jm + npm   5

Malicious packages in npm
The node.js packaging system is being exploited by bad guys to steal auth tokens at build time. This is the best advice they can come up with:
Always check the name of packages you’re installing. You can look at the downloads number: if a package is popular but the downloads number is low, something is wrong.

:facepalm: What a mess. Security needs to become a priority....
javascript  security  npm  node  packaging  packages  fail 
18 days ago by jm
A microservice saviour appears!
In order to prevent such a terrible tragedy from occurring ever again during
our lifetimes, `` has been created to provide all the functionality
of `left-pad` AND the overhead of a TLS handshake and an HTTP request.
Less code is better code, leave the heavy lifting to ``, The String
humor  javascript  jokes  npm  packages  left-pad  strings  microservices  http 
march 2016 by jm
Javascript libraries and tools should bundle their code
If you have a million npm dependencies, distribute them in the dist package; aka. omnibus packages for JS
packaging  omnibus  npm  webpack  rollup  dependencies  coding  javascript 
march 2016 by jm
curl | sh
'People telling people to execute arbitrary code over the network. Run code from our servers as root. But HTTPS, so it’s no biggie.'

humor  sysadmin  ops  security  curl  bash  npm  rvm  chef 
november 2014 by jm

Copy this bookmark: