No posts found for this topic.
npm is the package registry and tooling at the heart of the JavaScript ecosystem. This hub gathers guides on managing dependencies, publishing packages, understanding versioning, and keeping projects secure.
5 articles · Updated June 10, 2022
Every dependency is code you now maintain by proxy. Audit before you add, and keep your lockfile committed.
Hand-picked and latest articles from this topic.

Quick-reference cheatsheets for tools and libraries in this space.
Curated tools, docs, and communities worth bookmarking.
Quick answers about this topic hub.
Dependencies are packages your app needs at runtime, while devDependencies are only needed during development — things like test runners, bundlers, and linters. Separating them keeps production installs lean.
It records the exact versions of every installed package (including nested ones) so installs are reproducible across machines and over time. Always commit it to keep your team on identical dependency trees.
Run npm audit to check for known vulnerabilities, keep packages updated, minimize how many you add, and review new dependencies before installing. Supply-chain security starts with what you choose to pull in.
No posts found for this topic.