Articles tagged for: npm

Hardening Your npm and pnpm Configs in the Age of Shai-Hulud

A copy-paste-ready .npmrc and pnpm-workspace.yaml that actually defends against the supply-chain attacks of 2025 and 2026 — with the threat model behind every directive.
May 30, 2026 ~ 9 min read
supply-chain security
package-managers
npm
Mastering NPX: A Cheatsheet for npm and Node.js Power Users

Explore unknown npx commands and tips to enhance your Node.js workflow. This cheatsheet covers everything from running packages without global installs to finding executable paths and using npx with specific Node versions.
Sep 25, 2025 ~ 3 min read
npx
npm
nodejs
Security Advisory for qix npm supply-chain compromise affecting debug and billions of weekly download users

Qix maintainer's npm account was phished and used to publish malicious versions of widely used packages (including `debug` and multiple packages in the `chalk` ecosystem). The injected code appears designed to execute in the browser, hooking web APIs to silently rewrite cryptocurrency addresses and wallet interactions, while being largely inert in pure Node.js/server contexts.
Sep 9, 2025 ~ 8 min read
npm
supply-chain
qix
NPM Ignore Scripts Best Practices as Security Mitigation for Malicious Packages

Learn about the npm `ignore-scripts` flag and how to use it to prevent the execution of arbitrary commands from malicious npm packages.
Jan 23, 2025 ~ 7 min read
npm
ignore scripts
malicious packages
How to use npm audit

Getting started with the npm audit command and learn why it's not enough and how to advance your project's security posture with more robust security tools like Snyk.
Oct 2, 2024 ~ 8 min read
npm audit
snyk test
npm
security
vulnerabilities
npm vulnerabilities: reviewing the security of your dependencies

Learn about recent npm vulnerabilities in popular npm packages and how to protect your applications from security reports disclosed in 2024.
May 2, 2024 ~ 3 min read
npm
security
vulnerabilities