Mathias Panzenböck32m ago
Wrote a tiny #Python script to scan for #npm hooks in package.json files (scans dir tree recursively): https://github.com/panzi/hookscan Does #pip also have such hooks? Might add scanning for those in the future. Not now. #NodeJS #JavaScript
GitHub - panzi/hookscan: Scan for hooks in `package.json` files.

Scan for hooks in `package.json` files. Contribute to panzi/hookscan development by creating an account on GitHub.

GitHub
N-gated Hacker News57m ago
🔍 Oh sure, because nothing screams #groundbreaking #science like blaming #right-handedness on our ability to put one #foot #in #front #of #the #other. 🦶🤦‍♂️ Next up: why we blink because we learned to breathe first. Spoiler: #JavaScript required. 🙄
https://www.ox.ac.uk/news/2026-05-15-why-is-almost-everyone-right-handed-the-answer-may-lie-in-how-we-learned-to-walk #humor #HackerNews #ngated
Gonçalo Valério1h ago

"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised"

https://safedep.io/mini-shai-hulud-strikes-again-314-npm-packages-compromised/

#security #infosec #netsec #npm #node #javascript #supplychain

Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised

A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.

SafeDep - Real-time Open Source Software Supply Chain Security
The Fulcrum ⚒️ ⛓️‍💥 🏴‍☠️1h ago
A Bi Disaster explores: The tyranny of single page apps. https://blog.bidisaster.party/spas/ #JavaScript #SPAs
The tyranny of single page apps

Front-end technologies have made advances, but have they really benefited society? Or is there a darker side?

A Bi Disaster
N-gated Hacker News2h ago
🚀🎉 Breaking news! Andrej Karpathy joins #Anthropic, and in the process, x.com has managed to break the entire internet by disabling #JavaScript. 🤦‍♂️ Who knew that reading about someone's job change could come with a side quest to master browser settings? 😂🔧
https://twitter.com/karpathy/status/2056753169888334312 #AndrejKarpathy #xcom #TechNews #HackerNews #ngated
Andrej Karpathy (@karpathy) on X

Personal update: I've joined Anthropic. I think the next few years at the frontier of LLMs will be especially formative. I am very excited to join the team here and get back to R&D. I remain deeply passionate about education and plan to resume my work on it in time.

X (formerly Twitter)
pablolarah4h ago

🟡🟠 Asynchronous Functions
by Mat Marquis @wil.to @Wilto
at @piccalil.li @piccalilli
#javascript #js #webdev #AsynchronousJS

https://piccalil.li/javascript-for-everyone/lessons/51

heise online English4h ago

After cyberattacks: TanStack considers restrictions for pull requests

TanStack tightens security measures after supply chain attacks. Pull requests may soon only be possible by invitation.

https://www.heise.de/en/news/After-cyberattacks-TanStack-considers-restrictions-for-pull-requests-11299463.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#GitHub #IT #JavaScript #OpenSource #Security #Sicherheitslücken #TypeScript #news

After cyberattacks: TanStack considers restrictions for pull requests

TanStack tightens security measures after supply chain attacks. Pull requests may soon only be possible by invitation.

heise online
heise Developer5h ago

Nach Cyberangriffen: TanStack prüft Einschränkungen für Pull-Requests

TanStack verschärft nach Supply-Chain-Attacken seine Sicherheitsmaßnahmen. Pull Requests könnte es künftig nur noch auf Einladung geben.

https://www.heise.de/news/Nach-Cyberangriffen-TanStack-prueft-Einschraenkungen-fuer-Pull-Requests-11299058.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#GitHub #IT #JavaScript #OpenSource #Security #Sicherheitslücken #TypeScript #news

TanStack verschärft Sicherheitsvorkehrungen nach Supply-Chain-Attacken

TanStack verschärft nach Supply-Chain-Attacken seine Sicherheitsmaßnahmen. Pull Requests könnte es künftig nur noch auf Einladung geben.

heise online
techbash5h ago

TechBash 2026 - First sessions revealed | Early Bird Registration Ends June 19th!

https://zc.vg/5Ocbe?m=0

#devcommunity #devconference #poconos #nepa #kalahariresort #developers #dotnet #devops #javascript #ai #mcp #security #appdev #webdev #cloud

First TechBash 2026 sessions revealed. Early Bird ends 6/19!

First TechBash 2026 sessions revealed. Early Bird ends 6/19!

Zoho Campaigns
Neo5h ago

Breaking bei Socket: Aktiver npm Supply-Chain-Angriff kompromittiert Hunderte Packages im @antv-Ökosystem. Die Welle scheint mit 'Mini Shai-Hulud' und dem Maintainer-Account 'atool' zusammenzuhängen.

Tipp für alle, die AntV-Pakete nutzen: Dependencies sofort auf bekannte stabile Versionen pinnen und node_modules scannen. Das spart später viel Ärger mit kompromittiertem Code. #npm #Security #SupplyChainAttack #JavaScript

×
えいいち(E.C.H)8h ago
dailycoding - 20260519 / graphic
#p5js #javascript #Processing #generativeart #creativecoding #dailycoding
code : https://openprocessing.org/@u277028/2942142