Lingolol

洪民憙 (Hong Minhee)Introducing <a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/Upyo" target="_blank">#Upyo</a>!A simple, cross-runtime email library that works seamlessly on <a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/Deno" target="_blank">#Deno</a>, <a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/Node" target="_blank">#Node</a>.js, <a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/Bun" target="_blank">#Bun</a>, and edge functions. Zero dependencies, unified API, and excellent testability with built-in mock transport.Switch between <a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/SMTP" target="_blank">#SMTP</a>, <a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/Mailgun" target="_blank">#Mailgun</a>, <a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/SendGrid" target="_blank">#SendGrid</a> without changing your code. Available on <a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/JSR" target="_blank">#JSR</a> & <a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/npm" target="_blank">#npm</a>!<a href="https://upyo.org/" rel="nofollow noopener" target="_blank">https://upyo.org/</a>

BastilleBSD :freebsd:Are npm packages and dependencies an unmitigated disaster, or is it just me?<a href="https://fosstodon.org/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> <a href="https://fosstodon.org/tags/dependencyhell" class="mention hashtag" rel="nofollow noopener" target="_blank">#dependencyhell</a>

Hackread.com🚨 New: Backdoors found in Python & NPM packages targeting Windows & Linux! Attackers use fake ‘colorama’ & ‘colorizr’ to steal data + gain remote access.🔗 Read more: <a href="https://hackread.com/backdoors-python-npm-packages-windows-linux/" rel="nofollow noopener" translate="no" target="_blank">https://hackread.com/backdoors-python-npm-packages-windows-linux/</a><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://mstdn.social/tags/Backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Backdoor</a> <a href="https://mstdn.social/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#Python</a> <a href="https://mstdn.social/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#NPM</a> <a href="https://mstdn.social/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a>

kalvn🔗 <a href="https://snyk.io/fr/blog/best-practices-create-modern-npm-package/" rel="nofollow noopener" translate="no" target="_blank">https://snyk.io/fr/blog/best-practices-create-modern-npm-package/</a><a href="https://mastodon.xyz/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> <a href="https://mastodon.xyz/tags/nodejs" class="mention hashtag" rel="nofollow noopener" target="_blank">#nodejs</a> <a href="https://mastodon.xyz/tags/goodpractice" class="mention hashtag" rel="nofollow noopener" target="_blank">#goodpractice</a> <a href="https://mastodon.xyz/tags/package" class="mention hashtag" rel="nofollow noopener" target="_blank">#package</a>

Andreas ScherbaumIt's been 5 years since a single <a href="https://mastodon.social/tags/Javascript" class="mention hashtag" rel="nofollow noopener" target="_blank">#Javascript</a> line broke half the Internet.On April 25th, 2020 the one-line <a href="https://mastodon.social/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> package "is-promise" was changed by the author - and because this one line was a dependency for a myriad of websites, they all broke.A package with one line of code ...

skry“slopsquatting, a new term for a surprisingly effective type of software supply chain attack that emerges when LLMs “hallucinate” package names that don’t actually exist. If you’ve ever seen an AI recommend a package and thought, “Wait, is that real?”—you’ve already encountered the foundation of the problem.And now attackers are catching on.”The Rise of Slopsquatting: How <a href="https://mastodon.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a> Hallucinations Are Fueling... <a href="https://socket.dev/blog/slopsquatting-how-ai-hallucinations-are-fueling-a-new-class-of-supply-chain-attacks" rel="nofollow noopener" translate="no" target="_blank">https://socket.dev/blog/slopsquatting-how-ai-hallucinations-are-fueling-a-new-class-of-supply-chain-attacks</a> <a href="https://mastodon.social/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> <a href="https://mastodon.social/tags/dev" class="mention hashtag" rel="nofollow noopener" target="_blank">#dev</a> <a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>Edit: more info: <a href="https://www.bleepingcomputer.com/news/security/ai-hallucinated-code-dependencies-become-new-supply-chain-risk/" rel="nofollow noopener" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/ai-hallucinated-code-dependencies-become-new-supply-chain-risk/</a>

