BREAKING!! NPM package ‘ua-parser-js’ with more than 7M weekly download is compromised

This page summarizes the projects mentioned and recommended in the original post on /r/programming

SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
surveyjs.io
featured
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
  • enquirer

    Stylish, intuitive and user-friendly prompts, for Node.js. Used by eslint, webpack, yarn, pm2, pnpm, RedwoodJS, FactorJS, salesforce, Cypress, Google Lighthouse, Generate, tencent cloudbase, lint-staged, gluegun, hygen, hardhat, AWS Amplify, GitHub Actions Toolkit, @airbnb/nimbus, and many others! Please follow Enquirer's author: https://github.com/jonschlinkert

  • Simultaneously the #1 trending developer on GitHub across all languages (out of ~17 million developers at the time) with multiple #1 trending projects: Remarkable (https://github.com/jonschlinkert/remarkable), a markdown parser and compiler (also across all languages, out of ~7 million projects), Enquirer (https://github.com/enquirer/enquirer), a stylish, user-friendly prompt system.

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

    SurveyJS logo
  • ua-parser-js

    UAParser.js - Free & open-source JavaScript library to detect user's Browser, Engine, OS, CPU, and Device type/model. Runs either in browser (client-side) or node.js (server-side).

  • I don't particularly want to write all of this every time I want to figure out what browser someone is running.

  • deno

    A modern runtime for JavaScript and TypeScript.

  • Per-module wermissions per module was been discussed here but it was closed. Seems the reason was that "If you're going to import some file/package you should be responsible for checking what permissions it requires.".

  • remarkable

    Markdown parser, done right. Commonmark support, extensions, syntax plugins, high speed - all in one. Gulp and metalsmith plugins available. Used by Facebook, Docusaurus and many others! Use https://github.com/breakdance/breakdance for HTML-to-markdown conversion. Use https://github.com/jonschlinkert/markdown-toc to generate a table of contents.

  • Simultaneously the #1 trending developer on GitHub across all languages (out of ~17 million developers at the time) with multiple #1 trending projects: Remarkable (https://github.com/jonschlinkert/remarkable), a markdown parser and compiler (also across all languages, out of ~7 million projects), Enquirer (https://github.com/enquirer/enquirer), a stylish, user-friendly prompt system.

  • deno-puppeteer

    A port of puppeteer running on Deno

  • Maybe people forget about this permission system because either are not experienced with Deno or because they just slap -A on eveything. Some packages such as deno-puppeteer even put it in all examples without even adding a note about its risks.

  • is-mobile

    Check if mobile browser, based on useragent string.

  • If your only goal is to be certain you're dealing with a mobile device, a specialized library like is-mobile is probably a better fit.

  • Github has published an advisory for the package https://github.com/advisories/GHSA-pjwm-rvh2-c87w

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • handlebars-helpers

    188 handlebars helpers in ~20 categories. Can be used with Assemble, Ghost, YUI, express.js etc.

  • lodash

    A modern JavaScript utility library delivering modularity, performance, & extras.

  • vouch

    A multi-ecosystem package code review system. (by vouch-dev)

  • open-source-at-scale

    Discontinued talk at budapest 2014

  • Listed in "Open Source at Scale" as #8 out of the top fifteen contributors to open source in the world (https://github.com/substack/open-source-at-scale)

  • AutoMapper

    A convention-based object-object mapper in .NET.

  • https://www.nuget.org/packages/Newtonsoft.Json/ https://www.nuget.org/packages/AutoMapper/ https://www.nuget.org/packages/Dapper/ https://www.nuget.org/packages/FluentValidation/ https://www.nuget.org/packages/FluentAssertions/ https://www.nuget.org/packages/NUnit/ https://www.nuget.org/packages/xunit/ https://www.nuget.org/packages/YamlDotNet/ https://www.nuget.org/packages/Moq/ That is simply not true. Mature c# projects purposely maintain no downstream dependencies and is they do, it's to a major reputable lib. See for yourself - these are staple third party packages commonly used. Anything dependency starting with System or NETStandard is Microsoft maintained.

  • Dapper

    Discontinued Dapper - a simple object mapper for .Net [Moved to: https://github.com/DapperLib/Dapper] (by StackExchange)

  • https://www.nuget.org/packages/Newtonsoft.Json/ https://www.nuget.org/packages/AutoMapper/ https://www.nuget.org/packages/Dapper/ https://www.nuget.org/packages/FluentValidation/ https://www.nuget.org/packages/FluentAssertions/ https://www.nuget.org/packages/NUnit/ https://www.nuget.org/packages/xunit/ https://www.nuget.org/packages/YamlDotNet/ https://www.nuget.org/packages/Moq/ That is simply not true. Mature c# projects purposely maintain no downstream dependencies and is they do, it's to a major reputable lib. See for yourself - these are staple third party packages commonly used. Anything dependency starting with System or NETStandard is Microsoft maintained.

  • FluentValidation

    A popular .NET validation library for building strongly-typed validation rules.

  • https://www.nuget.org/packages/Newtonsoft.Json/ https://www.nuget.org/packages/AutoMapper/ https://www.nuget.org/packages/Dapper/ https://www.nuget.org/packages/FluentValidation/ https://www.nuget.org/packages/FluentAssertions/ https://www.nuget.org/packages/NUnit/ https://www.nuget.org/packages/xunit/ https://www.nuget.org/packages/YamlDotNet/ https://www.nuget.org/packages/Moq/ That is simply not true. Mature c# projects purposely maintain no downstream dependencies and is they do, it's to a major reputable lib. See for yourself - these are staple third party packages commonly used. Anything dependency starting with System or NETStandard is Microsoft maintained.

