Ryan Daws 🤓<p>Masquerading payment npm package installs backdoor <a href="https://www.developer-tech.com/news/masquerading-payment-npm-package-installs-backdoor/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">developer-tech.com/news/masque</span><span class="invisible">rading-payment-npm-package-installs-backdoor/</span></a> <a href="https://techhub.social/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a> <a href="https://techhub.social/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>javascript</span></a> <a href="https://techhub.social/tags/developers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>developers</span></a> <a href="https://techhub.social/tags/coding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>coding</span></a> <a href="https://techhub.social/tags/programming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>programming</span></a> <a href="https://techhub.social/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://techhub.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://techhub.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://techhub.social/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://techhub.social/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://techhub.social/tags/technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>technology</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
norden.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Moin! Dies ist die Mastodon-Instanz für Nordlichter, Schnacker und alles dazwischen. Folge dem Leuchtturm.
Administered by:
Server stats:
3.5Kactive users
norden.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#npm
3 posts · 3 participants · 0 posts today
OTX Bot<p>Atomic and Exodus crypto wallets targeted in malicious npm campaign</p><p>A malicious npm package named pdf-to-office was discovered targeting cryptocurrency wallets. The package, posing as a PDF to Office converter, injects malicious code into locally installed Atomic and Exodus wallets. This attack modifies legitimate files to redirect crypto funds to the attacker's wallet. The campaign shows persistence, as removing the malicious package doesn't remove the injected code from the wallets. Multiple versions of both wallets were targeted, with the attackers adapting their code accordingly. This incident highlights the growing scope of software supply chain risks, particularly in the cryptocurrency industry, and emphasizes the need for improved monitoring of both source code repositories and locally deployed applications.</p><p>Pulse ID: 67fd41f7af4b02a0fd75fb69<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67fd41f7af4b02a0fd75fb69" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67fd4</span><span class="invisible">1f7af4b02a0fd75fb69</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-04-14 17:12:23</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Atomic" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Atomic</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/NPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NPM</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/Office" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Office</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/PDF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PDF</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/SupplyChain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChain</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptocurrency</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
securityaffairs<p>Malicious <a href="https://infosec.exchange/tags/NPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NPM</span></a> packages target <a href="https://infosec.exchange/tags/PayPal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PayPal</span></a> users<br><a href="https://securityaffairs.com/176530/security/malicious-npm-packages-to-steal-paypal-credentials.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">securityaffairs.com/176530/sec</span><span class="invisible">urity/malicious-npm-packages-to-steal-paypal-credentials.html</span></a><br><a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityaffairs</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a></p>
Mike McCaffrey<p>FYI: Absolutely do not use AI to generate any files that specify what packages to include in your project:<br> <a href="https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theregister.com/2025/04/12/ai_</span><span class="invisible">code_suggestions_sabotage_supply_chain/</span></a></p><p><a href="https://drupal.community/tags/GenerativeAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GenerativeAI</span></a> <a href="https://drupal.community/tags/VibeCoding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VibeCoding</span></a> <a href="https://drupal.community/tags/NPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NPM</span></a> <a href="https://drupal.community/tags/Drupal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Drupal</span></a></p>
skry<p>“slopsquatting, a new term for a surprisingly effective type of software supply chain attack that emerges when LLMs “hallucinate” package names that don’t actually exist. If you’ve ever seen an AI recommend a package and thought, “Wait, is that real?”—you’ve already encountered the foundation of the problem.</p><p>And now attackers are catching on.”</p><p>The Rise of Slopsquatting: How <a href="https://mastodon.social/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> Hallucinations Are Fueling... <a href="https://socket.dev/blog/slopsquatting-how-ai-hallucinations-are-fueling-a-new-class-of-supply-chain-attacks" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">socket.dev/blog/slopsquatting-</span><span class="invisible">how-ai-hallucinations-are-fueling-a-new-class-of-supply-chain-attacks</span></a> <a href="https://mastodon.social/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a> <a href="https://mastodon.social/tags/dev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dev</span></a> <a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p><p>Edit: more info: <a href="https://www.bleepingcomputer.com/news/security/ai-hallucinated-code-dependencies-become-new-supply-chain-risk/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/ai-hallucinated-code-dependencies-become-new-supply-chain-risk/</span></a></p>
