Masthash

#npm

Asbjørn Ulsberg
13 hours ago

I'm hacking on my resume and thought JSON Resume would be a good way to codify it instead of having it locked up inside of LinkedIn or in a stupid Microsoft Word document.

https://jsonresume.org/

JSON Resume has a theme concept, but with 438 available themes and no way to view them all online, it's a bit much work testing them one by one. "Script it!" I thought, but `npm search` only returns 20 results and there's no way around it:

https://github.com/npm/cli/issues/1211

As https://www.npmjs.com/ does pagination, it requires a lot of manual steps or intricate scripting to get a full list. However, https://npms.io/ has infinite scroll, so searching and scrolling to the bottom a few times, works.

Then, the following JS snippet in the browser console gives me the name of all 438 JSON Resume themes:

```js
Array.from(document.querySelectorAll('.results-list-item .headline a'), a => a.innerText)
```

Now it's easy to plop the results into a text file and iterate. I love yak shaving! 🐂🪒

#npm

Jakob Miksch
16 hours ago

Hey webdevs
do you see any major advantage of #yarn vs #npm or is it just a matter of taste?

WinFuture.de
1 day ago

Der JavaScript-Paketmanager #npm wird massiv mit Packages geflutet, die SEO-Spam enthalten und Nutzer in die Irre führen sollen. https://winfuture.de/news,135439.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia

Just realized I misspelled the "packageManager" key in my package.json when I migrated to pnpm. There is still no way to use semver in that key after all. People started putting their ^ at the start because it doesn't fail the regex used in vscode, but this doesn't work at all and will just make corepack fail. #pnpm #npm #vscode #node

Inautilo
1 day ago

#Development #Findings
One in two new npm packages is SEO spam right now · Just README files with links to various malicious websites https://ilo.im/120gj2

_____
#Npm #PackageManager #WebDevelopment #WebDev #JavaScript #NodeJS #Security #Malware #Spam

David Bisset
2 days ago

50% of new #NPM packages are spam:

https://blog.sandworm.dev/one-in-two-new-npm-packages-is-seo-spam-right-now

"That is - empty packages, with just a single README file that contains links to various malicious websites."

Astra Kernel :verified:
3 days ago

🪲 VSCode hack shows how supply chain attacks can extend to other software development tools

👉 Extensions are developed in Node.js
👉 Malicious npm packages to extensions
👉 Infected extensions & Auto update

https://www.reversinglabs.com/blog/vs-code-ide-hack-how-supply-chain-attacks-can-proliferate-between-developer-ecosystems

#vscode #infosec #programming #nodejs #npm

Valentin Sawadski
3 days ago

Is there an issue with #npm? I'm running `npm audit fix` and it takes ages doing nothing as far as I can tell by looking at CPU and Network usage 🤷‍♂️

Sara Hjelm
3 days ago

All turned to rain and my afternoon saved by
“Skolan efter marknaden
Om skolans och lärarrollens framtid”
(That last part was the assignment all the authors got)

Loots of reviews of this already so I’ll not be disappointed. I love the title
@asaplsnr @Skolinkvisition

@edutooters #education #npm #EduTooters

#sarasspringcount23

themer
3 days ago

@davidcrespo How is the interop with #npm / larger ecosystem these days? Deno looks so amazing but every time I want to try it I get scared off by the (seemingly) relative lack of packages

Andy Scott
3 days ago

Dear #android, #rust / #cargo, #cmake, #dbus, #hp, #mozilla #firefox & #thunderbird, #npm, #pipewire / #pulseaudio, #putty, #python, #steam, #wine, #yarn (and I'm sure many, many others),

Why don't you use #xdg defaults? This doesn't seem ridiculous to you?

Screenshot of the results from the "ls -a" command in my home directory. It shows about 15 hidden folders and files belonging to applications that blatantly disregard XDG specifications.
James Scholes
5 days ago

Ran `#npm install` about half an hour ago. It now seems to be in a never-ending dependency resolution fight with itself, and won't respond to Ctrl+C. So glad #React et al is improving everybody's dev experience.

