Using dependency-management-data with npm's SPDX and CycloneDX SBOM export functionality (1 mins read).
How to get started with npm's SBOM export functionality with dependency-management-data.
Using dependency-management-data with npm's SPDX and CycloneDX SBOM export functionality (1 mins read).
How to get started with npm's SBOM export functionality with dependency-management-data.
Content warning: npm
current status: `npm ruin build`
How to verifiably link npm packages to their source repository and build instructions.
1. Buy expired NPM maintainer email domains. 2. Re-create maintainer emails 3. Take over packages 4. Submit legitimate security patches that include package.json version bumps to malicious dependency you pushed 5. Enjoy world domination.Lance R. Vick ( @lrvick@mastodon.social ) (@lrvick)Mon, 09 May 2022 21:20 +0000
Ever forget what npm scripts are available? Run this: npm run This produces a list of scripts, and displays the code that each script runs. Quite handy.Cory House (@housecor)Tue, 05 Apr 2022 16:07 +0000
Running npm scripts on install should require opt-in from both 'npm install' and from indicating that you expect an upstream dependency to run scripts in the first place, e.g. "dependencies": { "foo": "1.2.3:with_scripts" }Ryan Cavanaugh (@SeaRyanC)Thu, 17 Mar 2022 23:18 GMT
I'VE LITERALLY BEEN SAYING FOR YEARS NPM IS BAD AND NPM IS AN ATTACK VECTOR AND NPX IS WORSE. (I even built a proof of concept to steal shit) Was told "that's how it works π€·ββοΈ) github.com/npm/npm/issuesβ¦Post details
Open source developer corrupts widely-used libraries, affecting tons of projects theverge.com/2022/1/9/22874β¦The Verge (@verge)Sun, 09 Jan 2022 20:58 GMT
Tane Piper (@tanepiper)Mon, 10 Jan 2022 07:01 GMT
Just use an npm package.
Den Delimarsky (@DennisCode)Sun, 26 Dec 2021 05:17 GMT
Developing web apps with Node (h/t bit.ly/nodecat)Addy Osmani (@addyosmani)Thu, 12 Nov 2020 09:00 GMT
When you say that you "walked into a dumpster fire to save the web" you might want to clarify what _kind_ of dumpster fire: you knowingly joined a company that just wrapped up union busting
Chris Dickinson (@isntitvacant)Sun, 13 Sep 2020 20:29 +0000
I hate how reminders of the late management at NPM can still send me into a stress/anger spiral. I hate that they go on popular podcasts and disparage the good work of the team that came before them, while simultaneously taking credit for things they didn't actually do.
Chris Dickinson (@isntitvacant)Sun, 13 Sep 2020 20:18 +0000
Every time I npm install π
Post details
does your macbook sound like this too? π π
Kap π (@kapehe_ok)Wed, 10 Jun 2020 17:06 +0000
Carol π (@CarolSaysThings)Thu, 11 Jun 2020 09:58 +0000
#npm allows you to do things like this, with other people's code (in a good way):
You're currently viewing page 1 of 1, of 25 posts.