eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Server stats:

196
active users

#npm

2 posts2 participants0 posts today
Ben Hardill<p>Hmm, most of my GitHub CI jobs are failing because it appears NPM have added rate limiting.</p><p>Remind me again, who owns both NPM and GitHub these days?</p><p><a href="https://bluetoot.hardill.me.uk/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> <a href="https://bluetoot.hardill.me.uk/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a></p>
Emmanuel Chateau-Dutier<p><span class="h-card" translate="no"><a href="https://mamot.fr/@papermanu" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>papermanu</span></a></span> Je fais suer depuis plusieurs mois la Digital Research Alliance <a href="https://mamot.fr/tags/allianceCan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>allianceCan</span></a>, l’infrastructure de recherche canadienne pour qu’elle mette en place une forge logiciels pour les chercheurs. J’en ai évidemment profité pour revenir à la charge. J'avais oublié pour <a href="https://mamot.fr/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a> !!!</p>
Sam Stepanyan :verified: 🐘<p>New supply-chain attacks hit open-source repos:<br><a href="https://infosec.exchange/tags/PyPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyPI</span></a>: termncolor &amp; colorinal delivered multi-stage malware with Windows &amp; Linux backdoors.</p><p><a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a>: packages redux-ace,rtk-logger posed as dev tools &amp; job tests, stealing iCloud Keychain, browser data, wallets:<br> <a href="https://thehackernews.com/2025/08/malicious-pypi-and-npm-packages.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2025/08/mali</span><span class="invisible">cious-pypi-and-npm-packages.html</span></a></p>
Marco Ivaldi<p><a href="https://infosec.exchange/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NPM</span></a> package tar-fs Link Directory Traversal <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a></p><p><a href="https://github.com/google/security-research/security/advisories/GHSA-xrg4-qp5w-2c3w" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/google/security-res</span><span class="invisible">earch/security/advisories/GHSA-xrg4-qp5w-2c3w</span></a></p>
mhoye<p><span class="h-card" translate="no"><a href="https://qoto.org/@falken" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>falken</span></a></span> <a href="https://mastodon.social/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a></p>
Torger Åge Sinnes<p>Så trist å miste Inger Johanne og hennar kompetanse!<br> <a href="https://sirdalmedia.no/2025/08/gir-seg-etter-27-ar-i-sirdal-kompetanse-som-ikke-blir-brukt-mister-man/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">sirdalmedia.no/2025/08/gir-seg</span><span class="invisible">-etter-27-ar-i-sirdal-kompetanse-som-ikke-blir-brukt-mister-man/</span></a></p><p>Målet med omorganisering, initiert av kommunedirektør Fuhr var....? Og når skal den vera ferdig? </p><p>Folk sluttar jo over ein låg sko i kommunen. 😢</p><p><a href="https://snabelen.no/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a> <a href="https://snabelen.no/tags/kommune" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kommune</span></a></p>
Inautilo<p><a href="https://mastodon.social/tags/Development" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Development</span></a> <a href="https://mastodon.social/tags/Experiences" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Experiences</span></a><br>How to make labor-intensive websites · Some suggestions based on personal experience <a href="https://ilo.im/165p5a" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">ilo.im/165p5a</span><span class="invisible"></span></a></p><p>_____<br><a href="https://mastodon.social/tags/Projects" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Projects</span></a> <a href="https://mastodon.social/tags/Websites" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Websites</span></a> <a href="https://mastodon.social/tags/Dependencies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Dependencies</span></a> <a href="https://mastodon.social/tags/Compilers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Compilers</span></a> <a href="https://mastodon.social/tags/Frameworks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Frameworks</span></a> <a href="https://mastodon.social/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JavaScript</span></a> <a href="https://mastodon.social/tags/Npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Npm</span></a> <a href="https://mastodon.social/tags/WebDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebDev</span></a> <a href="https://mastodon.social/tags/Frontend" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Frontend</span></a> <a href="https://mastodon.social/tags/Backend" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Backend</span></a></p>
The New Oil<p>Fake <a href="https://mastodon.thenewoil.org/tags/WhatsApp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WhatsApp</span></a> developer libraries hide destructive data-wiping code</p><p><a href="https://www.bleepingcomputer.com/news/security/fake-whatsapp-developer-libraries-hide-destructive-data-wiping-code/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/fake-whatsapp-developer-libraries-hide-destructive-data-wiping-code/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a> <a href="https://mastodon.thenewoil.org/tags/Meta" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Meta</span></a></p>
CybersecKyle<p>I am getting the follow error when trying to start eleventy in CLI. Any help?</p><p>I just made some name and CSS customizations, LOL.</p><p><a href="https://infosec.exchange/tags/11ty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>11ty</span></a> <a href="https://infosec.exchange/tags/Eleventy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Eleventy</span></a> <a href="https://infosec.exchange/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NPM</span></a></p>
Eckes :mastodon:<p>The usefulness of the NPM Advisories feed since it migrated to GitHub somehow degraded, I could not have imagined that’s even possible, <a href="https://zusammenkunft.net/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a> <a href="https://zusammenkunft.net/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a></p>
The New Oil<p>Hackers breach <a href="https://mastodon.thenewoil.org/tags/Toptal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Toptal</span></a> <a href="https://mastodon.thenewoil.org/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> account, publish malicious <a href="https://mastodon.thenewoil.org/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a> packages</p><p><a href="https://www.bleepingcomputer.com/news/security/hackers-breach-toptal-github-account-publish-malicious-npm-packages/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/hackers-breach-toptal-github-account-publish-malicious-npm-packages/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NPM</span></a> package ‘<a href="https://mastodon.thenewoil.org/tags/is" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>is</span></a>’ with 2.8M weekly downloads infected devs with <a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a></p><p><a href="https://www.bleepingcomputer.com/news/security/npm-package-is-with-28m-weekly-downloads-infected-devs-with-malware/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/npm-package-is-with-28m-weekly-downloads-infected-devs-with-malware/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
Sam Stepanyan :verified: 🐘<p><a href="https://infosec.exchange/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NPM</span></a> package 'is' with 2.8M weekly <br>downloads was compromised and infected developers with malware:<br><a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppSec</span></a><br><a href="https://infosec.exchange/tags/SoftwareSupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SoftwareSupplyChainSecurity</span></a><br>👇<br><a href="https://www.bleepingcomputer.com/news/security/npm-package-is-with-28m-weekly-downloads-infected-devs-with-malware/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/npm-package-is-with-28m-weekly-downloads-infected-devs-with-malware/</span></a></p>
Moritz<p>Centralization in package registries is really problematic: The CSS preprocessor stylus has been flagged as malicious on <a href="https://mastodon.social/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a>. So thousands of people and software projects which depend on this package are now failing. All because a completely unrelated software package for "Stylus input" in <a href="https://mastodon.social/tags/ChromeOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ChromeOS</span></a> seems to be problematic. Seems that they're just flagging packages with "stylus" in their name. <a href="https://mastodon.social/tags/WebDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebDev</span></a></p><p><a href="https://github.com/stylus/stylus/issues/2938" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/stylus/stylus/issue</span><span class="invisible">s/2938</span></a></p>
The New Oil<p>Popular <a href="https://mastodon.thenewoil.org/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a> <a href="https://mastodon.thenewoil.org/tags/linter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linter</span></a> packages hijacked via <a href="https://mastodon.thenewoil.org/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>phishing</span></a> to drop <a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a></p><p><a href="https://www.bleepingcomputer.com/news/security/popular-npm-linter-packages-hijacked-via-phishing-to-drop-malware/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/popular-npm-linter-packages-hijacked-via-phishing-to-drop-malware/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JavaScript</span></a></p>
Hackread.com<p>🚨 A fake npm website tricked a maintainer into giving up their token, letting attackers push malware into popular JS packages.</p><p>Details: <a href="https://hackread.com/fake-npm-website-used-push-malware-via-stolen-token/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/fake-npm-website-</span><span class="invisible">used-push-malware-via-stolen-token/</span></a></p><p><a href="https://mstdn.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mstdn.social/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a> <a href="https://mstdn.social/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JavaScript</span></a> <a href="https://mstdn.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://mstdn.social/tags/supplychainsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>supplychainsecurity</span></a></p>
xoron :verified:<p><a href="https://infosec.exchange/tags/Decentralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Decentralized</span></a> <a href="https://infosec.exchange/tags/Module" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Module</span></a> <a href="https://infosec.exchange/tags/Federation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Federation</span></a> <a href="https://infosec.exchange/tags/Microfrontend" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microfrontend</span></a> <a href="https://infosec.exchange/tags/Architecture" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Architecture</span></a> </p><p>I'm working on a <a href="https://infosec.exchange/tags/webapp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webapp</span></a> and I'm being <a href="https://infosec.exchange/tags/creative" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>creative</span></a> on the <a href="https://infosec.exchange/tags/approach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>approach</span></a>. It might be considered <a href="https://infosec.exchange/tags/overcomplicated" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>overcomplicated</span></a> (because it is), but I'm just trying something out. It's entirely possible this approach won't work <a href="https://infosec.exchange/tags/longterm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>longterm</span></a>. I see it as there is <a href="https://infosec.exchange/tags/onewaytofindout" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>onewaytofindout</span></a>. I don't recommend this approach. Just sharing what I'm trying/#investigating.