Freek.dev

A quick guide to the differences between npm ci and npm install.

Read more [ryangjchandler.co.uk]

A good overview of new things Yarn has to offer.

Read more [dev.to]

Caleb Porzio, developer at Tighten Co, recorded a video that explains how to publish a Vue component as a package

If you're like me, you have a handful of useful Vue components you use between different projects. Many times I've wanted to publish an individual Vue component to NPM for myself and others to access more easily.

Read more [calebporzio.com]

In an article at Hackernoon, David Gilbertson warns about the dangers of trusting 3rd party packages on npm. He goes into how a package can make unwanted http requests in the browser and how you can protect yourself against that.

It’s been a frantic week of security scares — it seems like every day there’s a new vulnerability. It’s been a real struggle for me personally to pretend like I understand what’s going on when asked about it by family members.

Seeing people close to me get all flustered at the prospect of being “powned” has really put things in perspective for me.

So, it is with a heavy heart that I’ve decided to come clean and tell you all how I’ve been stealing usernames, passwords and credit card numbers from your sites for the past few years.

https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5

Read more

Jordan Scales examined the contents of the node_modules directory a discovered a lot of junk.

While code bloat continues to slow down our websites, drain our batteries, and make “npm install” slow for a few seconds, many developers like myself have decided to carefully audit the dependencies we bring into our projects. It’s time we as a community stand up and say enough is enough, this community belongs to all of us, and not just a handful of JavaScript developers with great hair.

I decided to document my experiences in auditing my projects’ dependencies, and I hope you find the following information useful.

https://medium.com/friendship-dot-js/i-peeked-into-my-node-modules-directory-and-you-wont-believe-what-happened-next-b89f63d21558

Read more

Jack McDade, who designed the laravel.com and laracasts.com sites, shares some tips on how to make composer and npm much faster.

Whenever I run `composer install` or `npm install` I feel like an old man yelling at young punks to get off my lawn. Especially ever since `npm3`. I’ll save you the bitter diatribe and just get to the solution. But first, the problem.

Creating, distributing, maintaining, and consuming third-party dependencies was supposed to make us more productive and our lives easier. Instead, I feel like I spend more time waiting than coding.

So I dug and dug until I found solutions, as one does, and now I’m sharing them with you.

Read more

I know what you’re thinking. WAT?! Didn’t Gulp just kill Grunt? Why can’t we just be content for a few minutes here in JavaScript land? I hear ya, but… I’ve found Gulp and Grunt to be unnecessary abstractions. npm scripts are plenty powerful and often easier to live with.

Read more