Blog
Install
VS Code Extension
Introducing the Coana Package Manager extension for VS Code
2 minute read time
In this post, I introduce the Coana Package Manager. A new VS Code extension to help with npm dependency management.
Read more >
Understanding semantic versioning: A guide for npm developers. Part 2
5 minute read time
In this post, we examine how to work with semantic versioning in practice. We consider topics such as package version constraints, lock files and vulnerability disclosure bots.
Read more >
Understanding semantic versioning: A guide for npm developers. Part 1
3 minute read time
In this post, we provide a quick introduction to the principles of semantic versioning and help you understand how to use it in practice as an npm application developer.
Read more >
A study of missing npm vulnerability backports - another reason to apply major updates
3 minute read time
One valid argument for keeping your dependencies on the latest major is to also get fixes for security vulnerabilities that aren't backported to older majors. But how frequent are backports actually? Can we always assume that security fixes are released for old majors? In this post we answer those questions by conducting a study on more than 10,000 security advisories for the GitHub advisory database.
Read more >
Hidden gems in npm
3 minute read time
The npm command line interface provides a whole suite of rarely used commands that you can use to boost your productivity. In this post, we examine some of the most useful but least well-known commands.
Read more >
Navigating lock files: best practices and tips
2 minute read
If you are unsure about how to use the package-lock.json (or yarn.lock) file in your project, you're not alone. This file is essential for ensuring that your project's dependencies are restored to the same versions on any machine where you run 'npm install' or 'yarn'.
Read more >
4 ways to evaluate the quality of an npm package
2 minute read
Picking low quality packages can be detrimental to a npm project. If a package is not well maintained, it may stop working or no longer effectively solve your problems, leaving you with the technical burden of replacing the package. But how do you evaluate the quality of an npm package?
Read more >
Blog by Martin Torp
Cofounder of Coana
PhD in Computer Science