Mischievous NPM Publications

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
surveyjs.io
featured
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured

  • frontend

    • We‘ve been writing a tool to check lock files against the registry: https://gitlab.com/gitlab-org/frontend/untamper-my-lockfile

    For now it only supports yarn, but npm support shouldn’t be too hard.

  • totally-fair-rng

    A 100% fair random number generator, every day of the year!

    • I went a different route with my "malicious" NPM package. See if you can figure it out [1].

    Years ago I played around with the idea of verifying that a npm package is the same code found from the source repo [2]. Because there is often a build step, that requires trying to reproduce the building of any arbitrary package, and flagging when there is any delta between the build output and the code distributed via NPM. In more reasonable package managers, this is true by default given that you provide the source code and the package manager builds it for you ... as opposed to NPM, which just asks for the executable code directly.

    [1] https://github.com/connorjclark/totally-fair-rng

    [2] https://github.com/connorjclark/npm-package-repro

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

    SurveyJS logo

  • npm-package-repro

    • I went a different route with my "malicious" NPM package. See if you can figure it out [1].

    Years ago I played around with the idea of verifying that a npm package is the same code found from the source repo [2]. Because there is often a build step, that requires trying to reproduce the building of any arbitrary package, and flagging when there is any delta between the build output and the code distributed via NPM. In more reasonable package managers, this is true by default given that you provide the source code and the package manager builds it for you ... as opposed to NPM, which just asks for the executable code directly.

    [1] https://github.com/connorjclark/totally-fair-rng

    [2] https://github.com/connorjclark/npm-package-repro

  • evil.js

    • I know exactly where this is from. This has been floating around the Chinese Internet for a bit. The repo is originally at https://github.com/wheatup/evil.js but has been made private since then. A few variants of this was made and uploaded to NPM.

    Here's a English translation of the README.md in that specific repo.

    > What? The notorious 996 company wants you to hit the road?

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Supercharge Your System Development: Leveraging Pre-Trained LLM APIs for Faster and More Efficient Building

    1 project | dev.to | 14 May 2024

  • The Clean Code book and the clean code paradigms

    1 project | dev.to | 14 May 2024

  • Meteor 2.16 and Oplog Tailing Optimization

    1 project | dev.to | 14 May 2024

  • How to use NextAuth useSession on Storybook 8

    1 project | dev.to | 14 May 2024

  • Create a typescript package with Parcel

    1 project | dev.to | 14 May 2024