Ben Hardill<p>Hmm, most of my GitHub CI jobs are failing because it appears NPM have added rate limiting.</p><p>Remind me again, who owns both NPM and GitHub these days?</p><p><a href="https://bluetoot.hardill.me.uk/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> <a href="https://bluetoot.hardill.me.uk/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a></p>
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
196active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#npm
2 posts · 2 participants · 0 posts today
Emmanuel Chateau-Dutier<p><span class="h-card" translate="no"><a href="https://mamot.fr/@papermanu" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>papermanu</span></a></span> Je fais suer depuis plusieurs mois la Digital Research Alliance <a href="https://mamot.fr/tags/allianceCan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>allianceCan</span></a>, l’infrastructure de recherche canadienne pour qu’elle mette en place une forge logiciels pour les chercheurs. J’en ai évidemment profité pour revenir à la charge. J'avais oublié pour <a href="https://mamot.fr/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a> !!!</p>
Sam Stepanyan :verified: 🐘<p>New supply-chain attacks hit open-source repos:<br><a href="https://infosec.exchange/tags/PyPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyPI</span></a>: termncolor & colorinal delivered multi-stage malware with Windows & Linux backdoors.</p><p><a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a>: packages redux-ace,rtk-logger posed as dev tools & job tests, stealing iCloud Keychain, browser data, wallets:<br> <a href="https://thehackernews.com/2025/08/malicious-pypi-and-npm-packages.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2025/08/mali</span><span class="invisible">cious-pypi-and-npm-packages.html</span></a></p>
Marco Ivaldi<p><a href="https://infosec.exchange/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NPM</span></a> package tar-fs Link Directory Traversal <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a></p><p><a href="https://github.com/google/security-research/security/advisories/GHSA-xrg4-qp5w-2c3w" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/google/security-res</span><span class="invisible">earch/security/advisories/GHSA-xrg4-qp5w-2c3w</span></a></p>
mhoye<p><span class="h-card" translate="no"><a href="https://qoto.org/@falken" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>falken</span></a></span> <a href="https://mastodon.social/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a></p>
Torger Åge Sinnes<p>Så trist å miste Inger Johanne og hennar kompetanse!<br> <a href="https://sirdalmedia.no/2025/08/gir-seg-etter-27-ar-i-sirdal-kompetanse-som-ikke-blir-brukt-mister-man/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">sirdalmedia.no/2025/08/gir-seg</span><span class="invisible">-etter-27-ar-i-sirdal-kompetanse-som-ikke-blir-brukt-mister-man/</span></a></p><p>Målet med omorganisering, initiert av kommunedirektør Fuhr var....? Og når skal den vera ferdig? </p><p>Folk sluttar jo over ein låg sko i kommunen. 😢</p><p><a href="https://snabelen.no/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a> <a href="https://snabelen.no/tags/kommune" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kommune</span></a></p>
Inautilo<p><a href="https://mastodon.social/tags/Development" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Development</span></a> <a href="https://mastodon.social/tags/Experiences" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Experiences</span></a><br>How to make labor-intensive websites · Some suggestions based on personal experience <a href="https://ilo.im/165p5a" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">ilo.im/165p5a</span><span class="invisible"></span></a></p><p>_____<br><a href="https://mastodon.social/tags/Projects" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Projects</span></a> <a href="https://mastodon.social/tags/Websites" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Websites</span></a> <a href="https://mastodon.social/tags/Dependencies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Dependencies</span></a> <a href="https://mastodon.social/tags/Compilers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Compilers</span></a> <a href="https://mastodon.social/tags/Frameworks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Frameworks</span></a> <a href="https://mastodon.social/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JavaScript</span></a> <a href="https://mastodon.social/tags/Npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Npm</span></a> <a href="https://mastodon.social/tags/WebDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebDev</span></a> <a href="https://mastodon.social/tags/Frontend" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Frontend</span></a> <a href="https://mastodon.social/tags/Backend" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Backend</span></a></p>
The New Oil<p>Fake <a href="https://mastodon.thenewoil.org/tags/WhatsApp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WhatsApp</span></a> developer libraries hide destructive data-wiping code</p><p><a href="https://www.bleepingcomputer.com/news/security/fake-whatsapp-developer-libraries-hide-destructive-data-wiping-code/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/fake-whatsapp-developer-libraries-hide-destructive-data-wiping-code/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a> <a href="https://mastodon.thenewoil.org/tags/Meta" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Meta</span></a></p>
CybersecKyle<p>I am getting the follow error when trying to start eleventy in CLI. Any help?</p><p>I just made some name and CSS customizations, LOL.</p><p><a href="https://infosec.exchange/tags/11ty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>11ty</span></a> <a href="https://infosec.exchange/tags/Eleventy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Eleventy</span></a> <a href="https://infosec.exchange/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NPM</span></a></p>
