build a Vue Project

This guide walks through setting up Jenkins with Docker Compose, installing Node.js, configuring npm to use the Taobao mirror, and creating a Jenkins pipeline to compile and package a Vue application, including troubleshooting tips for common errors.

Docker ComposeJenkinsNode.js

0 likes · 6 min read

Getting Started with Docker Compose, Jenkins Pipeline, and Node to Build a Vue Project

Tencent Cloud Developer

Jul 3, 2024 · Frontend Development

Improving Front-End Development Efficiency with Monorepo, Automated Publishing, and Build Optimization

By consolidating seven repositories into a pnpm‑powered monorepo and automating releases with Nx, changesets, and OCI, Tencent’s Basic Development Center cut CI time over 80%, shrank bundle sizes, accelerated builds from seven to two minutes, and eliminated fragile manual publishing steps.

Nxdependency managementnpm

0 likes · 36 min read

Improving Front-End Development Efficiency with Monorepo, Automated Publishing, and Build Optimization

Architect

Jun 29, 2024 · Frontend Development

One‑Click Frontend Deployment with Jenkins: From GitLab to Server

This article explains how to use Jenkins to automatically pull a front‑end Angular project from a GitLab repository, install the required Node.js and npm versions, build the static files, compress them, and deploy the resulting package to a Linux server with backup and verification steps.

Frontend DeploymentGitLabJenkins

0 likes · 10 min read

One‑Click Frontend Deployment with Jenkins: From GitLab to Server

Baidu Intelligent Cloud Tech Hub

Jun 4, 2024 · Frontend Development

Mastering NPM Component Extension Packages for Low‑Code Frontend Development

This article explains how to design, develop, preview, debug, and publish NPM component extension packages for the Baidu AI‑Speed platform, covering supported tech stacks, extension mechanisms, core modules, development tools, code conversion examples, and common deployment questions.

ReactVuecustom-component

0 likes · 18 min read

Mastering NPM Component Extension Packages for Low‑Code Frontend Development

Rare Earth Juejin Tech Community

Jun 3, 2024 · Backend Development

Writing, Running, and Debugging Node.js Scripts for Automated Component Export

This guide explains how to create a Node.js script that automatically generates export statements for component libraries, covering script basics, file operations with fs‑extra, package imports, npm integration, and debugging techniques using VS Code.

AutomationDebuggingNode.js

0 likes · 10 min read

Writing, Running, and Debugging Node.js Scripts for Automated Component Export

Rare Earth Juejin Tech Community

May 22, 2024 · Frontend Development

Creating a Minimalist Pure JavaScript Toast Notification Library (autolog.js)

This article introduces autolog.js, a tiny pure‑JavaScript toast plugin that provides lightweight, customizable notifications without external UI libraries, explains its implementation details, shows the full source code, and demonstrates simple installation and usage via npm.

UInpmtoast

0 likes · 17 min read

Creating a Minimalist Pure JavaScript Toast Notification Library (autolog.js)

Goodme Frontend Team

May 6, 2024 · Frontend Development

npm vs Yarn vs pnpm: Which JavaScript Package Manager Wins in Speed and Space?

This article traces the evolution of JavaScript package managers—from early manual inclusion methods to npm, Yarn, and pnpm—detailing their architectures, performance characteristics, version‑locking mechanisms, and trade‑offs, helping developers choose the most suitable tool for modern frontend projects.

Node.jsYARNfrontend development

0 likes · 12 min read

npm vs Yarn vs pnpm: Which JavaScript Package Manager Wins in Speed and Space?

ByteFE

Apr 9, 2024 · Fundamentals

Understanding and Managing Dependencies in Node.js Projects

This article explores the hidden complexities of dependency management in modern Node.js development, covering the risks of unstable package structures, versioning pitfalls, various dependency types, ghost and circular dependencies, and provides practical strategies and best‑practice recommendations to keep dependency graphs stable, secure, and maintainable.

