Nikita Vilunov · @vilunov
8 followers · 13 posts · Server fosstodon.orgJust found out that #npmjs deleted older <2.0.0 versions of #astro-compress package.
It's still present on https://libraries.io/npm/astro-compress/1.1.33 but the download link is broken. Has leftpad taught them nothing?
Code Intelligence · @CodeIntelligence
103 followers · 52 posts · Server ioc.exchange
We found a prototype pollution vulnerability in tree-kit: CVE-2023-38894 ๐จ
More info in our blog: https://www.code-intelligence.com/blog/treekit-prototype-pollution-cve-2023-38894
#treekit #prototypepollution #javascript #npmjs
barefootstache · @barefootstache
101 followers · 960 posts · Server qoto.org#DailyBloggingChallenge (13/25)
One of my favorite things to do is exploit the DOM (ethical concerns aside).
Lots learn early on if some pesky web component is blocking your view, just delete it in the developer’s tools.
This is usually the spark into what other configurations are possible.
As a #WebDeveloper by trade we are constantly in the developer’s tools trying to understand why certain elements are behaving the way they are - visually or in action. Though we have access to the code base, so it’s easier to understand.
The fun begins when you only have access to the website!
- For one time edits basic DOM manipulations will suffice.
- For simple tasks the console will suffice.
- If you started editing the CSS, you can save your changes and load them next time you visit.
- If you don’t care about #fingerprinting, you can use extensions like #GreaseMonkey or #Stylus.
In the realm of heavy duty modifications, there are a couple of options:
- Write your own #browser extension.
- Write your own library and run it through the console. This permits to offline development in your preferred coding language and you can bundle it either through #webpack or #wasm.
- Host your code on #npmjs, use a CDN bundler, and then preload it via an extension like GreaseMonkey.
- There is also the option to preload your script into the browser’s config, though with each update one has to do this anew, not questioning the potential #security flaws.
Through these possibilities one will learn a lot about vanilla #WebDevelopment and #VanillaJS.
#DailyBloggingChallenge #stylus #browser #webdeveloper #fingerprinting #greasemonkey #npmjs #security #vanillajs #hacking #webpack #wasm #webdevelopment #programming
๐๐๐ฎ๐ป๐ฒ๐ฅ๐๐๐ด๐ป๐บ๐ธ · @schizanon
389 followers · 5840 posts · Server mas.toWhen I try to contact #NPMjs to recover access to my account, I get support messages from "npm@githubsupport.com". This makes a lot of sense because the quality of support is exactly as bad as I would expect from a #Microsoft owned organization.
#NPM == M$
The #JavaScript ecosystem has been bought!
#webDev #webDevelopment #nodeJS #node #js #frontEnd #backend #fullstack
#fullstack #backend #frontend #js #node #nodejs #webdevelopment #webdev #javascript #npm #Microsoft #npmjs
Benoรฎt Verhaeghe · @badetitou
8 followers · 34 posts · Server piaille.fr
Super content d'avoir publiรฉ la semaine derniรจre mon premier projet sur #npmjs (MIT รฉvidemment)
Une optimisation de jackson-js pour JavaScript (https://www.npmjs.com/package/@badetitou/jackson-js)
C'est cool d'รชtre dans une entreprise qui m'autorise ร faire de l #opensource
๐๐๐ฎ๐ป๐ฒ๐ฅ๐๐๐ด๐ป๐บ๐ธ · @schizanon
383 followers · 5722 posts · Server mas.toToday's my first day trying #deno.
Not sure how I feel about the built in #linter and formatter yet; me and #prettier are besties, and I have gotten used to #eslint
Still gonna give it a try.