Doug Parker
5 days ago

From my understanding you can basically put any file character except a slash in a #Unix file path, so fundamentally any input which accepts both a package and a file is fundamentally ambiguous. The only way to avoid that would be something like:

```
import 'pkg:foo.js';

// VS

import 'file:foo.js';
```

(And `file:` needs to be *required* for file paths.)

I do feel like it could at least be made less of an issue if #NPM packages had a special character convention. For example, if the leading `@` was required even for unscoped packages, then you'd import with:

```
import '@foo.js'; // Package

// VS

import 'foo.js'; // File
```

Ultimately you could still name a file `@foo.js`, so there is definitely ambiguity. However it would be significantly less common of an issue in practice.

Ratul Maharaj
5 days ago

#TIL that you can run `npm version patch` to do a patch (or minor, major etc) version increment which will update your package.json file and create a new git tag. Very cool.

#javascript #typescript #opensource #foss #fosstodon #npm #git #github #pnpm

Kevin Renskers
1 week ago

So far I've used good ol' #NPM for all my JS/TS projects. Lately I've been eying #PNPM, mostly because installs are much faster, although the disk space savings are nice too.

However, I am not 100% convinced that it's the best decision as it's yet another thing that the whole team has to install. One more barrier before you can get the code up and running as a new dev on the team.

Is it worth it? I'm 50/50, can't really decide.

iameru
1 week ago

Some days later I now wrote this script to create a somewhat "isolated" environment for #npm #webdev #pip #dev

https://gist.github.com/iameru/4ec933eddd4c44f02da04a97a29b6342

Feel free to use and tell me if you find an error please :)

Tim Nolte
1 week ago

Blah, so even the CLI for #VSCode Dev Containers requires that #NPM is installed, or you are using VSCode, or compile from source. https://code.visualstudio.com/docs/devcontainers/devcontainer-cli 🤦‍♂️

Tim Nolte
1 week ago

@codebyjeff Laradock seems like DDev(https://ddev.readthedocs.io/en/latest/) which is also geared towards the main source code being the main website/application. There is an aspect of needing a #WordPress install for testing and such but that isn't the main source code. I've tried to use the `@wordpress/env` #NPM package in the past but it also assumes/requires Node/NPM to be installed on the machine, along with all of the build stuff to be run via a local NPM install.

Tim Nolte
1 week ago

@codebyjeff well, so I need build tooling such as #NPM & #Composer but I don't want to maintain the versions of those on my own machine I want them version controlled with my source code, for use by other developers for maintenance. Also, this is like "module" code (plugins & themes) that aren't an entire site itself. Most of the #Docker tools out there assume that your source code is a fully functional application.

Tim Nolte
1 week ago

So #WordPress plugin, or theme, Devs. Is there a #Docker only local plugin(or theme) development environment available? Something that doesn't require me to maintain #Node, #NPM, #PHP, or #Composer on my local machine? Perhaps #VSCode Dev Containers is the closest I'm going to get but I don't want the #IDE lock-in either, as I don't even use VSCode. I've been playing with just a Dockerfile & docker-compose.yml but it has some usability issues currently.

Is there a database that classifies NPM library vulnerabilities as affecting only the server side or only the client side?

https://security.stackexchange.com/questions/269258/is-there-a-database-that-classifies-npm-library-vulnerabilities-as-affecting-onl

#cve #npm

99 problems and a #JavaScript package manager ain't one! #npm #yarn #pnpm

#TIL that "npm ci" means "npm clean-install". I always thought it was an #npm command for #continuousIntegration #ciCd #node #nodejs #javaScript

Axel Rauschmayer
2 weeks ago
Nathan Friedly
2 weeks ago

https://npmjs.com/set-cookie-parser now supports fetch()'s new getSetCookie() API, to provide easier and more reliable access to uncombined Set-Cookie headers.

(Multiple Set-Cookie header values were combined into a single comma-separated string previously, which is tricky to parse since the values can also contain commas!)

#Node.js supports the API, #deno has an open PR, and hopefully #ReactNative will roll out support sometime soon.

See https://github.com/whatwg/fetch/pull/1346 for more.

