Popular 'coa' NPM library hijacked to steal user passwords

This page summarizes the projects mentioned and recommended in the original post on /r/javascript
MVC Frameworks and Libraries JavaScript Framework virtual-dom Functional programming

SurveyJS
Our great sponsors
  • SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
Our great sponsors

  • lodash

    A modern JavaScript utility library delivering modularity, performance, & extras.

    • Personally, I try my best to avoid bringing in dependencies as much as possible, and try to limit my exposure to only dependencies with low/shallow transitive dependency counts. Unfortunately, this is pretty hard, especially in corporate settings. What we need more of are the opposite of what we've been collectively praising: we need more monolithic packages. Case in point: lodash.template is currently vulnerable with no mitigation, even though lodash itself is not. That's just sloppy publishing practices. Esbuild is a great start over the webpack/babel maze of dependencies. There's a stdlib effort along those lines that hopefully would also help. There's a bunch of micro-frameworks that are used in production just fine and have little to no dependencies.

  • Mithril.js

    A JavaScript Framework for Building Brilliant Applications

    • Personally, I try my best to avoid bringing in dependencies as much as possible, and try to limit my exposure to only dependencies with low/shallow transitive dependency counts. Unfortunately, this is pretty hard, especially in corporate settings. What we need more of are the opposite of what we've been collectively praising: we need more monolithic packages. Case in point: lodash.template is currently vulnerable with no mitigation, even though lodash itself is not. That's just sloppy publishing practices. Esbuild is a great start over the webpack/babel maze of dependencies. There's a stdlib effort along those lines that hopefully would also help. There's a bunch of micro-frameworks that are used in production just fine and have little to no dependencies.

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

    SurveyJS logo

  • hyperapp

    1kB-ish JavaScript framework for building hypertext applications

    • Personally, I try my best to avoid bringing in dependencies as much as possible, and try to limit my exposure to only dependencies with low/shallow transitive dependency counts. Unfortunately, this is pretty hard, especially in corporate settings. What we need more of are the opposite of what we've been collectively praising: we need more monolithic packages. Case in point: lodash.template is currently vulnerable with no mitigation, even though lodash itself is not. That's just sloppy publishing practices. Esbuild is a great start over the webpack/babel maze of dependencies. There's a stdlib effort along those lines that hopefully would also help. There's a bunch of micro-frameworks that are used in production just fine and have little to no dependencies.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts