Articles tagged “supply-chain”

6 articles

axios Alternatives 2026: got, ky, and undici

axios was compromised in a supply chain attack in March 2026. Compare got, ky, undici, and native fetch — performance, bundle size, and TypeScript support.

April 3, 2026·PkgPulse Team

npm Supply Chain Security Guide 2026

Defend against npm supply chain attacks in 2026: typosquatting, dependency confusion, malicious packages, lockfile poisoning, and the tools that stop them.

March 29, 2026·PkgPulse Team

How to Secure Your npm Supply Chain in 2026

Practical npm supply chain security for 2026. Lockfiles, audit automation, provenance attestation, Socket.dev scanning, and the 5 attacks targeting npm.

March 8, 2026·PkgPulse Team

The npm Security Landscape: Supply Chain Attacks 2026

npm supply chain attacks in 2026: the real threat landscape, which packages were targeted, and the defense stack that actually protects production applications.

March 8, 2026·PkgPulse Team

Security Vulnerabilities by Category 2026

npm security vulnerability data by category in 2026: which categories have the most CVEs, what types of vulnerabilities occur, and mitigation strategies.

March 8, 2026·PkgPulse Team

npm Package Security: Best Practices for 2026

Protect your project from supply chain attacks, malicious packages, and dependency vulnerabilities. A practical security guide for npm users in 2026 now.

