🔐 npm supply chain attacks hit 180+ packages this year. Here's what works to protect your projects:

Quick wins:
✓ Disable postinstall scripts
✓ Use cooldown period
✓ Immutable lockfiles
✓ 2FA on npm

Full security guide with code examples 👇
literat.dev/blog/2025-12...

#DevSec #JavaScript #npm

Gave a talk at Frontendisti meetup in Prague (Café Lajka) on recent npm supply chain attacks — how they work and how to defend against them.

You can check the slides here:
talk-npm-security-best-practice.netlify.app

#JavaScript #Security #npm #WebDev #SupplyChainSecurity

#TIL The “You Don’t Need” series is a great reminder of how far JavaScript has come.

Example: you don’t need Lodash anymore.
Modern JS has built-ins for most of it, and es-toolkit.dev gives you the rest - smaller, faster, typed, maintained.

📚 github.com/you-dont-need

#JavaScript #WebDev #Frontend

The Design Tokens spec just went stable 🎉

A huge step for design systems:
• real theming support
• modern color spaces (Display P3, OKLCH)
• cross-tool + cross-platform format

Feels like the “CSS moment” for tokens.

👉 www.w3.org/community/de...

#DesignTokens #DesignSystems #WebDev #UXEngineering

Hey, want to discover bright new HTML features in one place?

Just fill out the recently opened State of HTML 2025 survey. 👉 survey.devographics.com/en-US/survey...

What have I discovered? 🧵

#html #web #development #survey

#eslint and #prettier users, beware! There has been a phishing attack on a few packages. 👇

👉 socket.dev/blog/npm-phi...
👉 thehackernews.com/2025/07/malw...
👉 github.com/advisories/G...

#javascript #npm #developers #web

💡 TIL: Using `tsc --traceResolution` is very handy to get information about why the heck TypeScript is raising an error about the file that should not be part of the library, but it is included during the type check 😅

#typescript #error #web #dev #todayilearn #til

www.youtube.com/watch?v=duty...

Interested in future results of the new State of AI in web development. In spite of using AI tooling for my day-to-day job, I think it will take a long journey to help me with all the obstacles during #design #development #deployment 🤔

So take the survey :-)

survey.devographics.com/en-US/survey...

Oracle justified its JavaScript trademark by claiming Node.js — now it wants that ignored
#FreeJavaScript

deno.com/blog/deno-v-...

This is SUCH a good video from CJ, and the most impressive part is that he made all these video graphics in the browser 🤯

www.youtube.com/watch?v=NBDn...

Dive into my latest article and take control of your npm scripts!

Master best practices:

🛠️ consistent naming
🛠️ organized namespaces
🛠️ tools like npm-run-all
🛠️ clear lifecycle hooks

#webdev #coding #bestpractice #npm #javascript

literat.dev/blog/2024-12...