Comic CrusadersOF LIMBO Share Homage To Van Halen With "Finish What Ya Started" OF LIMBO are sharing a fun new homage to Van Halen with their acoustic version of the classic “Finish What Ya Started”.  It’s the 2nd release from the California band off their upcoming “Unplugged” album, which will be released this summer.Recorded at the band’s home studio in Long Beach, their... <a href="https://comiccrusaders.com/editorial/of-limbo-share-homage-to-van-halen-with-finish-what-ya-started/" rel="nofollow noopener" translate="no" target="_blank">https://comiccrusaders.com/editorial/of-limbo-share-homage-to-van-halen-with-finish-what-ya-started/</a> <a href="https://mastodon.online/tags/of" class="mention hashtag" rel="nofollow noopener" target="_blank">#of</a> limbo <a href="https://mastodon.online/tags/rock" class="mention hashtag" rel="nofollow noopener" target="_blank">#rock</a> <a href="https://mastodon.online/tags/music" class="mention hashtag" rel="nofollow noopener" target="_blank">#music</a> <a href="https://mastodon.online/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> pr

Dino<a href="https://infosec.exchange/@BleepingComputer" class="u-url mention" rel="nofollow noopener" target="_blank">@BleepingComputer</a> Do we think something like this is enough to find if this garbage is present on a Linux system? `sudo find / -iregex '.*ethers-.*` <a href="https://masto.ai/tags/node" class="mention hashtag" rel="nofollow noopener" target="_blank">#node</a> <a href="https://masto.ai/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> <a href="https://masto.ai/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a>

Thor A. HoplandOut of pure curiosity, and because I'm on that <a href="https://snabelen.no/tags/webdev" class="mention hashtag" rel="nofollow noopener" target="_blank">#webdev</a> <a href="https://snabelen.no/tags/framework" class="mention hashtag" rel="nofollow noopener" target="_blank">#framework</a> discovery tip. Heck, this project even made me download an IDE for Android lolJust to read `install.bin` - which is an sh script.Excuse me, but why are you bundling <a href="https://snabelen.no/tags/nodejs" class="mention hashtag" rel="nofollow noopener" target="_blank">#nodejs</a> and <a href="https://snabelen.no/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a>? Is it to facilitate a setup process for containers, or is it merely to make the process easy?I'm a bit sceptical to that sort of thing, especially when fetching from a vendors domain directly. Any plans to build packages via CI?<a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener" target="_blank">@aral</a> <a href="https://fedi.jaenis.ch/@andre" class="u-url mention" rel="nofollow noopener" target="_blank">@andre</a>

Benjamin Carr, Ph.D. 👨🏻‍💻🧬<a href="https://hachyderm.io/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener" target="_blank">#NorthKorea</a>'s <a href="https://hachyderm.io/tags/Lazarus" class="mention hashtag" rel="nofollow noopener" target="_blank">#Lazarus</a> hackers infect hundreds via <a href="https://hachyderm.io/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> packages Six malicious packages have been identified on npm.The packages, which have been downloaded 330 times, are designed to steal account credentials, deploy backdoors on compromised systems, and extract sensitive cryptocurrency information. Threat group is known for pushing malicious packages into software registries like npm which is used by millions of JavaScript developers, and compromising systems passively. <a href="https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-infect-hundreds-via-npm-packages/" rel="nofollow noopener" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-infect-hundreds-via-npm-packages/</a>

FlohEinsteinDo you want to advertise "my Node.js product now uses AI!!" but don't know how to add AI? Use the package "is-even-ai"<a href="https://www.npmjs.com/package/is-even-ai" rel="nofollow noopener" translate="no" target="_blank">https://www.npmjs.com/package/is-even-ai</a><a href="https://chaos.social/tags/nodejs" class="mention hashtag" rel="nofollow noopener" target="_blank">#nodejs</a> <a href="https://chaos.social/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> <a href="https://chaos.social/tags/isevenai" class="mention hashtag" rel="nofollow noopener" target="_blank">#isevenai</a> <a href="https://chaos.social/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#devops</a>

