Npm on Commentary of Takao

Exporting Proper TypeScript Declaration Files (.d.ts) for NPM

Sun, 10 May 2026 00:00:00 +0900

Why Declaration Files Matter

When you publish an npm package written in TypeScript, consumers need type information to get IntelliSense and compile-time checking. Without .d.ts files, your library is effectively typed as any, defeating the purpose of using TypeScript in the first place.

Declaration files describe the shape of your exports without shipping the implementation source. They enable tree-shaking, documentation hover tips, and strict type checking in consumer projects.

Generating .d.ts Files

The TypeScript compiler generates declaration files when declaration is set to true in tsconfig.json.

Auditing NPM Dependencies: Snyk and automated patch management

Sat, 15 Nov 2025 00:00:00 +0900

The Supply Chain Problem

Modern JavaScript applications ship tens of thousands of transitive dependencies. Each one is a potential attack vector. The event-stream incident (2018), where a malicious package was injected into a popular dependency, demonstrated that vulnerabilities can come from anywhere in the tree. Relying solely on manual review is impossible at this scale.

Automated tooling is the only practical defense.

npm audit

The built-in npm audit command compares your dependency tree against a curated database of known vulnerabilities.

Comparing Package Managers: npm, pnpm, and yarn

Tue, 15 Apr 2025 00:00:00 +0900

Introduction

In JavaScript and Node.js development, package managers are essential daily tools.

While npm remains the default industry standard, modern alternatives like pnpm (famous for saving disk space and speed) and yarn (featuring zero-installs and Plug’n’Play modes) offer distinct architectures.

Although they resolve the same package.json specifications, their internal storage structures, dependency resolutions, and security features differ. This article compares these three package managers to help you choose the best tool for your next project.