#javascript #js #nodejs #npm

Daryl G. Wright
2 weeks ago

I just launched a utility to help format Tailwind CSS classes for readability while minimizing whitespace rendered in the DOM. This utility has support for inline C-style comments within the class lists to help document complex styles. View this project on GitHub and install via NPM. I hope someone finds this helpful. Feel free to offer suggestions for improvement.
https://github.com/goldenpathtechnologies/tagged-classnames
https://www.npmjs.com/package/tagged-classnames

#TailwindCSS #WebDevelopment #WebDev #TypeScript #ClassNames #GitHub #NPM #JavaScript

ndubien
2 weeks ago

🔜 New #random generator coming soon within fast-check. I hope it will help people start using #property based testing more often to replace any references to uncontrolled #random values at the middle of their #tests by leveraging powers of #PBT: seeded, shrinkable... #npm #javascript

Jari Pennanen
2 weeks ago

The main reason I like #Deno over #NPM is that each file can act as a full "package". If the file defines all its dependencies, then it's readily usable from other packages with simple URL import.

This means you could build an awesome library, and not need to worry about splitting it into multiple smaller libraries.

The second best feature is no node_modules.

Axel Rauschmayer
2 weeks ago

npm-installed modules: In principle, it should be possible to generate an import map for a given package.json so that code works in web browsers without any kind of building.

Has anyone written a tool that does that?

#JavaScript #npm #WebDev

Esparta :ruby:
2 weeks ago

Do not tell my $CURRENT_EMPLOYER I share this with you, but here's a gem I wrote at the troubleshooting page of our Development Setup while dealing with #node #npm & #javascript

An screnshoot of a document a wrote, trying to troubleshooting problems with our development setup. Transcript:

"When starting the frontend server, a PIPE error stop the process"

This happen very infrequently, but if after npm start a message similar to this may occur:

< a bunch of error log >

Solution

<IT Crowd animated gif: "Hello IT. Have you tried turning it off and on again?">

Reboot your computer. The last time it happen to me I tried everything, but nothing was able to fix it. If you found a better process, please share.

Why?

Because node, that's why. Apparently a memory leak happen, and then an OOM doom everything.
Art Rosnovsky
2 weeks ago

Our industry is an embarrassment. This one man has been providing the entire fucking World Wide Web with compatibility for roughly $2/hr for a DECADE. And still microsofts, apples, amazons et al., who were able to pocket HUNDREDS OF BILLIONS of dollars off the back of this ONE man’s labor, don’t pay him shit; for years his biggest backer had been a tiny #FOSS project.

This is shit, our industry is shit, and we are shit.

#webdev #JavaScript #Web #npm #github #opensource

https://github.com/zloirock/core-js/blob/master/docs/2023-02-14-so-whats-next.md

NO MORE
I'm damn tired. I love working on open-source and core-js . But who or what am I doing this for? Let's summarize the above.
• I have been ensuring zero compatibility issues and providing bleeding edge features of the web platform for most of the Web since
2014
Alex Oberhauser :verified_o:
2 weeks ago

@fediversenews
The latest version of the Vue ActivityPub Timeline comes with the following new features

👉 Loading icon that works with light and dark theme
👉 Dialog that shows the post thread (ancestor and descendants of the post) in a dialog on the same page
👉 Videos are shown as image preview. On click the video opens in a new tab

see https://www.npmjs.com/package/@networld-to/vue-ap-timeline

#ActivityPub #Mastodon #Vue #NPM

I think I'm going to intentionally omit node-g*p support from #orogene. I'm not convinced it's that essential anymore and I feel really uncomfortable just lazily going with the flow here.

Is this a dealbreaker?

#nodejs #npm

iameru
3 weeks ago

How do you isolate your dev environment? Do you?

regarding #webdev or #dev In general. When using f.e. react, next or even just axios I got a ton of #npm modules installed in the JS ecosystem. Same with python #pip (though it seems a lot friendlier).
Now these packages sometimes become a security risk for my computer, my data, potentially life.

That's why I think we should all get a secure but ideally hastle free way to code.

How do you do it or do you have an idea? Pls boost!

Simple Scaffold v1.1.3 is out, with no Windows bugs* this time!

* that I know of

https://www.npmjs.com/package/simple-scaffold

#javascript #typescript #npm #package

Leon Bambrick
3 weeks ago

I’ve blogged my npm troubleshooting guide here — 10 easy steps

https://til.secretgeek.net/npm/npm_troubleshooting.html

#npm #javascript #sadomasochistictendencies

orbifx
3 weeks ago

What? No #web #ui without #npm or #nodejs ?

Jarek Rozanski 📈
3 weeks ago

Published my first-ever #NPM package today. 🚀

It enables adding privacy web analytics to #Vue application without any effort.

There are documented limitations which we will address very soon.

https://www.npmjs.com/package/wideangle-vuejs

Mike
3 weeks ago

This is a bit of a niche question...

For those that need a key to install private dependencies (be it composer or npm) and deploy via CI. Do you have one generic token or do you have a token per project? Does this token belong to you or a generic user?

#npm #composer #php #ci #cd

ndubien
3 weeks ago

Just started to compare pure-rand random number generators #prng with the ones coming within other #npm libraries and it is blazing fast 🤯 (guess what? it is now used by @fbjest🤫)

Aral Balkan
4 weeks ago

If you want to npm install a specific branch of your Node module from @Codeberg, you can do:

npm install git+https://codeberg.org/<organisation>/<repository>.git#<branch name>

e.g., npm install git+https://codeberg.org/small-tech/hyperscript-to-html-string.git#escape-newlines-in-attributes

#codeberg #npm #nodeJS #branch #install #dev

Marcel Koch
4 weeks ago

#TIL save-exact can bet set in the .npmrc #npm #nodejs

RaptaG
4 weeks ago

I'm in a dilemma, and I need the #advice from the #Linux #Mastodon community. I want to move from rolling release #Arch based #endeavouros to a more stable (maybe a bit gaming-focused) distro. I'm between 2: #NitruxOS and #Nobara.

Plus:

Nitrux:

- #Debian based (I have some expierience)

Nobara:

- #gaming foced

Minus:

Nitrux:

- Uses MauKit & I prefer the #KDE apps
- Latte for which I'm conserned because it's abandoned

Nobara:

- Uses #npm (No experience)

What should I choose?

Aral Balkan
4 weeks ago

My bad, I accidentally ran npm config set registry http:// registry.npmjs.org --global instead of *https* while troubleshooting. 🤦‍♂️

All good now :)

#npm #ipv6 #stuck #workaround

Aral Balkan
4 weeks ago

Anyone else having trouble with npm at the moment? (npm install stuck at the “idealTree buildDeps” stage)

Edit: Solved. (Please see thread. No need to reply.) :)

#npm #nodeJS

"40x faster than NPM" is a pretty nice claim, innit? #orogene

This is the "warm cache, existing package-lock.kdl" scenario, which is most common in CI setups that support caches, as well as when switching between branches that you've previously installed dependencies for.

So yeah, this is fast enough that I think I could have orogene provide a git hook that automatically reinstalls your node_modules on branch switch.

Oh, and this is all hard links, deduplicated by content hash, so you only have exactly one copy of a file in your entire system, ever.

I'm also pretty pleased that oro is almost twice as fast as bun, which is known to be screaming-fast. 😎

#rust #rustlang #npm

Summary
  '../target/release/oro restore --cache oro-cache' ran
    1.72 ± 0.23 times faster than 'bun install'
   22.23 ± 3.50 times faster than 'npx pnpm install --store-dir pnpm-cache --ignore-scripts'
   40.14 ± 5.51 times faster than 'npm install --cache npm-cache --ignore-scripts'
   44.45 ± 5.18 times faster than 'npx yarn --ignore-scripts --cache-folder yarn-cache'

One of my favorite moments while working on #NPM was benchmarking things in pre-5.0 NPM and realizing the package cache was doing absolutely nothing. Zilch. It didn't have any effect whether you enabled it or not. It was just a bug farm.

