AnimeJS v4 has landed. Boy oh boy, it’s probably the sickest JavaScript library for animations.
animejs.comAnime.js | JavaScript Animation EngineAn fast and versatile JavaScript animation library
Recent searches
Search options
Administered by:
#npm
10 posts10 participants0 posts today
Does it make sense to create 2 latest tag on NPM,
one for light weight package, other with react support?
any suggestion this case?
npmcozyeventWorld's fastest, Lightweight Async/Sync Event Emitter, also for React. Latest version: 1.4.1, last published: 6 minutes ago. Start using cozyevent in your project by running `npm i cozyevent`. There are no other projects in the npm registry using cozyevent.
Anyone else seeing #npm package installation failures? I can see https://status.npmjs.org/incidents/hdtkrsqp134s, but the "scoped to certain keywords" is both weasel-wording and confusing ... #npmjs #javascript #devops
status.npmjs.orgIntermittent issue with viewing and installing packagesnpm's Status Page - Intermittent issue with viewing and installing packages.
hah, npm issue right now, which https://status.npmjs.org/ was quite tardy in reporting
status.npmjs.orgnpm StatusWelcome to npm's home for real-time and historical data on system performance.
@cwebber What do you think of JS packages, ten years later (same day, what a coincidence)?
dustycloud.orgLet's Package jQuery: A Javascript Packaging Dystopian Novella -- Dustycloud Brainstorms
Package Manager for Markdown
I'm working on a project that is intended to encourage folk to make markdown text files which can be bundled together in different bundles of text files using a package manager.
Question for coders; Which package manager would you suggest I use?
Main criterias (in order) are:
1. Easy for someone with basic command line skills to edit the file and update version numbers and add additional packages.
2. All being equal, more commonly and easy to setup is preferred.
#Markdown #CommonMark #PackageManager #Programming #Dev
#NPM #RubyGems #Cargo #PickingAMastodonInstance
#Ruby #Python #Rust #Javascript #NodeJs #Lisp #CommonGuide
expressjs.comExpress@5.1.0: Now the Default on npm with LTS TimelineExpress 5.1.0 is now the default on npm, and we're introducing an official LTS schedule for the v4 and v5 release lines.
OF LIMBO Share Homage To Van Halen With "Finish What Ya Started"
OF LIMBO are sharing a fun new homage to Van Halen with their acoustic version of the classic “Finish What Ya Started”. It’s the 2nd release from the California band off their upcoming “Unplugged” album, which will be released this summer.
Recorded at the band’s home studio in Long Beach, their...
https://comiccrusaders.com/editorial/of-limbo-share-homage-to-van-halen-with-finish-what-ya-started/
#of limbo #rock #music #npm pr
Replied to Da Linux beardude
Now I can post on freaking bluesky through terminal as well
First post: https://bsky.app/profile/reallylazybot.bsky.social/post/3llma3qvrsy2m
Bluesky Social · Da Linux Beardude's bot (@reallylazybot.bsky.social)I'm posting through terminal, yo! This is so fucking awesum !!
In today's Supply Chain News ...
Eleven oooold npm packages were hijacked to steal API keys. Wonder how many of them jise are just sitting on n someone's built pipeline with "latest" as the version parameter?
https://www.sonatype.com/blog/multiple-crypto-packages-hijacked-turned-into-info-stealers
h/t to SonaType for the top notch research.
www.sonatype.comMultiple crypto packages hijacked, turned into info-stealersMultiple hijacked npm cryptocurrency packages exfiltrate sensitive environment variables via obfuscated scripts and pose risks to open source ecosystems.
#Infostealer campaign compromises 10 #npm packages, targets devs
@henry Having (almost fully) switched to #NodeJS in 2012, I quickly recognized the danger of relying to _anything_ (#npm included, this one gave me a lot of pain for several times over the years).
Ended up with a monstrous monorepo. Forked (and improved) just 2 other people's repos, one abandoned and one that took months to finally get it right regarding garbage collection, but I had no time to wait.
Thereby I never got to a situation to hate a programming language because of the hype around it, but it surely got me coding a ton of #javascript.
The experience helped me a lot in JS5=>ECMAScript and ECMAScript=>TypeScript switching in the last year or so.
https://itinsights.nl/cybersecurity/hackers-stelen-je-developer-secrets-met-deze-npm-truc/
IT INSIGHTS · Hackers stelen je developer secrets met deze npm-truc!In de wereld van softwareontwikkeling is recent een verontrustende kwetsbaarheid aan het licht gekomen die de veiligheid van ontwikkelaars direct raakt. Tien npm-pakketten werden plotseling bijgewerkt…
New #npm attack poisons local packages with backdoors
https://www.bleepingcomputer.com/news/security/new-npm-attack-poisons-local-packages-with-backdoors/
Ok, normal patterns after an hour of excitement.
ReversingLabs has a good writeup of an npm package infected with malware that generates a backdoor. Great way to get insight into the patterns the baddies follow.
https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell
ReversingLabsMalware found on npm infecting local package with reverse shellFor the first time, RL researchers discover malicious locally-installed npm packages infecting other legitimate packages.
#security vulnerability on #npm packages
https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell
ReversingLabsMalware found on npm infecting local package with reverse shellFor the first time, RL researchers discover malicious locally-installed npm packages infecting other legitimate packages.
#NPM: Two malicious packages were discovered on npm (#NodeJS package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor:
#SoftwareSupplyChainSecurity
https://www.bleepingcomputer.com/news/security/new-npm-attack-poisons-local-packages-with-backdoors/
@BleepingComputer Do we think something like this is enough to find if this garbage is present on a Linux system? `sudo find / -iregex '.*ethers-.*`
#node #npm #malware
Out of pure curiosity, and because I'm on that #webdev #framework discovery tip. Heck, this project even made me download an IDE for Android lol
Just to read `install.bin` - which is an sh script.
Excuse me, but why are you bundling #nodejs and #npm? Is it to facilitate a setup process for containers, or is it merely to make the process easy?
I'm a bit sceptical to that sort of thing, especially when fetching from a vendors domain directly.
Any plans to build packages via CI?