Jonathan Matthews<p>Anyone else seeing <a href="https://fosstodon.org/tags/npm" class="mention hashtag" rel="tag">#<span>npm</span></a> package installation failures? I can see <a href="https://status.npmjs.org/incidents/hdtkrsqp134s" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">status.npmjs.org/incidents/hdt</span><span class="invisible">krsqp134s</span></a>, but the "scoped to certain keywords" is both weasel-wording and confusing ... <a href="https://fosstodon.org/tags/npmjs" class="mention hashtag" rel="tag">#<span>npmjs</span></a> <a href="https://fosstodon.org/tags/javascript" class="mention hashtag" rel="tag">#<span>javascript</span></a> <a href="https://fosstodon.org/tags/devops" class="mention hashtag" rel="tag">#<span>devops</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software.
If you wish to join, contact us for an invite.
Administered by:
Server stats:
9.9Kactive users
fosstodon.org: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#npmjs
0 posts · 0 participants · 0 posts today
Nate Silva<p><span class="h-card" translate="no"><a href="https://noc.social/@cloudflare" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>cloudflare</span></a></span> Cloudflare, are you blocking anything with the word “camel” in it? Such as NPM modules that have `camelcase` in the name?</p><p><a href="https://hachyderm.io/tags/outage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>outage</span></a> <a href="https://hachyderm.io/tags/npmjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npmjs</span></a> <a href="https://hachyderm.io/tags/cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloudflare</span></a> <a href="https://hachyderm.io/tags/camel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>camel</span></a></p>
Harald<p>Looking for a simple way to provide a compressed archive from a web application with the requirement to create the archive in the browser, not on the server.</p><p>- JSZip: 12 (transitive) dependencies<br>- tar-js: 0 dependencies</p><p>While zip may be more common, the 0-dependencies is a unique selling point for me!</p><p><a href="https://nrw.social/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>javascript</span></a> <a href="https://nrw.social/tags/zip" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>zip</span></a> <a href="https://nrw.social/tags/tar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tar</span></a> <a href="https://nrw.social/tags/programming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>programming</span></a> <a href="https://nrw.social/tags/npmjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npmjs</span></a></p>
postmodern<p>How many vanilla.js/zero-dependency reusable components are there on <a href="https://npmjs.com" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">npmjs.com</span><span class="invisible"></span></a>? I can easily write my own components for simple things, like a Dark Mode switch, as plain old JavaScript classes that directly manipulate the DOM. Why can't I simply add a bunch of these components to my project and use import-maps to load them?</p><p><a href="https://ruby.social/tags/npmjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npmjs</span></a> <a href="https://ruby.social/tags/vanillajs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vanillajs</span></a> <a href="https://ruby.social/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>javascript</span></a></p>
gemma lynn<p>i just explained that i don't want to pull in a dependency from <a href="https://void.ello.tech/tags/npmjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npmjs</span></a> because george washington taught me to avoid entangling alliances, how's your monday goin</p>
Chris Burgess<p>hmm, i know it's early but is npmjs showing 404s for a lot of packages right now? seems so</p><p>every "popular library" on <a href="https://www.npmjs.com/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">npmjs.com/</span><span class="invisible"></span></a> is a 404 if clicked</p><p><a href="https://toot.cafe/tags/npmjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npmjs</span></a> <a href="https://toot.cafe/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a></p>
Phylum<p>In the last 6 months, roughly 70% of new <a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a> packages were <a href="https://infosec.exchange/tags/spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spam</span></a>. What does this mean for supply chain security? </p><p>At Black Hat USA? Find us in Startup City booth SC203!</p><p><a href="https://infosec.exchange/tags/npmjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npmjs</span></a> <a href="https://infosec.exchange/tags/node" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>node</span></a> <a href="https://infosec.exchange/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>javascript</span></a> <a href="https://infosec.exchange/tags/typescript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>typescript</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a></p><p><a href="https://blog.phylum.io/the-great-npm-garbage-patch" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.phylum.io/the-great-npm-g</span><span class="invisible">arbage-patch</span></a></p>
Phylum<p>We've uncovered <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> hidden in a Microsoft logo JPG, shipping as fake <a href="https://infosec.exchange/tags/AWS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AWS</span></a> packages on <a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a>! 😲 </p><p><a href="https://blog.phylum.io/fake-aws-packages-ship-command-and-control-malware-in-jpeg-files/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.phylum.io/fake-aws-packag</span><span class="invisible">es-ship-command-and-control-malware-in-jpeg-files/</span></a></p><p><a href="https://infosec.exchange/tags/steganography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>steganography</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/npmjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npmjs</span></a> <a href="https://infosec.exchange/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>javascript</span></a> <a href="https://infosec.exchange/tags/typescript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>typescript</span></a> <a href="https://infosec.exchange/tags/software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>software</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/js" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>js</span></a></p>
Phylum<p>Advanced threat actors have not let up on their attacks against the software supply chain. We catalog recent attacks from North Korean state actors in our new blog post!</p><p><a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a> <a href="https://infosec.exchange/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>javascript</span></a> <a href="https://infosec.exchange/tags/typescript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>typescript</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/npmjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npmjs</span></a></p><p><a href="https://blog.phylum.io/new-tactics-from-a-familiar-threat/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.phylum.io/new-tactics-fro</span><span class="invisible">m-a-familiar-threat/</span></a></p>
Phylum<p>Supply chain attacks come in all shapes and sizes. Today Phylum Research discusses its discovery of malicious <a href="https://infosec.exchange/tags/jQuery" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>jQuery</span></a> files in <a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a>.</p><p><a href="https://blog.phylum.io/persistent-npm-campaign-shipping-trojanized-jquery/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.phylum.io/persistent-npm-</span><span class="invisible">campaign-shipping-trojanized-jquery/</span></a></p><p><a href="https://infosec.exchange/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>javascript</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/sbom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sbom</span></a> <a href="https://infosec.exchange/tags/js" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>js</span></a> <a href="https://infosec.exchange/tags/npmjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npmjs</span></a> <a href="https://infosec.exchange/tags/node" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>node</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/softwaredevelopment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>softwaredevelopment</span></a> <a href="https://infosec.exchange/tags/software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>software</span></a></p>
barefootstache<p><a href="https://qoto.org/tags/DailyBloggingChallenge" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DailyBloggingChallenge</span></a> (320/365)</p><p>Implementing ICS was quite easy after finding a functional library on <a href="https://qoto.org/tags/npmjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npmjs</span></a>.</p><p>The difficulty was creating a parsing function that takes the already existing data format and put it into the <a href="https://qoto.org/tags/ical" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ical</span></a> one. This means the new property <code>duration</code> was introduced using the same schema as provided from the ics library.</p>
Phylum<p>Credential stealer? ✅ Keylogger? ✅ Cryptocurrency stealer? ✅</p><p>Phylum uncovers more malicious <a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a> packages targeting the <a href="https://infosec.exchange/tags/Javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Javascript</span></a> ecosystem.</p><p><a href="https://blog.phylum.io/npm-package-caught-exfiltrating-crypto" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.phylum.io/npm-package-cau</span><span class="invisible">ght-exfiltrating-crypto</span></a></p><p><a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/bitcoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bitcoin</span></a> <a href="https://infosec.exchange/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptocurrency</span></a> <a href="https://infosec.exchange/tags/typescript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>typescript</span></a> <a href="https://infosec.exchange/tags/software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>software</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/npmjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npmjs</span></a></p>
Mathias Panzenböck<p>The search bar of <a href="https://npmjs.com" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">npmjs.com</span><span class="invisible"></span></a> is annoyingly broken. You have to press enter twice for it to actually search. It always takes me a moment to remember and I wonder why it's taking so long to load the search results. <a href="https://chaos.social/tags/npmjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npmjs</span></a> <a href="https://chaos.social/tags/wtf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>wtf</span></a></p>
Phylum<p>We've uncovered new <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> packages published to <a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a> that appear to be an evolution on a previous supply chain attack carried out by nation state backed actors ☠</p><p><a href="https://blog.phylum.io/north-korean-state-actors" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.phylum.io/north-korean-st</span><span class="invisible">ate-actors</span></a></p><p><a href="https://infosec.exchange/tags/npmjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npmjs</span></a> <a href="https://infosec.exchange/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>javascript</span></a> <a href="https://infosec.exchange/tags/supplychainattack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>supplychainattack</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/reverseengineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reverseengineering</span></a> <a href="https://infosec.exchange/tags/typescript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>typescript</span></a></p>
Steven Hilton<p>It's been ... a while ... since I tried to log into <a href="https://mastodon.online/tags/npmjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npmjs</span></a>.org. So long that now <a href="https://mastodon.online/tags/2fa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2fa</span></a> is required. I don't have an "authenticator" with them and I don't have my "recovery codes". Now I can't login at all. I can't contact them on the support page because I have to "sign in for assistance".</p><p>My email history says I enabled it 2 years ago. But my phone from that time is gone. </p><p>Have I permanently lost the account? Do I have any other recourse? <a href="https://mastodon.online/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>javascript</span></a> <a href="https://mastodon.online/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Curtis Parfitt-Ford<p>For reasons I can't yet fathom, <a href="https://social.mashed.cloud/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a> has specifically blocked me at a WAF level from accessing yarn.npmjs.org. I've not been doing anything other than normal yarn installs, so this is super confusing, and reaching out to npm support has so far been fruitless - with them asking for an npm debug log :(</p><p>Does anyone know anyone at <a href="https://social.mashed.cloud/tags/npmjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npmjs</span></a> or <a href="https://social.mashed.cloud/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHub</span></a> who might be able to help resolve this? :boostRequest:</p>
Emelia 👸🏻<p>I wish we could document maintainers for npm packages without those people having direct publish access (i.e., forcing publishes to go through CI/CD)</p><p><a href="https://hachyderm.io/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a> <a href="https://hachyderm.io/tags/npmjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npmjs</span></a></p>
data0<p><a href="https://indieweb.social/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a> had 2.5 million live packages by the end of 2023, downloaded 184+ billion times per month. 5k <a href="https://indieweb.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> and 15k <a href="https://indieweb.social/tags/spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spam</span></a> packages were found last year. There's a package named 214x the letter "a". There's one almost 6 GB in size!</p><p>Remember to always use as less <a href="https://indieweb.social/tags/npmjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npmjs</span></a> dependencies as possible, carefully vet what you're using and to run it in a container (also during dev).</p><p><a href="https://socket.dev/blog/2023-npm-retrospective" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">socket.dev/blog/2023-npm-retro</span><span class="invisible">spective</span></a></p>
Lorenzo 'kelset' Sciandra<p>24: <a href="https://mastodon.online/tags/npmjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npmjs</span></a> (Node Package Manager) - "The world's largest software registry for JavaScript."</p>
eklem<p>What's the deal with all the nolb - No one left behind-packages people publish on NPM and similar libraries at GitHub?</p><p><a href="https://social.vivaldi.net/tags/NPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NPM</span></a> <a href="https://social.vivaldi.net/tags/NPMJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NPMJS</span></a> <a href="https://social.vivaldi.net/tags/Node" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Node</span></a> <a href="https://social.vivaldi.net/tags/NodeJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NodeJS</span></a> <a href="https://social.vivaldi.net/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHub</span></a> <a href="https://social.vivaldi.net/tags/NOLB" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NOLB</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload