Npm Alternatives

npm reviews and mentions

• JSON5 – JSON for Humans
  21 projects | news.ycombinator.com | 8 Dec 2024

  > I never suggested using a commit message, there are plenty of other ways to document these things and I'll leave that up to the user to figure out.

  Dude, I think you're lost, in more ways than one. I was directly responding to a comment that stated "Surely that's what the commit message is for?"

  For the rest of your comment, at this point I'd rather have an argument with a dining room table. No shit you can't have comments in package.json now, that's the entire reason that issue https://github.com/npm/npm/issues/4482 is unfixable. If JSON supported comments from the beginning, then tooling would have to respect that, just like the bajillion other config file formats that support tooling that updates the config file programmatically.

• App::cpx
  1 project | dev.to | 5 Sep 2024

  For this purpose, I'm using frequently npx (now part of npm).

• How to call Fortran routines from JavaScript with Node.js
  5 projects | dev.to | 23 Jul 2024

  We'll be using npm for installing Node.js dependencies, but you should be able to adapt any installation commands to your preferred JavaScript package manager (e.g., Yarn, pnpm, etc).

• XML is better than YAML
  17 projects | news.ycombinator.com | 20 Sep 2023

  The fact that JSON doesn't support comments is so annoying, and I always thought that Douglas Crockford's rationale for this basically made no sense ("They can be misused!" - like, so what, nearly anything can be misused. So without support for comments e.g. in package.json files I have to do even worse hacky workaround bullshit like "__some_field_comment": "this is my comment"). There is of course jsonc and JSON5 but the fact that it's not supported everywhere means 10 years later we still can't write comments in package.json (there is https://github.com/npm/npm/issues/4482 and about a million related issues).

• Jest not recommended to be used in Node.js due to instanceOf operator issues
  9 projects | news.ycombinator.com | 30 Jun 2023

  Things like the sparkline charts on npmjs (e.g. https://www.npmjs.com/package/npm ) are interactive SVGs. I think they're pretty common for data visualizations of all kinds

• JavaScript registry NPM vulnerable to 'manifest confusion' abuse
  3 projects | news.ycombinator.com | 27 Jun 2023

  I actually did a POC 7 years ago about this - https://github.com/tanepiper/steal-ur-stuff

  It was reported to npm at the time, but they chose to ignore it - https://github.com/npm/npm/issues/17724

• I'm a Teapot
  4 projects | news.ycombinator.com | 26 May 2023

  Every time this pops up, I'm reminded of the day that the NPM registry started returning 418 responses.

  I remember being at a training course that day and my manager asking me what we could do to fix it because our CI was failing to pull dependencies from NPM.

  Trying to explain that NPM was returning a status code intended as an April Fools joke and which was never meant to see the light of production was quite difficult

  https://github.com/npm/npm/issues/20791

• Dissecting Npm Malware: Five Packages And Their Evil Install Scripts
  4 projects | /r/javascript | 18 Apr 2023

  I should really get around to how I discovered this 6 years ago and still nothing done about it

• Attackers are hiding malware in minified packages distributed to NPM
  4 projects | /r/javascript | 30 Mar 2023

  Whenever something like this comes up I usually have to tap the sign (and the original report)

• NPM Vs PNPM
  1 project | /r/npm | 23 Mar 2023

  NPM is not "Node Package Manager". https://www.npmjs.com/package/npm

• A note from our sponsor - Civic Auth
  www.civic.com | 30 Apr 2025

  Civic Auth comes with multiple SSO options, optional embedded wallets, and user management — all implemented with just a few lines of code. Start building today. Learn more →