Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
GitHub

Immutable collections for JavaScript

Read the docs and eat your vegetables. Immutable data cannot be changed once created, leading to much simpler application development, no defensive copying, and enabling advanced memoization and ...
GitHub

Snyk dep-graph

This library provides a time and space efficient representation of a resolved package dependency graph, which can be used to construct, query and de/serialize dep-graphs. A package (name@version) can ...