jspm
npm
| jspm | npm | |
|---|---|---|
| - | 52 | |
| 3,758 | 17,233 | |
| - | - | |
| 2.4 | 2.1 | |
| - | over 4 years ago | |
| JavaScript | JavaScript | |
| Apache License 2.0 | Artistic License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
jspm
We haven't tracked posts mentioning jspm yet.
Tracking mentions began in Dec 2020.
npm
-
JSON5 – JSON for Humans
> I never suggested using a commit message, there are plenty of other ways to document these things and I'll leave that up to the user to figure out.
Dude, I think you're lost, in more ways than one. I was directly responding to a comment that stated "Surely that's what the commit message is for?"
For the rest of your comment, at this point I'd rather have an argument with a dining room table. No shit you can't have comments in package.json now, that's the entire reason that issue https://github.com/npm/npm/issues/4482 is unfixable. If JSON supported comments from the beginning, then tooling would have to respect that, just like the bajillion other config file formats that support tooling that updates the config file programmatically.
-
App::cpx
For this purpose, I'm using frequently npx (now part of npm).
-
How to call Fortran routines from JavaScript with Node.js
We'll be using npm for installing Node.js dependencies, but you should be able to adapt any installation commands to your preferred JavaScript package manager (e.g., Yarn, pnpm, etc).
-
XML is better than YAML
The fact that JSON doesn't support comments is so annoying, and I always thought that Douglas Crockford's rationale for this basically made no sense ("They can be misused!" - like, so what, nearly anything can be misused. So without support for comments e.g. in package.json files I have to do even worse hacky workaround bullshit like "__some_field_comment": "this is my comment"). There is of course jsonc and JSON5 but the fact that it's not supported everywhere means 10 years later we still can't write comments in package.json (there is https://github.com/npm/npm/issues/4482 and about a million related issues).
-
Jest not recommended to be used in Node.js due to instanceOf operator issues
Things like the sparkline charts on npmjs (e.g. https://www.npmjs.com/package/npm ) are interactive SVGs. I think they're pretty common for data visualizations of all kinds
-
JavaScript registry NPM vulnerable to 'manifest confusion' abuse
I actually did a POC 7 years ago about this - https://github.com/tanepiper/steal-ur-stuff
It was reported to npm at the time, but they chose to ignore it - https://github.com/npm/npm/issues/17724
-
I'm a Teapot
Every time this pops up, I'm reminded of the day that the NPM registry started returning 418 responses.
I remember being at a training course that day and my manager asking me what we could do to fix it because our CI was failing to pull dependencies from NPM.
Trying to explain that NPM was returning a status code intended as an April Fools joke and which was never meant to see the light of production was quite difficult
https://github.com/npm/npm/issues/20791
-
Dissecting Npm Malware: Five Packages And Their Evil Install Scripts
I should really get around to how I discovered this 6 years ago and still nothing done about it
-
Attackers are hiding malware in minified packages distributed to NPM
Whenever something like this comes up I usually have to tap the sign (and the original report)
-
NPM Vs PNPM
NPM is not "Node Package Manager". https://www.npmjs.com/package/npm
What are some alternatives?
yarn - The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry
spm
pnpm - Fast, disk space efficient package manager