Publish a #PHP package on #Packagist...
Package availability: almost instantaneous.
Publish a #JavaScript package on #npm...
Package availability: almost instantaneous.
Publish a #dotNET package on #NuGet...
Package availability: please wait 15-20 minutes!
It's been 5 years since a single #Javascript line broke half the Internet.
On April 25th, 2020 the one-line #npm package "is-promise" was changed by the author - and because this one line was a dependency for a myriad of websites, they all broke.
A package with one line of code ...
Backdoored xrpl.js on NPM (CVE‑2025‑32965) stole XRP private keys. Affected: 4.2.1‑4.2.4 & 2.14.2. Rotate keys NOW! 
https://zerodaily.me/blog/2025-04-23-xrpljs-backdoor-cve-2025-32965.md
#Development #Approaches
CSS theme variables from a JS file · How to avoid redundant theme maintenance https://ilo.im/163gg9
_____
#Themes #Colors #CustomProperties #CSS #JavaScript #Npm #WebDev #Frontend
Offical XRP NPM package has been compromised and key stealing malware introduced
How to Install #Directus on #AlmaLinux #VPS
Here's a step-by-step guide detailing how to install Directus on AlmaLinux VPS.
What is Directus?
Directus is an open-source #headless #CMS and data platform that allows you to manage and interact with your database through a RESTful API or GraphQL API. It provides a modern, user-friendly admin interface for ...
Continued 
https://blog.radwebhosting.com/how-to-install-directus-on-almalinux-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=ReviveOldPost #cmsapps #nodejs #npm #vpsguide #installguide #selfhosting #letsencrypt #selfhosted #postgresql
Masquerading payment npm package installs backdoor https://www.developer-tech.com/news/masquerading-payment-npm-package-installs-backdoor/ #npm #javascript #developers #coding #programming #hacking #security #infosec #tech #news #technology
Atomic and Exodus crypto wallets targeted in malicious npm campaign
A malicious npm package named pdf-to-office was discovered targeting cryptocurrency wallets. The package, posing as a PDF to Office converter, injects malicious code into locally installed Atomic and Exodus wallets. This attack modifies legitimate files to redirect crypto funds to the attacker's wallet. The campaign shows persistence, as removing the malicious package doesn't remove the injected code from the wallets. Multiple versions of both wallets were targeted, with the attackers adapting their code accordingly. This incident highlights the growing scope of software supply chain risks, particularly in the cryptocurrency industry, and emphasizes the need for improved monitoring of both source code repositories and locally deployed applications.
Pulse ID: 67fd41f7af4b02a0fd75fb69
Pulse Link: https://otx.alienvault.com/pulse/67fd41f7af4b02a0fd75fb69
Pulse Author: AlienVault
Created: 2025-04-14 17:12:23
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
“slopsquatting, a new term for a surprisingly effective type of software supply chain attack that emerges when LLMs “hallucinate” package names that don’t actually exist. If you’ve ever seen an AI recommend a package and thought, “Wait, is that real?”—you’ve already encountered the foundation of the problem.
And now attackers are catching on.”
The Rise of Slopsquatting: How #AI Hallucinations Are Fueling... https://socket.dev/blog/slopsquatting-how-ai-hallucinations-are-fueling-a-new-class-of-supply-chain-attacks #npm #dev #infosec
Edit: more info: https://www.bleepingcomputer.com/news/security/ai-hallucinated-code-dependencies-become-new-supply-chain-risk/
npm: 3 moderate severity vulnerabilities
me: npm audit fix --force
npm: 5 moderate severity vulnerabilities
AAAAAAAAAAAAAAAAAAAAA
Hoo boy am I tired of seeing messages in my browser's JavaScript from some deep transitive dependency of the app I work on, saying "We're about to remove support for <feature that a slightly less nested transitive dependency uses>, sucks to be you."
This whole developer ecosystem is a nightmare of endless compatibility problems, 90% of them trivially avoidable with a moment's thought.
"Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads" published by Socket. #BeaverTail, #ContagiousInterview, #Lazarus, #NPM, #DPRK, #CTI https://socket.dev/blog/lazarus-expands-malicious-npm-campaign-11-new-packages-add-malware-loaders-and-bitbucket
How to Install #Directus on #AlmaLinux #VPS
Here's a step-by-step guide detailing how to install Directus on AlmaLinux VPS.
What is Directus?
Directus is an open-source #headless #CMS and data platform that allows you to manage and interact with your database through a RESTful API or GraphQL API. It provides a modern, user-friendly admin interface for ...
Continued https://blog.radwebhosting.com/how-to-install-directus-on-almalinux-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=ReviveOldPost #installguide #nodejs #vpsguide #cmsapps #selfhosting #letsencrypt #postgresql #npm #selfhosted
Unsere Anleitung #npm "Nginx Proxy Manager mit #nextcloud 
" wurde soeben um das Kapitel "Update" erweitert 
https://www.c-rieger.de/nginx-proxy-manager-mit-nextcloud/#update
Wir wünschen Ihnen ein schönes Wochenende!
AnimeJS v4 has landed. Boy oh boy, it’s probably the sickest JavaScript library for animations.
Does it make sense to create 2 latest tag on NPM,
one for light weight package, other with react support?
any suggestion this case?
Anyone else seeing #npm package installation failures? I can see https://status.npmjs.org/incidents/hdtkrsqp134s, but the "scoped to certain keywords" is both weasel-wording and confusing ... #npmjs #javascript #devops
hah, npm issue right now, which https://status.npmjs.org/ was quite tardy in reporting
Package Manager for Markdown
I'm working on a project that is intended to encourage folk to make markdown text files which can be bundled together in different bundles of text files using a package manager.
Question for coders; Which package manager would you suggest I use?
Main criterias (in order) are:
1. Easy for someone with basic command line skills to edit the file and update version numbers and add additional packages.
2. All being equal, more commonly and easy to setup is preferred.
#Markdown #CommonMark #PackageManager #Programming #Dev
#NPM #RubyGems #Cargo #PickingAMastodonInstance
#Ruby #Python #Rust #Javascript #NodeJs #Lisp #CommonGuide
