JavaScript package registry and manager. Cited repeatedly in Donarski's wroclove.rb 2023 talk: the left-pad author's access rights were revoked by npm during a trademark dispute with a company; typo-squatting attacks on npm's registry steal environment variables from developers who mistype package names.