Teddy / Domingo (🇨🇵/🇬🇧)<p><a href="https://framapiaf.org/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> Poisoned <a href="https://framapiaf.org/tags/Patches" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Patches</span></a> Infect Local <a href="https://framapiaf.org/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Software</span></a>. Malicious packages lurking on open source repositories like <a href="https://framapiaf.org/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a> have become less effective, so cyberattackers are using a new strategy: offering "patches" for locally installed programs.<br><a href="https://www.darkreading.com/cloud-security/open-source-poisoned-patches-infect-local-software" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">darkreading.com/cloud-security</span><span class="invisible">/open-source-poisoned-patches-infect-local-software</span></a></p>
Hackread.com<p>🚨 Watch out as new npm malware targets Atomic and Exodus wallets to alter their addresses and hijack crypto transfer.</p><p>Read: <a href="https://hackread.com/npm-malware-atomic-exodus-wallets-hijack-crypto/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/npm-malware-atomi</span><span class="invisible">c-exodus-wallets-hijack-crypto/</span></a></p><p><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mstdn.social/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a> <a href="https://mstdn.social/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://mstdn.social/tags/Crypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Crypto</span></a> <a href="https://mstdn.social/tags/Scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Scam</span></a></p>
Olivier Stuker (he/him)<p>npm: 3 moderate severity vulnerabilities</p><p>me: npm audit fix --force</p><p>npm: 5 moderate severity vulnerabilities</p><p>AAAAAAAAAAAAAAAAAAAAA</p><p><a href="https://toot.community/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a> <a href="https://toot.community/tags/nodejs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nodejs</span></a> <a href="https://toot.community/tags/programming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>programming</span></a></p>
Mike Taylor 🦕<p>Hoo boy am I tired of seeing messages in my browser's JavaScript from some deep transitive dependency of the app I work on, saying "We're about to remove support for <feature that a slightly less nested transitive dependency uses>, sucks to be you."</p><p>This whole developer ecosystem is a nightmare of endless compatibility problems, 90% of them trivially avoidable with a moment's thought.</p><p><a href="https://sauropods.win/tags/Node" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Node</span></a> <a href="https://sauropods.win/tags/NPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NPM</span></a> <a href="https://sauropods.win/tags/React" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>React</span></a> <a href="https://sauropods.win/tags/DependencyHell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DependencyHell</span></a></p>
Andrija Petrovic<p>It seems that while I was building my huge monorepo in good old JS5 <a href="https://lor.sh/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>javascript</span></a> I missed the <a href="https://lor.sh/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a> workspaces concept that emerged somewhere along those years.<br>Now that I hit the wall with <a href="https://lor.sh/tags/deno" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>deno</span></a> and a bunch of dependency-wise intertwined packages, I've learned about deno's workspace feature that is a reimplementation of npm's workspaces.<br>Ok, let me see if I can organize my code using workspace(s)...</p>
Teddy / Domingo (🇨🇵/🇬🇧)<p>Une porte dérobée découverte dans des paquets <a href="https://framapiaf.org/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a>. L’écosystème npm fait souvent l’objet d’attaques par des cybercriminels et les chercheurs en <a href="https://framapiaf.org/tags/cybers%C3%A9curit%C3%A9" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersécurité</span></a> (...)<br><a href="https://www.lemondeinformatique.fr/actualites/lire-une-porte-derobee-decouverte-dans-des-paquets-npm-96460.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">lemondeinformatique.fr/actuali</span><span class="invisible">tes/lire-une-porte-derobee-decouverte-dans-des-paquets-npm-96460.html</span></a><br><a href="https://framapiaf.org/tags/s%C3%A9curit%C3%A9" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sécurité</span></a></p>
Frontend Dogma<p>Malware Found on npm Infecting Local Package With Reverse Shell, by @reversinglabs.com:</p><p><a href="https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">reversinglabs.com/blog/malicio</span><span class="invisible">us-npm-patch-delivers-reverse-shell</span></a></p><p><a href="https://mas.to/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a> <a href="https://mas.to/tags/dependencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dependencies</span></a> <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Carsten Rieger IT-Services 🔒<p>Unsere Anleitung <a href="https://digitalcourage.social/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a> "Nginx Proxy Manager mit <a href="https://digitalcourage.social/tags/nextcloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nextcloud</span></a> :nextcloud:" wurde soeben um das Kapitel "Update" erweitert 👇 <br><a href="https://www.c-rieger.de/nginx-proxy-manager-mit-nextcloud/#update" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">c-rieger.de/nginx-proxy-manage</span><span class="invisible">r-mit-nextcloud/#update</span></a><br>Wir wünschen Ihnen ein schönes Wochenende!</p>
.:\dGh/:.<p>AnimeJS v4 has landed. Boy oh boy, it’s probably the sickest JavaScript library for animations.</p><p><a href="https://animejs.com/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">animejs.com/</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/animejs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>animejs</span></a> <a href="https://mastodon.social/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JavaScript</span></a> <a href="https://mastodon.social/tags/Programming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Programming</span></a> <a href="https://mastodon.social/tags/Web" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Web</span></a> <a href="https://mastodon.social/tags/WebDevelopment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebDevelopment</span></a> <a href="https://mastodon.social/tags/Development" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Development</span></a> <a href="https://mastodon.social/tags/Coding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Coding</span></a> <a href="https://mastodon.social/tags/Animation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Animation</span></a> <a href="https://mastodon.social/tags/Internet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Internet</span></a> <a href="https://mastodon.social/tags/Library" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Library</span></a> <a href="https://mastodon.social/tags/Package" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Package</span></a> <a href="https://mastodon.social/tags/NPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NPM</span></a></p>