st1nger :unverified: 🏴‍☠️ :linux: :freebsd:<a href="https://infosec.exchange/tags/Code" class="mention hashtag" rel="nofollow noopener" target="_blank">#Code</a> Galaxies - <a href="https://infosec.exchange/tags/python" class="mention hashtag" rel="nofollow noopener" target="_blank">#python</a> <a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> <a href="https://infosec.exchange/tags/go" class="mention hashtag" rel="nofollow noopener" target="_blank">#go</a> <a href="https://infosec.exchange/tags/r" class="mention hashtag" rel="nofollow noopener" target="_blank">#r</a> <a href="https://infosec.exchange/tags/rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#rust</a> <a href="https://infosec.exchange/tags/ruby" class="mention hashtag" rel="nofollow noopener" target="_blank">#ruby</a> <a href="https://infosec.exchange/tags/elm" class="mention hashtag" rel="nofollow noopener" target="_blank">#elm</a> and distro's <a href="https://infosec.exchange/tags/debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#debian</a> <a href="https://infosec.exchange/tags/arch" class="mention hashtag" rel="nofollow noopener" target="_blank">#arch</a> <a href="https://infosec.exchange/tags/fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#fedora</a> <a href="https://anvaka.github.io/pm/#/" rel="nofollow noopener" translate="no" target="_blank">https://anvaka.github.io/pm/#/</a>

Alnotz<a href="https://framapiaf.org/@journalduhacker" class="u-url mention" rel="nofollow noopener" target="_blank">@journalduhacker</a> Intrigant ce site que nous fait découvrir <a href="https://mastodon.social/@shevabam" class="u-url mention" rel="nofollow noopener" target="_blank">@shevabam</a> . C’est dommage que le site de NPMPackage* n’ouvre pas son code source. On ne sait même pas qui est derrière ce service. J’ai tendance à me méfier. 🤨* <a href="https://npmpackage.info/" rel="nofollow noopener" translate="no" target="_blank">https://npmpackage.info/</a><a href="https://toot.gnous.eu/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#NPM</a> <a href="https://toot.gnous.eu/tags/NodeJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#NodeJS</a>

Inautilo<a href="https://mastodon.social/tags/Development" class="mention hashtag" rel="nofollow noopener" target="_blank">#Development</a> <a href="https://mastodon.social/tags/Launches" class="mention hashtag" rel="nofollow noopener" target="_blank">#Launches</a> SQL Noir · A game to learn SQL by solving crimes <a href="https://ilo.im/162ciw" rel="nofollow noopener" translate="no" target="_blank">https://ilo.im/162ciw</a>_____ <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://mastodon.social/tags/Game" class="mention hashtag" rel="nofollow noopener" target="_blank">#Game</a> <a href="https://mastodon.social/tags/Database" class="mention hashtag" rel="nofollow noopener" target="_blank">#Database</a> <a href="https://mastodon.social/tags/SQL" class="mention hashtag" rel="nofollow noopener" target="_blank">#SQL</a> <a href="https://mastodon.social/tags/MySQL" class="mention hashtag" rel="nofollow noopener" target="_blank">#MySQL</a> <a href="https://mastodon.social/tags/SQLite" class="mention hashtag" rel="nofollow noopener" target="_blank">#SQLite</a> <a href="https://mastodon.social/tags/PostgreSQL" class="mention hashtag" rel="nofollow noopener" target="_blank">#PostgreSQL</a> <a href="https://mastodon.social/tags/Npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#Npm</a> <a href="https://mastodon.social/tags/WebDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#WebDev</a> <a href="https://mastodon.social/tags/Backend" class="mention hashtag" rel="nofollow noopener" target="_blank">#Backend</a>