Node.jsSoftware Engineeringnpm

0 likes · 28 min read

Understanding and Managing Dependencies in Node.js Projects

Sohu Tech Products

Dec 20, 2023 · Information Security

Command Injection Vulnerabilities in Node.js: Analysis and Prevention

The article examines how command‑injection flaws in popular Node.js npm packages such as find‑exec and fs‑git arise from unsafe concatenation of user input into shell commands, and recommends rigorous validation, using execFile or spawn, and regular dependency audits to prevent catastrophic system compromise.

CVECommand InjectionSecure Coding

0 likes · 11 min read

Command Injection Vulnerabilities in Node.js: Analysis and Prevention

Liangxu Linux

Dec 19, 2023 · Frontend Development

npm vs pnpm vs yarn: Which JavaScript Package Manager Should You Use?

This article compares npm, pnpm, and yarn—detailing their features, installation commands, speed, disk usage, concurrency, and stability—to help developers choose the most suitable JavaScript package manager for their projects.

JavaScriptYARNfrontend development

0 likes · 6 min read

npm vs pnpm vs yarn: Which JavaScript Package Manager Should You Use?

Rare Earth Juejin Tech Community

Dec 5, 2023 · Frontend Development

Building a Customizable Image Generation Tool with Node‑Canvas and Full‑Stack Deployment

This article walks through the conception, implementation, and deployment of a highly configurable image‑generation CLI tool built with node‑canvas, covering the npm package design, command‑line usage, custom font handling, a React‑based visual website, backend services, CI/CD with GitHub Actions, and server setup.

DeploymentGitHub Actionsimage generation

0 likes · 35 min read

Building a Customizable Image Generation Tool with Node‑Canvas and Full‑Stack Deployment

IT Services Circle

Dec 4, 2023 · Information Security

Supply‑Chain Vulnerabilities in the JavaScript/npm Ecosystem: Notable Cases and Lessons

This article surveys a series of high‑profile supply‑chain attacks on the JavaScript/npm ecosystem—such as left‑pad removal, malicious faker.js updates, cross‑env hijacking, is‑promise bugs, getcookies backdoors, event‑stream social‑engineering, ESLint credential leaks, manifest obfuscation, and politically‑motivated code injections—highlighting how tiny, widely‑used packages can become vectors for large‑scale compromise and what developers can do to mitigate the risk.

Securitymalwarenpm

0 likes · 17 min read

Supply‑Chain Vulnerabilities in the JavaScript/npm Ecosystem: Notable Cases and Lessons

Rare Earth Juejin Tech Community

Nov 10, 2023 · Backend Development

Using tree-node-cli to Visualize and Manage Project File Structures

This article introduces the npm package tree-node-cli, explains how to install it globally, demonstrates its powerful visual tree output, customizable options, and how it can efficiently help developers understand and manage complex project file hierarchies.

File StructureProject Managementcommand-line

0 likes · 10 min read

Using tree-node-cli to Visualize and Manage Project File Structures

Rare Earth Juejin Tech Community

Oct 29, 2023 · Frontend Development

Understanding Front-End Engineering: From Module Systems to npm and webpack

This article explains front‑end engineering, tracing its evolution from simple page building to modern modular architectures, and details how tools like npm, CommonJS, AMD, CMD, ESModules and webpack address challenges such as scope pollution, code standards, resource optimization, testing, CI/CD, and team collaboration.

Engineeringfrontendmodularization

0 likes · 17 min read

Understanding Front-End Engineering: From Module Systems to npm and webpack

Rare Earth Juejin Tech Community

Sep 9, 2023 · Frontend Development

Using Resource Hints (Prefetch, Preload, Preconnect, DNS‑Prefetch) to Optimize Frontend Loading Performance

This article explains how to use the four resource‑hint APIs—prefetch, preload, preconnect, and DNS‑prefetch—along with the crossorigin attribute and a custom npm tool (resource‑hint‑generator) to dramatically reduce page load times, improve web‑vitals, and increase cache‑hit rates, providing code examples, tables, and validation steps.