Eckes :mastodon:<p>The usefulness of the NPM Advisories feed since it migrated to GitHub somehow degraded, I could not have imagined that’s even possible, <a href="https://zusammenkunft.net/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a> <a href="https://zusammenkunft.net/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a></p>
The New Oil<p>Hackers breach <a href="https://mastodon.thenewoil.org/tags/Toptal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Toptal</span></a> <a href="https://mastodon.thenewoil.org/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> account, publish malicious <a href="https://mastodon.thenewoil.org/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a> packages</p><p><a href="https://www.bleepingcomputer.com/news/security/hackers-breach-toptal-github-account-publish-malicious-npm-packages/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/hackers-breach-toptal-github-account-publish-malicious-npm-packages/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NPM</span></a> package ‘<a href="https://mastodon.thenewoil.org/tags/is" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>is</span></a>’ with 2.8M weekly downloads infected devs with <a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a></p><p><a href="https://www.bleepingcomputer.com/news/security/npm-package-is-with-28m-weekly-downloads-infected-devs-with-malware/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/npm-package-is-with-28m-weekly-downloads-infected-devs-with-malware/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
Sam Stepanyan :verified: 🐘<p><a href="https://infosec.exchange/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NPM</span></a> package 'is' with 2.8M weekly <br>downloads was compromised and infected developers with malware:<br><a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppSec</span></a><br><a href="https://infosec.exchange/tags/SoftwareSupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SoftwareSupplyChainSecurity</span></a><br>👇<br><a href="https://www.bleepingcomputer.com/news/security/npm-package-is-with-28m-weekly-downloads-infected-devs-with-malware/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/npm-package-is-with-28m-weekly-downloads-infected-devs-with-malware/</span></a></p>
Moritz<p>Centralization in package registries is really problematic: The CSS preprocessor stylus has been flagged as malicious on <a href="https://mastodon.social/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a>. So thousands of people and software projects which depend on this package are now failing. All because a completely unrelated software package for "Stylus input" in <a href="https://mastodon.social/tags/ChromeOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ChromeOS</span></a> seems to be problematic. Seems that they're just flagging packages with "stylus" in their name. <a href="https://mastodon.social/tags/WebDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebDev</span></a></p><p><a href="https://github.com/stylus/stylus/issues/2938" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/stylus/stylus/issue</span><span class="invisible">s/2938</span></a></p>
The New Oil<p>Popular <a href="https://mastodon.thenewoil.org/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a> <a href="https://mastodon.thenewoil.org/tags/linter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linter</span></a> packages hijacked via <a href="https://mastodon.thenewoil.org/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>phishing</span></a> to drop <a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a></p><p><a href="https://www.bleepingcomputer.com/news/security/popular-npm-linter-packages-hijacked-via-phishing-to-drop-malware/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/popular-npm-linter-packages-hijacked-via-phishing-to-drop-malware/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JavaScript</span></a></p>
Hackread.com<p>🚨 A fake npm website tricked a maintainer into giving up their token, letting attackers push malware into popular JS packages.</p><p>Details: <a href="https://hackread.com/fake-npm-website-used-push-malware-via-stolen-token/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/fake-npm-website-</span><span class="invisible">used-push-malware-via-stolen-token/</span></a></p><p><a href="https://mstdn.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mstdn.social/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a> <a href="https://mstdn.social/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JavaScript</span></a> <a href="https://mstdn.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://mstdn.social/tags/supplychainsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>supplychainsecurity</span></a></p>
xoron :verified:<p><a href="https://infosec.exchange/tags/Decentralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Decentralized</span></a> <a href="https://infosec.exchange/tags/Module" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Module</span></a> <a href="https://infosec.exchange/tags/Federation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Federation</span></a> <a href="https://infosec.exchange/tags/Microfrontend" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microfrontend</span></a> <a href="https://infosec.exchange/tags/Architecture" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Architecture</span></a> </p><p>I'm working on a <a href="https://infosec.exchange/tags/webapp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webapp</span></a> and I'm being <a href="https://infosec.exchange/tags/creative" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>creative</span></a> on the <a href="https://infosec.exchange/tags/approach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>approach</span></a>. It might be considered <a href="https://infosec.exchange/tags/overcomplicated" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>overcomplicated</span></a> (because it is), but I'm just trying something out. It's entirely possible this approach won't work <a href="https://infosec.exchange/tags/longterm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>longterm</span></a>. I see it as there is <a href="https://infosec.exchange/tags/onewaytofindout" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>onewaytofindout</span></a>. I don't recommend this approach. Just sharing what I'm trying/#investigating.</p><p>How it will be <a href="https://infosec.exchange/tags/architected" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>architected</span></a>: [<a href="https://positive-intentions.com/blog/decentralised-architecture](https://positive-intentions.com/blog/decentralised-architecture)" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">positive-intentions.com/blog/d</span><span class="invisible">ecentralised-architecture](https://positive-intentions.com/blog/decentralised-architecture)</span></a><br>Some <a href="https://infosec.exchange/tags/benefits" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>benefits</span></a> of the <a href="https://infosec.exchange/tags/approach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>approach</span></a>: [<a href="https://positive-intentions.com/blog/statics-as-a-chat-app-infrastructure](https://positive-intentions.com/blog/statics-as-a-chat-app-infrastructure)" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">positive-intentions.com/blog/s</span><span class="invisible">tatics-as-a-chat-app-infrastructure](https://positive-intentions.com/blog/statics-as-a-chat-app-infrastructure)</span></a></p><p>I find that <a href="https://infosec.exchange/tags/modulefederation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>modulefederation</span></a> and <a href="https://infosec.exchange/tags/microfrontends" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>microfrontends</span></a> to generally be <a href="https://infosec.exchange/tags/discouraged" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>discouraged</span></a> when I see posts, but I think it works for me in my <a href="https://infosec.exchange/tags/approach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>approach</span></a>. I'm <a href="https://infosec.exchange/tags/optimistic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>optimistic</span></a> about the approach and the <a href="https://infosec.exchange/tags/benefits" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>benefits</span></a> and so I wanted to <a href="https://infosec.exchange/tags/share" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>share</span></a> details.</p><p>When I serve the <a href="https://infosec.exchange/tags/federatedmodules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>federatedmodules</span></a>, I can also host the <a href="https://infosec.exchange/tags/storybook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>storybook</span></a> statics so I think this could be a good way to <a href="https://infosec.exchange/tags/document" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>document</span></a> the modules in <a href="https://infosec.exchange/tags/isolation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>isolation</span></a>.</p><p><a href="https://infosec.exchange/tags/Cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cryptography</span></a> modules - <a href="https://cryptography.positive-intentions.com/?path=%2Fdocs%2Fcryptography-introduction--docs" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cryptography.positive-intentio</span><span class="invisible">ns.com/?path=%2Fdocs%2Fcryptography-introduction--docs</span></a></p><p><a href="https://infosec.exchange/tags/P2P" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>P2P</span></a> framework - <a href="https://p2p.positive-intentions.com/?path=%2Fdocs%2Fe2e-tests-connectionstatus--docs" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">p2p.positive-intentions.com/?p</span><span class="invisible">ath=%2Fdocs%2Fe2e-tests-connectionstatus--docs</span></a></p><p>This way, I can create <a href="https://infosec.exchange/tags/microfrontends" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>microfrontends</span></a> that consume these <a href="https://infosec.exchange/tags/modules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>modules</span></a>. I can then <a href="https://infosec.exchange/tags/share" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>share</span></a> the <a href="https://infosec.exchange/tags/functionality" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>functionality</span></a> between <a href="https://infosec.exchange/tags/apps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>apps</span></a>. The following apps are using a different codebase from each other (there is a <a href="https://infosec.exchange/tags/distinction" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>distinction</span></a> between these apps in <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> and <a href="https://infosec.exchange/tags/closesource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>closesource</span></a>). Sharing those <a href="https://infosec.exchange/tags/dependencies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dependencies</span></a> could help make it easier to roll out <a href="https://infosec.exchange/tags/updates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>updates</span></a> to <a href="https://infosec.exchange/tags/coremechanics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>coremechanics</span></a>.