新番組『名探偵プリキュア！』放送開始！丸美屋から“子どもが喜ぶ”定番ごはん5アイテムが新登場（マイナビ子育て） - ｄメニューニュース
https://news.google.com/rss/articles/CBMiggFBVV95cUxNSDFSM3h4LVg0VmNZZHF4bUk1WjgydWxNV1R0a3hMdVE4S2Q3ZlVJYjFPVkQwR0pyMzBrY2JRZzc4TzZYVWdXWEtScGoyeTd6R1ctaksxQ1ZoV01mWnpmSElQYkhaMEU3cUVWTkxYOU8tQWtRTFdCaEtTTm01cDJYNXh3?oc=5&hl=en-US&gl=US&ceid=US:en

#precure_fun #サンクルミエール通信 #名探偵プリキュア #npm

Tracking the VS Code Tasks Infection Vector

The Contagious Interview campaign, attributed to North Korea, continues to target software developers through fake recruitment schemes. A new technique in their arsenal leverages Microsoft Visual Studio Code task files to execute malicious code when a project is opened. The report documents observations of this vector, presents GitHub-based discovery methods, highlights findings including a new malicious NPM package, and outlines detection opportunities. The campaign exploits VS Code's Task feature, using the runOptions property to automatically execute malicious shell commands when a workspace is opened. Various obfuscation techniques are employed, including hiding commands with whitespace and masquerading payloads as image or font files.

Pulse ID: 697349c8d32812c0e5094e4d
Pulse Link: https://otx.alienvault.com/pulse/697349c8d32812c0e5094e4d
Pulse Author: AlienVault
Created: 2026-01-23 10:13:28

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #GitHub #InfoSec #Korea #Microsoft #NPM #NorthKorea #OTX #OpenThreatExchange #bot #developers #AlienVault

RE: https://mastodon.social/@sarahjelm/115940586972307740

Well worth a look .. you tube offers translations.
#NPM is taking over Swedish schools.

https://nodejs.org/en/blog/vulnerability/january-2026-dos-mitigation-async-hooks

#npm #nodejs #vulnerability

改成用pm2管理hexo了，再也不用 cd ~/blog/hexo && hexo clean && hexo g && pkill -f hexo && nohup hexo s -p 8097 了

1. npm install -g pm2

2. nano run_hexo.js
在~/blog/hexo下
内容为：
const { exec } = require('child_process');
exec('hexo server -p 8097', (err, stdout, stderr) => {
if (err) {
console.error(err);
return;
}
console.log(stdout);
});

3. pm2 start run_hexo.js --name "hexo-blog"

4. hexo clean && hexo g

#npm #hexo #博客 #pm2 #js #blog

New release signal-sdk 0.1.0 👨‍🔧

https://www.npmjs.com/package/signal-sdk/v/0.1.0
https://github.com/benoitpetit/signal-sdk

#signalsdk #signal #npm #sdk #opensource

Very elaborated social media hijack or the beginning of the end.

https://github.com/isaacs

#npm #opensource

Looks real, dude from npm seems to fully embrace the memecoin.

A bsky post explaining how it works. Stay sharp, don't let your friends sink their communities with this, money is tight everywhere.

https://bsky.app/profile/kelseyhightower.com/post/3mcqdwot5ss2t

#npm #opensource

From all the "Supply chain attacks" scenarios, the creator of the damn thing going completely nutz on Crypto/AI was never even a concern, lol.

#opensource #npm

:mike_stare: Is the creator of npm is running a crypto grift or is it another hijacked/fake account?

#opensource #npm

… kom och köp konserverad gröt …
https://youtu.be/au1JulNKJ-E?si=9KujuGZ_LbgHtqnU

Eller ”Det finns tre sorters lögn: lögn, förbannad lögn och statistik” som Mark Twain uttryckte det redan för 130 år sedan.
Här har vi att göra med det sistnämnda…
Lyssna på @skolinkvisition.bsky.social och låt er inte luras.

#statistics #lies #schoolpolitics in #Sweden
@edutooter #fakenews #npm

had that moment when I did "npm install" and it found 0 vulnerabilities and I'm like... that never happens!