Preconnectfrontend performancenpm

0 likes · 17 min read

Using Resource Hints (Prefetch, Preload, Preconnect, DNS‑Prefetch) to Optimize Frontend Loading Performance

Rare Earth Juejin Tech Community

Aug 5, 2023 · Frontend Development

How to Build, Optimize, and Publish a Full‑Featured CLI Scaffolding Tool for Frontend Projects

This tutorial walks you through creating a 100‑line Node.js CLI scaffolding tool that supports global and local installation, interactive project and template selection, command‑line arguments, loading animations, overwrite prompts, dynamic template fetching via GitHub API, and finally publishing the package to npm for frontend engineers.

CLIJavaScriptNode.js

0 likes · 22 min read

How to Build, Optimize, and Publish a Full‑Featured CLI Scaffolding Tool for Frontend Projects

Yunxuetang Frontend Team

Jul 28, 2023 · Frontend Development

Master Modern Front-End: CSS 3D, Design Systems, Canvas Engine & Chrome 115

This article surveys recent front‑end advancements, covering stunning CSS 3D image effects, design‑system construction, the high‑performance leaferjs canvas engine, Chrome 115’s new capabilities, TypeScript’s typechat project, npm ecosystem insights, DDD practices in information services, and an overview of a leading front‑end team.

Browser FeaturesCanvasDDD

0 likes · 4 min read

Master Modern Front-End: CSS 3D, Design Systems, Canvas Engine & Chrome 115

Kuaishou E-commerce Frontend Team

Jun 25, 2023 · Frontend Development

How to Build Real‑Time NPM Package Usage Dashboards for Frontend Teams

This article explains why tracking npm package usage in large‑scale frontend projects is challenging, compares three implementation approaches, and details a preferred webpack‑plugin solution that provides a seamless, real‑time dashboard without requiring developers to modify their packages.

Dashboardfrontendmonitoring

0 likes · 8 min read

How to Build Real‑Time NPM Package Usage Dashboards for Frontend Teams

IT Services Circle

May 8, 2023 · Information Security

Security Risks of npm install Scripts and Malicious Packages

The article explains how npm install and preinstall scripts can be abused by malicious packages to execute unwanted commands, steal personal data, and launch attacks, and it provides several real‑world examples while recommending cautious use and strict permission controls.

Node.jsinstall scriptmalicious packages

0 likes · 8 min read

Security Risks of npm install Scripts and Malicious Packages

Sohu Tech Products

Apr 26, 2023 · Frontend Development

Customizing console.log Styles and Building a Console Log Button NPM Library

This article demonstrates how to style console.log output using %c placeholders, outlines the supported CSS properties, and walks through creating a lightweight, Vue‑devtool‑inspired log‑button library with Vite, TypeScript, ESLint, Husky, and ChatGPT‑generated UI color palettes, culminating in publishing the package to npm.

Viteconsolefrontend

0 likes · 14 min read

Customizing console.log Styles and Building a Console Log Button NPM Library

JD Tech

Apr 12, 2023 · Frontend Development

Building a Vue Component Library with Vant CLI: Significance, Setup, and Publishing

This tutorial explains the purpose of a component library, compares popular Vue UI frameworks, and provides a step‑by‑step guide to creating, configuring, testing, publishing, and consuming a custom Vue component library using Vant CLI.

Component LibraryTutorialVant CLI

0 likes · 10 min read

Building a Vue Component Library with Vant CLI: Significance, Setup, and Publishing

TAL Education Technology

Apr 6, 2023 · Backend Development

Summary of npm, Yarn, and pnpm Package Managers

This article reviews the evolution of Node.js package managers—from npm2's nested dependencies to Yarn's flat model, npm3's symlink approach, and pnpm's content‑addressable store—highlighting their installation commands, advantages, drawbacks, and impact on disk usage and dependency management.

dependency managementnpmpackage manager

0 likes · 11 min read

Summary of npm, Yarn, and pnpm Package Managers

Sohu Tech Products

Mar 29, 2023 · Backend Development

Comprehensive Guide to Packaging JavaScript Libraries: ESM, CJS, UMD and Best Practices

This guide provides clear, practical recommendations for packaging JavaScript libraries—including outputting ESM, CJS and UMD formats, handling multi‑file builds, code compression, sourcemaps, TypeScript typings, external frameworks, modern browser support, and essential package.json fields—so developers can create robust, tree‑shakable, and well‑documented npm packages.

CJSESMJavaScript

0 likes · 20 min read

Comprehensive Guide to Packaging JavaScript Libraries: ESM, CJS, UMD and Best Practices

ByteFE

Mar 6, 2023 · Frontend Development

Deep Dive into npm, Yarn, and pnpm Dependency Management

This article explains how npm, Yarn, and pnpm manage JavaScript dependencies, detailing installation processes, flat vs nested node_modules structures, lock files, and the hard-link mechanism that improves speed and saves disk space.

YARNdependency managementnpm

0 likes · 16 min read

Deep Dive into npm, Yarn, and pnpm Dependency Management

TAL Education Technology

Mar 2, 2023 · Backend Development

Exploring pnpm: A High‑Performance Package Manager for Node.js

This article introduces pnpm, compares it with npm and yarn, explains the problems of nested node_modules such as ghost dependencies and split packages, and demonstrates pnpm’s link‑based architecture, advantages, and basic command usage for efficient JavaScript project management.

MonorepoSoft Linkshard links

0 likes · 6 min read

Exploring pnpm: A High‑Performance Package Manager for Node.js

JD Retail Technology

Feb 17, 2023 · Frontend Development

Building a Custom Vue Component Library with Vant CLI: A Step‑by‑Step Guide

This article explains the purpose of a component library, outlines how to plan, select a framework, set up Vant CLI, configure scripts, organize directories, add and test components, publish to an npm registry, and integrate the library into projects using various import methods.

Component LibraryVant CLIVue

0 likes · 9 min read

Building a Custom Vue Component Library with Vant CLI: A Step‑by‑Step Guide

Architecture Digest

Feb 15, 2023 · Frontend Development

LowCodeEngine: Features, Engine Protocol, Usage Examples, UI Functions, and Integration Guide

LowCodeEngine is an open‑source low‑code engine from Alibaba that follows enterprise front‑end standards, offering a minimal core, rich ecosystem, TypeScript typings, configurable CDN options, detailed UI panels, and extensible protocols for building front‑end applications.

CDNEngineLowCode

0 likes · 7 min read

LowCodeEngine: Features, Engine Protocol, Usage Examples, UI Functions, and Integration Guide

21CTO

Dec 28, 2022 · Backend Development

Using ChatGPT to Fix Node.js Runtime Checks and Eliminate CLI Side Effects

An engineer building the ZenStack toolkit for Next.js and TypeScript needed a runtime check for Node.js and Prisma, turned to ChatGPT for a quick solution, discovered unintended side effects with async-exit-hook, and ultimately refined the approach using child processes and npm tricks to achieve a clean, reliable setup.

CLIChatGPTNode.js

0 likes · 5 min read

Using ChatGPT to Fix Node.js Runtime Checks and Eliminate CLI Side Effects

Rare Earth Juejin Tech Community

Nov 22, 2022 · Frontend Development

Publishing a Web Components Dropdown as an npm Package with Babel and Webpack

This tutorial explains how to package a custom Web Components dropdown, publish it to npm using either Babel or Webpack, and then integrate the published component into a React application, covering project setup, configuration files, build scripts, and deployment steps.

babelfrontend developmentnpm

0 likes · 11 min read

Publishing a Web Components Dropdown as an npm Package with Babel and Webpack

ByteFE

Nov 14, 2022 · Frontend Development

Evolution and Innovations of npm, Yarn, and pnpm Package Managers

This article examines the evolution of the three major JavaScript package managers—npm, Yarn, and pnpm—detailing their original designs, the problems they introduced such as nested node_modules, phantom dependencies and doppelgangers, and the innovative solutions like flattening, lock files, symbol/hard links, and PnP mode that each tool brought to improve dependency management.

YARNnode_modulesnpm

0 likes · 18 min read

Evolution and Innovations of npm, Yarn, and pnpm Package Managers

Rare Earth Juejin Tech Community

Oct 24, 2022 · Frontend Development

Understanding npm Installation Mechanisms, Lock Files, and Private Registry Setup

This article explains how npm installs dependencies, the role of package‑lock.json, the evolution from nested to flat node_modules structures, npm's caching strategy, and provides practical guidance for setting up a private npm registry and handling common installation issues.

Private Registrydependency managementnode_modules

0 likes · 13 min read

Understanding npm Installation Mechanisms, Lock Files, and Private Registry Setup

政采云技术

Sep 13, 2022 · Frontend Development

Upgrading NPM Package Standards

This article explains the importance of semantic versioning in npm package management, covering version rules, pre-release tags, and best practices for publishing packages to avoid compatibility issues and ensure smooth development workflows.

Versioningnpmpackage management

0 likes · 22 min read

Liangxu Linux

Aug 26, 2022 · Backend Development

How to Publish an npm Package: Step‑by‑Step Guide for Node Developers

This guide walks you through installing Node.js, creating an npm account, initializing a Git repository, setting up package metadata with npm init, testing locally, logging in, and finally publishing or removing a package on the npm registry, complete with command examples and best‑practice tips.

Node.jsnpmpackage publishing

0 likes · 7 min read

How to Publish an npm Package: Step‑by‑Step Guide for Node Developers

Alipay Experience Technology

Aug 18, 2022 · Backend Development

How cnpm rapid Accelerates npm Installations by Up to 10× with FUSE and Overlay

This article explains the implementation principles of cnpm rapid mode, demonstrates how server‑side dependency‑tree generation, high‑speed downloading, tar‑based disk I/O, and a FUSE‑backed overlay filesystem together achieve up to ten‑fold faster npm installations and seamless CI/CD integration.

FUSENode.jsOverlay Filesystem

0 likes · 14 min read

How cnpm rapid Accelerates npm Installations by Up to 10× with FUSE and Overlay

21CTO

Aug 18, 2022 · Backend Development

Can Deno Now Run Most npm Packages and Outpace Node? New Updates Explained

The recent Deno announcement reveals native npm package support, a faster HTTP server, and fierce competition from Bun, highlighting performance benchmarks, community reactions, and the ongoing race to become the fastest JavaScript runtime for backend development.

BunDenoJavaScript runtime

0 likes · 5 min read

Can Deno Now Run Most npm Packages and Outpace Node? New Updates Explained

Alipay Experience Technology

Aug 17, 2022 · Backend Development

Scaling npmmirror.com to 58B Downloads: cnpmcore Architecture & Insights

This article details how Ant Group's npmmirror.com handles massive traffic with a distributed backend, introduces the open‑source cnpmcore registry, explains its bug‑versions safety features, migration strategies, and how enterprises can customize the service using TypeScript, tegg and DDD principles.

Backendcloudnodejs

0 likes · 14 min read

Scaling npmmirror.com to 58B Downloads: cnpmcore Architecture & Insights

IT Services Circle

Aug 3, 2022 · Frontend Development

An Introduction to Xterm.js: Features, Installation, and Usage

Xterm.js is a TypeScript‑based front‑end terminal component that provides fast, GPU‑accelerated, Unicode‑rich, self‑contained terminal emulation for web applications, with detailed installation steps, ES6 imports, plugin architecture, browser and Node.js support, and extensive real‑world usage examples.

BrowserJavaScriptTypeScript

0 likes · 9 min read

An Introduction to Xterm.js: Features, Installation, and Usage

php Courses

Jul 31, 2022 · Frontend Development

Useful npm Packages for Vue3 and Vite3 Development

This article presents a curated collection of npm libraries frequently used in Vue3 and Vite3 source code, offering developers ready‑to‑use tools for terminal styling, CLI interaction, argument parsing, file handling, debugging, environment management, bundling, testing, and more.

JavaScriptToolingVite

0 likes · 7 min read

Useful npm Packages for Vue3 and Vite3 Development

Alipay Experience Technology

Jul 27, 2022 · Frontend Development

Solving npm Dependency Chaos in Frontend Infrastructure

A frontend engineer tackles slow npm installs, massive disk usage, a buggy package causing infinite loops, and the need for security scanning by deploying a domestic mirror, using npm overrides, and adopting cnpmcore for enterprise‑grade package management.

OverridesPrivate Registrycnpmcore

0 likes · 4 min read

Solving npm Dependency Chaos in Frontend Infrastructure

WeDoctor Frontend Technology

Jul 14, 2022 · Backend Development

How to Safely Upgrade npm Dependencies and Keep Your Project Healthy

This guide explains why and how to assess the health of npm dependencies, outlines a step‑by‑step upgrade process, highlights tools like npm outdated, npm audit, depcheck, and offers practical advice on changelog review, lock‑file management, and distinguishing dependencies from devDependencies.

DevOpsNode.jsSecurity

0 likes · 13 min read

How to Safely Upgrade npm Dependencies and Keep Your Project Healthy

TAL Education Technology

Jun 16, 2022 · Frontend Development

A Learning Path for Non‑Frontend Developers to Join Modern Frontend Development

This article provides a comprehensive learning plan for non‑frontend engineers to understand the essence of modern frontend, explore core tools like Vue, Node, webpack and npm, and follow a step‑by‑step roadmap to start contributing to frontend projects.

Learning PathNodenpm

0 likes · 12 min read

A Learning Path for Non‑Frontend Developers to Join Modern Frontend Development

21CTO

May 31, 2022 · Information Security

What GitHub’s Latest Leak Reveals About Plaintext Credential Risks

GitHub’s recent security incident, unrelated to OAuth token attacks, exposed over 100,000 npm users' plaintext credentials and detailed private package data, prompting a review of logging practices, notification plans, and broader implications for supply‑chain security.

GitHubOAuthSecurity Breach

0 likes · 5 min read

What GitHub’s Latest Leak Reveals About Plaintext Credential Risks

WeDoctor Frontend Technology

May 13, 2022 · Frontend Development

Build and Publish Your Own VS Code Extension: From Scaffold to Marketplace

This tutorial walks you through automating article formatting, creating a VS Code extension with a reverse‑string command, binding a shortcut key, and publishing the plugin to the VS Code Marketplace, covering scaffold setup, code implementation, package configuration, token generation, and release steps.

ExtensionJavaScriptVSCode

0 likes · 14 min read

Build and Publish Your Own VS Code Extension: From Scaffold to Marketplace

Rare Earth Juejin Tech Community

Apr 24, 2022 · Backend Development

How to Properly Create a Qualified npm Package with TypeScript: A Step‑by‑Step Guide

This article walks readers through the complete process of building a well‑structured npm package using TypeScript, covering project initialization, package.json configuration, essential tooling such as husky, lint‑staged, eslint, prettier, unit testing with Jest, and best practices for documentation and publishing.

ESLintJestLibrary

0 likes · 15 min read

How to Properly Create a Qualified npm Package with TypeScript: A Step‑by‑Step Guide

Selected Java Interview Questions

Apr 22, 2022 · Information Security

Supply Chain Poisoning in node-ipc: Analysis, Impact, and Mitigation

Developers discovered that the npm package node‑ipc, widely used in vue‑cli, contained a malicious “peacenotwar” payload targeting Russian and Belarusian IPs, prompting security analysis, discussion of open‑source supply‑chain risks, and detailed remediation steps including package updates and code removal.

Vue CLInode-ipcnpm

0 likes · 8 min read

Supply Chain Poisoning in node-ipc: Analysis, Impact, and Mitigation

21CTO

Apr 18, 2022 · Information Security

How Stolen OAuth Tokens Let Attackers Access Private GitHub Repositories

GitHub revealed that attackers exploited stolen OAuth tokens from third‑party services like Heroku and Travis‑CI to download private repository data, prompting a rapid revocation of tokens and ongoing investigation into the breach.

GitHubHerokuOAuth

0 likes · 3 min read

How Stolen OAuth Tokens Let Attackers Access Private GitHub Repositories

php Courses

Apr 15, 2022 · Frontend Development

How npm run Executes Scripts and Uses node_modules/.bin in Vue CLI Projects

The article explains, through a mock interview, why running npm run xxx triggers npm to look up the script in package.json, creates local binary links in node_modules/.bin, and executes the corresponding command such as vue‑cli‑service serve without requiring a global installation.

Vue CLIfrontend developmentnode_modules

0 likes · 8 min read

How npm run Executes Scripts and Uses node_modules/.bin in Vue CLI Projects

ByteFE

Apr 8, 2022 · Backend Development

Curated Technical Articles: Backend, Frontend, and Development Insights

This collection highlights a free ByteDance backend training camp, alternatives to web frameworks, Node.js architecture, Flutter performance tricks, an underrated Deno overview, Chrome 100 updates, transitional architecture concepts, a Koa2 signaling server tutorial, a detailed Webpack component library guide, and a comprehensive comparison of npm, npx, cnpm, yarn, and pnpm.

BackendDenonodejs

0 likes · 5 min read

Curated Technical Articles: Backend, Frontend, and Development Insights

Selected Java Interview Questions

Mar 31, 2022 · Backend Development

Why NanoID Is Replacing UUID: Features, Benefits, and Limitations

This article explains how NanoID, a modern JavaScript identifier library, offers smaller size, higher security, faster generation, customizable alphabets, and broad language support compared to UUID, while also discussing its limitations and future outlook for developers choosing unique IDs.

JavaScriptidentifiernanoid

0 likes · 7 min read

Why NanoID Is Replacing UUID: Features, Benefits, and Limitations

NetEase LeiHuo UX Big Data Technology

Mar 29, 2022 · Frontend Development

Evolution of npm: From Nested v1/v2 to Flat v3 and Lock‑file v5

This article examines the development of npm, describing its early nested dependency model in v1/v2, the flat‑dependency approach introduced in v3, and the package‑lock enhancements of v5, while highlighting the advantages and new challenges each version brought to Node.js package management.

Versioningdependency managementfrontend

0 likes · 7 min read

Evolution of npm: From Nested v1/v2 to Flat v3 and Lock‑file v5

DaTaobao Tech

Mar 23, 2022 · Frontend Development

Why npm, Yarn, pnpm and Deno Manage Dependencies Differently – A Deep Dive

This article analyses the evolution of front‑end package managers—from npm's early nested modules to Yarn's lockfile and Plug'n'Play, pnpm's hard‑link strategy, cnpm/tnpm adaptations, and Deno's URL‑based imports—highlighting their dependency resolution mechanisms, trade‑offs, and remaining challenges.

DenoYARNdependency management

0 likes · 19 min read

Why npm, Yarn, pnpm and Deno Manage Dependencies Differently – A Deep Dive

IT Services Circle

Mar 17, 2022 · Information Security

Malicious npm Packages: The “peacenotwar” Incident and Its Impact on the Frontend Ecosystem

The article exposes a malicious npm package called peacenotwar, injected by a politically motivated author into the node‑ipc dependency of vue‑cli, which creates a hostile file on users in Russia and Belarus, prompting npm to block the package and highlighting the fragility of the frontend supply chain.

Frontend Ecosystemmalicious codenode-ipc

0 likes · 5 min read

Malicious npm Packages: The “peacenotwar” Incident and Its Impact on the Frontend Ecosystem

Taobao Frontend Technology

Mar 10, 2022 · Frontend Development

Why npm, Yarn, pnpm, and Deno Differ in Dependency Management – A Deep Dive

This article examines how npm, Yarn, pnpm, cnpm, tnpm and Deno handle dependency installation, version locking, flattening, and module resolution, highlighting the evolution from nested node_modules to lockfiles and Plug'n'Play, and discusses the trade‑offs of each approach.

YARNdependency managementfrontend-development

0 likes · 19 min read

Why npm, Yarn, pnpm, and Deno Differ in Dependency Management – A Deep Dive

Alibaba Terminal Technology

Mar 10, 2022 · Frontend Development

Why npm, Yarn, pnpm, cnpm, tnpm, and Deno Differ in Dependency Management – A Deep Dive

This article examines how npm, Yarn, pnpm, cnpm, tnpm, and Deno handle dependency installation, version locking, and node_modules structures, highlighting the evolution from nested to flattened layouts, the emergence of phantom and multiple dependencies, and the trade‑offs of each approach.

DenoYARNdependency management

0 likes · 21 min read

Why npm, Yarn, pnpm, cnpm, tnpm, and Deno Differ in Dependency Management – A Deep Dive

Tencent IMWeb Frontend Team

Mar 7, 2022 · Frontend Development

Boost Your Frontend QA: Top Tools for Pixel-Perfect Design Comparison

Design review often relies on manual screenshot comparison, but this guide introduces a range of Chrome extensions, desktop clients, and npm packages—such as Perfect Pixel, CSS Peeper, Design‑Compare, PixelEye, pixelmatch, and looks‑same—that streamline pixel‑perfect page comparison, improve implementation fidelity, and enable automated visual regression in CI pipelines.

Chrome Extensiondesign reviewfrontend

0 likes · 10 min read

Boost Your Frontend QA: Top Tools for Pixel-Perfect Design Comparison

Alibaba Terminal Technology

Feb 22, 2022 · Frontend Development

A Decade of Front-End Toolchain Evolution: 12 Key Packages (2009‑2021)

This article reviews ten years of front‑end toolchain development, tracing the release timelines of twelve pivotal npm packages, analyzing download trends, and highlighting shifts from early scripting tools to modern bundlers and performance‑focused solutions.

Toolchainbundlershistory

0 likes · 11 min read

A Decade of Front-End Toolchain Evolution: 12 Key Packages (2009‑2021)

vivo Internet Technology

Feb 16, 2022 · Backend Development

Design and Implementation of a Plugin Management Platform for Vivo Activity Components

The article describes Vivo’s plugin management platform for activity components, built with a Midway Node.js backend, Vue.js frontend, and MySQL, which automates component extraction, Markdown documentation, GitLab hook‑driven NPM package retrieval, and AST‑based export parsing to provide a reusable library that has already saved over 20 person‑days of development effort.

Component LibraryGitLabMidway

0 likes · 25 min read

Design and Implementation of a Plugin Management Platform for Vivo Activity Components

Alipay Experience Technology

Jan 17, 2022 · Backend Development

How to Achieve Near‑Instant npm Installations: Benchmarks and Optimizations

This article presents a detailed performance comparison of npm, Yarn, PNPM, CNPM, and npm rapid, then explains three core optimization techniques—request aggregation, a middle‑layer file system, and cache layering—to reduce installation time by up to tenfold while addressing disk‑space challenges.

Filesystemnpmoptimization

0 likes · 10 min read

How to Achieve Near‑Instant npm Installations: Benchmarks and Optimizations