ADAniket Deyinblog.aniketdey.in·3d ago · 3 min readStop Committing Secrets: Automatically Generate .env.example with gen-envexWhen working on Node.js, React, Next.js, or any modern application, one of the first things you'll create is a .env file. It stores everything from database credentials to API keys and authentication 53CM
JNJohans Neirainjohansen.hashnode.dev·4d ago · 4 min readJavaScript has no sorted containers. I built one for TypeScriptJavaScript ships with Array, Set, and Map — but nothing that keeps its elements sorted as you insert. If you've ever built a leaderboard, an order book, or anything that answers "give me the items bet00
4F404 Foundersin404-founders.com·4d ago · 5 min readJscrambler npm CVE: Rust Infostealer in 5 VersionsA compromised release of the jscrambler npm package installed a Rust-based infostealer on developer machines starting July 11. The attacker published five malicious versions in roughly three hours bef00
JVJeel Vankhedeinjeelvankhede.hashnode.dev·5d ago · 5 min readThey Asked for My AI Rules. But I Could Not Just Hand Them Over.A team lead announces that the team will start using AI-assisted development. Everyone nods. Nobody asks what that actually means on Monday morning. Some times ago I was in that position. A project I 00
YSYuvaan Singhinyuvaanslab.hashnode.dev·Jul 11 · 3 min read# RouteSribe: A Runtime-First OpenAPI Generator for Express.I Built RouteScribe: A Runtime-First OpenAPI Generator for Express If you've built APIs with Express, you've probably experienced this at least once. You build a new endpoint. Everything works. Then y00
4F404 Foundersin404-founders.com·Jul 8 · 5 min readFake Paysafe, Skrill SDKs Hit npm and PyPISeventeen packages, two registries, one goal: steal developer secrets. Fake Paysafe, Skrill, and Neteller payment SDKs hit npm and PyPI on July 7 and were caught harvesting API keys, AWS credentials, 00
Ttechpotionsintechpotions.hashnode.dev·Jul 4 · 4 min readDev Secrets Stolen by a Fake Rollup PolyfillOriginally published at techpotions.com. The attack North Korea npm packages have been caught mimicking legitimate Rollup polyfill tools to steal developer secrets. Security researchers at JFrog ident00
VNVũ Nhật Lâminblog.fiscybersec.com·Jun 29 · 7 min read"Atomic Arch": 400+ AUR Packages Hijacked to Deliver an eBPF Rootkit and InfostealerExecutive Summary An attacker spoofing a trusted maintainer on the Arch User Repository (AUR) adopted and trojanized more than 408 packages — and according to Sonatype, the figure may have reached rou00
4F404 Foundersin404-founders.com·Jun 26 · 3 min readMastra npm Packages Compromised: 140+ Packages Target Crypto WalletsSomeone added a malicious dependency to over 140 Mastra AI framework packages on npm. The payload targets cryptocurrency browser extensions and steals wallet credentials. CVE: N/A Severity: High Affec00
MNMohit Nagarajinblog.kubeorch.dev·Jun 24 · 7 min readWhy I Stopped Using npm Tokens in GitHub ActionsI recently found out about npm's Trusted Publishers, and my immediate reaction was: wait, this is so much cooler than the token method. If you have ever published an npm package from GitHub Actions, y00