Jonathan Matthews<p>Anyone else seeing <a href="https://fosstodon.org/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a> package installation failures? I can see <a href="https://status.npmjs.org/incidents/hdtkrsqp134s" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">status.npmjs.org/incidents/hdt</span><span class="invisible">krsqp134s</span></a>, but the "scoped to certain keywords" is both weasel-wording and confusing ... <a href="https://fosstodon.org/tags/npmjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npmjs</span></a> <a href="https://fosstodon.org/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>javascript</span></a> <a href="https://fosstodon.org/tags/devops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>devops</span></a></p>
It's Richie<p>Package Manager for Markdown</p><p>I'm working on a project that is intended to encourage folk to make markdown text files which can be bundled together in different bundles of text files using a package manager. </p><p>Question for coders; Which package manager would you suggest I use?</p><p>Main criterias (in order) are:</p><p>1. Easy for someone with basic command line skills to edit the file and update version numbers and add additional packages.</p><p>2. All being equal, more commonly and easy to setup is preferred.</p><p><a href="https://hachyderm.io/tags/Markdown" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Markdown</span></a> <a href="https://hachyderm.io/tags/CommonMark" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CommonMark</span></a> <a href="https://hachyderm.io/tags/PackageManager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PackageManager</span></a> <a href="https://hachyderm.io/tags/Programming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Programming</span></a> <a href="https://hachyderm.io/tags/Dev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Dev</span></a> <br><a href="https://hachyderm.io/tags/NPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NPM</span></a> <a href="https://hachyderm.io/tags/RubyGems" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RubyGems</span></a> <a href="https://hachyderm.io/tags/Cargo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cargo</span></a> <a href="https://hachyderm.io/tags/PickingAMastodonInstance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PickingAMastodonInstance</span></a> <br><a href="https://hachyderm.io/tags/Ruby" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ruby</span></a> <a href="https://hachyderm.io/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a> <a href="https://hachyderm.io/tags/Rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Rust</span></a> <a href="https://hachyderm.io/tags/Javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Javascript</span></a> <a href="https://hachyderm.io/tags/NodeJs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NodeJs</span></a> <a href="https://hachyderm.io/tags/Lisp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Lisp</span></a> <a href="https://hachyderm.io/tags/CommonGuide" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CommonGuide</span></a></p>
Stéphane<p>Well... <a href="https://fosstodon.org/tags/yarn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>yarn</span></a> 1.22 is obsolete and 4.x is "PNP", thus incompatible with <a href="https://fosstodon.org/tags/nextjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nextjs</span></a> . Gonna stick with classic <a href="https://fosstodon.org/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a>. </p><p><a href="https://fosstodon.org/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JavaScript</span></a> <a href="https://fosstodon.org/tags/Node" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Node</span></a> <a href="https://fosstodon.org/tags/NodeJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NodeJS</span></a></p>
Bill<p>In today's Supply Chain News ...</p><p>Eleven oooold npm packages were hijacked to steal API keys. Wonder how many of them jise are just sitting on n someone's built pipeline with "latest" as the version parameter?</p><p><a href="https://www.sonatype.com/blog/multiple-crypto-packages-hijacked-turned-into-info-stealers" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">sonatype.com/blog/multiple-cry</span><span class="invisible">pto-packages-hijacked-turned-into-info-stealers</span></a></p><p>h/t to SonaType for the top notch research.</p><p><a href="https://infosec.exchange/tags/supplychain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>supplychain</span></a><br><a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/Infostealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infostealer</span></a> campaign compromises 10 <a href="https://mastodon.thenewoil.org/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a> packages, targets devs</p><p><a href="https://www.bleepingcomputer.com/news/security/infostealer-campaign-compromises-10-npm-packages-targets-devs/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/infostealer-campaign-compromises-10-npm-packages-targets-devs/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
Andrija Petrovic<p><span class="h-card" translate="no"><a href="https://dindon.one/@henry" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>henry</span></a></span> Having (almost fully) switched to <a href="https://lor.sh/tags/NodeJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NodeJS</span></a> in 2012, I quickly recognized the danger of relying to _anything_ (<a href="https://lor.sh/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a> included, this one gave me a lot of pain for several times over the years).<br>Ended up with a monstrous monorepo. Forked (and improved) just 2 other people's repos, one abandoned and one that took months to finally get it right regarding garbage collection, but I had no time to wait.<br>Thereby I never got to a situation to hate a programming language because of the hype around it, but it surely got me coding a ton of <a href="https://lor.sh/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>javascript</span></a>.<br>The experience helped me a lot in JS5=>ECMAScript and ECMAScript=>TypeScript switching in the last year or so.</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload