Eating kebab and listening to @Antiz #archbtw #packages #fosdem #fosdem2026 #fosdem26 on the #stream @archlinux
#Packages
→ ICE documents reveal plan to hold 80,000 immigrants in warehouses
https://www.washingtonpost.com/business/2025/12/24/ice-immigrants-detention-warehouses-deportation-trump/
“"We need to get better at treating this like a #business," ICE acting director Todd M. Lyons said […].”
“The administration’s goal, he said, was to #deport #immigrants as efficiently as #Amazon moves #packages: "Like Prime, but with #human beings."”
“The large #warehouses would be located close to major #logistics hubs in Virginia, Texas, Louisiana, Arizona, Georgia and Missouri.”
Node.js Package Configuration Guide, by @nodejs:
https://nodejs.github.io/package-examples/
#guides #packages #dependencies #configuration #commonjs #esm
#Development #Pitfalls
The 9 levels of JS dependency hell · Developers solved each problem, only to create the next https://ilo.im/169mic
_____
#Programming #Coding #Dependencies #JavaScript #Packages #Attacks #AI #WebDev #Frontend #Backend
:terminal: 27 Malicious NPM Packages used as Phishing Infrastructure to steal Login Credentials.
IT-Security researchers have disclosed details of what has been described as a "sustained and targeted" spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft. The activity, has primarily targeted sales and commercial personnel at critical infrastructure-adjacent organizations in the U.S. and Allied nations, according to Socket.
https://socket.dev/blog/spearphishing-campaign-abuses-npm-registry
#npm #packages #phishing #campaign #it #security #privacy #engineer #media #secure #programming #developer #tech #news
![[ImageSource: Socket]
⁉️Another crucial anti-analysis control adopted by the threat actor relates to the use of honeypot form fields that are hidden from view for real users, but are likely to be populated by crawlers. This step acts as a second layer of defense, preventing the attack from proceeding further.⁉️
Socket said the domains packed into these packages overlap with adversary-in-the-middle [AitM] phishing infrastructure associated with Evilginx, an open-source phishing kit.
"This campaign follows the same core playbook, but with different delivery mechanics," Socket said. "Instead of shipping minimal redirect scripts, these packages deliver a self-contained, browser-executed phishing flow as an embedded HTML and JavaScript bundle that runs when loaded in a page context."
👾What's more, the phishing packages have been found to hard-code 25 email addresses tied to specific individuals, who work in account managers, sales and business development representatives in manufacturing, industrial automation, plastics and polymer supply chains, healthcare sectors in Austria, Belgium, Canada, France, Germany, Italy, Portugal, Spain, Sweden, Taiwan, Turkey, the U.K. and the U.S.👾](https://files.mastodon.social/cache/media_attachments/files/115/883/538/281/793/471/original/4a0f67a2aeac898d.jpeg)
![[ImageSource: Socket]
⚠️It's currently unknown how the attackers obtained the email addresses. But given that many of the targeted firms convene at major international trade shows, such as Interpack and K-Fair, it's suspected that the threat actors may have pulled the information from these sites and combined it with general open-web reconnaissance.⚠️
"In several cases, target locations differ from corporate headquarters, which is consistent with the threat actor's focus on regional sales staff, country managers, and local commercial teams rather than only corporate IT," the company said.
👾To counter the risk posed by the threat, it's essential to enforce stringent dependency verification, log unusual CDN requests from non-development contexts, enforce phishing-resistant multi-factor authentication [MFA], and monitor for suspicious post-authentication events.👾
⁉️The development comes as Socket said it observed a steady rise in destructive malware across npm, PyPI, NuGet Gallery, and Go module indexes using techniques like delayed execution and remotely-controlled kill switches to evade early detection and fetch executable code at runtime using standard tools such as wget and curl.⁉️
<https://socket.dev/blog/2025-report-destructive-malware-in-open-source-packages>](https://files.mastodon.social/cache/media_attachments/files/115/883/538/314/854/295/original/a47f8e0ac1bd7ec8.jpeg)
Los módulos definen qué es el proyecto y los paquetes organizan su código. En este artículo vas a entender cómo se comunican los paquetes en Go.
https://www.lateclaescape.com/post/2026/golang-packages-communication/
Time to rebuild your python package on arch! The new python v3.14 hit the repos.
https://digitalprivacy.diy/news/en/python-3-14-is-out-on-arch-rebuild-your-packages
or
pacman -Qoq /usr/lib/python3.13
pikaur -Sy $(pacman -Qoq /usr/lib/python3.13) --rebuild
:gentoo: Gentoo goes binary at @fosdem
“The saga of official binary packages for #Gentoo #Linux”
🗓️ Sunday, 13:00–13:25
Gentoo’s move from purely source‑based installs to offering official #binary #packages has been a major milestone. Andreas K. Hüttel and Sam James will share how new formats, signing, automated rebuilds, and dedicated build hosts made it all work — and what’s coming next.
