← All Tags
# npm dependencies

5 links tagged with all of: npm + dependencies

Click any tag below to further narrow down your results

+ security (3) + package-management (2) + best-practices (1) + risks (1) + software-development (1) + supply-chain (1) + open-source (1) + graph (1) + visualization (1) + cli (1) + code-quality (1) + technical-debt (1)

Links

How to keep package.json under control

Managing dependencies in a React application requires careful attention to both direct and transitive dependencies to avoid unnecessary complexity and bloating. Techniques such as reading dependency source code, utilizing tools like Renovate and Knip, and analyzing package sizes are essential for maintaining a clean and efficient project. Ultimately, understanding the ecosystem and making informed choices can lead to better dependency management and reduced technical debt.
Saved by tldr-importer · Last saved October 29, 2025 · 6 min read
dependencies ✓ npm ✓ + package-management + code-quality + technical-debt

GitHub - npmgraph/npmgraph: A tool for exploring NPM modules and dependencies

NPMGraph is a tool designed for exploring npm modules and their dependencies, accessible online. It offers various configuration options through URL parameters to customize the visual representation of module graphs, including features like module colorization and dependency inclusion. Additionally, users can run NPMGraph locally by cloning its repository from GitHub.
Saved by tldr-importer · Last saved October 29, 2025 · 2 min read
npm ✓ + graph dependencies ✓ + visualization + cli

[no-title]

The article discusses the vulnerabilities in the npm supply chain and emphasizes the importance of securing software dependencies. It highlights insights from industry expert Brian Fox on how to mitigate risks associated with open-source components. The piece advocates for better practices and tools to enhance security in software development.
Saved by tldr-importer · Last saved October 29, 2025 · 1 min read
npm ✓ + supply-chain + security + open-source dependencies ✓

[no-title]

The article discusses the various risks associated with using npm (Node Package Manager) for managing JavaScript packages, including issues related to security vulnerabilities, dependency management, and the impact of unmaintained packages. It emphasizes the importance of being vigilant and proactive in assessing the risks that come with third-party dependencies in software development.
Saved by tldr-importer · Last saved October 29, 2025 · 1 min read
npm ✓ + security dependencies ✓ + risks + software-development

GitHub - bodadotsh/npm-security-best-practices: How to stay safe from NPM supply chain attacks

The repository consolidates best practices for securing NPM, bun, deno, pnpm, and yarn environments against common vulnerabilities such as supply-chain attacks and malware. It emphasizes the importance of controlling dependency versions, using configuration options to enhance security, and leveraging built-in permission models to safeguard applications during runtime. Additionally, it provides guidance on tools and techniques for auditing and managing packages effectively.
Saved by tldr-importer · Last saved October 29, 2025 · 6 min read
npm ✓ + security dependencies ✓ + package-management + best-practices