Toolkit
VS Code Extension
Pipeline Integration
Dashboard
How it works
About us
Free VS Code extension
Blog
Blog
By Martin Torp
Cofounder of Coana
PhD in Computer Science
4 minute read time
Getting started with pnpm to reduce your package installation time 10x
In this post, we cover our experience with our recent migration from npm to pnpm at Coana.
Read more >
3 minute read time
A developer-friendly introduction to open source licenses
Are you confused about open source licenses and how to work with them? In this post, we cover the basics of open source licenses and provide some actionable tips on how to manage licenses in your software projects.
Read more >
3 minute read time
A quick introduction to phantom dependencies
Phantom dependencies are dependencies you use without explicitly including them in your package.json. In this post we examine why they are bad and what you can do to avoid them.
Read more >
2 minute read time
Introducing the Coana Package Manager extension for VS Code
In this post, I introduce the Coana Package Manager. A new VS Code extension to help with npm dependency management.
Read more >
5 minute read time
Understanding semantic versioning: A guide for npm developers. Part 2
In this post, we examine how to work with semantic versioning in practice. We consider topics such as package version constraints, lock files and vulnerability disclosure bots.
Read more >
3 minute read time
Understanding semantic versioning: A guide for npm developers. Part 1
In this post, we provide a quick introduction to the principles of semantic versioning and help you understand how to use it in practice as an npm application developer.
Read more >
3 minute read time
A study of missing npm vulnerability backports - another reason to apply major updates
One valid argument for keeping your dependencies on the latest major is to also get fixes for security vulnerabilities that aren't backported to older majors. But how frequent are backports actually? Can we always assume that security fixes are released for old majors? In this post we answer those questions by conducting a study on more than 10,000 security advisories for the GitHub advisory database.
Read more >
3 minute read time
Hidden gems in npm
The npm command line interface provides a whole suite of rarely used commands that you can use to boost your productivity. In this post, we examine some of the most useful but least well-known commands.
Read more >
2 minute read
Navigating lock files: best practices and tips
If you are unsure about how to use the package-lock.json (or yarn.lock) file in your project, you're not alone. This file is essential for ensuring that your project's dependencies are restored to the same versions on any machine where you run 'npm install' or 'yarn'.
Read more >
2 minute read
4 ways to evaluate the quality of an npm package
Picking low quality packages can be detrimental to a npm project. If a package is not well maintained, it may stop working or no longer effectively solve your problems, leaving you with the technical burden of replacing the package. But how do you evaluate the quality of an npm package?
Read more >