#webDev #nodejs #node #npm #npmjs #javaScript #programming #code #dependencies
#dependencies #code #programming #javascript #npmjs #npm #node #nodejs #webdev #eslint #prettier #linter #deno
๐๐๐ฎ๐ป๐ฒ๐ฅ๐๐๐ด๐ป๐บ๐ธ · @schizanon
383 followers · 5721 posts · Server mas.to
The massive bug at the heart of the npm ecosystem https://blog.vlt.sh/blog/the-massive-hole-in-the-npm-ecosystem/ #npm #npmJS #node #nodeJS #javaScript #webDev #frontEnd #backEnd #fullStack #softwareDevelopment #security #supplyChain #development #developers #dev
#dev #developers #development #supplychain #security #softwaredevelopment #fullstack #backend #frontend #webdev #javascript #nodejs #node #npmjs #npm
๐๐๐ฎ๐ป๐ฒ๐ฅ๐๐๐ด๐ป๐บ๐ธ · @schizanon
383 followers · 5721 posts · Server mas.to
#Deno supports comments in it's config file!? How has this *not* caught on yet!?
https://deno.land/manual@v1.34.3/getting_started/configuration_file
#webdev #node #nodejs #npmjs #npm #javascript #deno
๐๐๐ฎ๐ป๐ฒ๐ฅ๐๐๐ด๐ป๐บ๐ธ · @schizanon
383 followers · 5715 posts · Server mas.to#NPM has locked me out of my account so I can't publish any of my packages anymore. They still link to my GitHub repos though, so I'm replacing them all with Rick Astley videos.
If that doesn't work, I'll have to escalate to ascii art goatse.
#webdev #javascript #nodejs #node #npmjs #npm
Louis Lang · @louislang
99 followers · 191 posts · Server fosstodon.org๐ https://phylum.io detects #malware authors reusing #python malware in #npm packages.
https://blog.phylum.io/attackers-repurposing-existing-python-based-malware-for-distribution-on-npm
#malware #python #npm #javascript #npmjs #infosec #tech
Kaan Barmore-Genรง · @kaan
138 followers · 143 posts · Server fosstodon.orgTotally unrelated: I wonder how many people using libheif-js through heic-decode and heic-convert on #npmjs are actually violating libheif's license, because heic-decode and heic-convert are not LGPL licensed even though libheif-js is, and most people probably use them without digging through the licenses of the dependencies.
Aral Balkan · @aral
33359 followers · 24151 posts · Server mastodon.ar.alOh, you *already have to be signed in in the browser* for it to work. *smh* A little note in the command-line client wouldnโt hurt.
#npm #npmjs #node #authentication #publish
Aral Balkan · @aral
33359 followers · 24150 posts · Server mastodon.ar.al
Always fun when npmโs publish authentication route 404s.
#nodepackagemanager #npm #npmjs #js #node
Mark Gardner โ:sdf: · @mjgardner
591 followers · 3124 posts · Server social.sdf.org
@Perl Thereโs something to be said for putting a small speed bump in front of #developers before they can post #software to a well-indexed central repository: โOne In Two New #npm Packages Is #SEO #Spam Right Nowโ https://blog.sandworm.dev/one-in-two-new-npm-packages-is-seo-spam-right-now
How to start with #Perlโs #CPAN via #PAUSE:
1) Read https://www.cpan.org/modules/04pause.html
2) Visit https://pause.perl.org
#developers #software #npm #seo #spam #perl #cpan #pause #javascript #node #nodejs #npmjs #yarn #metacpan
Louis Lang · @louislang
89 followers · 144 posts · Server fosstodon.org
#npm #malware #javascript #npmjs #infosec #opensource
Louis Lang · @louislang
21 followers · 50 posts · Server fosstodon.org
Peponi · @pep0ni
53 followers · 596 posts · Server swiss-chaos.social
Evan Hahn · @EvanHahn
562 followers · 404 posts · Server bigshoulders.city
dubbel · @dubbel
85 followers · 123 posts · Server mstdn.io
STOP WAR (Stefano Costa) · @steko
670 followers · 6122 posts · Server octodon.socialIt bugs me that I can't install the #DatProject dat cli tool on #Termux, apparently because `python` defaults to #Python 3, and Python 2 is needed to compile the utp-native npm package. It used to work, perhaps when Python 2 was the default. And the error I get is about a print statement, nonetheless!
#datproject #termux #python #nodejs #npmjs