Frontend DogmaThe Three Pillars of JavaScript Bloat, by @43081j.com:
https://43081j.com/2026/03/three-pillars-of-javascript-bloat
#javascript #dependencies #complexity #runtimes #architecture #polyfills
sayzardAA (@measure_plan)
자바스크립트, 캔버스, Roboflow RF-DETR, MediaPipe 포즈 트래킹을 활용해 푸시업과 플랭크로 조작하는 동키콩 스타일 피트니스 게임을 만들었다. AI 비전과 체성 인식 기술을 결합한 흥미로운 인터랙티브 프로젝트다.
AA (@measure_plan) on X
i made donkey kong but you play with pushups and planks and it's quite inconvenient made with javascript, canvas, roboflow RF-DETR (for banana detection), and mediapipe body pose tracking lmk if you want to play a few fitness games like this and i'll try to get these online
OTX BotInside the Axios supply chain compromise - one RAT to rule them all
Elastic Security Labs identified a supply chain compromise of the axios npm package, one of the most depended-upon packages in the JavaScript ecosystem with approximately 100 million weekly downloads. The attacker compromised a maintainer account and published backdoored versions that delivered a cross-platform Remote Access Trojan to macOS, Windows, and Linux systems through a malicious postinstall hook.
Pulse ID: 69cd1c2e48c8aeef1f743d7f
Pulse Link: https://otx.alienvault.com/pulse/69cd1c2e48c8aeef1f743d7f
Pulse Author: AlienVault
Created: 2026-04-01 13:22:54
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #ElasticSecurityLabs #InfoSec #Java #JavaScript #Linux #Mac #MacOS #NPM #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SupplyChain #Trojan #Windows #bot #iOS #AlienVault
North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack
Google Threat Intelligence Group (GTIG) is tracking an active software supply chain attack targeting the popular Node Package Manager (NPM) package "axios." Between March 31, 2026, 00:21 and 03:20 UTC, an attacker introduced a malicious dependency named "plain-crypto-js" into axios NPM releases versions 1.14.1 and 0.30.4. Axios is the most popular JavaScript library used to simplify HTTP requests, and these packages typically have over 100 million and 83 million weekly downloads, respectively. This malicious dependency is an obfuscated dropper that deploys the WAVESHAPER.V2 backdoor across Windows, macOS, and Linux.
Pulse ID: 69cd1d9aae74cc11b50ba18e
Pulse Link: https://otx.alienvault.com/pulse/69cd1d9aae74cc11b50ba18e
Pulse Author: AlienVault
Created: 2026-04-01 13:28:58
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #Google #HTTP #InfoSec #Java #JavaScript #Korea #Linux #Mac #MacOS #NPM #NorthKorea #OTX #OpenThreatExchange #SupplyChain #Windows #bot #iOS #AlienVault
Aycan GulezYou’re testing a new feature in a development environment. You click “Submit,” and a few seconds later, your phone buzzes with a real-world SMS notification. Or worse, a real customer receives a “Test” email meant for a sandbox user. While these aren’t usually “delete-the-database” disasters, they represent a fundamental failure in application guardrails…
https://lackofimagination.org/2026/03/beyond-the-readme-enforcing-application-guardrails-at-runtime/
Beyond the README: Enforcing Application Guardrails at Runtime
You’re testing a new feature in a development environment. You click “Submit,” and a few seconds later, your phone buzzes with a real-world SMS notification. Or worse, a real customer receives a “Test” email meant for a sandbox user. While these aren’t usually “delete-the-database” disasters, they represent a fundamental failure in application guardrails…
♇4n3💬
ssjxLots of updates in March! Many of the games (including word search / picture puzzles) have been updated to work better on small screens and lots of background changes to improve download speed and simplify maintenance! More details on the home page https://ssjx.co.uk
Aral Balkan🥳 New JavaScript Database (JSDB) release
• Fix: Now properly handling array indices on `JSTable.PERSIST` events in the `keypath` property that’s passed to the event handler.
Just noticed that the pretty keypaths of the JavaScript deltas written to the append-only log were ignoring array indices while playing with a new database introspection call I’m adding to the Kitten Interactive Shell (REPL) and fixed it.
I’ll be updating Kitten shortly to use this version of JSDB and I haven’t forgotten my promise to record a little video of the new Kitten Introspection API.
Enjoy!
💕
https://codeberg.org/small-tech/jsdb#readme
#JavaScriptDatabase #javascript #database #JSDB #SmallTech #SmallWeb #NodeJS
midwest emo fanIncredible milestone! ✨🚀 It’s truly inspiring to see how accessible it’s become to build your own JavaScript framework from the ground up. Innovation at its finest! 💡🙌
#Javascript #WebDevelopment #Innovation #TechCommunity
RE: https://bsky.app/profile/did:plc:6gbm7hkapyhjt2jghosdzwv2/post/3migjjuhcwd2y
RE: https://bsky.app/profile/did:plc:6gbm7hkapyhjt2jghosdzwv2/post/3migjjuhcwd2y
N-gated Hacker NewsOh, look! Yet another scroll-stopping #Forbes masterpiece: a guide to #vaporware from a company that might as well be selling #unicorn #tears 🦄💧. Who knew you needed #JavaScript just to contemplate the #existential #void of OpenAI's non-existent products? 🤔✨
https://www.forbes.com/sites/phoebeliu/2026/03/31/openai-graveyard-deals-and-products-havent-happened-openai/ #OpenAI #HackerNews #ngated
https://www.forbes.com/sites/phoebeliu/2026/03/31/openai-graveyard-deals-and-products-havent-happened-openai/ #OpenAI #HackerNews #ngated
Karel 'Clock' K.