AuthonAuthon Blog
All articles

#npm

6 articles tagged with “npm

Bumblebee vs OSV-Scanner: Two Takes on Supply Chain Scanning
comparison

Bumblebee vs OSV-Scanner: Two Takes on Supply Chain Scanning

Comparing Perplexity's new on-disk scanner Bumblebee with manifest-based tools like OSV-Scanner and Snyk for supply chain security triage.

securitysupplychaindevops
Why npm supply chain attacks keep happening and how to harden your installs
debugging

Why npm supply chain attacks keep happening and how to harden your installs

Practical defenses against npm supply chain attacks: disable install scripts, use npm ci, audit lockfiles, verify provenance, and contain the blast radius.

npmsecurityjavascript
axios Got Hacked. If You Ran npm install Yesterday, Read This Now.
tutorial

axios Got Hacked. If You Ran npm install Yesterday, Read This Now.

axios. The HTTP client thats in basically every JavaScript project on earth. 100 million weekly downloads. Present in roughly 80% of cloud environment

securitynpmsupplychain
Your npm Package Is Leaking Source Code (And You Probably Don't Know It)
debugging

Your npm Package Is Leaking Source Code (And You Probably Don't Know It)

Source maps in npm packages can expose your entire original source code. Learn how to detect, prevent, and fix source map leaks in your packages.

npmjavascriptsecurity
I Haven't Opened the npm Website in Months. Here's How.
tutorial

I Haven't Opened the npm Website in Months. Here's How.

There's a special kind of friction that comes from typing `npm publish`, getting a 2FA prompt, fumbling for your phone, missing the 30-second window,

mcpnpmjavascript
I Haven't Opened the npm Website in Months. Here's How.
tutorial

I Haven't Opened the npm Website in Months. Here's How.

There's a special kind of friction that comes from typing `npm publish`, getting a 2FA prompt, fumbling for your phone, missing the 30-second window,

mcpnpmjavascript
Articles tagged "npm" | Authon Blog