rauschma, to node
@rauschma@fosstodon.org avatar

1/ #npm package scripts: Windows vs. Unixes.

On macOS, I’m using these scripts:
"build": "npm run clean && tsc && npm run chmod",
"clean": "shx rm -rf ./dist/*",
"chmod": "chmod u+x ./dist/src/cmd.js",

Alas, the last script won’t work on Windows. What’s a good way to fix this?

cory, to 11ty
@cory@social.lol avatar

On the off chance anyone's using my #Eleventy tabler-icons plugin, I've split it out into two separate packages following their 3.0.1 release with the default implementation being the outlined variation (https://www.npmjs.com/package/@cdransf/eleventy-plugin-tabler-icons) and a separate package + shortcode for the filled variation (https://www.npmjs.com/package/@cdransf/eleventy-tabler-icons-filled) #NPM #JavaScript

aral, (edited ) to node
@aral@mastodon.ar.al avatar

If you’re doing an npm publish and you get the following error:

404 Not Found - PUT … <your package name@version> is not in this registry

It might be because you’re not logged in.

From terminal, run:

npm login

rauschma, to node
@rauschma@fosstodon.org avatar

If an #npm package has "exports", it can “self-reference” them via its package name. That’s useful for tests (which demo how importing packages would use the code).

// util_test.js
import {helperFunc} from 'my-package/misc/util.js';

https://nodejs.org/api/packages.html#self-referencing-a-package-using-its-name

aral, to node
@aral@mastodon.ar.al avatar

I’ve always wanted someone to tell me I autocomplete them.

:awesome:

https://www.npmjs.com/package/aral

(That feeling when someone makes a Node package with your name. Hey, at least it’s not a German petroleum company…)

paladin, to php German
@paladin@mastodon.online avatar

Your daily php-dev fitness:

composer selfupdate &amp;&amp; composer global update &amp;&amp; npm -g i npm npm-check-updates &amp;&amp; ncu -g

You are welcome ;)
#php #nodejs #npm

anant, to node
@anant@anantshri.info avatar

#NPM based packages should mandatorily disclose whats the code size and what will be the nodes-modules folders count and total size. coz that combined together could what kind of liability i am getting myself into. #supplychain issues arise from being unaware / ignorant about your liabilities mostly.

schizanon, to ai
@schizanon@mas.to avatar

An LLM figured out that an attacker's base64 encoded PowerShell / bash command is actually creating a reverse shell

Epic. Using AI for proactively detecting malware in package registries.

Humans struggle with trivial obfuscation but LLMs do not.

https://socket.dev/npm/package/ts-patch-mongoos/files/1.0.0/mongoose.js

#ai #security #llm #llms #chatGPT #generativeAI #malware #npm #mongoose #socket

arendjr, to typescript
@arendjr@mstdn.social avatar

Received an invite for the https://jsr.io beta. This looks like a potential winner!

  • First-class @deno_land support
  • ESM-only
  • Built-in #TypeScript
  • Auto-doc generation from your TS sources
  • Seamless publishing from #GitHub Actions
  • #NPM integration

Especially the part where you can just publish your TypeScript package without transpilation, and they handle #NodeJS /NPM compatibility is pretty big for IMO.

sarahjelm, to node Swedish
@sarahjelm@mastodon.social avatar

This was quite turbulent in the news last week.
Money rules, or rather #NPM, not children’s & teacher needs
https://www.dagensarena.se/opinion/akelius-visar-mojligheterna-med-skolsystemet/
@socialscience
@economics
@educationecon

andre, to node
@andre@fedi.jaenis.ch avatar

I discovered a glitch in the Matrix!

A situation so unlikely I never considered it possible!

There is no package for generating (for resp. )!

The closest I could find is a parser from 2020.

Plus plenty of cryptocurrency garbage.

