Login

Recent searches

No recent searches

Search options

Only available when logged in.
wandering.shop is one of the many independent Mastodon servers you can use to participate in the fediverse.
Wandering.Shop aims to have the vibe of a quality coffee shop at a busy SF&F Convention. Think tables of writers, fans and interested passers-by sharing drinks and conversation on a variety of topics.

Administered by:

Server stats:

860
active users

wandering.shop: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#npm

9 posts9 participants1 post today
Public
skry

“slopsquatting, a new term for a surprisingly effective type of software supply chain attack that emerges when LLMs “hallucinate” package names that don’t actually exist. If you’ve ever seen an AI recommend a package and thought, “Wait, is that real?”—you’ve already encountered the foundation of the problem.

And now attackers are catching on.”

The Rise of Slopsquatting: How #AI Hallucinations Are Fueling... socket.dev/blog/slopsquatting- #npm #dev #infosec

SocketThe Rise of Slopsquatting: How AI Hallucinations Are Fueling...Slopsquatting is a new supply chain threat where AI-assisted code generators recommend hallucinated packages that attackers register and weaponize.
Public
Tom Boutell

#hugops to #npm today. Private package installs and "npm publish" are failing for older access tokens. You can clear the issue with a fresh "npm login". May need to update tokens in your CI systems for deployment as well. More on their status page. #programming

Public
Mike Taylor 🦕

Hoo boy am I tired of seeing messages in my browser's JavaScript from some deep transitive dependency of the app I work on, saying "We're about to remove support for <feature that a slightly less nested transitive dependency uses>, sucks to be you."

This whole developer ecosystem is a nightmare of endless compatibility problems, 90% of them trivially avoidable with a moment's thought.

#Node#NPM#React
Public
Andrija Petrovic

It seems that while I was building my huge monorepo in good old JS5 #javascript I missed the #npm workspaces concept that emerged somewhere along those years.
Now that I hit the wall with #deno and a bunch of dependency-wise intertwined packages, I've learned about deno's workspace feature that is a reimplementation of npm's workspaces.
Ok, let me see if I can organize my code using workspace(s)...

Public
Richie Khoo

Package Manager for Markdown

I'm working on a project that is intended to encourage folk to make markdown text files which can be bundled together in different bundles of text files using a package manager.

Question for coders; Which package manager would you suggest I use?

Main criterias (in order) are:

1. Easy for someone with basic command line skills to edit the file and update version numbers and add additional packages.

2. All being equal, more commonly and easy to setup is preferred.

#Markdown #CommonMark #PackageManager #Programming #Dev
#NPM #RubyGems #Cargo #PickingAMastodonInstance
#Ruby #Python #Rust #Javascript #NodeJs #Lisp #CommonGuide

Public
Bill

In today's Supply Chain News ...

Eleven oooold npm packages were hijacked to steal API keys. Wonder how many of them jise are just sitting on n someone's built pipeline with "latest" as the version parameter?

sonatype.com/blog/multiple-cry

h/t to SonaType for the top notch research.

#supplychain
#npm

www.sonatype.comMultiple crypto packages hijacked, turned into info-stealersMultiple hijacked npm cryptocurrency packages exfiltrate sensitive environment variables via obfuscated scripts and pose risks to open source ecosystems.
Replied in thread
Public
Andrija Petrovic

@henry Having (almost fully) switched to #NodeJS in 2012, I quickly recognized the danger of relying to _anything_ (#npm included, this one gave me a lot of pain for several times over the years).
Ended up with a monstrous monorepo. Forked (and improved) just 2 other people's repos, one abandoned and one that took months to finally get it right regarding garbage collection, but I had no time to wait.
Thereby I never got to a situation to hate a programming language because of the hype around it, but it surely got me coding a ton of #javascript.
The experience helped me a lot in JS5=>ECMAScript and ECMAScript=>TypeScript switching in the last year or so.

Replied in thread
Public
Thor A. Hopland

Out of pure curiosity, and because I'm on that #webdev #framework discovery tip. Heck, this project even made me download an IDE for Android lol

Just to read `install.bin` - which is an sh script.

Excuse me, but why are you bundling #nodejs and #npm? Is it to facilitate a setup process for containers, or is it merely to make the process easy?

I'm a bit sceptical to that sort of thing, especially when fetching from a vendors domain directly.

Any plans to build packages via CI?

@aral @andre

SearchLive feeds
About