I couldn't find an npm package to sort filenames into buckets, so I built one
Last week I was building a file-management feature. Users could upload documents, and I needed to sort them into sections. One bucket for NOCs, one fo…
Tech news from the best sources
Last week I was building a file-management feature. Users could upload documents, and I needed to sort them into sections. One bucket for NOCs, one fo…
I run EstimatorSuite.com — we review construction estimating software for US contractors (HVAC, electrical, plumbing, roofing, landscaping). We just o…
If you build apps for the Indian market, you've probably needed mock demographic data for testing, UI previews, or training ML models. And if you've u…
A team lead announces that the team will start using AI-assisted development. Everyone nods. Nobody asks what that actually means on Monday morning. S…
About 10 years ago I fell in love with Vue.js. The easy-to-learn syntax and reactivity were a joy to work with, and HMR (hot module replacement) added…
Introduction I'm a full-stack engineer working in Tokyo. One day, I needed to build a feature at work that handles Japanese postal codes. "Enter a pos…
gitlawb-zero is winding up a 0.4.0 release, and the commit stream shows a project maturing its distribution and its security boundaries at the same ti…
We have all been there. You are staring at your screen late at night, trying to optimize a bundle size, or debugging an enterprise pipeline that has b…
The npm incident, but for AI agents Remember when malicious npm packages stole crypto wallets? The same thing is coming for MCP servers. An MCP server…
Ever installed an npm package without really knowing what you were pulling into your project? I did too, and it bugged me enough that I built Revera. …
Обсуждение архитектуры или бага часто начинается в ChatGPT, а реализация продолжается локально в Codex CLI. Рассказываю, как я сделал небольшую CLI-ут…
A lot of useful technical work starts as a conversation. Maybe you are exploring an architecture decision in ChatGPT. Maybe you are debugging an idea …
Same project, same dependencies. And yet, when I asked both tools "how many vulnerabilities do you have?", they answered differently. $ npm audit 2 vu…
Imagine if there were a way for us to somehow ship a full-stack package that you could plug into your app. Client code, backend code, webhooks, and da…
Your CI catches the npm vulnerability. Your developer is already three branches away and one standup behind. The package is installed, the lockfile re…
The previous parts of this series were written from a comfortable distance. I read the Trend Micro diagrams about Shai-Hulud, I theorised about Docker…
This article was originally published on LucidShark Blog . On June 17, 2026, Microsoft Threat Intelligence published a report attributing a supply cha…
В мире открытого кода термин protestware стал новым классом риска в цепочке поставки ПО: мейнтейнеры намеренно вносят изменения, чтобы выразить личную…
If you're using migrate-mongo and considering a switch, the biggest concern usually isn't features. It's this: "Will I have to re-run old migrations o…
A complete record of publishing moongate-vue from build to npm, including 2FA, WebAuthn, registry switching, and automation scripts. This article cove…
На прошлой неделе я попросил Claude Code добавить рендеринг markdown в проект. Через секунду в зависимостях появился flutter_markdown — нормальный пак…
Всем привет от команды DFIR JetCSIRT! Хотим поделиться с вами одним интересным кейсом, эмоции от которого прекрасно описывает обложка... Заказчик заво…
Have you ever built a full-stack application (without fullstack framework like NextJS), if yes so you might definitely know that you need to build two…
Five days ago I posted I built a transactional outbox toolkit for Node.js — meet eventferry . The pitch was small and specific: Postgres + Kafka, the …
If you've built React Native apps for long enough, you've probably fought with file downloads, uploads, and filesystem management. Historically, the c…
The npm account ai publishes seven packages. Combined, they install 964 million times per week: Package Weekly downloads Publishers Risk postcss 245,6…
Running 23 European e-commerce shops on Payload CMS v3 taught me that some things simply don't exist yet. So I built them. Background I maintain a mul…
On June 3, JFrog Security Research published their analysis of IronWorm — a supply chain attack that compromised 37 npm packages through the asteroidd…
Target: pnpm/pnpm Issue: pnpm/pnpm#12240 PR: pnpm/pnpm#12301 Public branch: https://github.com/scarab-systems/pnpm/tree/fix/deps-status-no-manifest La…
73 cryptographically signed npm packages from Microsoft were compromised last week with advanced credential-stealing malware that fires the moment a d…