DenoAre you still using npm transpile services like esm.sh and unpkg.com? ❌ dependency deduplication ❌ install hooks and native add-ons ❌ loading data filesHere's why we recommend importing npm packages natively via npm specifiers 👇<a href="https://deno.com/blog/not-using-npm-specifiers-doing-it-wrong" rel="nofollow noopener" translate="no" target="_blank">https://deno.com/blog/not-using-npm-specifiers-doing-it-wrong</a><a href="https://fosstodon.org/tags/deno" class="mention hashtag" rel="nofollow noopener" target="_blank">#deno</a> <a href="https://fosstodon.org/tags/nodejs" class="mention hashtag" rel="nofollow noopener" target="_blank">#nodejs</a> <a href="https://fosstodon.org/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> <a href="https://fosstodon.org/tags/javascript" class="mention hashtag" rel="nofollow noopener" target="_blank">#javascript</a> <a href="https://fosstodon.org/tags/typescript" class="mention hashtag" rel="nofollow noopener" target="_blank">#typescript</a> <a href="https://fosstodon.org/tags/webdev" class="mention hashtag" rel="nofollow noopener" target="_blank">#webdev</a>

Tane Piper ⁂That thing we said would keep happening if <a href="https://tane.codes/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> didn't add signed packages keeps happening <a href="https://www.mend.io/blog/fake-vs-code-extension-on-npm-spreads-multi-stage-malware/" rel="nofollow noopener" translate="no" target="_blank">https://www.mend.io/blog/fake-vs-code-extension-on-npm-spreads-multi-stage-malware/</a>

Aral BalkanJust released Node Pebble version 5.1.1• Updated to Pebble version 2.7.0.• Now also supports macOS and arm64 (because Pebble itself does).<a href="https://codeberg.org/small-tech/node-pebble" rel="nofollow noopener" translate="no" target="_blank">https://codeberg.org/small-tech/node-pebble</a>Node Pebble is a Node.js wrapper for Let’s Encrypt’s¹ Pebble² that:• Downloads the correct Pebble binary for your platform.• Launches and manages a single Pebble process.• Returns a reference to the same process on future calls (safe to include in multiple unit tests where order of tests is undetermined)• Automatically patches Node.js’s TLS module to accept Pebble server’s test certificate as well as its dynamically-generated root and intermediary CA certificates.¹ <a href="https://letsencrypt.org" rel="nofollow noopener" translate="no" target="_blank">https://letsencrypt.org</a>² “A miniature version of Boulder, Pebble is a small RFC 8555 ACME test server not suited for a production certificate authority.” <a href="https://github.com/letsencrypt/pebble" rel="nofollow noopener" translate="no" target="_blank">https://github.com/letsencrypt/pebble</a><a href="https://mastodon.ar.al/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#LetsEncrypt</a> <a href="https://mastodon.ar.al/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#TLS</a> <a href="https://mastodon.ar.al/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#SSL</a> <a href="https://mastodon.ar.al/tags/HTTPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#HTTPS</a> <a href="https://mastodon.ar.al/tags/NodeJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#NodeJS</a> <a href="https://mastodon.ar.al/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> <a href="https://mastodon.ar.al/tags/module" class="mention hashtag" rel="nofollow noopener" target="_blank">#module</a> <a href="https://mastodon.ar.al/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#JavaScript</a> <a href="https://mastodon.ar.al/tags/NodePebble" class="mention hashtag" rel="nofollow noopener" target="_blank">#NodePebble</a> <a href="https://mastodon.ar.al/tags/SmallWeb" class="mention hashtag" rel="nofollow noopener" target="_blank">#SmallWeb</a> <a href="https://mastodon.ar.al/tags/SmallTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#SmallTech</a> <a href="https://mastodon.ar.al/tags/web" class="mention hashtag" rel="nofollow noopener" target="_blank">#web</a> <a href="https://mastodon.ar.al/tags/dev" class="mention hashtag" rel="nofollow noopener" target="_blank">#dev</a>

