npm 12, TypeScript 7, and Bun in Rust
#​794 — July 14, 2026 Read on the Web JavaScript Weekly 📈 TanStack's npm Package Download Charts — A quick way to chart package popularity over ti...
Search fresh public links, source activity, and ready-to-use post angles for Npm.
Fresh curated links around NPM are collected here so marketers can spot useful updates and turn timely ideas into posts faster.
Recent items include:
Recent curated links from global sources. Generate one free draft from any story, then use SocialBu to schedule and refine your content calendar.
#​794 — July 14, 2026 Read on the Web JavaScript Weekly 📈 TanStack's npm Package Download Charts — A quick way to chart package popularity over ti...
All the world's a stage, and all the packages are merely players
#792 — June 30, 2026 Read on the Web JavaScript Weekly Deno 2.9 Released — A huge release for the runtime: deno desktop turns scripts and framework-based p...
GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-...
GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the package...
Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT). The list of identified packages,...
For years, running npm install meant trusting that whatever code got pulled in would behave itself. That trust was often misplaced. Starting in July 2026, npm v12 changes the rules...
NPM, part of GitHub, announced a new version of the npm package manager with several security improvements, including disabling install scripts
Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data the...
Comments
Mini Shai-Hulud worm hits Alibaba AntV ecosystem in largest npm supply chain wave to date
Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to findings from OX Security, SafeDep, Socket, and S...
As npm invalidates compromised developer accounts linked to the 'Mini Shai-Hulud' worm, security researchers expose lingering local backdoors targeting crypto seed phrases.
Upwind links compromised AsyncAPI npm packages to a coordinated supply chain attack spanning repositories, publishing pipelines, and developer systems at risk.
Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the...
Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust...
As many as 145 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI)...
Five malicious versions of AsyncAPI packages were published to the Node Package Manager (npm) in a supply-chain attack that delivered a remote access trojan with info-stealing capa...
Originally appeared on The Rails Tech Debt Blog.The Asset Pipeline has had many changes over the years, from not needing NodeJS when using Sprockets, to supporting NodeJS to manage...
Use SocialBu to discover ideas, generate post drafts, and schedule them across your social channels.