#npmjs
@cloudflare Cloudflare, are you blocking anything with the word “camel” in it? Such as NPM modules that have `camelcase` in the name?
Looking for a simple way to provide a compressed archive from a web application with the requirement to create the archive in the browser, not on the server.
- JSZip: 12 (transitive) dependencies
- tar-js: 0 dependencies
While zip may be more common, the 0-dependencies is a unique selling point for me!
How many vanilla.js/zero-dependency reusable components are there on https://npmjs.com? I can easily write my own components for simple things, like a Dark Mode switch, as plain old JavaScript classes that directly manipulate the DOM. Why can't I simply add a bunch of these components to my project and use import-maps to load them?
i just explained that i don't want to pull in a dependency from #npmjs because george washington taught me to avoid entangling alliances, how's your monday goin
hmm, i know it's early but is npmjs showing 404s for a lot of packages right now? seems so
every "popular library" on https://www.npmjs.com/ is a 404 if clicked
In the last 6 months, roughly 70% of new #npm packages were #spam. What does this mean for supply chain security?
At Black Hat USA? Find us in Startup City booth SC203!
We've uncovered #malware hidden in a Microsoft logo JPG, shipping as fake #AWS packages on #npm! 😲
https://blog.phylum.io/fake-aws-packages-ship-command-and-control-malware-in-jpeg-files/
#steganography #opensource #cybersecurity #npmjs #javascript #typescript #software #infosec #js
Advanced threat actors have not let up on their attacks against the software supply chain. We catalog recent attacks from North Korean state actors in our new blog post!
Supply chain attacks come in all shapes and sizes. Today Phylum Research discusses its discovery of malicious #jQuery files in #npm.
https://blog.phylum.io/persistent-npm-campaign-shipping-trojanized-jquery/
#javascript #opensource #sbom #js #npmjs #node #cybersecurity #softwaredevelopment #software
#DailyBloggingChallenge (320/365)
Implementing ICS was quite easy after finding a functional library on #npmjs.
The difficulty was creating a parsing function that takes the already existing data format and put it into the #ical one. This means the new property duration was introduced using the same schema as provided from the ics library.
Credential stealer? ✅ Keylogger? ✅ Cryptocurrency stealer? ✅
Phylum uncovers more malicious #npm packages targeting the #Javascript ecosystem.
https://blog.phylum.io/npm-package-caught-exfiltrating-crypto
#malware #opensource #bitcoin #cryptocurrency #typescript #software #infosec #cybersecurity #npmjs
The search bar of https://npmjs.com is annoyingly broken. You have to press enter twice for it to actually search. It always takes me a moment to remember and I wonder why it's taking so long to load the search results. #npmjs #wtf
We've uncovered new #malware packages published to #npm that appear to be an evolution on a previous supply chain attack carried out by nation state backed actors ☠
https://blog.phylum.io/north-korean-state-actors
#npmjs #javascript #supplychainattack #opensource #infosec #reverseengineering #typescript
It's been ... a while ... since I tried to log into #npmjs.org. So long that now #2fa is required. I don't have an "authenticator" with them and I don't have my "recovery codes". Now I can't login at all. I can't contact them on the support page because I have to "sign in for assistance".
My email history says I enabled it 2 years ago. But my phone from that time is gone.
Have I permanently lost the account? Do I have any other recourse? #javascript #security
For reasons I can't yet fathom, #npm has specifically blocked me at a WAF level from accessing yarn.npmjs.org. I've not been doing anything other than normal yarn installs, so this is super confusing, and reaching out to npm support has so far been fruitless - with them asking for an npm debug log :(
Does anyone know anyone at #npmjs or #GitHub who might be able to help resolve this? :boostRequest:
#npm had 2.5 million live packages by the end of 2023, downloaded 184+ billion times per month. 5k #malware and 15k #spam packages were found last year. There's a package named 214x the letter "a". There's one almost 6 GB in size!
Remember to always use as less #npmjs dependencies as possible, carefully vet what you're using and to run it in a container (also during dev).
24: #npmjs (Node Package Manager) - "The world's largest software registry for JavaScript."