Excuse me, there's a framework waiting to be written 😸

(If you want to turn Markdown into Gemtext, recommendations go to a Python package)

ecmascript_news, to javascript
@ecmascript_news@mastodon.online avatar

How to protect your projects from the risks of deprecated npm packages
@sarahgooding @SocketSecurity
https://socket.dev/blog/the-risks-of-deprecated-npm-packages

#ECMAScript #JavaScript #npm

Wuzzy, to node
@Wuzzy@cyberplace.social avatar

This is defintely the funniest headline of the week: "npm flooded with 748 packages that store movies" 🤣

Well, that's ONE creative way to use #npm. 😉
Of course the movies are already deleted but still.

https://blog.sonatype.com/npm-flooded-with-748-packages-that-store-movies

ecmascript_news, to javascript
@ecmascript_news@mastodon.online avatar

npm in review: a 2023 retrospective on growth, security, and quirky facts
@SocketSecurity
https://socket.dev/blog/2023-npm-retrospective

#ECMAScript #JavaScript #npm

frankel, to node
@frankel@mastodon.top avatar

Deceptive #Deprecation: The Truth About #npm Deprecated Packages

https://blog.aquasec.com/deceptive-deprecation-the-truth-about-npm-deprecated-packages

krelnik, to node

Study finds a ton of unmaintained packages in #npm but an #OpenSource tool to find them in your project has been released. #security #SupplyChain #vulnerabilities https://blog.aquasec.com/deceptive-deprecation-the-truth-about-npm-deprecated-packages

czottmann, to node
@czottmann@norden.social avatar

Nailed it

#npm #nodejs

phylum, to opensource

We continue to identify sophisticated threats originating from the use of #opensource software packages. This time the attacker uses a signed #Microsoft executable to initiate the attack chain through an #npm package.

#malware #cybersec #infosec #javascript #reverseengineering #software #cybersecurity

https://blog.phylum.io/npm-package-found-delivering-sophisticated-rat/

rpetrich, to node

I spelunked into steganography to create a new feature in https://www.deciduous.app/ that lets you reimport PNGs and SVGs of your decision trees to derive the underlying YAML.

It involves some neat tricks inspired by Macromedia Fireworks (RIP), so I wrote a blog post about it: https://rpetrich.com/blog/posts/steganographic-trees-deciduous/

Deciduous now also sports a CLI (so you can #npm install it), and a bunch of lil things @shortridge and I added towards the goal of fast, easy, collaborative #threatmodeling of potential failures.

thisismissem, to node
@thisismissem@hachyderm.io avatar

I wish we could document maintainers for npm packages without those people having direct publish access (i.e., forcing publishes to go through CI/CD)

#npm #npmjs

joelanman, to node
@joelanman@hachyderm.io avatar

It's odd that this isn't built into #npm: update all packages to their latest versions

npx npm-check-updates -u

https://www.npmjs.com/package/npm-check-updates

#nodeJS

baldur, to random
@baldur@toot.cafe avatar

Disillusioned with Deno: https://www.baldurbjarnason.com/2024/disillusioned-with-deno/

teleclimber,
@teleclimber@social.tchncs.de avatar

@baldur Another issue with npm modules in is that many modules just break under restrictive permissions. They expect to have read access to the whole disk and break if you deny them that. So you pretty much have to grant every permission, but of course that defeats one of the major advantages of using Deno: prevent bad modules from doing bad things.

There may be ways to improve that over time, but it's not a pretty picture.

richard, to node
@richard@fedia.social avatar

Is there a way (or a package) to show the installed versions of npm node modules (npm list) and what is defined in your package.json?

maartenballiauw, to node
@maartenballiauw@mastodon.online avatar

Everyone: "Hahaha, #npm downloads the entire Internet!"

#Maven: "Hold my beer."

changelog, to ai
@changelog@changelog.social avatar

🗞 New episode of Changelog News!

🙃 @bagder on curl's AI frustrations
🤪 Brian Birtles on weird things engineers believe
💣 Feross on npm's "everything" package chaos
🧐 @robpike on what Go got right/wrong
🏦 Gavin Howard argues code is not tech debt
🎙 hosted by @jerod


🎧 https://changelog.com/news/76

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • thenastyranch
  • rosin
  • GTA5RPClips
  • osvaldo12
  • love
  • Youngstown
  • slotface
  • khanakhh
  • everett
  • kavyap
  • mdbf
  • DreamBathrooms
  • ngwrru68w68
  • provamag3
  • magazineikmin
  • InstantRegret
  • normalnudes
  • tacticalgear
  • cubers
  • ethstaker
  • modclub
  • cisconetworking
  • Durango
  • anitta
  • Leos
  • tester
  • JUstTest
  • All magazines
    •