Colors and faker broke thousands of builds overnight in January 2022. Event‑stream was compromised with crypto‑stealing malware. The infamous left‑pad incident...
Overview Bots, scanners, and noisy automated traffic are common in Node.js apps. Instead of trying to 100 % detect humans, this small open‑source package takes...
Dear Mods of dev.to, please bear with me for this one. This post will have a few profanities, as you might guess from the title. However, these profanities are...
Introduction Last week I published Sapo, a pre‑install security scanner. Today I’ll show how it detects one of the most common attacks: typosquatting. What is...
The “Aha!” Moment That Started It All I was implementing a new feature, feeling like a code wizard 🧙♂️. I submitted the PR, and then my TL dropped a comment...
The Problem We've all been there. You open a project, and for a split second you freeze: “Wait, is this npm run dev, yarn start, or docker-compose up?” Context...
SEO in React is Painful – Until react‑smart‑seo If you have built a React app before, you already know this truth: > 👉 SEO in React is painful. > Not because...
Article URL: https://socket.dev/blog/npm-to-implement-staged-publishing Comments URL: https://news.ycombinator.com/item?id=46530448 Points: 19 Comments: 2...
!Cover image for Beyond npm audit: Implementing Automated Dependency Governance locallyhttps://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravi...
Accessible, Unstyled Color Wheel Library Compound Components I built an accessible, unstyled color wheel library using the Compound Components pattern. Here’s...
A tiny, secure short ID generator for Node.js — feedback welcome Publishing your first npm package is oddly intimidating. You keep asking yourself: - “Is this...
!Cover image for Getting Started with eslint-plugin-secure-codinghttps://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/ht...
