registry
types
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
registry
-
Social engineering campaign targeting tech employees spreads through NPM malware
More important than the namespace is who published the package. I'm more inclined to trust an individual I know who takes security than a namespace that may change hands.
NPM exposes that info in the _npmUser field: https://github.com/npm/registry/blob/master/docs/REGISTRY-AP.... That gives "name" (NPM username) and email.
While there are thousands of packages, I bet there's a much smaller number of publishers to worry about.
-
query all npmjs packages
I can't find anything about it in their docs. https://github.com/npm/registry/blob/master/docs/REGISTRY-API.md
-
When to use a separate backend?
https://github.com/npm/registry/blob/master/docs/REGISTRY-API.md here are the docs. I was getting 122ms responses instead of 9000 on the old one.
-
A technical tale of NodeSecure - Chapter 1
My first instinct was to work with the public API of the npm registry. This sounds like a very good idea, but you will soon run into a set of problems (cache, private registry etc..).
-
Next.js, Material UI, MongoDB Personal Dashboard
There is no need to obtain an API key or token for querying NPM registry API. For the dashboard, I use only the endpoint that provides the data about a package downloads count - https://api.npmjs.org/downloads/. You can read more about it here.
-
Exploring the npm registry API
While many people regularly use npm's website to discover packages, only a few know that npm also provides a public REST API accessible at registry.npmjs.org.
-
[AskJS] Is there any website that regularly published npm download charts?
Or roll your own, docs here: https://github.com/npm/registry/blob/master/docs/download-counts.md
types
-
A technical tale of NodeSecure - Chapter 1
Note: There is a package with the type definitions @npm/types.
What are some alternatives?
flags - NodeSecure security flags 🚩 (configuration and documentation)
js-x-ray - JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
my-projects-dashboard - Next.js, Material UI, MongoDB Personal Dashboard with dev.to, GitHub, Twitter, and npm API integration.
scanner - ⚡️ A package API to run a static analysis of your module's dependencies. This is the CLI engine!
conf - Simple config handling for your app or module
birdcage - Cross-platform embeddable sandboxing
login-action - GitHub Action to login against a Docker registry
Next.js - The React Framework
open-vsx.org - Source of open-vsx.org
ESLint - Find and fix problems in your JavaScript code.
verdaccio - 📦🔐 A lightweight Node.js private proxy registry