</p><p>How it will be <a href="https://infosec.exchange/tags/architected" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>architected</span></a>: [<a href="https://positive-intentions.com/blog/decentralised-architecture](https://positive-intentions.com/blog/decentralised-architecture)" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">positive-intentions.com/blog/d</span><span class="invisible">ecentralised-architecture](https://positive-intentions.com/blog/decentralised-architecture)</span></a><br>Some <a href="https://infosec.exchange/tags/benefits" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>benefits</span></a> of the <a href="https://infosec.exchange/tags/approach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>approach</span></a>: [<a href="https://positive-intentions.com/blog/statics-as-a-chat-app-infrastructure](https://positive-intentions.com/blog/statics-as-a-chat-app-infrastructure)" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">positive-intentions.com/blog/s</span><span class="invisible">tatics-as-a-chat-app-infrastructure](https://positive-intentions.com/blog/statics-as-a-chat-app-infrastructure)</span></a></p><p>I find that <a href="https://infosec.exchange/tags/modulefederation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>modulefederation</span></a> and <a href="https://infosec.exchange/tags/microfrontends" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>microfrontends</span></a> to generally be <a href="https://infosec.exchange/tags/discouraged" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>discouraged</span></a> when I see posts, but I think it works for me in my <a href="https://infosec.exchange/tags/approach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>approach</span></a>. I'm <a href="https://infosec.exchange/tags/optimistic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>optimistic</span></a> about the approach and the <a href="https://infosec.exchange/tags/benefits" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>benefits</span></a> and so I wanted to <a href="https://infosec.exchange/tags/share" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>share</span></a> details.</p><p>When I serve the <a href="https://infosec.exchange/tags/federatedmodules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>federatedmodules</span></a>, I can also host the <a href="https://infosec.exchange/tags/storybook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>storybook</span></a> statics so I think this could be a good way to <a href="https://infosec.exchange/tags/document" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>document</span></a> the modules in <a href="https://infosec.exchange/tags/isolation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>isolation</span></a>.</p><p><a href="https://infosec.exchange/tags/Cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cryptography</span></a> modules - <a href="https://cryptography.positive-intentions.com/?path=%2Fdocs%2Fcryptography-introduction--docs" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cryptography.positive-intentio</span><span class="invisible">ns.com/?path=%2Fdocs%2Fcryptography-introduction--docs</span></a></p><p><a href="https://infosec.exchange/tags/P2P" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>P2P</span></a> framework - <a href="https://p2p.positive-intentions.com/?path=%2Fdocs%2Fe2e-tests-connectionstatus--docs" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">p2p.positive-intentions.com/?p</span><span class="invisible">ath=%2Fdocs%2Fe2e-tests-connectionstatus--docs</span></a></p><p>This way, I can create <a href="https://infosec.exchange/tags/microfrontends" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>microfrontends</span></a> that consume these <a href="https://infosec.exchange/tags/modules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>modules</span></a>. I can then <a href="https://infosec.exchange/tags/share" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>share</span></a> the <a href="https://infosec.exchange/tags/functionality" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>functionality</span></a> between <a href="https://infosec.exchange/tags/apps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>apps</span></a>. The following apps are using a different codebase from each other (there is a <a href="https://infosec.exchange/tags/distinction" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>distinction</span></a> between these apps in <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> and <a href="https://infosec.exchange/tags/closesource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>closesource</span></a>). Sharing those <a href="https://infosec.exchange/tags/dependencies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dependencies</span></a> could help make it easier to roll out <a href="https://infosec.exchange/tags/updates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>updates</span></a> to <a href="https://infosec.exchange/tags/coremechanics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>coremechanics</span></a>.</p><p><a href="https://infosec.exchange/tags/P2P" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>P2P</span></a> chat - [<a href="https://chat.positive-intentions.com/](https://chat.positive-intentions.com/)" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">chat.positive-intentions.com/]</span><span class="invisible">(https://chat.positive-intentions.com/)</span></a><br><a href="https://infosec.exchange/tags/P2P" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>P2P</span></a> file transfer - [<a href="https://file.positive-intentions.com/](https://file.positive-intentions.com/)" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">file.positive-intentions.com/]</span><span class="invisible">(https://file.positive-intentions.com/)</span></a></p><p>The <a href="https://infosec.exchange/tags/functionality" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>functionality</span></a> also works when I create an <a href="https://infosec.exchange/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Android</span></a> build with <a href="https://infosec.exchange/tags/Tauri" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tauri</span></a>. This could also lead to it being easier to create <a href="https://infosec.exchange/tags/newapps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>newapps</span></a> that could use the <a href="https://infosec.exchange/tags/modules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>modules</span></a> created.</p><p>I'm sure there will be some distinct <a href="https://infosec.exchange/tags/test" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>test</span></a>/#maintenance <a href="https://infosec.exchange/tags/overhead" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>overhead</span></a>, but depending on how it's <a href="https://infosec.exchange/tags/architected" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>architected</span></a> I think it could work and make it easier to <a href="https://infosec.exchange/tags/improve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>improve</span></a> on the current <a href="https://infosec.exchange/tags/implementation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>implementation</span></a>.</p><p>Everything about the <a href="https://infosec.exchange/tags/project" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>project</span></a> is far from finished. It could be seen as this is a <a href="https://infosec.exchange/tags/complicated" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>complicated</span></a> way to do what <a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a> does, but I think this <a href="https://infosec.exchange/tags/approach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>approach</span></a> allows for greater <a href="https://infosec.exchange/tags/flexibility" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>flexibility</span></a> by being able to <a href="https://infosec.exchange/tags/separate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>separate</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> and <a href="https://infosec.exchange/tags/closesource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>closesource</span></a> code for the <a href="https://infosec.exchange/tags/web" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>web</span></a>. (Of course as <a href="https://infosec.exchange/tags/javascript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>javascript</span></a>, it will always be "source code available". Especially in the age of <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a>, I'm sure it's possible to <a href="https://infosec.exchange/tags/reverseengineer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>reverseengineer</span></a> it like never before.)</p><p>(mastodon might not be the place for something like this, so let me know if you dont like this kind of content. i typically post on reddit and would like to shift it more towards mastodon. i also use lemmy, but mastodon has a better reach.)</p>
Miguel Afonso Caetano<p>"Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project maintainers' npm tokens.</p><p>The captured tokens were then used to publish malicious versions of the packages directly to the registry without any source code commits or pull requests on their respective GitHub repositories.</p><p>The list of affected packages and their rogue versions, according to Socket, is listed below -</p><p>- eslint-config-prettier (versions 8.10.1, 9.1.1, 10.1.6, and 10.1.7)<br>- eslint-plugin-prettier (versions 4.2.2 and 4.2.3)<br>- synckit (version 0.11.9)<br>- @pkgr/core (version 0.2.8)<br>- napi-postinstall (version 0.3.1)</p><p>"The injected code attempted to execute a DLL on Windows machines, potentially allowing remote code execution," the software supply chain security firm said."</p><p><a href="https://thehackernews.com/2025/07/malware-injected-into-6-npm-packages.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2025/07/malw</span><span class="invisible">are-injected-into-6-npm-packages.html</span></a></p><p><a href="https://tldr.nettime.org/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://tldr.nettime.org/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NPM</span></a> <a href="https://tldr.nettime.org/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JavaScript</span></a> <a href="https://tldr.nettime.org/tags/Node" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Node</span></a> <a href="https://tldr.nettime.org/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> <a href="https://tldr.nettime.org/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> <a href="https://tldr.nettime.org/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a></p>
qbi<p>Wo wir schon bei Supply-Chain-Attacken sind:<br>OHAI <a href="https://freie-re.de/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a></p><p><a href="https://socket.dev/blog/npm-phishing-campaign-leads-to-prettier-tooling-packages-compromise" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">socket.dev/blog/npm-phishing-c</span><span class="invisible">ampaign-leads-to-prettier-tooling-packages-compromise</span></a></p>
rtn<p>I just got a fishing email claiming to be from npm. There's a login link in the mail pointing to npNjs.com</p><p><a href="https://chaos.social/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a> <a href="https://chaos.social/tags/fishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fishing</span></a></p>