Recently I needed to automate the addition of the addition of a script defined in a package.json‘s scripts section. To do this I used npm-add-script (an older, but still functioning project), along with the aforementioned npx. For example, to add a script labelled start with the contents webpack-dev-server –config ./config/webpack.config.babel.js –env.MODE=development –open –hot, I use: […]
Tag Archives: npm
Find the cost of adding a npm package to your bundle with BundlePhobia
Ever wondered what the (size) impact of adding an NPM package to your project is? BundlePhobia is a tool that does not only that, it also recommends you other similar packages that have a lesser load. This thing lets you understand the performance cost of npm install‘ing a new npm package before actually adding it […]
The Economics of Open Source // Introducing Entropic, a federated package registry
At JSConf EU 2019, CJ Silverio – former CTO at NPM Inc – gave this talk on why a VC-funded private package registry (read: the one ran by NPM Inc) holds many dangers. The JS package commons is in the hands of a for-profit entity. We trust NPM Inc with our shared code, but we […]
Optimizing JavaScript packages for tree shaking
Geoffrey Dhuyvetters from madewithlove on how authors of (open source) JavaScript packages can optimize their builds for tree shaking: How do we create a package that exposes both CommonJS & ES modules while making sure we don’t break cross-platform support? Publishing 2 separate packages is an option (e.g. lodash/lodash-es). But there is a nicer, more […]
Stealing Usernames, Passwords, and other (Personal) Data via Browsers and NPM Packages
👋 This post also got published on Medium. If you like it, please give it some love a clap over there. Late 2016, Stoyan Stefanov published “Oversharing with the browser’s autofill”. It’s an article on stealing personal data using the browsers their form autofill feature. The attack works by leveraging abusing the fact that autocompletion […]
TIP: Enable Two Factor Authentication (2FA) with your NPM account
Since early October it’s possible to enable Two Factor Authentication with your NPM account. 2FA is another layer of defense for your account, preventing third parties from altering your code even if they steal or guess your credentials. This is one of the easiest and most important ways to ensure that only you can access […]
Introducing npx: an NPM package runner
Included with [email protected] is an extra binary named npx: npx is a tool intended to help round out the experience of using packages from the NPM registry — the same way npm makes it super easy to install and manage dependencies hosted on the registry, npx makes it easy to use CLI tools and other executables hosted […]
npm v5.0.0
This release marks months of hard work for the young, scrappy, and hungry CLI team, and includes some changes we’ve been hoping to do for literally years. [email protected] takes npm a pretty big step forward, significantly improving its performance in almost all common situations, fixing a bunch of old errors due to the architecture, and […]
Faking node_modules in CodePen Projects
With CodePen Projects you have a web IDE right in your browser, with preprocessing built-in. But what about installing dependencies via the npm ecosystem? With some minimal effort it’s possible: All you need to do is make a folder called node_modules, and then inside of that make a file named after the module (e.g. react.js) […]
Why I’m excited about Yarn
Today, Facebook – in collaboration with Google and others – released Yarn, a new package manager for JavaScript. Introducing Yarn: a new package manager for JavaScript from @fbOpenSource, @tildeio, @googledevs & @exponentjs. https://t.co/2LfN5OXjOv — Yarn (@yarnpkg) October 11, 2016 In comparison to npm, the Yarn website pushes these three main benefits forwards: Speed Reliability Security […]