bolha.us

3 posts3 participants0 posts today

Olivier Stuker (he/him)npm: 3 moderate severity vulnerabilitiesme: npm audit fix --forcenpm: 5 moderate severity vulnerabilitiesAAAAAAAAAAAAAAAAAAAAA<a href="https://toot.community/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> <a href="https://toot.community/tags/nodejs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nodejs</a> <a href="https://toot.community/tags/programming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#programming</a>

jbz⚡Malware found on npm infecting local package with reverse shell ｢ For the first time, RL researchers discover malicious locally-installed npm packages infecting other legitimate packages ｣<a href="https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell</a><a href="https://indieweb.social/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> <a href="https://indieweb.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://indieweb.social/tags/supplychainattack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#supplychainattack</a> <a href="https://indieweb.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

Andrija PetrovicIt seems that while I was building my huge monorepo in good old JS5 <a href="https://lor.sh/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#javascript</a> I missed the <a href="https://lor.sh/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> workspaces concept that emerged somewhere along those years. Now that I hit the wall with <a href="https://lor.sh/tags/deno" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#deno</a> and a bunch of dependency-wise intertwined packages, I've learned about deno's workspace feature that is a reimplementation of npm's workspaces. Ok, let me see if I can organize my code using workspace(s)...

.:\dGh/:.AnimeJS v4 has landed. Boy oh boy, it’s probably the sickest JavaScript library for animations.<a href="https://animejs.com/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://animejs.com/</a><a href="https://mastodon.social/tags/animejs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#animejs</a> <a href="https://mastodon.social/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JavaScript</a> <a href="https://mastodon.social/tags/Programming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Programming</a> <a href="https://mastodon.social/tags/Web" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Web</a> <a href="https://mastodon.social/tags/WebDevelopment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WebDevelopment</a> <a href="https://mastodon.social/tags/Development" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Development</a> <a href="https://mastodon.social/tags/Coding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Coding</a> <a href="https://mastodon.social/tags/Animation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Animation</a> <a href="https://mastodon.social/tags/Internet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Internet</a> <a href="https://mastodon.social/tags/Library" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Library</a> <a href="https://mastodon.social/tags/Package" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Package</a> <a href="https://mastodon.social/tags/NPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NPM</a>

Jason DavisSeems <a href="https://jasondavis.net/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> is having a bad day<a href="https://status.npmjs.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://status.npmjs.org/</a>

Jonathan MatthewsAnyone else seeing <a href="https://fosstodon.org/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> package installation failures? I can see <a href="https://status.npmjs.org/incidents/hdtkrsqp134s" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://status.npmjs.org/incidents/hdtkrsqp134s</a>, but the "scoped to certain keywords" is both weasel-wording and confusing ... <a href="https://fosstodon.org/tags/npmjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npmjs</a> <a href="https://fosstodon.org/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#javascript</a> <a href="https://fosstodon.org/tags/devops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#devops</a>

Drewhah, npm issue right now, which <a href="https://status.npmjs.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://status.npmjs.org/</a> was quite tardy in reporting<a href="https://hachyderm.io/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a>

Richie KhooPackage Manager for MarkdownI'm working on a project that is intended to encourage folk to make markdown text files which can be bundled together in different bundles of text files using a package manager. Question for coders; Which package manager would you suggest I use?Main criterias (in order) are:1. Easy for someone with basic command line skills to edit the file and update version numbers and add additional packages.2. All being equal, more commonly and easy to setup is preferred.<a href="https://hachyderm.io/tags/Markdown" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Markdown</a> <a href="https://hachyderm.io/tags/CommonMark" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CommonMark</a> <a href="https://hachyderm.io/tags/PackageManager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PackageManager</a> <a href="https://hachyderm.io/tags/Programming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Programming</a> <a href="https://hachyderm.io/tags/Dev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Dev</a> <a href="https://hachyderm.io/tags/NPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NPM</a> <a href="https://hachyderm.io/tags/RubyGems" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RubyGems</a> <a href="https://hachyderm.io/tags/Cargo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cargo</a> <a href="https://hachyderm.io/tags/PickingAMastodonInstance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PickingAMastodonInstance</a> <a href="https://hachyderm.io/tags/Ruby" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ruby</a> <a href="https://hachyderm.io/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Python</a> <a href="https://hachyderm.io/tags/Rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Rust</a> <a href="https://hachyderm.io/tags/Javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Javascript</a> <a href="https://hachyderm.io/tags/NodeJs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NodeJs</a> <a href="https://hachyderm.io/tags/Lisp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Lisp</a> <a href="https://hachyderm.io/tags/CommonGuide" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CommonGuide</a>

Captain StephWell... <a href="https://fosstodon.org/tags/yarn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#yarn</a> 1.22 is obsolete and 4.x is "PNP", thus incompatible with <a href="https://fosstodon.org/tags/nextjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nextjs</a> . Gonna stick with classic <a href="https://fosstodon.org/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a>. <a href="https://fosstodon.org/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JavaScript</a> <a href="https://fosstodon.org/tags/Node" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Node</a> <a href="https://fosstodon.org/tags/NodeJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NodeJS</a>

