RDLTR

Short for Read Later. Save links from any browser or phone. Click to save, read to clear. The full tour

One topic. Every takeSeek and you shall find

Reading up on npm

12 deep · digging since jan 19

  • nubjs.com favicon
    Nub — an all-in-one toolkit for Node.js

    Nub is a TypeScript-first toolkit for Node.js that provides a faster npm/pnpm run, a pnpm-compatible package manager, and a Node version manager, with no lock-in.

  • news.ycombinator.com favicon
    .gitignore Isn't the only way to ignore files in Git

    The article explores alternative Git ignore mechanisms beyond .gitignore, including .gitattributes for diff suppression and local exclude files, while sparking debate on reviewing lockfile diffs.

  • nesbitt.io favicon
    Open Source vs the Invisible Hand

    Open source software production defies standard economic theory by producing stable, valuable, and widely-used goods despite lacking price signals, contracts, or incentives that textbooks predict are necessary.

  • roman.pt favicon
    A backdoor in a LinkedIn job offer - Roman Imankulov

    A fake recruiter sent a LinkedIn job candidate a GitHub repo with a backdoor that executes on npm install by running a remote-controlled command payload hidden in a test file.

  • gaborkoos.com favicon
    How to Evaluate an npm Package - 2026 Edition

    A practical checklist for evaluating npm packages in 2026 covering security, maintenance, provenance, CI quality, and incident response to make informed dependency decisions.

  • nesbitt.io favicon
    Package managers that package package managers

    Andrew Nesbitt built a matrix showing which of 42 package managers can install each other, finding a 14-hop chain from AUR to an Elm compiler.

  • nesbitt.io favicon
    Dumb Ways for an Open Source Project to Die

    The piece enumerates dozens of distinct ways open-source projects become effectively dead, from maintainer abandonment to sabotage and ecosystem shifts.

  • lucumr.pocoo.org favicon
    Before GitHub | Armin Ronacher's Thoughts and Writings

    Armin Ronacher argues that as GitHub declines due to instability and product churn, open source must preserve its history by moving to decentralized, archivally-funded homes that avoid the pre-GitHub era's fragility.

  • nesbitt.io favicon
    GitHub Actions is the weakest link

    GitHub Actions' default features—mutable tags, pull_request_target, template injection, and write-scoped tokens—have enabled a chain of supply-chain attacks on open-source registries, and GitHub's opt-in security roadmap won't fix the root causes.

  • www.emailmd.dev favicon
    Email.md - Responsive Emails, Written in Markdown

    Email.md converts Markdown into responsive, email-safe HTML that renders consistently across all email clients.

  • blog.jquery.com favicon
    Just a moment...

    jQuery 4.0.0 final release drops IE<11 support, removes deprecated APIs, adopts ES modules, adds Trusted Types support, and reduces size by over 3KB gzipped.

Takes