https://deploy-preview-3422--ornate-narwhal-088216.netlify.app/tags/javascript/Recent content in JavaScript onHugo -- gohugo.ioenCopyright (c) 2023 ChainguardMon, 01 Jun 2026 00:00:00 +0000https://deploy-preview-3422--ornate-narwhal-088216.netlify.app/chainguard/libraries/javascript/overview/Thu, 05 Jun 2025 09:00:00 +0000https://deploy-preview-3422--ornate-narwhal-088216.netlify.app/chainguard/libraries/javascript/overview/<p><strong>Chainguard Libraries for JavaScript</strong> is a major ecosystem supported by <a href="https://deploy-preview-3422--ornate-narwhal-088216.netlify.app/chainguard/libraries/overview/">Chainguard Libraries</a>. The JavaScript ecosystem consists of thousands of open source projects from the communities around <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript">JavaScript</a>, <a href="https://www.typescriptlang.org/">TypeScript</a>, <a href="https://nodejs.org/">Node.js</a>, <a href="https://react.dev/">React</a>, <a href="https://vuejs.org/">Vue.js</a>, <a href="https://angular.io/">Angular</a>, <a href="https://svelte.dev/">Svelte</a>, <a href="https://nextjs.org/">Next.js</a>, <a href="https://expressjs.com/">Express</a>, and many others.</p> <p>Chainguard Libraries for JavaScript provides access to a growing collection of popular Javascript packages rebuilt from source. New releases of packages requested by customers are built and added to the index by an automated system. These libraries can also be consumed through the <a href="https://deploy-preview-3422--ornate-narwhal-088216.netlify.app/chainguard/libraries/chainguard-repository/">Chainguard Repository</a>, which provides a single endpoint for package retrieval and supports configurable security policies for both Chainguard-built and upstream packages.</p>https://deploy-preview-3422--ornate-narwhal-088216.netlify.app/chainguard/libraries/javascript/global-configuration/Thu, 05 Jun 2025 09:00:00 +0000https://deploy-preview-3422--ornate-narwhal-088216.netlify.app/chainguard/libraries/javascript/global-configuration/<p>JavaScript and npm package consumption in a large organization is typically managed by a repository manager. Commonly used repository manager applications are <a href="https://jfrog.com/artifactory/">JFrog Artifactory</a>, <a href="https://www.sonatype.com/products/sonatype-nexus-repository">Sonatype Nexus Repository</a>, and others. The repository manager acts as a single point of access for developers and development tools to retrieve the required libraries.</p> <p>If your organization uses the <a href="https://deploy-preview-3422--ornate-narwhal-088216.netlify.app/chainguard/libraries/javascript/overview/#upstream-fallback-policy-and-controls">upstream fallback</a> feature of Chainguard Repository, you can configure your repository manager with a single upstream pointed at <code>https://libraries.cgr.dev/javascript/</code>. This is the recommended setup. The Chainguard Repository handles fallback and policy enforcement; your repository manager handles local caching and access control. Chainguard also retrieves packages from the public npm Registry on your behalf when upstream fallback is enabled. This includes protections such as malware detection and a cooldown period for newly published packages.</p>https://deploy-preview-3422--ornate-narwhal-088216.netlify.app/chainguard/libraries/javascript/build-configuration/Thu, 05 Jun 2025 09:00:00 +0000https://deploy-preview-3422--ornate-narwhal-088216.netlify.app/chainguard/libraries/javascript/build-configuration/<p>The configuration for the use of Chainguard Libraries depends on your build tools, continuous integration, and continuous deployment setups. This page is a configuration reference for each supported JavaScript build tool. It covers registry configuration, authentication, cache clearning, and minimal example projects for npm, pnpm, Yarn, and Bun. The changes described on this page must be performed on all workstations of individual developers and other engineers running relevant application builds. They must also be performed on any build server such as Jenkins, TeamCity, GitHub or other infrastructure that builds the applications or otherwise downloads and uses relevant libraries.</p>https://deploy-preview-3422--ornate-narwhal-088216.netlify.app/chainguard/libraries/javascript/migration/Mon, 01 Jun 2026 00:00:00 +0000https://deploy-preview-3422--ornate-narwhal-088216.netlify.app/chainguard/libraries/javascript/migration/<p>Chainguard Libraries for JavaScript provides a curated registry of npm packages rebuilt from source, scanned for malware, and verified against the <a href="https://osv.dev/">OSV database</a>. Because Chainguard Libraries uses the standard npm registry protocol, switching an existing project requires only a registry configuration change — no changes to your application code, <code>package.json</code>, or dependency versions.</p> <p>This guide walks through migrating an existing JavaScript project to Chainguard Libraries, covering the two most common setups:</p>