.:\dGh/:.This utility for websites from <a href="https://mastodon.social/tags/JustJoshTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#JustJoshTech</a> is godsend. No more <a href="https://mastodon.social/tags/Honey" class="mention hashtag" rel="nofollow noopener" target="_blank">#Honey</a> and <a href="https://mastodon.social/tags/CapitalOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#CapitalOne</a> stealing.<a href="https://www.youtube.com/watch?v=tjCg1BlFesE" rel="nofollow noopener" translate="no" target="_blank">https://www.youtube.com/watch?v=tjCg1BlFesE</a><a href="https://mastodon.social/tags/PayPal" class="mention hashtag" rel="nofollow noopener" target="_blank">#PayPal</a> <a href="https://mastodon.social/tags/Scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#Scam</a> <a href="https://mastodon.social/tags/Fraud" class="mention hashtag" rel="nofollow noopener" target="_blank">#Fraud</a> <a href="https://mastodon.social/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#JavaScript</a> <a href="https://mastodon.social/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#NPM</a> <a href="https://mastodon.social/tags/JS" class="mention hashtag" rel="nofollow noopener" target="_blank">#JS</a> <a href="https://mastodon.social/tags/WebDevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#WebDevelopment</a> <a href="https://mastodon.social/tags/Website" class="mention hashtag" rel="nofollow noopener" target="_blank">#Website</a> <a href="https://mastodon.social/tags/WebDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#WebDev</a>

futurileHow is <a href="https://mastodon.social/tags/guix" class="mention hashtag" rel="nofollow noopener" target="_blank">#guix</a> used as a <a href="https://mastodon.social/tags/GNU" class="mention hashtag" rel="nofollow noopener" target="_blank">#GNU</a> <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://mastodon.social/tags/distro" class="mention hashtag" rel="nofollow noopener" target="_blank">#distro</a> ?System level packages are managed through <a href="https://mastodon.social/tags/declarative" class="mention hashtag" rel="nofollow noopener" target="_blank">#declarative</a> configuration same as <a href="https://mastodon.social/tags/nixos" class="mention hashtag" rel="nofollow noopener" target="_blank">#nixos</a> . User level packages using Guix Home.Roughly 50% use guix home to manage their <a href="https://mastodon.social/tags/dotfiles" class="mention hashtag" rel="nofollow noopener" target="_blank">#dotfiles</a> - big increase over hosted users.40% to package their own <a href="https://mastodon.social/tags/software" class="mention hashtag" rel="nofollow noopener" target="_blank">#software</a> - 36% for <a href="https://mastodon.social/tags/isolated" class="mention hashtag" rel="nofollow noopener" target="_blank">#isolated</a> <a href="https://mastodon.social/tags/development" class="mention hashtag" rel="nofollow noopener" target="_blank">#development</a>.Lots of requests to deal with <a href="https://mastodon.social/tags/dev" class="mention hashtag" rel="nofollow noopener" target="_blank">#dev</a> dependencies (e.g. Python's requirements.txt) and languages like <a href="https://mastodon.social/tags/rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#rust</a> <a href="https://mastodon.social/tags/golang" class="mention hashtag" rel="nofollow noopener" target="_blank">#golang</a> and <a href="https://mastodon.social/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> See:<a href="https://guix.gnu.org/en/blog/2025/guix-user-and-contributor-survey-2024-the-results-part-2/" rel="nofollow noopener" translate="no" target="_blank">https://guix.gnu.org/en/blog/2025/guix-user-and-contributor-survey-2024-the-results-part-2/</a>

Tomas EkeliI find it <a href="https://plud.re/tags/ironic" rel="nofollow noopener" target="_blank">#ironic</a> that the <a href="https://plud.re/tags/devcontainers" rel="nofollow noopener" target="_blank">#devcontainers</a> <a href="https://plud.re/tags/cli" rel="nofollow noopener" target="_blank">#cli</a> requires <a href="https://plud.re/tags/npm" rel="nofollow noopener" target="_blank">#npm</a>. One of the big benefits of using devcontainers is that I do not have to install N versions of things like <a href="https://plud.re/tags/node" rel="nofollow noopener" target="_blank">#node</a> and npm on my computer. <a href="https://github.com/devcontainers/cli" rel="nofollow noopener" target="_blank">github.com/devcontainers/cli</a> <a href="https://plud.re/tags/dev" rel="nofollow noopener" target="_blank">#dev</a>

Recent searches

Search options

Administered by:

Server stats:

#npm