Neil Craig
1 month ago

I have a Google Cloud Build-based CI/CD which is triggered from a GitHub repo - it runs tests then publishes to npm.
Everything works fine except when Dependabot creates a PR because npm publish fails because the package version isn't updated.
Anyone got a way to fix this? It's not the end of the world but feels like it should be automate-able.
Boosts would be much appreciated.
#CICD #NPM #GoogleCloudBuild #webDev

Khalid ⚡
1 month ago

Hovering over an #npm dependency in #WebStorm produces a helpful little popup from the readme. Neat. #JavaScript #TypeScript

WebStorm pop up showing formated text
Juan Luis
1 month ago

What are the best practices when packaging Python + JavaScript projects? I know that @Jupyter is using Hatch and created a custom extension. Are there other examples? Asking for kedro-viz https://github.com/kedro-org/kedro-viz

#python #packaging #js #npm #nodejs #kedro #kedroviz

TypeScript/JavaScript devs:

How willing are you to change your habits and assumptions, for the sake of a faster and cleaner workflow?

For example, what if you could no longer assume that node_modules are regular files you can load, and instead are meant to be consumed by resolvers (bundlers, node.js, etc)?

What if node_modules/.bin wasn't a thing you could just poke at?

What if the way peerDependencies worked changed on you, or if a new type of dependency was introduced?

Assuming, of course, that all of these involve significant advantages.

#typescript #javascript #npm #nodejs

I've finally gotten around to making a project board/"roadmap" for #orogene!

Please check it out, and let me know if there's anything you really wish orogene would do that you don't see on the list!

https://github.com/orgs/orogene/projects/2/views/1

#rust #rustlang #npm #javascript

Dave Mackey
1 month ago

lol

when you (aka me) are prompted by #npm to upgrade to a newer version and (in a temp lapse of judgment) decide to do so.

of course, npm won't update itself to a version that isn't compatible with the version of #node npm is running in, right? right?!

now I have npm 9 (not) running on node 13. 😂

np, I'll downgrade node: `npm i -g npm@8`

"ERROR: npm 9.5 is known not to run on Node 13.14"

Good thing I had #nvm installed:

`nvm uninstall 13.14.0`
`nvm install 13.14.0`

Life is good again.

Nicolas Hoizey
1 month ago

Is it useful to have releases in GitHub for projects that are always installed from npmjs? 🤔

Asking for example for a pet project (which is also a mono-repo).

- GitHub: <https://github.com/nhoizey/images-responsiver/releases>
- npm:
- `images-responsiver`: <https://www.npmjs.com/package/images-responsiver>
- `eleventy-plugin-images-responsiver`: <https://www.npmjs.com/package/eleventy-plugin-images-responsiver>

#GitHub #npm

⚓️ https://nicolas-hoizey.com/notes/2023/02/22/2/

So I finally figured out how to deal with some mystery slowness during file extraction in #orogene, and managed to get full extraction working and it is:

👉🏻 4x faster than #pnpm
👉🏻 4x faster than #yarn
👉🏻 3x faster than #npm

...and these are just some initial numbers! There's still some stuff I'm sure I haven't tried to do yet that could bump that further.

On my machine, this means it can fully resolve and install a react app in 11 seconds.

v v exciting results so far.

#rust #rustlang

Florian Spier
1 month ago

RxJS has crazy a lot weekly downloads on npm: more than 47 million!

See the RxJS stats on npm: https://www.npmjs.com/package/rxjs

I wonder: Who uses it? In which context?

A well known context is Angular (RxJS is a peerDependency of Angular). But that can only be a small portion. Angular core has 3.3M weekly downloads: https://www.npmjs.com/package/@angular/core

#RxJS #angular #npm #javascript

#Opensource funding challenge:

Go into your main project and, assuming it uses #npm, run “npm fund”

Pick 5 projects that don’t seem well-funded, and donate to them

Just did so (admittedly using “npm fund” for the first time), donating a little to @ljharb, @sindresorhus, @fb55@twitter.com, @paulmillr, and @wooorm

(Consider boosting to encourage more contributions)

https://docs.npmjs.com/cli/v9/commands/npm-fund