</p><p><a href="https://infosec.exchange/tags/P2P" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>P2P</span></a> chat - [<a href="https://chat.positive-intentions.com/](https://chat.positive-intentions.com/)" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">chat.positive-intentions.com/]</span><span class="invisible">(https://chat.positive-intentions.com/)</span></a><br><a href="https://infosec.exchange/tags/P2P" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>P2P</span></a> file transfer - [<a href="https://file.positive-intentions.com/](https://file.positive-intentions.com/)" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">file.positive-intentions.com/]</span><span class="invisible">(https://file.positive-intentions.com/)</span></a></p><p>The <a href="https://infosec.exchange/tags/functionality" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>functionality</span></a> also works when I create an <a href="https://infosec.exchange/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Android</span></a> build with <a href="https://infosec.exchange/tags/Tauri" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tauri</span></a>. This could also lead to it being easier to create <a href="https://infosec.exchange/tags/newapps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>newapps</span></a> that could use the <a href="https://infosec.exchange/tags/modules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>modules</span></a> created.</p><p>I'm sure there will be some distinct <a href="https://infosec.exchange/tags/test" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>test</span></a>/#maintenance <a href="https://infosec.exchange/tags/overhead" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>overhead</span></a>, but depending on how it's <a href="https://infosec.exchange/tags/architected" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>architected</span></a> I think it could work and make it easier to <a href="https://infosec.exchange/tags/improve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>improve</span></a> on the current <a href="https://infosec.exchange/tags/implementation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>implementation</span></a>.</p><p>Everything about the <a href="https://infosec.exchange/tags/project" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>project</span></a> is far from finished. It could be seen as this is a <a href="https://infosec.exchange/tags/complicated" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>complicated</span></a> way to do what <a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a> does, but I think this <a href="https://infosec.exchange/tags/approach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>approach</span></a> allows for greater <a href="https://infosec.exchange/tags/flexibility" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>flexibility</span></a> by being able to <a href="https://infosec.exchange/tags/separate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>separate</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> and <a href="https://infosec.exchange/tags/closesource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>closesource</span></a> code for the <a href="https://infosec.exchange/tags/web" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>web</span></a>. (Of course as <a href="https://infosec.exchange/tags/javascript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>javascript</span></a>, it will always be "source code available". Especially in the age of <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a>, I'm sure it's possible to <a href="https://infosec.exchange/tags/reverseengineer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>reverseengineer</span></a> it like never before.)</p><p>(mastodon might not be the place for something like this, so let me know if you dont like this kind of content. i typically post on reddit and would like to shift it more towards mastodon. i also use lemmy, but mastodon has a better reach.)</p>
Miguel Afonso Caetano<p>"Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project maintainers' npm tokens.</p><p>The captured tokens were then used to publish malicious versions of the packages directly to the registry without any source code commits or pull requests on their respective GitHub repositories.</p><p>The list of affected packages and their rogue versions, according to Socket, is listed below -</p><p>- eslint-config-prettier (versions 8.10.1, 9.1.1, 10.1.6, and 10.1.7)<br>- eslint-plugin-prettier (versions 4.2.2 and 4.2.3)<br>- synckit (version 0.11.9)<br>- @pkgr/core (version 0.2.8)<br>- napi-postinstall (version 0.3.1)</p><p>"The injected code attempted to execute a DLL on Windows machines, potentially allowing remote code execution," the software supply chain security firm said."</p><p><a href="https://thehackernews.com/2025/07/malware-injected-into-6-npm-packages.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2025/07/malw</span><span class="invisible">are-injected-into-6-npm-packages.html</span></a></p><p><a href="https://tldr.nettime.org/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://tldr.nettime.org/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NPM</span></a> <a href="https://tldr.nettime.org/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JavaScript</span></a> <a href="https://tldr.nettime.org/tags/Node" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Node</span></a> <a href="https://tldr.nettime.org/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> <a href="https://tldr.nettime.org/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> <a href="https://tldr.nettime.org/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a></p>
qbi<p>Wo wir schon bei Supply-Chain-Attacken sind:<br>OHAI <a href="https://freie-re.de/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a></p><p><a href="https://socket.dev/blog/npm-phishing-campaign-leads-to-prettier-tooling-packages-compromise" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">socket.dev/blog/npm-phishing-c</span><span class="invisible">ampaign-leads-to-prettier-tooling-packages-compromise</span></a></p>
rtn<p>I just got a fishing email claiming to be from npm. There's a login link in the mail pointing to npNjs.com</p><p><a href="https://chaos.social/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a> <a href="https://chaos.social/tags/fishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fishing</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload