Articles tagged “supply-chain”

5 articles

axios Alternatives 2026: got, ky, and undici

axios was compromised in a supply chain attack in March 2026. Compare got, ky, undici, and native fetch — performance, bundle size, and TypeScript support.

April 3, 2026·PkgPulse Team

npm Supply Chain Security Guide 2026

Defend against npm supply chain attacks in 2026: typosquatting, dependency confusion, malicious packages, lockfile poisoning, and the tools that stop them before install.

March 29, 2026·PkgPulse Team

How to Secure Your npm Supply Chain in 2026

Practical npm supply chain security for 2026. Lockfiles, audit automation, provenance attestation, Socket.dev scanning, and the 5 attacks targeting npm.

March 8, 2026·PkgPulse Team

The npm Security Landscape: Supply Chain Attacks 2026

npm supply chain attacks, malicious packages, and how to protect your project in 2026. Socket.dev, npm audit, lockfile security, and best practices for npm.

March 8, 2026·PkgPulse Team

Security Vulnerabilities by Category

Data on npm security vulnerabilities by package category in 2026. Which types of packages have the most CVEs, what attack patterns are common, and how to.

March 8, 2026·PkgPulse Team

All Tags

2026 (386)typescript (366)javascript (214)developer-tools (147)node.js (142)react (126)nodejs (105)api (80)npm (72)comparison (71)performance (51)automation (46)testing (37)nextjs (34)database (32)security (28)devops (27)bun (26)ai (24)backend (24)react-native (22)frontend (22)mobile (21)migration (20)vite (20)vitest (19)build-tools (19)zod (18)tailwind (17)open-source (17)hono (17)state-management (17)monorepo (16)opinion (15)pnpm (14)llm (14)prisma (14)validation (14)playwright (14)drizzle (13)tooling (13)jest (13)authentication (13)bundle-size (12)webpack (12)biome (12)express (12)zustand (12)runtime (11)trpc (11)css (11)serverless (11)ui (11)turborepo (10)rust (10)fastify (10)bundler (10)next.js (10)astro (10)eslint (10)svelte (10)orm (10)deno (9)turbopack (9)linting (9)edge (9)vue (9)yarn (8)openai (8)graphql (8)valibot (8)expo (8)components (8)saas (8)bundlers (8)frameworks (8)dependencies (8)package-manager (7)packages (7)forms (7)animation (7)nx (7)cloudflare-workers (7)realtime (7)documentation (7)langchain (6)ecosystem (6)react-hook-form (6)sveltekit (6)date-fns (6)rspack (6)postgresql (6)package-selection (6)supply-chain (5)full-stack (5)tanstack-query (5)cross-platform (5)developer-experience (5)swc (5)esbuild (5)shadcn (5)nextauth (5)cms (5)data-visualization (5)analytics (5)cli (5)payments (5)email (5)remix (5)maintenance (5)jotai (5)package-managers (4)auth (4)optimization (4)type-safety (4)elysia (4)upgrade (4)arktype (4)ai-sdk (4)styling (4)data-fetching (4)moon (4)angular (4)neon (4)meta-framework (4)temporal (4)redux (4)cloud (4)puppeteer (4)websockets (4)shadcn-ui (4)tsup (4)unbuild (4)prettier (4)dayjs (4)accessibility (4)routing (4)observability (4)logging (4)monitoring (4)storybook (4)react-server-components (4)types (4)fullstack (4)trends (4)clerk (4)panda-css (4)axios (3)ky (3)http-client (3)vercel-ai-sdk (3)hub (3)benchmarks (3)esm (3)commonjs (3)rollup (3)formik (3)yup (3)benchmark (3)compiler (3)framework (3)ui-components (3)framer-motion (3)vercel (3)oxc (3)formatting (3)server-components (3)unocss (3)oxlint (3)effect-ts (3)fp-ts (3)apollo-client (3)schema-validation (3)cursor (3)signals (3)rolldown (3)turso (3)ssg (3)momentjs (3)storage (3)aws (3)msw (3)nock (3)mocking (3)background-jobs (3)node-js (3)socketio (3)web-scraping (3)self-hosted (3)docker (3)ci-cd (3)real-time (3)farm (3)search (3)networking (3)itty-router (3)redis (3)websocket (3)video (3)markdown (3)architecture (3)notifications (3)cypress (3)charts (3)park-ui (3)melt-ui (3)radix-ui (3)infrastructure (3)enterprise (3)tauri (3)electron (3)tsx (3)ts-node (3)file-upload (3)typebox (3)commander (3)yargs (3)react-email (3)sharp (3)jimp (3)image-processing (3)pino (3)winston (3)libraries (3)kysely (3)css-in-js (3)github (3)health-scores (3)testing-library (3)typeorm (3)undici (2)anthropic (2)agents (2)workspaces (2)node (2)modules (2)socket (2)snyk (2)licensing (2)legal (2)changesets (2)python (2)encore (2)motia (2)ai-agents (2)lts (2)json-schema (2)javascript-runtime (2)qwik (2)error-handling (2)swr (2)github-copilot (2)ai-coding (2)vercel-edge (2)ecmascript (2)sqlite (2)ssr (2)toolchain (2)ppr (2)rendering (2)flutter (2)reactivity (2)runes (2)svelte-5 (2)javascript-dates (2)radix (2)schema (2)microservices (2)supertest (2)api-testing (2)bullmq (2)inngest (2)queues (2)pdf (2)partykit (2)yjs (2)crawlee (2)conform (2)tanstack-form (2)server-actions (2)component-library (2)library-bundling (2)zx (2)scheduling (2)deployment (2)continue-dev (2)cicd (2)containers (2)audio (2)dbgate (2)gui (2)functional-programming (2)collaboration (2)nextra (2)nitro (2)edge-runtime (2)media (2)oauth (2)identity (2)design (2)caching (2)maps (2)ecommerce (2)lambda (2)mobx (2)valtio (2)mcp (2)model-context-protocol (2)micro-frontends (2)i18n (2)react-query (2)jwt (2)data-processing (2)privacy (2)paddle (2)monetization (2)react-19 (2)documents (2)next-js (2)recharts (2)ladle (2)histoire (2)tanstack (2)desktop (2)rest (2)pkgroll (2)planetscale (2)productivity (2)urql (2)oclif (2)nodemailer (2)resend (2)luxon (2)ably (2)stripe (2)lemonsqueezy (2)mantine (2)dx (2)css-modules (2)dates (2)styled-components (2)package-health (2)lucia (2)t3-stack (2)enzyme (2)mongoose (2)e2e (2)htmx (2)nanoid (2)uuid (2)ofetch (2)solid.js (2)redux-toolkit (2)web-performance (2)stylex (2)bundle size (2)got (1)rag (1)dependency-management (1)embla-carousel (1)swiper (1)splide (1)carousel (1)slider (1)jsr (1)registry (1)vulnerability-management (1)compliance (1)tree-shaking (1)fast-check (1)property-based-testing (1)publishing (1)provenance (1)semver (1)versioning (1)conventional-commits (1)type-checking (1)typescript-6 (1)event-driven (1)react-bits (1)aceternity (1)magic-ui (1)standard-schema (1)tools (1)web-development (1)ajv (1)turbopack vs vite (1)http-framework (1)pandacss (1)javascript-tooling (1)deno vs node (1)neverthrow (1)claude-code (1)angular-21 (1)zoneless (1)zone.js (1)aws-lambda (1)es2026 (1)tc39 (1)language-features (1)web-framework (1)lynx (1)bytedance (1)supabase (1)postgres (1)partial-prerendering (1)solidjs (1)isr (1)web (1)content-sites (1)linter (1)base-ui (1)ui-library (1)tsgo (1)tsc (1)typescript-7 (1)static-site (1)astro vs nextjs (1)vite vs webpack (1)bun vs node (1)messaging (1)trigger-dev (1)pdfkit (1)react-pdf (1)npm-workspaces (1)tailwind-v4 (1)daisyui (1)flowbite (1)pinecone (1)weaviate (1)qdrant (1)pgvector (1)vector-database (1)shell-scripting (1)coverage (1)c8 (1)istanbul (1)nginx (1)serialization (1)cbor (1)binary (1)ipld (1)cloudflare (1)images (1)cloud-storage (1)mdx (1)scraping (1)vscode-extension (1)dagger (1)earthly (1)depot (1)date-time (1)deprecation (1)depd (1)library-design (1)drag-and-drop (1)configuration (1)drizzle-studio (1)prisma-studio (1)duckdb (1)clickhouse (1)questdb (1)olap (1)time-series (1)nitric (1)shuttle (1)cloud-native (1)infrastructure-from-code (1)graphics (1)fumadocs (1)git (1)tokenization (1)elysiajs (1)workers (1)ux (1)infisical (1)doppler (1)hashicorp-vault (1)secrets (1)ast (1)lago (1)orb (1)metronome (1)billing (1)usage-based (1)metering (1)web-components (1)design-system (1)webrtc (1)geospatial (1)content (1)middleware (1)mintlify (1)fern (1)readme (1)api-docs (1)claude (1)cdn (1)node-test (1)cryptography (1)openfga (1)permify (1)spicedb (1)authorization (1)zanzibar (1)rebac (1)access-control (1)openapi (1)async (1)document-generation (1)local-first (1)sync (1)component-testing (1)macos (1)polar (1)gumroad (1)merchant-of-record (1)hosting (1)gestures (1)debugging (1)partial-hydration (1)tremor (1)redpanda (1)nats (1)kafka (1)event-streaming (1)message-queue (1)transactional (1)low-code (1)internal-tools (1)excel (1)slidev (1)marp (1)revealjs (1)presentations (1)stackblitz (1)codesandbox (1)gitpod (1)cloud-ide (1)webcontainers (1)component-development (1)surrealdb (1)edgedb (1)arangodb (1)graph (1)multi-model (1)webhooks (1)tanstack-router (1)react-router (1)data-tables (1)virtual-list (1)workflow (1)testcontainers (1)integration-testing (1)3d (1)webgl (1)offline (1)benchmarking (1)editor (1)content-management (1)pattern-matching (1)functional (1)npm-packages (1)serverless-database (1)communication (1)typescript-5 (1)edge-computing (1)seo (1)unkey (1)zuplo (1)kong (1)api-gateway (1)rate-limiting (1)api-keys (1)web3 (1)blockchain (1)concurrency (1)workos (1)stytch (1)fusionauth (1)sso (1)enterprise-auth (1)scim (1)legend-state (1)deprecated (1)angular vs react (1)astro vs sveltekit (1)auth0 (1)fetch (1)mirage (1)api-mocking (1)ink (1)sanity (1)contentful (1)payload-cms (1)headless-cms (1)dprint (1)code-formatting (1)drizzle-kit (1)prisma-migrate (1)flyway (1)umzug (1)db-migrations (1)neutralino (1)desktop-apps (1)docusaurus (1)vitepress (1)starlight (1)wrangler (1)dotenv (1)t3-env (1)env-validation (1)sentry (1)highlight-io (1)bugsnag (1)error-tracking (1)feature-flags (1)launchdarkly (1)unleash (1)openfeature (1)uploadthing (1)react-dropzone (1)filepond (1)next-intl (1)react-i18next (1)formatjs (1)chartjs (1)d3 (1)visx (1)marked (1)remark (1)markdown-it (1)unified (1)capacitor (1)better-auth (1)trigger.dev (1)mastra (1)socket-io (1)cheerio (1)react-spring (1)headless-ui (1)maizzle (1)mjml (1)email-templates (1)react-hooks (1)usehooks-ts (1)react-use (1)ahooks (1)tanstack-table (1)ag-grid (1)react-table (1)react-data-grid (1)data-grid (1)pusher (1)sst (1)aws-cdk (1)eleventy (1)static-site-generators (1)jamstack (1)typescript-first (1)ws (1)scripting (1)shell (1)lambda-edge (1)deno-deploy (1)coding-tools (1)emotion (1)motion-one (1)autoanimate (1)animations (1)gatsby (1)gatsby vs astro (1)happy-dom (1)jsdom (1)dom (1)vitest-environment (1)best-practices (1)worktop (1)pkgpulse (1)updates (1)popularity (1)auth.js (1)dark-mode (1)next-themes (1)multer (1)aws-s3 (1)socket.io (1)create-react-app (1)node_modules (1)github-actions (1)setup (1)alpine.js (1)lightweight (1)htmx vs alpine (1)joi (1)knex (1)knip (1)depcheck (1)dead-code (1)koa (1)lit (1)web components (1)lit vs svelte (1)sessions (1)mongodb (1)stdlib (1)stars (1)downloads (1)metrics (1)production (1)ulid (1)cuid2 (1)ids (1)id-generation (1)nestjs (1)next vs remix (1)releases (1)socket-dev (1)nuxt (1)nuxt vs next (1)server (1)ollama (1)local-ai (1)open-props (1)design-tokens (1)quality (1)definitelytyped (1)passport (1)pinia (1)vuex (1)visual-testing (1)browser-automation (1)preact (1)preact vs react (1)prisma vs drizzle (1)qwik vs react (1)react-aria (1)headless-components (1)react vs solid (1)learning (1)recoil (1)atomic-state (1)zero-dependency (1)islands (1)hydration (1)vulnerabilities (1)cve (1)squoosh (1)solid vs svelte (1)drizzle-orm (1)atomic-css (1)meta (1)superstruct (1)utility-first (1)react-testing (1)unit-testing (1)transformers-js (1)onnx-runtime (1)browser-ml (1)webgpu (1)ts-rest (1)library (1)devtools (1)vanilla-extract (1)type-safe (1)vue vs svelte (1)core-web-vitals (1)browser-support (1)ie11 (1)compatibility (1)xstate (1)state-machines (1)http client (1)build tools (1)lerna (1)package manager (1)supply chain (1)best practices (1)state management (1)component library (1)material ui (1)utility (1)roundup (1)ui-libraries (1)mui (1)ant-design (1)chakra-ui (1)htmx 2026 (1)htmx vs react (1)web-vitals (1)