javascript-clients
Javascript clients for swagger API (by RedHatInsights)
package-manager-hardening
A non-exhaustive list of package manager hardening recommendations to help prevent supply chain vulnerability attacks. Includes AGENTS.md files and skills to enforce these recommendations. (by jordanconway)
| javascript-clients | package-manager-hardening | |
|---|---|---|
| 5 | 1 | |
| 4 | 11 | |
| - | - | |
| - | - | |
| 16 days ago | 23 days ago | |
| TypeScript | Python | |
| Apache License 2.0 | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
javascript-clients
Posts with mentions or reviews of javascript-clients.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2026-06-01.
-
Red Hat packages backdoored through its official NPM channel
List of affected packages: https://github.com/RedHatInsights/javascript-clients/issues/...
- npm Supply Chain Attacks, Pixel/Exynos Zero-Days, and Instagram Account Takeovers
- 31 paquetes npm de Red Hat comprometidos roban credenciales de nube
-
NPM packages from RedHat have been compromised
This repository itself had to previously update from the axios supply chain attack [0] (co-authored by Claude lol). But just by looking at the change itself, the package is unpinned and won't solve the problem if it happens again as a illegitimate "security update".
So if you have an unpinned version of this package and you run 'npm install', you immediately downloaded the compromised version and that's that.
[0] https://github.com/RedHatInsights/javascript-clients/commit/...
package-manager-hardening
Posts with mentions or reviews of package-manager-hardening.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2026-06-01.
-
NPM packages from RedHat have been compromised
A friend of mine has a github repo with references to how to set things up in sane and slightly more secure manner: https://github.com/jordanconway/package-manager-hardening
What are some alternatives?
When comparing javascript-clients and package-manager-hardening you can also consider the following projects:
pgpverify-maven-plugin - Verify Open PGP / GPG signatures plugin
platform-frontend-ai-toolkit - A set of helpful coding AI tooling for frontend development
rfcs - Public change requests/proposals & ideation
cli - the package manager for JavaScript