Avoiding npm Substitution Attacks — Recently there have been some high profile examples of supply chain attacks on popular source code repositories, such as where fake or eponymous packages are published, but you can reduce your attack surface by taking precautions and managing dependencies. Here’s some tips when using
WebdriverIO v7 Released — WebdriverIO is a popular browser and mobile automation testing framework for Node. v7 brings it over to TypeScript, improves its Google Lighthouse integration, and improves compiler tool integration. There’s even a brief video about the release.
SVGO 2.0: A Node-Based SVG Optimizer — If you’ve worked with SVG (Scalable Vector Graphics) at all, you’ve probably seen they can be filled with all sorts of junk code.. SVGO to the rescue. 2.0.0 just came out and drastically reduces the package size while making API changes.
#479 — March 23, 2023 Read on the Web 🔒 npm Granular Access Tokens Now Generally Available — The granular access token feature on the npm registry is now generally available, allowing you to restrict Read more…
#478 — March 16, 2023 Read on the Web Shell-Free Scripts with Execa 7.1 — Execa is a popular process execution library for Node and the latest version includes an interesting 1$ method feature for Read more…