NPM Smell 🍑💨

trivial and outdated NPM packages

Searching 23 entries

Best of:

all packages

is-windowstrivial

Convoluted way to call process.platform === "win32"

18,033,871
Weekly Downloads
0
Dependencies

isarrayoutdated

Checks if a value is an array.

97,184,436
Weekly Downloads
0
Dependencies

lower-caseoutdated

Converts a string to lower case.

20,422,752
Weekly Downloads
0
Dependencies

About

NPM Smell's ultimate goal is to minimize the impact of supply chain attacks in NPM.

It tries to do so by highlighting trivial or outdated dependencies with high download numbers so that package maintainers can act and remove those dependencies.

Why?

Security. NPM contains a lot of trivial or outdated packages. Yet they are still being downloaded by millions. This makes them a prime candidate for the next supply chain attack.

A popular attack vector is taking over those packages and updating them with malicious code.

What are trivial or outdated packages?

Trivial

Trivial packages are packages that should be common knowledge for any JavaScript developer. Like checking for an array or checking if a number is odd. While the functionality is often trivial they also sometimes come with additional dependencies. Unnecessarily increasing the attack surface.

Outdated

Outdated packages are packages whose functionality they provide is now supported by the language itself.