A great session for anyone curious about Gentoo’s evolution.
https://fosdem.org/2026/schedule/event/9GLCAE-the_saga_of_official_binary_packages_for_gentoo_linux/
New 𝗔𝗱𝗱 𝗣𝗼𝗿𝘁 𝘁𝗼 𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝗣𝗼𝗿𝘁𝘀 [Add Port to FreeBSD Ports] on vermaden.wordpress.com blog.
https://vermaden.wordpress.com/2026/01/10/add-port-to-freebsd-ports/
New 𝗔𝗱𝗱 𝗣𝗼𝗿𝘁 𝘁𝗼 𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝗣𝗼𝗿𝘁𝘀 [Add Port to FreeBSD Ports] on vermaden.wordpress.com blog.
https://vermaden.wordpress.com/2026/01/10/add-port-to-freebsd-ports/
Este artículo explica qué es un paquete en Go, qué reglas impone el lenguaje, cómo se estructuran los proyectos y por qué la simplicidad del sistema de paquetes es una de las claves de la claridad y mantenibilidad del código Go.
I have a habbit of making (too) many (small) packages for functionality that might be reused in different context. {box} might be an alternative by making scripts into modlues that can be loaded: https://klmr.me/box/ #RStats #packages #waysofworking
Added 𝗨𝗣𝗗𝗔𝗧𝗘 𝟭 - 𝗦𝗮𝗳𝗲𝗹𝘆 𝗥𝗲𝗺𝗼𝘃𝗲 𝗔𝗹𝗹 𝗧𝗵𝗶𝗿𝗱 𝗣𝗮𝗿𝘁𝘆 𝗣𝗮𝗰𝗸𝗮𝗴𝗲𝘀 [UPDATE 1 - Safely Remove All Third Party Packages] to the 𝗕𝗿𝗮𝘃𝗲 𝗡𝗲𝘄 𝗣𝗞𝗚𝗕𝗔𝗦𝗘 𝗪𝗼𝗿𝗹𝗱 [Brave New PKGBASE World article.
https://vermaden.wordpress.com/2025/10/20/brave-new-pkgbase-world/#UPDATE1
#verblog #freebsd #pkgbase #pkg #remove #third #party #packages #ports
Added 𝗨𝗣𝗗𝗔𝗧𝗘 𝟭 - 𝗦𝗮𝗳𝗲𝗹𝘆 𝗥𝗲𝗺𝗼𝘃𝗲 𝗔𝗹𝗹 𝗧𝗵𝗶𝗿𝗱 𝗣𝗮𝗿𝘁𝘆 𝗣𝗮𝗰𝗸𝗮𝗴𝗲𝘀 [UPDATE 1 - Safely Remove All Third Party Packages] to the 𝗕𝗿𝗮𝘃𝗲 𝗡𝗲𝘄 𝗣𝗞𝗚𝗕𝗔𝗦𝗘 𝗪𝗼𝗿𝗹𝗱 [Brave New PKGBASE World article.
https://vermaden.wordpress.com/2025/10/20/brave-new-pkgbase-world/#UPDATE1
#verblog #freebsd #pkgbase #pkg #remove #third #party #packages #ports
@trashheap I see pros and cons with Linux (Kubuntu), pros and cons with FreeBSD.
Today: <https://www.reddit.com/r/freebsd/comments/1oeeed6/comment/nw5ysjs/?context=1>
#FreeBSD #ports #packages #Linux #Kubuntu #Snap #Flatpak #AppImage
Danish postal service to stop delivering letters after 400 years
Denmark is “one of the most digitalised countries in the world”, the company said the demand for letters had “fallen drastically” while online shopping continued to increase, prompting the decision to instead focus on parcels
#denmark #mail #packages #delivery #internet #technology #tech
https://www.theguardian.com/world/2025/dec/21/denmark-postnord-postal-delivery-letters-society
#Washington family's home flooded with unwanted #Amazon #packages
https://www.upi.com/Odd_News/2025/12/15/unwanted-packages-Arlo-Washington-DC/1441765816697/
🧩 The state of the Rust dependency ecosystem
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst