A wave of developers discovered their applications spewing garbled output after a malicious update to the widely used npm libraries colors and faker, revealing a deliberate sabotage by maintainer Marak Squires that sparked heated debate over open‑source ethics, corporate exploitation, and security responsibilities.
This article analyzes why npm installations are slow, compares traditional flattening, pnpm, and cnpm approaches, and details Ant Group’s tnpm rapid mode optimizations—including server‑side dependency graphs, HTTP pre‑heating, tar merging, Rust‑based download, and a FUSE‑backed filesystem—that together achieve up to three‑fold speed improvements.
A recent malicious update to the popular npm libraries colors and faker introduced an infinite‑loop bug that flooded consoles with Zalgo‑style text, prompting developers to roll back versions, sparking heated community debate, and highlighting broader issues of open‑source exploitation and corporate reliance on free code.
The article reviews npm’s 2021 milestones—including the official release of npm 7.0 with performance gains and new features—while highlighting a wave of supply‑chain attacks on popular packages, discussing the rise of Corepack, and offering a forward‑looking perspective on the ecosystem’s challenges and opportunities.
This guide walks through installing Node on CentOS 7, using npm to install Node-RED globally, launching the service, and opening the firewall so the editor is reachable at port 1880, including the required unsafe-perm flag for proper permission handling.
This guide introduces IBM's Node-RED visual programming tool, explains how to install Node.js and Node-RED on Windows using npm, run the server on port 1880, and build a simple flow with inject and debug nodes to verify output.
This guide walks through cloning the Node-RED source, installing dependencies, building and running it locally on Windows, packaging the project, and then installing Node and deploying the packaged Node-RED on an offline server.
Ant Group’s Cloud Phoenix platform demonstrates a Bundleless asset loading strategy that combines ES Modules, NPM imports, and fine‑grained tree‑shaking to deliver low‑code, on‑demand component delivery, addressing performance bottlenecks and redundancy in enterprise middle‑office applications while paving the way for future ES Module‑centric development.
This guide walks you through creating a demo-cli project, configuring package.json, setting up bin scripts, understanding Linux and Node bin execution, choosing global versus local installation, adding TypeScript, ESLint, Prettier, lint‑staged, and finally publishing the package to npm.
This guide explains how to use GitHub Packages as a unified package registry and demonstrates step‑by‑step how to configure npm, create a workflow file, and automatically publish a Node.js package to GitHub Packages via GitHub Actions whenever a new release is created.
This article announces the new domain for the Taobao NPM mirror, highlights the React Router v6 release, and introduces several useful open‑source tools such as cssdb, react‑freeze, npm‑dts, install‑with‑typing, and rs‑jest, while also pointing to a React Native API roundup.
A recent security breach compromised the popular npm packages coa and rc, injecting ransomware‑capable code that can steal browser passwords, record keystrokes and screenshots, prompting developers to lock specific versions and enable two‑factor authentication to protect their projects.
This article provides an in‑depth overview of the package.json file used in frontend projects, covering required fields, description metadata, dependency sections, script commands, file and directory settings, publishing options, and common third‑party configurations with practical code examples.
This article introduces the Changesets tool for managing package versions and changelogs in monorepo projects, compares it with Lerna, explains its workflow and core CLI commands, and discusses current drawbacks and possible improvements for large‑scale JavaScript/Node development.
Learn how to troubleshoot and permanently fix Windows Build Tools installation issues for Node.js native modules, covering PowerShell language mode, registry tweaks, environment variables, and both automatic and manual Visual Studio 2019 Build Tools setups.
This article explains how the Lerna publish command works, detailing the different publishing scenarios, the internal initialization steps such as configureProperties and initialize, and the final execution phase that validates npm access, updates dependencies, packs packages, and publishes them to the npm registry.
This article explores common questions about npm and Yarn dependency management, explains the internal installation processes, lockfile roles, version resolution, and compares the two tools while offering practical tips for handling project dependencies in modern JavaScript development.
This article explains the purpose and structure of yarn.lock, why it may show unexpected diffs after dependency updates, and provides practical strategies—including using resolutions, frozen lockfiles, and preventive workflows—to keep package.json and yarn.lock in sync and avoid build issues.
This article explains how to share UI modules via NPM packages and Module Federation, compares traditional iframe approaches, dives into low‑level and high‑level concepts, demonstrates practical webpack configurations, version‑selection strategies, and runtime loading mechanisms with detailed code examples.
This guide explains what TypeScript declaration (.d.ts) files are, when they’re needed, and provides step‑by‑step examples for writing global, npm‑package, and module‑augmentation declarations, plus configuration tips for automatic generation in modern JavaScript projects.
Node.js 16.0.0, built on the V8 engine, introduces a stabilized Timers Promises API, Apple Silicon pre‑built binaries, V8 9.0 upgrades, global btoa/atob functions, and npm 7.10.0, marking a significant step forward for JavaScript runtime performance and compatibility.
This tutorial walks through using the TypeScript compiler (tsc) together with tscpaths and AST manipulation tools like jscodeshift to resolve path aliases, copy static assets, and convert style imports from SCSS/LESS to CSS when packaging a frontend library for npm distribution.
This article details how the Tongtian Tower front‑end platform was refactored to support multiple sites by extracting common modules, adopting Git Submodule combined with Yarn workspaces, and integrating npm packages, thereby reducing development time and improving maintainability across international and commercial projects.
Security researcher Alex Birsan demonstrates how simple dependency‑confusion attacks—registering private package names on public registries like npm, PyPI, and RubyGems—can silently compromise internal build systems of major tech firms, yielding high‑value bug bounties while exposing systemic risks in package management.
This article explains how simple yet powerful dependency‑confusion attacks let attackers upload malicious packages to public registries, exfiltrate data via DNS, and compromise internal systems of companies like PayPal, Shopify, Apple and others, highlighting the methodology, results, root causes and mitigation ideas.
This article explores Yarn’s architecture and workflow, comparing it with npm, cnpm, and pnpm, detailing multi‑threaded installation, caching, dependency resolution, lockfile handling, and step‑by‑step processes from package fetching to linking, optimization, and common Q&A, illustrated with code snippets.
This guide explains why clipboard.js is a lightweight, dependency‑free solution for copying and cutting text, shows how to install it via npm or CDN, demonstrates configuration and various usage patterns—including data attributes, event handling, advanced options, and a Vue 3 integration—while also covering browser support.
This article explains how npm flattens dependencies, compares npm, cnpm and yarn, outlines the evolution of package managers, details essential package.json fields, demonstrates using nrm, and provides a step‑by‑step guide to configure Webpack, create, build, and publish a custom npm package.
This article analyzes the challenges of packaging JavaScript libraries for npm, compares CommonJS, UMD, and ESModule outputs, demonstrates how Webpack’s tree‑shaking and sideEffects settings affect bundle size, and provides practical Babel configuration tips to achieve lean, reusable packages.
This guide explains the scenarios that cause duplicate HTTP requests in web applications, demonstrates two Axios cancellation techniques, and shows how to encapsulate the logic in a reusable module with request tracking, interceptor integration, npm linking, and open‑source contribution steps.
This article provides a step‑by‑step guide to building an NPM private registry using Cnpmjs.org, covering containerized deployment with Docker, migrating packages from Verdaccio, implementing OSS disaster‑recovery backups, configuring email notifications, and tips for further customization.
This tutorial walks readers through installing Node.js, configuring npm or cnpm, upgrading the Vue CLI, creating a uni‑app project with Vue, troubleshooting common errors, and finally running the project in the WeChat Developer Tools, providing screenshots and command references throughout.
This guide explains how to build a private npm registry on Ubuntu using cnpmjs, covering MySQL installation, server configuration, repository setup, package publishing, and synchronization options, providing step‑by‑step commands and troubleshooting tips for a stable internal package management solution.
Node.js 15, the latest runtime release, replaces Node.js 14 as the active line, introduces npm 7 with workspace and peer‑dependency auto‑install, switches unhandled promise rejections to throw mode, adds N‑API 7, updates V8 to 8.6, and includes QUIC support, though it is not yet LTS and isn’t recommended for production.
This article reviews October's key tech updates, covering NPM v7's new workspace and peer‑dependency features, Chrome's rollout of HTTP/3 over QUIC, Webpack 5's Module Federation for JavaScript architecture, the physics behind iOS UIScrollView animations, Chinese web‑font handling, the lightweight SVGA animation format, and a 1 KB JavaScript 3D game demo.
This article explains the meaning of UNMET PEER DEPENDENCY errors, explores npm’s versioning rules, the role of semver, how npm install builds a flattened dependency tree, the impact of peerDependencies, and provides practical strategies for diagnosing and resolving these warnings.
This article explains the background, challenges, and step‑by‑step process of privately deploying and extending CodeSandbox—including building a custom online IDE, configuring a private npm registry, modifying the packager service, adding screenshot and style‑injection features, and integrating with Bit for component sharing.
This tutorial walks you through downloading RuoYi-Vue 3.1, creating a MySQL database, importing required SQL files, configuring Redis and application settings, and then launching the Spring Boot back‑end and Vue front‑end so you can access the admin console at http://localhost:81/.
This article provides a comprehensive, step‑by‑step tutorial on creating, documenting, and publishing a React component library using create‑react‑app, TypeScript, docz, npm linking, and Netlify, covering configuration, build scripts, on‑demand loading, and deployment best practices.
This article explains the inner workings of npm installation, the differences between npm 2 and npm 3, the purpose and structure of package‑lock.json, and the various dependency types such as dependencies, devDependencies, optionalDependencies, peerDependencies, and bundledDependencies, providing practical guidance for developers.
This article provides a comprehensive, hands‑on tutorial for quickly creating a React component library using create‑react‑app, configuring TypeScript, ESLint, node‑sass, docz documentation, npm publishing, tree‑shaking, on‑demand loading, and deploying the generated docs to Netlify.
This guide explains why and how to set up an enterprise‑grade private npm registry using cnpmjs.org, covering prerequisites, installation, configuration, database setup, nginx proxying, security considerations, process management with pm2, and optional cloud storage extensions.
The article investigates the April 25 NPM outage caused by the is-promise package, explains the buggy code and the problematic "type" and "exports" fields in package.json, reviews the rapid fix timeline, and offers practical lessons for developers to avoid similar dependency mishaps.
This guide walks through configuring unit tests, continuous integration with Travis CI, and automated coverage reporting using Coveralls for the NUTUI Vue component library, detailing the required tools, npm scripts, webpack settings, and best‑practice benefits for reliable front‑end development.
The imprisonment of core‑js author Denis Pushkarev raises concerns for the library’s future maintenance, affecting over 19,000 npm packages—including major polyfills—while the community seeks new maintainers and proposes organizational safeguards to protect critical open‑source dependencies.
This tutorial provides a comprehensive introduction to Node.js, covering its runtime environment, core global objects, module system, command‑line interface development, npm package management, script automation, and event handling with practical code examples and explanations for front‑end engineers transitioning to back‑end development.
Node.js, a JavaScript runtime built on Chrome’s V8 engine, originated in 2009 when Ryan Dahl applied event‑driven, asynchronous I/O to achieve high‑concurrency server‑side performance, and has since grown into a widely adopted platform—supported by npm, governed by the OpenJS Foundation, and used for scalable I/O‑intensive web, enterprise, and data applications despite challenges like callback complexity and package‑registry incidents.
This article details how Zhenkun's frontend team responded to fast business growth by unifying their tech stack—introducing a private npm registry, a custom CLI scaffolding tool, Node.js backend, mock services, standardized webpack builds, DevOps automation, static resource delivery, monitoring, visual editors, UI component libraries, and automated testing—to boost development efficiency and maintainability across multiple locations.
The article explains two critical npm vulnerabilities—arbitrary file access via a crafted bin field and binary planting that lets globally installed packages replace executables—detailing their impact, how they can be exploited, and urging users to upgrade promptly.
This article explains the complete workflow for publishing a high‑quality NPM package, covering component‑oriented thinking, directory and configuration conventions, package.json standards, development processes, commit and changelog practices, quality assurance with linting, testing and type systems, as well as documentation and demo requirements.
This article explains why node‑sass binary downloads fail on internal DevOps platforms, analyzes the underlying proxy and Python2 requirements, and presents three practical solutions—including setting network proxies, configuring SASS_BINARY_PATH or SASS_BINARY_SITE, and deploying an internal npm mirror—to enable seamless frontend builds without modifying build commands.
This article explains why npm package version changes can break projects, illustrates common pitfalls with examples, and shows how using the ncc tool to bundle dependencies into a single JavaScript file can make installations faster, smaller, and more reliable.
This article guides JavaScript developers through creating a simple Node.js command-line interface (CLI) tool from scratch, covering setup, scripting, permission handling, environment variables, npm packaging, publishing, and best practices, enabling efficient custom command creation.
This article walks through the design and implementation of a Node‑based command‑line tool that generates React or Vue project scaffolds, covering initialization, script development, template downloading, local testing, npm publishing, and usage instructions.
This guide walks you through downloading Node.js, obtaining the mall‑admin‑web source code, installing dependencies, and launching the front‑end application on both Windows and Linux, including steps for using a local backend or an online API and configuring Nginx for production.
This article compares Go and Node.js from a Node.js developer’s viewpoint, highlighting Go’s static typing, compiled nature, enforced formatting, built‑in libraries, package management, and tooling, and provides resources for learning Go effectively.
This article explains the Unix‑style philosophy behind command‑line programs, describes how Node.js enables powerful CLI development, and introduces essential tools such as n/nvm, nodemon, npx, nrm, commander, progress, chalk, inquirer, ora, puppeteer, as well as best practices for publishing scoped npm packages.
This article outlines ten critical npm security best practices—from avoiding secret leaks and using lockfiles to enabling two‑factor authentication and understanding typosquatting—helping front‑end and back‑end developers safeguard their projects against common package‑related vulnerabilities.
This article explains how front‑end developers can analyze and shrink their JavaScript bundles by using Chrome DevTools, Lighthouse’s unused‑code audit, and visual tools such as Webpack Bundle Analyzer, and provides practical tips for removing unused or unnecessary libraries.
The article explains how the popular Node.js package event-stream was transferred to a new maintainer who injected a malicious flatmap-stream module that steals Bitcoin, outlines the timeline of the supply‑chain attack, and provides steps for developers to detect and remediate the infection.
This guide explains what a command-line interface (CLI) tool is, why developers prefer CLI over GUI for efficiency, and provides a step‑by‑step tutorial for creating a simple Node.js‑based CLI, covering project setup, command registration, argument parsing, version handling, interactive prompts, shell script execution, and network proxy management.
Taro UI is a multi‑end UI component library built by the Aotu Lab, offering easy installation, rich components, and seamless adaptation across WeChat mini‑programs, H5, and ReactNative, with detailed quick‑start instructions and code examples for developers.
This guide walks through installing Node.js, configuring npm with a Chinese mirror, and using create‑react‑app to quickly create and run a React project on macOS, including all necessary command‑line steps and code snippets.
This article explains the concept of Tree Shaking, compares CommonJS and ES6 module formats, shows how to configure npm's pkg.module field and bundler settings (Webpack and Rollup) so that a package can be tree‑shakable while remaining compatible with existing tooling.
This comprehensive npm guide explains initializing projects with npm init (including custom defaults), installing and linking local, Git, or private packages, understanding version‑tree changes across npm 2‑5, using semver, managing dependencies and lock files, leveraging npm scripts, npx, configuration files, engine constraints, and essential best‑practice recommendations for stable, reproducible front‑end development.
This tutorial walks you through installing Node.js, configuring npm to avoid permission issues, using npm in both global and local modes, managing package versions with package.json, searching for packages, cleaning the cache, and leveraging version managers, providing a complete guide for modern JavaScript development.
The 2017 npm State of JavaScript report analyzes the popularity and growth of major front‑end frameworks—React, Preact, Angular, Ember, Vue, and Backbone—showing dramatic shifts, rapid adoption rates, and guidance for developers choosing the right tool for their projects.
This guide explains how to install and use npm-check together with ESLint to identify outdated, incorrect, or unused dependencies in a Node.js project, remove unnecessary require statements, and ensure that only needed packages remain in the codebase.
This guide explains how to install the cli-dict npm package globally, demonstrates basic Chinese‑English translation commands with examples, lists available command‑line options, and notes the current translation source and contribution invitation.
This tutorial walks through creating a comfortable frontend development workflow by installing Node.js, managing packages with npm and nrm, initializing a project, configuring Webpack with Babel and SASS loaders, and enabling hot module replacement for seamless code updates.
AT‑UI is a fresh Vue 2.x based UI component library for rapid PC website development, offering Vue components, npm/webpack workflow, independent CSS styling, clear project background, vision, and detailed installation instructions via npm or direct script tags, with links to its website and GitHub repository.
This article provides a comprehensive overview of the front‑end development workflow, explaining core concepts like HTML, CSS, JavaScript, and detailing essential tools such as npm, Babel, Gulp, Webpack, and popular frameworks like React and Vue, while addressing their roles and interactions.
AT-UI is a Vue.js‑based UI component library that offers independent styling, npm‑webpack workflow, and easy global or local component usage, supporting modern browsers, IE9+, and Electron, with clear installation and contribution guidelines for rapid PC web development.
A roundup of this week's front‑end highlights includes NetEase's new "Dream Werewolf" game, Apple's iPod discontinuation, Facebook Messenger 2.1 with embedded NLP, React's licensing controversy, npm 5.3.0 updates, Expo SDK v19.0.0, Angular releases, Google IPv6 stats, the Facets visualization tool, and Adobe's Flash sunset.
npm 5 introduces automatic package‑lock generation, default --save, enhanced Git and file‑dependency handling, new prepack/postpack scripts, stronger integrity checks, a fully managed cache and registry tweaks, while narrowing Yarn’s speed advantage despite early bugs, making it a compelling alternative for npm‑centric workflows.
This article presents eight practical recommendations for Node.js developers, covering dependency locking, lifecycle scripts, modern JavaScript, promises with async/await, code formatting with Prettier, continuous integration testing, security headers via Helmet, and serving over HTTPS.
At NodeConfBP, Snyk's Danny Grander demonstrated live attacks on a vulnerable Express 4.x app, exposing directory‑traversal, XSS, and remote memory leaks, then shared practical tips for building safer Node.js applications.
This article introduces SQLPad, a lightweight browser‑based SQL client that offers smooth autocomplete, instant table and column browsing, and query saving across multiple databases, and explains how to install and start it via npm for a more efficient SQL writing experience.
This tutorial walks you through installing Node, npm, and nvm, setting up a simple Vue project, using Webpack to bundle JavaScript, CSS, and images with loaders, and demonstrates core commands and configuration steps for beginners.
Learn how to automate npm init, switch registries, adjust install log levels, and relocate global modules with simple npm config commands, empowering Node.js developers to streamline project setup, reduce repetitive prompts, and manage environments more efficiently.
This tutorial explains how to create a Node.js command‑line generator from scratch by initializing a module, adding a CLI binary, integrating a template engine, parsing arguments and paths, and finally publishing the package to npm, all with clear code examples.
This article explains the role of the scripts section in a Node.js project's package.json, clarifies why commands like npm start work without the run keyword, and shows how to correctly execute custom scripts using npm run, helping developers avoid common pitfalls.
This article expands on earlier Node.js best practices by offering concrete, actionable guidelines such as modularizing code, managing require statements, handling errors, using npm shortcuts, respecting versioning, and properly separating development and production dependencies.
This article explains what FIGlet is, traces its development from a simple C program to modern versions, and shows multiple ways to generate ASCII art—including online tools, editor plugins, and Node.js modules—plus practical usage scenarios and code samples.
Discover seven practical npm tips—from listing globally installed packages and enabling command auto‑completion to checking security vulnerabilities, customizing per‑project configs, adjusting log levels, linking local dependencies, and enforcing engine strictness—each designed to streamline your Node.js workflow and boost productivity.
The article examines common problems with npm such as the left‑pad incident and semver volatility, explains how shrinkwrap can freeze dependencies, and shows how Yarn’s automatic lockfile, faster parallel installation, and better user feedback improve reliability and developer productivity.
A humorous 2016 dialogue walks through the shift from jQuery to React, explaining JSX, ES6+, Babel, module bundlers, task runners, TypeScript, Flow, Fetch API, and template engines, while highlighting the rapid evolution of frontend tooling and best practices.
This guide introduces Yarn, Facebook’s fast JavaScript package manager, shows how to install it, and provides a side‑by‑side comparison of common npm commands with their Yarn equivalents, highlighting unique features of each tool for more efficient frontend development.
The article details how Facebook built Yarn to overcome npm’s consistency, security, and speed limitations, describing the evolution of their package‑management workflow, Yarn’s lockfile architecture, parallel installation process, additional features, production adoption, and simple commands to get started.
The article examines Yarn, Facebook's new JavaScript package manager, highlighting its focus on speed and version control, its compatibility with npm and Bower, the mixed reactions from developers, and the uncertainty about its long‑term impact on the ecosystem.
This article presents nine practical npm recommendations—from quick project initialization and module discovery to version locking, production installs, and secure configuration—designed to help developers manage Node.js applications efficiently throughout their entire lifecycle.
This guide shows how to install the match-sorter npm package and use its flexible key, threshold, and ranking options to search and sort complex JavaScript arrays, including nested objects, with examples for partial, prefix, and exact matches.
Keeping npm dependencies up to date can be risky, but using tools like npm-check-updates, updtr, next-updater, and Greenkeeper lets you automatically detect new versions, test compatibility, and manage updates safely without manual checks, ensuring your projects stay current and stable.
Modular design simplifies Node.js development but introduces uncertainty about third‑party modules, so understanding which packages you rely on, their usage, popularity, version status, and last update dates can boost confidence and maintainability of your codebase.
Learn how to bypass the limitations of the default Windows .msi Node installer by creating a dedicated directory structure, manually installing multiple Node versions, configuring npm directories, and setting environment variables for a clean, flexible, and fully transparent Node.js development environment.
This article explains how npm interprets dependency version specifiers such as caret (^), tilde (~), and range operators, illustrates their effects with lodash examples, covers semantic versioning rules, special cases like 0.x.x versions, and provides test cases to help developers choose the appropriate version constraints.
This article provides a comprehensive overview of Node.js’s worldwide adoption, its technical strengths and weaknesses, architectural balancing strategies, the author’s team’s practical stack and tooling choices, and guidance on becoming a full‑stack developer using Node.js technologies.
The article analyzes npm’s role in frontend package management, presenting active‑install statistics, identifying four key pain points for developers, evaluating Bower’s approach, and outlining npm’s future modular CLI plans, while concluding that a definitive solution has yet to emerge.
This article traces Node.js’s evolution from a modest 2009 V8‑based runtime to a dominant backend platform, highlighting npm’s impact, its event‑driven, non‑blocking architecture, real‑world strengths and limitations, and why careful evaluation is essential before adopting it.
