Articles tagged “supply-chain”

3 articles

How to Secure Your npm Supply Chain in 2026

Practical npm supply chain security for 2026. Lockfiles, audit automation, provenance attestation, Socket.dev scanning, and the 5 attacks targeting npm packages right now.

March 8, 2026·PkgPulse Team

The npm Security Landscape: Supply Chain Attacks in 2026

npm supply chain attacks, malicious packages, and how to protect your project in 2026. Socket.dev, npm audit, lockfile security, and best practices for npm security.

March 8, 2026·PkgPulse Team

Security Vulnerabilities by Category: Which Package Types Are Riskiest?

Data on npm security vulnerabilities by package category in 2026. Which types of packages have the most CVEs, what attack patterns are common, and how to reduce your exposure.

March 8, 2026·PkgPulse Team

All Tags

2026 (309)javascript (84)typescript (74)react (66)nodejs (58)comparison (55)npm (51)performance (27)testing (19)bun (17)open-source (16)vite (16)nextjs (16)opinion (15)frontend (14)database (13)hono (13)migration (13)tailwind (13)build-tools (12)zustand (11)state-management (11)playwright (11)zod (11)security (11)prisma (11)runtime (10)monorepo (10)tooling (10)vitest (10)bundle-size (10)drizzle (10)pnpm (9)biome (9)jest (9)css (9)orm (9)vue (9)webpack (8)ai (8)eslint (8)bundlers (8)backend (8)svelte (8)trpc (8)turborepo (8)express (8)dependencies (8)turbopack (7)edge (7)components (7)fastify (7)frameworks (7)validation (7)astro (6)linting (6)cloudflare-workers (6)rust (6)api (6)nx (6)authentication (6)package-selection (6)langchain (5)openai (5)realtime (5)forms (5)date-fns (5)rspack (5)graphql (5)sveltekit (5)maintenance (5)devops (5)ecosystem (5)jotai (5)bundler (4)deno (4)redux (4)puppeteer (4)websockets (4)package-manager (4)react-hook-form (4)shadcn-ui (4)tsup (4)unbuild (4)esbuild (4)prettier (4)dayjs (4)developer-tools (4)storybook (4)react-server-components (4)radix-ui (4)trends (4)clerk (4)tanstack-query (4)yarn (4)nextauth (4)shadcn (4)swc (4)panda-css (4)remix (4)next.js (3)msw (3)nock (3)node-js (3)socketio (3)tanstack-form (3)temporal (3)itty-router (3)park-ui (3)melt-ui (3)tsx (3)ts-node (3)moon (3)arktype (3)typebox (3)valibot (3)packages (3)llm (3)angular (3)meta-framework (3)commander (3)yargs (3)cli (3)react-email (3)sharp (3)jimp (3)image-processing (3)logging (3)pino (3)winston (3)type-safety (3)ui (3)serverless (3)libraries (3)styling (3)kysely (3)css-in-js (3)github (3)health-scores (3)testing-library (3)supply-chain (3)fullstack (3)typeorm (3)node.js (2)vercel-ai-sdk (2)supertest (2)api-testing (2)mocking (2)bullmq (2)inngest (2)background-jobs (2)partykit (2)crawlee (2)web-scraping (2)conform (2)server-actions (2)component-library (2)library-bundling (2)formatting (2)zx (2)cursor (2)continue-dev (2)dbgate (2)gui (2)effect-ts (2)fp-ts (2)functional-programming (2)farm (2)nitro (2)edge-runtime (2)mcp (2)model-context-protocol (2)upgrade (2)oxlint (2)react-19 (2)next-js (2)ladle (2)histoire (2)routing (2)rest (2)pkgroll (2)turso (2)planetscale (2)neon (2)productivity (2)ai-sdk (2)apollo-client (2)urql (2)enterprise (2)axios (2)ky (2)http-client (2)oclif (2)electron (2)tauri (2)cross-platform (2)documentation (2)nodemailer (2)resend (2)email (2)file-upload (2)formik (2)luxon (2)ably (2)stripe (2)lemonsqueezy (2)payments (2)saas (2)framer-motion (2)mantine (2)dx (2)css-modules (2)dates (2)developer-experience (2)styled-components (2)esm (2)commonjs (2)architecture (2)elysia (2)package-health (2)lucia (2)t3-stack (2)enzyme (2)momentjs (2)mongoose (2)e2e (2)htmx (2)nanoid (2)uuid (2)ofetch (2)types (2)cypress (2)solid.js (2)redux-toolkit (2)rollup (2)web-performance (2)stylex (2)unocss (2)data-fetching (2)bundle size (2)optimization (2)tools (1)web-development (1)turbopack vs vite (1)deno vs node (1)static-site (1)astro vs nextjs (1)vite vs webpack (1)bun vs node (1)trigger-dev (1)queues (1)pdf (1)pdfkit (1)react-pdf (1)yjs (1)npm-workspaces (1)tailwind-v4 (1)daisyui (1)flowbite (1)pinecone (1)weaviate (1)qdrant (1)pgvector (1)vector-database (1)shell-scripting (1)benchmark (1)ai-coding (1)vscode-extension (1)javascript-dates (1)drizzle-studio (1)prisma-studio (1)error-handling (1)elysiajs (1)workers (1)claude (1)component-testing (1)compiler (1)svelte-5 (1)partial-hydration (1)ark-ui (1)component-development (1)tanstack-router (1)react-router (1)npm-packages (1)serverless-database (1)postgresql (1)sqlite (1)schema-validation (1)legend-state (1)valtio (1)deprecated (1)angular vs react (1)astro vs sveltekit (1)auth0 (1)fetch (1)mirage (1)api-mocking (1)ink (1)sanity (1)contentful (1)payload-cms (1)headless-cms (1)dprint (1)code-formatting (1)drizzle-kit (1)prisma-migrate (1)flyway (1)db-migrations (1)neutralino (1)desktop-apps (1)docusaurus (1)vitepress (1)starlight (1)vercel-edge (1)wrangler (1)dotenv (1)t3-env (1)env-validation (1)sentry (1)highlight-io (1)bugsnag (1)error-tracking (1)monitoring (1)feature-flags (1)launchdarkly (1)unleash (1)openfeature (1)uploadthing (1)react-dropzone (1)filepond (1)next-intl (1)react-i18next (1)formatjs (1)i18n (1)chartjs (1)d3 (1)recharts (1)visx (1)data-visualization (1)package-managers (1)javascript-runtime (1)marked (1)remark (1)markdown-it (1)unified (1)markdown (1)react-native (1)flutter (1)capacitor (1)expo (1)mobile (1)better-auth (1)trigger.dev (1)redis (1)observability (1)ai-agents (1)mastra (1)socket-io (1)websocket (1)cheerio (1)paddle (1)animation (1)react-spring (1)gsap (1)headless-ui (1)maizzle (1)mjml (1)email-templates (1)react-hooks (1)usehooks-ts (1)react-use (1)ahooks (1)tanstack-table (1)ag-grid (1)react-table (1)data-grid (1)pusher (1)sst (1)aws-cdk (1)lambda (1)eleventy (1)static-site-generators (1)jamstack (1)typescript-first (1)ws (1)scripting (1)shell (1)lambda-edge (1)deno-deploy (1)argument-parsing (1)coding-tools (1)emotion (1)motion-one (1)autoanimate (1)animations (1)gatsby (1)ssg (1)gatsby vs astro (1)modules (1)happy-dom (1)jsdom (1)dom (1)best-practices (1)worktop (1)github-copilot (1)pkgpulse (1)updates (1)popularity (1)anthropic (1)auth.js (1)dark-mode (1)next-themes (1)multer (1)aws-s3 (1)socket.io (1)create-react-app (1)node_modules (1)ci-cd (1)github-actions (1)automation (1)setup (1)vercel (1)alpine.js (1)lightweight (1)htmx vs alpine (1)workspaces (1)joi (1)knex (1)knip (1)depcheck (1)dead-code (1)koa (1)licensing (1)legal (1)lit (1)web components (1)lit vs svelte (1)sessions (1)micro-frontends (1)mobx (1)mongodb (1)stdlib (1)stars (1)downloads (1)metrics (1)production (1)ulid (1)cuid2 (1)ids (1)id-generation (1)nestjs (1)next vs remix (1)lts (1)releases (1)socket-dev (1)nuxt (1)nuxt vs next (1)undici (1)server (1)ollama (1)local-ai (1)open-props (1)design-tokens (1)quality (1)definitelytyped (1)passport (1)pinia (1)vuex (1)visual-testing (1)browser-automation (1)preact (1)preact vs react (1)prisma vs drizzle (1)benchmarks (1)qwik (1)qwik vs react (1)react-aria (1)accessibility (1)headless-components (1)react vs solid (1)learning (1)recoil (1)atomic-state (1)full-stack (1)zero-dependency (1)islands (1)hydration (1)vulnerabilities (1)cve (1)radix (1)squoosh (1)solid vs svelte (1)drizzle-orm (1)server-components (1)atomic-css (1)meta (1)superstruct (1)utility-first (1)react-query (1)react-testing (1)unit-testing (1)transformers-js (1)onnx-runtime (1)browser-ml (1)webgpu (1)ts-rest (1)library (1)devtools (1)vanilla-extract (1)type-safe (1)vue vs svelte (1)core-web-vitals (1)browser-support (1)ie11 (1)compatibility (1)xstate (1)state-machines (1)schema (1)json-schema (1)yup (1)http client (1)build tools (1)lerna (1)package manager (1)supply chain (1)best practices (1)state management (1)signals (1)component library (1)material ui (1)utility (1)roundup (1)ui-libraries (1)mui (1)ant-design (1)chakra-ui (1)desktop (1)htmx 2026 (1)htmx vs react (1)swr (1)web-vitals (1)