#software #programming #npm #javascript #web #development #sliceoflife #happyplace

the joys of #npm: you'll have less vulnerabilities, but they will be more critical !

```
7 vulnerabilities (5 low, 2 high)
npm audit fix --force
5 vulnerabilities (1 low, 1 moderate, 2 high, 1 critical)
```

Publicar de forma segura en #npm en 2026: qué se rompió, qué cambió y qué funciona de verdad

🎙️ Charla (en español) organizada por Orbitant
🗓️ 21 de Enero, 5:00 PM CET
🔑 El enlace se enviará el día del evento
🎟️ Gratis → https://docs.google.com/forms/d/e/1FAIpQLSd0GmjLLxXhuCNM1OvLq50zMRX8U-RTFwiS-DGS6UPEReTSQw/viewform

Managing a Hugo site gets complex fast - builds, dev servers, and getting dependencies where Hugo expects them. Here's how npm scripts solved our R-Ladies website workflow 🧵

Hugo has opinions about file structure. Bootstrap needs to be in specific dirs, assets must be organized just so. Manually copying files from node_modules after every update? Error-prone and tedious.

#Hugo #NPM #WebDev #BuildTools #OpenSource #Automation

🇵🇸 @small-tech/cross-platform-hostname module deprecated

https://www.npmjs.com/package/@small-tech/cross-platform-hostname

The release of version 1.1.0 deprecates and removes support for this small module that normalised hostname reporting between Linux/macOS and Windows.

We no longer support Windows as Microsoft is complicit in Israel’s genocide of the Palestinian people¹ and Small Technology Foundation² stands in solidarity with the Boycott, Divestment, and Sanctions (BDS) movement³.

Windows is an ad-infested and surveillance-ridden dumpster fire of an operating system and, alongside supporting genocide, you are putting both yourself and others at risk by using it.

When supporting Linux/macOS, just use the built-in os.hostname() method which works the same way on both platforms.

¹ https://www.bdsmovement.net/microsoft
² https://small-tech.org/
³ https://www.bdsmovement.net/

#SmallTechnologyFoundation #crossPlatformHostname #npm #module #deprecation #BDS #Microsoft #Windows #NodeJS #web #dev #FOSS #SmallTech #SmallWeb #israel #genocide #Gaza #Palestine #FreePalestine #techIsPolitical #codeIsPolitical

safe-npm - Pour ne plus flipper à chaque 'npm install'

https://fed.brid.gy/r/https://korben.info/safe-npm-protection-supply-chain-attack-javascript.html

[Перевод] Почему сканеры на практике дают сбой: уроки атак Shai-Hulud на NPM

Когда волна компрометаций в NPM накрывает экосистему, выясняется неприятное: «знать свои зависимости» недостаточно, если вредонос успевает отработать ещё на этапе установки и сборки. В этом разборе — почему популярные SCA/SBOM-сканеры то молчат, то шумят ложняками на кейсе Shai-Hulud, как решает (или не решает) вопрос выбор источника уязвимостей, и почему malware-advisories оказываются невидимкой для части инструментов. В итоге речь не про очередной чеклист, а про реальные границы автоматического контроля цепочки поставок. Внутрь инцидента

https://habr.com/ru/companies/otus/articles/985656/

#безопасность_цепочки_поставок #компрометация_зависимостей #NPM #атаки_на_пакеты #packagejson #SCA #SBOM #GitHub

A lot of those in #sweden … just check the latest OECD report on #swedish #politics

https://davidgraeber.org/articles/i-had-to-guard-an-empty-room/

#bullshit #jobs #npm
@eunews

Originally, I just wanted a few SF Symbol icons for my #Previous Admin. And then somehow it got completely out of hand. The result is a #React #Package that provides all 6,984 SF Symbols from Apple's Mac App in version 7 as React components. The screenshot shows the interactive preview page that comes with the package.

Here you can find a live demo of that webpage:

https://sfsymbolslib.layered.work

#WebDev #WebDevelopment #TypeScript #Emulator #RetroComputing #npm #SFSymbols