March 4, 2026·PkgPulse Team

All Tags

2026 (393)typescript (376)nodejs (255)javascript (228)developer-tools (148)react (133)api (77)npm (75)comparison (68)performance (51)nextjs (45)automation (45)testing (38)database (34)security (29)bun (27)devops (27)frontend (24)backend (24)migration (23)ai (23)vite (22)react-native (22)build-tools (21)mobile (21)vitest (20)zod (19)state-management (18)tooling (17)monorepo (17)open-source (17)hono (17)pnpm (16)tailwind (16)prisma (15)opinion (15)ui (14)drizzle (14)jest (14)llm (14)bundle-size (14)validation (14)playwright (14)express (13)authentication (13)orm (12)runtime (12)webpack (12)biome (12)zustand (12)eslint (11)trpc (11)css (11)serverless (11)package-manager (10)deno (10)linting (10)turborepo (10)rust (10)fastify (10)bundler (10)astro (10)svelte (10)yarn (9)turbopack (9)edge (9)vue (9)realtime (8)graphql (8)valibot (8)expo (8)saas (8)bundlers (8)frameworks (8)dependencies (8)cli (7)date-fns (7)openai (7)packages (7)forms (7)animation (7)nx (7)cloudflare-workers (7)rspack (7)components (7)documentation (7)esbuild (6)supply-chain (6)ecosystem (6)react-hook-form (6)sveltekit (6)postgresql (6)package-selection (6)webdev (5)http-client (5)dayjs (5)observability (5)monitoring (5)server-components (5)langchain (5)full-stack (5)tanstack-query (5)cross-platform (5)developer-experience (5)swc (5)nextauth (5)cms (5)data-visualization (5)analytics (5)payments (5)email (5)remix (5)maintenance (5)jotai (5)video (4)axios (4)redis (4)typeorm (4)tsx (4)ts-node (4)yup (4)schema-validation (4)pino (4)libraries (4)package-managers (4)auth (4)optimization (4)type-safety (4)elysia (4)upgrade (4)arktype (4)ai-sdk (4)styling (4)data-fetching (4)moon (4)angular (4)neon (4)meta-framework (4)temporal (4)redux (4)shadcn (4)cloud (4)puppeteer (4)socketio (4)websockets (4)shadcn-ui (4)tsup (4)unbuild (4)prettier (4)accessibility (4)routing (4)logging (4)storybook (4)react-server-components (4)types (4)fullstack (4)trends (4)clerk (4)panda-css (4)media (3)server-actions (3)yjs (3)collaboration (3)ky (3)hub (3)benchmarks (3)esm (3)commonjs (3)rollup (3)formik (3)benchmark (3)compiler (3)framework (3)ui-components (3)framer-motion (3)vercel (3)oxc (3)formatting (3)unocss (3)oxlint (3)effect-ts (3)fp-ts (3)apollo-client (3)cursor (3)signals (3)rolldown (3)turso (3)solidjs (3)ssg (3)momentjs (3)storage (3)aws (3)msw (3)nock (3)mocking (3)background-jobs (3)node-js (3)pdf (3)web-scraping (3)component-library (3)self-hosted (3)docker (3)ci-cd (3)real-time (3)farm (3)search (3)networking (3)itty-router (3)websocket (3)caching (3)markdown (3)architecture (3)notifications (3)cypress (3)charts (3)park-ui (3)melt-ui (3)radix-ui (3)infrastructure (3)enterprise (3)tauri (3)electron (3)file-upload (3)typebox (3)commander (3)yargs (3)react-email (3)sharp (3)jimp (3)image-processing (3)winston (3)kysely (3)css-in-js (3)github (3)health-scores (3)testing-library (3)git (2)fetch (2)got (2)rate-limiting (2)joi (2)react-20 (2)undici (2)anthropic (2)vercel-ai-sdk (2)agents (2)workspaces (2)node (2)modules (2)socket (2)snyk (2)licensing (2)legal (2)changesets (2)python (2)encore (2)motia (2)ai-agents (2)lts (2)json-schema (2)javascript-runtime (2)qwik (2)error-handling (2)swr (2)github-copilot (2)ai-coding (2)vercel-edge (2)ecmascript (2)sqlite (2)ssr (2)toolchain (2)ppr (2)rendering (2)flutter (2)reactivity (2)runes (2)svelte-5 (2)javascript-dates (2)radix (2)schema (2)microservices (2)supertest (2)api-testing (2)bullmq (2)inngest (2)queues (2)partykit (2)crawlee (2)conform (2)tanstack-form (2)library-bundling (2)zx (2)scheduling (2)deployment (2)continue-dev (2)cicd (2)containers (2)audio (2)dbgate (2)gui (2)functional-programming (2)nextra (2)nitro (2)edge-runtime (2)web-components (2)oauth (2)identity (2)design (2)maps (2)ecommerce (2)lambda (2)mobx (2)valtio (2)mcp (2)model-context-protocol (2)micro-frontends (2)i18n (2)react-query (2)jwt (2)data-processing (2)privacy (2)paddle (2)monetization (2)react-19 (2)next-js (2)recharts (2)ladle (2)histoire (2)tanstack (2)desktop (2)rest (2)pkgroll (2)planetscale (2)productivity (2)urql (2)oclif (2)nodemailer (2)resend (2)luxon (2)ably (2)stripe (2)lemonsqueezy (2)dx (2)css-modules (2)dates (2)styled-components (2)best-practices (2)package-health (2)lucia (2)t3-stack (2)enzyme (2)mongoose (2)e2e (2)htmx (2)nanoid (2)uuid (2)ofetch (2)redux-toolkit (2)web-performance (2)tailwindcss (1)command-palette (1)streaming (1)package-publishing (1)date-picker (1)modals (1)layout (1)keyboard-shortcuts (1)express-rate-limit (1)moment (1)date-library (1)next-safe-action (1)zsa (1)opentelemetry (1)tracing (1)rsc (1)deno-3 (1)use-hook (1)automerge (1)loro (1)crdt (1)eslint-10 (1)flat-config (1)rag (1)dependency-management (1)embla-carousel (1)swiper (1)splide (1)carousel (1)slider (1)jsr (1)registry (1)vulnerability-management (1)compliance (1)tree-shaking (1)fast-check (1)property-based-testing (1)publishing (1)provenance (1)semver (1)versioning (1)conventional-commits (1)type-checking (1)typescript-6 (1)event-driven (1)react-bits (1)aceternity (1)magic-ui (1)standard-schema (1)tools (1)web-development (1)ajv (1)turbopack-vs-vite (1)http-framework (1)pandacss (1)javascript-tooling (1)deno-vs-node (1)neverthrow (1)claude-code (1)angular-21 (1)zoneless (1)zonejs (1)aws-lambda (1)es2026 (1)tc39 (1)language-features (1)web-framework (1)lynx (1)bytedance (1)supabase (1)postgres (1)partial-prerendering (1)isr (1)web (1)content-sites (1)linter (1)base-ui (1)ui-library (1)tsgo (1)tsc (1)typescript-7 (1)static-site (1)astro-vs-nextjs (1)vite-vs-webpack (1)bun-vs-node (1)messaging (1)trigger-dev (1)pdfkit (1)react-pdf (1)npm-workspaces (1)tailwind-v4 (1)daisyui (1)flowbite (1)pinecone (1)weaviate (1)qdrant (1)pgvector (1)vector-database (1)shell-scripting (1)coverage (1)c8 (1)istanbul (1)nginx (1)serialization (1)cbor (1)binary (1)ipld (1)cloudflare (1)images (1)cloud-storage (1)mdx (1)scraping (1)vscode-extension (1)dagger (1)earthly (1)depot (1)date-time (1)deprecation (1)depd (1)library-design (1)browser (1)drag-and-drop (1)configuration (1)drizzle-studio (1)prisma-studio (1)duckdb (1)clickhouse (1)questdb (1)olap (1)time-series (1)nitric (1)shuttle (1)cloud-native (1)infrastructure-from-code (1)graphics (1)fumadocs (1)tokenization (1)elysiajs (1)workers (1)ux (1)infisical (1)doppler (1)hashicorp-vault (1)secrets (1)ast (1)lago (1)orb (1)metronome (1)billing (1)usage-based (1)metering (1)design-system (1)webrtc (1)geospatial (1)content (1)middleware (1)mintlify (1)fern (1)readme (1)api-docs (1)claude (1)cdn (1)node-test (1)cryptography (1)openfga (1)permify (1)spicedb (1)authorization (1)zanzibar (1)rebac (1)access-control (1)openapi (1)async (1)document-generation (1)local-first (1)sync (1)component-testing (1)macos (1)polar (1)gumroad (1)merchant-of-record (1)http (1)proxy (1)hosting (1)gestures (1)documents (1)debugging (1)partial-hydration (1)tremor (1)redpanda (1)nats (1)kafka (1)event-streaming (1)message-queue (1)transactional (1)low-code (1)internal-tools (1)excel (1)slidev (1)marp (1)revealjs (1)presentations (1)stackblitz (1)codesandbox (1)gitpod (1)cloud-ide (1)webcontainers (1)component-development (1)surrealdb (1)edgedb (1)arangodb (1)graph (1)multi-model (1)webhooks (1)tanstack-router (1)react-router (1)data-tables (1)virtual-list (1)workflow (1)testcontainers (1)integration-testing (1)3d (1)webgl (1)offline (1)benchmarking (1)editor (1)content-management (1)pattern-matching (1)functional (1)npm-packages (1)serverless-database (1)communication (1)typescript-5 (1)edge-computing (1)seo (1)unkey (1)zuplo (1)kong (1)api-gateway (1)api-keys (1)web3 (1)blockchain (1)concurrency (1)workos (1)stytch (1)fusionauth (1)sso (1)enterprise-auth (1)scim (1)legend-state (1)deprecated (1)angular-vs-react (1)astro-vs-sveltekit (1)auth0 (1)mirage (1)api-mocking (1)ink (1)sanity (1)contentful (1)payload-cms (1)headless-cms (1)dprint (1)code-formatting (1)drizzle-kit (1)prisma-migrate (1)flyway (1)umzug (1)db-migrations (1)neutralino (1)desktop-apps (1)docusaurus (1)vitepress (1)starlight (1)wrangler (1)dotenv (1)t3-env (1)env-validation (1)sentry (1)highlight-io (1)bugsnag (1)error-tracking (1)feature-flags (1)launchdarkly (1)unleash (1)openfeature (1)uploadthing (1)react-dropzone (1)filepond (1)next-intl (1)react-i18next (1)formatjs (1)chartjs (1)d3 (1)visx (1)marked (1)remark (1)markdown-it (1)unified (1)capacitor (1)better-auth (1)triggerdev (1)mastra (1)socket-io (1)cheerio (1)react-spring (1)headless-ui (1)maizzle (1)mjml (1)email-templates (1)react-hooks (1)usehooks-ts (1)react-use (1)ahooks (1)tanstack-table (1)ag-grid (1)react-table (1)react-data-grid (1)data-grid (1)pusher (1)sst (1)aws-cdk (1)eleventy (1)static-site-generators (1)jamstack (1)typescript-first (1)ws (1)scripting (1)shell (1)lambda-edge (1)deno-deploy (1)coding-tools (1)emotion (1)motion-one (1)autoanimate (1)animations (1)gatsby (1)gatsby-vs-astro (1)happy-dom (1)jsdom (1)dom (1)vitest-environment (1)worktop (1)pkgpulse (1)updates (1)popularity (1)authjs (1)dark-mode (1)next-themes (1)multer (1)aws-s3 (1)create-react-app (1)node-modules (1)github-actions (1)setup (1)alpinejs (1)lightweight (1)htmx-vs-alpine (1)knex (1)knip (1)depcheck (1)dead-code (1)koa (1)lit (1)lit-vs-svelte (1)sessions (1)mongodb (1)stdlib (1)stars (1)downloads (1)metrics (1)production (1)ulid (1)cuid2 (1)ids (1)id-generation (1)nestjs (1)next-vs-remix (1)releases (1)socket-dev (1)nuxt (1)nuxt-vs-next (1)server (1)ollama (1)local-ai (1)open-props (1)design-tokens (1)quality (1)definitelytyped (1)passport (1)pinia (1)vuex (1)visual-testing (1)browser-automation (1)preact (1)preact-vs-react (1)prisma-vs-drizzle (1)qwik-vs-react (1)react-aria (1)headless-components (1)react-vs-solid (1)learning (1)recoil (1)atomic-state (1)zero-dependency (1)islands (1)hydration (1)vulnerabilities (1)cve (1)squoosh (1)solid-vs-svelte (1)drizzle-orm (1)superstruct (1)utility-first (1)react-testing (1)unit-testing (1)transformers-js (1)onnx-runtime (1)browser-ml (1)webgpu (1)ts-rest (1)library (1)devtools (1)vanilla-extract (1)type-safe (1)vue-vs-svelte (1)core-web-vitals (1)browser-support (1)ie11 (1)compatibility (1)xstate (1)state-machines (1)stylex (1)lerna (1)material-ui (1)utility (1)roundup (1)ui-libraries (1)mui (1)ant-design (1)chakra-ui (1)mantine (1)htmx-2026 (1)htmx-vs-react (1)web-vitals (1)