Comic CrusadersOF LIMBO Share Homage To Van Halen With "Finish What Ya Started" OF LIMBO are sharing a fun new homage to Van Halen with their acoustic version of the classic “Finish What Ya Started”.  It’s the 2nd release from the California band off their upcoming “Unplugged” album, which will be released this summer.Recorded at the band’s home studio in Long Beach, their... <a href="https://comiccrusaders.com/editorial/of-limbo-share-homage-to-van-halen-with-finish-what-ya-started/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://comiccrusaders.com/editorial/of-limbo-share-homage-to-van-halen-with-finish-what-ya-started/</a> <a href="https://mastodon.online/tags/of" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#of</a> limbo <a href="https://mastodon.online/tags/rock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rock</a> <a href="https://mastodon.online/tags/music" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#music</a> <a href="https://mastodon.online/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> pr

BillIn today's Supply Chain News ...Eleven oooold npm packages were hijacked to steal API keys. Wonder how many of them jise are just sitting on n someone's built pipeline with "latest" as the version parameter?<a href="https://www.sonatype.com/blog/multiple-crypto-packages-hijacked-turned-into-info-stealers" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.sonatype.com/blog/multiple-crypto-packages-hijacked-turned-into-info-stealers</a>h/t to SonaType for the top notch research.<a href="https://infosec.exchange/tags/supplychain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#supplychain</a> <a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a>

The New Oil<a href="https://mastodon.thenewoil.org/tags/Infostealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infostealer</a> campaign compromises 10 <a href="https://mastodon.thenewoil.org/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> packages, targets devs<a href="https://www.bleepingcomputer.com/news/security/infostealer-campaign-compromises-10-npm-packages-targets-devs/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/infostealer-campaign-compromises-10-npm-packages-targets-devs/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

Andrija Petrovic<a href="https://dindon.one/@henry" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@henry</a> Having (almost fully) switched to <a href="https://lor.sh/tags/NodeJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NodeJS</a> in 2012, I quickly recognized the danger of relying to _anything_ (<a href="https://lor.sh/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> included, this one gave me a lot of pain for several times over the years). Ended up with a monstrous monorepo. Forked (and improved) just 2 other people's repos, one abandoned and one that took months to finally get it right regarding garbage collection, but I had no time to wait. Thereby I never got to a situation to hate a programming language because of the hype around it, but it surely got me coding a ton of <a href="https://lor.sh/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#javascript</a>. The experience helped me a lot in JS5=>ECMAScript and ECMAScript=>TypeScript switching in the last year or so.

The New OilNew <a href="https://mastodon.thenewoil.org/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> attack poisons local packages with backdoors<a href="https://www.bleepingcomputer.com/news/security/new-npm-attack-poisons-local-packages-with-backdoors/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/new-npm-attack-poisons-local-packages-with-backdoors/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

BillOk, normal patterns after an hour of excitement.ReversingLabs has a good writeup of an npm package infected with malware that generates a backdoor. Great way to get insight into the patterns the baddies follow.<a href="https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell</a><a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a>

Meysam<a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> vulnerability on <a href="https://mastodon.social/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> packages<a href="https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell</a><a href="https://mastodon.social/tags/software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#software</a> <a href="https://mastodon.social/tags/supplychain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#supplychain</a>

Sam Stepanyan :verified: 🐘<a href="https://infosec.exchange/tags/NPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NPM</a>: Two malicious packages were discovered on npm (<a href="https://infosec.exchange/tags/NodeJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NodeJS</a> package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor: <a href="https://infosec.exchange/tags/SoftwareSupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SoftwareSupplyChainSecurity</a> 👇 <a href="https://www.bleepingcomputer.com/news/security/new-npm-attack-poisons-local-packages-with-backdoors/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/new-npm-attack-poisons-local-packages-with-backdoors/</a>

Hacker NewsMalware found on NPM infecting local package with reverse shell<a href="https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell</a><a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HackerNews</a> <a href="https://mastodon.social/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://mastodon.social/tags/NPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NPM</a> <a href="https://mastodon.social/tags/ReverseShell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ReverseShell</a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://mastodon.social/tags/SoftwareDevelopment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SoftwareDevelopment</a>

Dino<a href="https://infosec.exchange/@BleepingComputer" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@BleepingComputer</a> Do we think something like this is enough to find if this garbage is present on a Linux system? `sudo find / -iregex '.*ethers-.*` <a href="https://masto.ai/tags/node" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#node</a> <a href="https://masto.ai/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> <a href="https://masto.ai/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a>

Jan Andrle<a href="https://fosstodon.org/tags/WebDev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WebDev</a> <a href="https://fosstodon.org/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JavaScript</a> <a href="https://fosstodon.org/tags/TypeScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TypeScript</a> <a href="https://fosstodon.org/tags/frontend" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#frontend</a> <a href="https://fosstodon.org/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> Meet dd<el> — JS lib for building <a href="https://fosstodon.org/tags/reactiveUIs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#reactiveUIs</a> with syntax close to native DOM!See <a href="https://fosstodon.org/@jaandrle/114216488004115032" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://fosstodon.org/@jaandrle/114216488004115032</a> or <a href="https://github.com/jaandrle/deka-dom-el" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/jaandrle/deka-dom-el</a> … share or use star if u like it

Recent searches

Search options

Administered by:

Server stats:

#npm