  • Fluent Assertions

    A very extensive set of extension methods that allow you to more naturally specify the expected outcome of a TDD or BDD-style unit tests. Targets .NET Framework 4.7, as well as .NET Core 2.1, .NET Core 3.0, .NET 6, .NET Standard 2.0 and 2.1. Supports the unit test frameworks MSTest2, NUnit3, XUnit2, MSpec, and NSpec3.

  • https://www.nuget.org/packages/Newtonsoft.Json/ https://www.nuget.org/packages/AutoMapper/ https://www.nuget.org/packages/Dapper/ https://www.nuget.org/packages/FluentValidation/ https://www.nuget.org/packages/FluentAssertions/ https://www.nuget.org/packages/NUnit/ https://www.nuget.org/packages/xunit/ https://www.nuget.org/packages/YamlDotNet/ https://www.nuget.org/packages/Moq/ That is simply not true. Mature c# projects purposely maintain no downstream dependencies and is they do, it's to a major reputable lib. See for yourself - these are staple third party packages commonly used. Anything dependency starting with System or NETStandard is Microsoft maintained.

  • NUnit

    NUnit Framework

  • https://www.nuget.org/packages/Newtonsoft.Json/ https://www.nuget.org/packages/AutoMapper/ https://www.nuget.org/packages/Dapper/ https://www.nuget.org/packages/FluentValidation/ https://www.nuget.org/packages/FluentAssertions/ https://www.nuget.org/packages/NUnit/ https://www.nuget.org/packages/xunit/ https://www.nuget.org/packages/YamlDotNet/ https://www.nuget.org/packages/Moq/ That is simply not true. Mature c# projects purposely maintain no downstream dependencies and is they do, it's to a major reputable lib. See for yourself - these are staple third party packages commonly used. Anything dependency starting with System or NETStandard is Microsoft maintained.

  • xUnit

    xUnit.net is a free, open source, community-focused unit testing tool for .NET.

  • https://www.nuget.org/packages/Newtonsoft.Json/ https://www.nuget.org/packages/AutoMapper/ https://www.nuget.org/packages/Dapper/ https://www.nuget.org/packages/FluentValidation/ https://www.nuget.org/packages/FluentAssertions/ https://www.nuget.org/packages/NUnit/ https://www.nuget.org/packages/xunit/ https://www.nuget.org/packages/YamlDotNet/ https://www.nuget.org/packages/Moq/ That is simply not true. Mature c# projects purposely maintain no downstream dependencies and is they do, it's to a major reputable lib. See for yourself - these are staple third party packages commonly used. Anything dependency starting with System or NETStandard is Microsoft maintained.

  • Serilog

    Simple .NET logging with fully-structured events

  • MediatR

    Simple, unambitious mediator implementation in .NET

  • is-odd

    Discontinued I created this in 2014, the year I learned how to program. All of the downloads are from an old version of https://github.com/micromatch/micromatch. I've done a few other things since: https://github.com/jonschlinkert. (by i-voted-for-trump)

  • Not[1] one[2] package[3] has more than 15 lines of actual code inside.

  • is-even

    Discontinued I created this in 2014, when I was learning how to program. (by i-voted-for-trump)

  • Not[1] one[2] package[3] has more than 15 lines of actual code inside.

  • is-number

    JavaScript/Node.js utility. Returns `true` if the value is a number or string number. Useful for checking regex match results, user input, parsed strings, etc.

  • Not[1] one[2] package[3] has more than 15 lines of actual code inside.

  • Babel (Formerly 6to5)

    🐠 Babel is a compiler for writing next generation JavaScript.

  • @cdb_11 found it depends on a npm package with one line of code. They finally removed it a couple years ago - https://github.com/babel/babel/issues/9620

  • micromatch

    Highly optimized wildcard and glob matching library. Faster, drop-in replacement to minimatch and multimatch. Used by square, webpack, babel core, yarn, jest, ract-native, taro, bulma, browser-sync, stylelint, nyc, ava, and many others! Follow micromatch's author: https://github.com/jonschlinkert

  • Since then they've made things that are IMO quite useful, like enquirer, micromatch, and remarkable.

  • npm-force-resolutions

    Force npm to install a specific transitive dependency version

  • @GradeyCullins I believe the typical NPM-equivalent to resolve this sort of problem is to use this package: https://github.com/rogeriochaves/npm-force-resolutions

  • crater

    Run experiments across parts of the Rust ecosystem! (by rust-lang)

  • It does exist, but it only has 80 downloads over the last 90 days and 1,043 in the three years that it has existed. That's probably all because of crater.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Browser Automation With Node Red

    7 projects | dev.to | 28 Mar 2021
  • How to Become a Pro 😎 Front End Developer💻

    9 projects | dev.to | 8 Oct 2020
  • 20 Top C# Frameworks and Libraries on GitHub for Building Powerful Applications

    17 projects | dev.to | 23 May 2024
  • What's New in Node.js 22

    4 projects | dev.to | 21 May 2024
  • Collecting JavaScript code coverage with Capybara in Ruby on Rails application

    6 projects | dev.to | 14 May 2024