Crista Perlton on May 6th, 2025.
Your team leans on internal npm packages – trusted tools you use every day. But a developer, tricked by “typosquatting” or dependency confusion, grabs a malicious lookalike from the public registry, thinking it’s legit. Next thing you know, systems are compromised, and sensitive data’s leaking, all because of confusing...
Crista Perlton on March 27th, 2025.
Your development team pulls a package from a ProGet feed connected to npmjs.org. It seems pretty straightforward and routine, until you later discover the package contains known vulnerabilities, leaking sensitive user data. OSS registries can be unpredictable: some packages are reliable, others… not so much. Without proper...
Crista Perlton on March 21st, 2025.
Managing your project’s npm packages starts out simple. But as it grows, not only do the number of packages grow, but so do their dependencies; each with different licenses that may or may not align with your organization’s policies. Assessing them is tedious and time-consuming, and without clear oversight, it’s easy for things to...
Crista Perlton on March 13th, 2025.
An npm package versioned 1.4.5 doesn’t tell you much – certainly not whether it’s stable or what it’s supposed to do. Without context, it’s all too easy to misinterpret the purpose of a build, and this confusion leads to dependency issues, broken builds, or even runtime errors. Worst-case scenario? Unstable...
Crista Perlton on March 7th, 2025.
You’ve seen vulnerability assessments pop up while managing npm packages in ProGet. Running npm audit sparks questions about what vague warnings like “high-severity” warnings actually mean for your applications, leaving you stuck making calls with little context. On top of that, floods of security notifications and...
Crista Perlton on March 6th, 2025.
Using custom tags like beta to call npm packages is a shot in the dark—what do these names even tell you? They’re vague and could point to unstable or entirely different packages. These packages can easily slip into your CI/CD pipeline, installed by an unassuming developer, breaking your production builds. Custom tags lack consistency....
Crista Perlton on January 28th, 2025.
This month sees the release of Inedo’s latest whitepaper, “Mastering npm in the Enterprise,” available as a PDF eBook or as a series of articles on our blog. npm (Node Package Manager) has become indispensable in modern software development, with the npm OSS repository boasting approximately 2.1 million packages as of...
Crista Perlton on December 26th, 2024.
This article part of a series on Mastering npm in the Enterprise, also available as a chapter in our free, downloadable eBook npm (Node Package Manager) is a big part of modern software development, particularly in organizations. Its usage has seen huge growth, and is now one of the most widely used tools by professional developers. As...
Crista Perlton on December 3rd, 2024.
This article part of a series on Mastering npm in the Enterprise, also available as a chapter in our free, downloadable eBook Managing npm package versions across development teams is way more complicated than you’d think. If you’re relying on simple npm tags like latest or next, you may be running into issues like dependency...
Crista Perlton on November 18th, 2024.
This article part of a series on Mastering npm in the Enterprise, also available as a chapter in our free, downloadable eBook When using npm packages for your development in teams across an organization, you’ll want to set some standards, especially when they’re sharing libraries. A “wild west” of teams...