Wow I'm reading about a new supply-chain attack almost every other day!

#software #npm #npmjs #ITSecurity #AI #madness

I just want to say FUCK YOU NPMJS.COM for making me having to create a new access token every 90 days maximum, and for offering a shitty 2FA without TOTP option

#npm #developer #webdeveloper #node #npmpackage #javascript #nodejs #node #OpenSource #FreeSoftware #js #typescrypt #web #programmer #npmjs

I'm having issues with build tooling, so needing to do slash and burn dev development.

Have #MSFT deployed a rate limitor on #NPMJS? I have only deployed ~ 400 packages *today* to a single IP, so i should be inside reasonable usage.
My package-lock say packages are installed, but the files aren't present.

I would be downloading less packages if I have a way to remove dev-dep without `rm-rf`

🔍 Sharing a quick win from our M365 environment.

When the axios npm supply chain attack dropped (March 31, 2026), I needed a fast way to scan our Intune-managed Windows fleet for the IOC — without E3/E5.

One script, deployed in minutes:
✅ Success = clean
❌ Failed = wt.exe found in %ProgramData%

🔗 https://github.com/Bluewal/m365-intune-scripts/blob/main/defender/threat-response/Invoke-NpmAxiosScan.ps1

First post on my new toolkit repo, more scripts coming

#infosec #Intune #Microsoft365 #BlueTeam #PowerShell #npmjs

Just published: Version 2.0.0 of my #SFSymbols #React #icon package. Available on #GitHub [1] and #npmJS [2].

#Apple #Icons #IconPack

https://sfsymbolslib.layered.work

[1] https://github.com/phranck/sf-symbols-lib
[2] https://www.npmjs.com/package/sf-symbols-lib

npmjs.com anyone? Slow as hell. Same for stackoverflow sites.❓

#npmjs #stackoverflow #internetSlow

Do you need #SFSymbols in your Web project? I made a thing for that [1]. 😃

And I just published it on #npmjs [2].

#WebDevelopment #React #TypeScript

[1] https://sfsymbolslib.layered.work
[2] https://www.npmjs.com/package/sf-symbols-lib

> New TOTP (Time-based One-Time Password) setups for npm access will be permanently disabled. Existing TOTP configurations will continue to work for now, but they will be phased out in the coming months.

no, i zaraz tylko zintegrują webauthn z dowodami cyfrowymi i nie będzie można publikować pakietów w npmjs bez potwierdzenia tożsamości.

Przegapiłem też że #npmjs to teraz gith..., eee, micro$oft

https://github.blog/changelog/2025-09-29-strengthening-npm-security-important-changes-to-authentication-and-token-management/

#javascript #programowanie