Notices tagged with npm
-
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Monday, 28-Nov-2022 04:29:55 UTC 
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
And something pulled in a bunch of #Node.js and #Npm stuff. And I am wondering why that isn’t confined in a snap. -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Friday, 19-Aug-2022 23:44:26 UTC
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
https://nu.federati.net/url/287438 [www bleepingcomputer com]
200+ #npm and #pypi packages caught dropping #Linux cryptominers.
> These packages are largely typosquats of widely used libraries and each one of them downloads a Bash script on Linux systems that run cryptominers.
> It appears that both registries cleared the typosquats fairly quickly from their platforms before these could do more harm to developers.
This appears to be a characteristic behavior of #monero / #xmr #cryptocurrency users. This is by no means the first wave of mining attacks against servers.
Source: https://freeradical.zone/@thenewoil/108852026058423028 -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Saturday, 23-Oct-2021 02:47:20 UTC
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
@geniusmusing Given the large number of programs that use #Node.js under the hood, one may not know that anything is being pulled in from #npm. Huge potential for system compromise. -
Douglas A. Whitfield (musicman@nu.federati.net)'s status on Tuesday, 06-Apr-2021 13:58:40 UTC 
Douglas A. Whitfield
One of two positions coming out on my team. These two positions are a little different than those on my team currently, but I should still be able to answer questions about it. My team is 100% remote, and was pre-pandemic, but there are office locations available if you prefer an office.
Role: JavaScript Solutions Architect ( #AngularJS)
Location: Minneapolis, MN, Burlington, MA, Louisville, CO, Alameda, CA or Remote for the Candidate
Position Summary:
Perforce is seeking an Open Source Software Support Engineer (with deep AngularJS experience) to join our OpenLogic team, responsible for providing support and services on Open Source technologies to our OpenLogic customers.
This critical position demands a software engineer with a strong programming skills and some networking capabilities. You would be responsible for ensuring the success of our customers by effectively providing dependable and timely resolutions related to open source software. The ideal candidate is expected to be self-motivated, proactive, results-oriented and able to provide a high level of customer satisfaction through the delivery of world-class technical support service
Responsibilities:
Interact with end users on technical problems
Tier 4 support for open source JavaScript products and tangential technologies
Drive resolution of those problems, which include:
Open source software issues
Questions around open source software usage
Questions around use and best practices
Review of the architecture and design where software is implemented
Conduct professional services and training engagements
Research, understand, and advocate open source software
Interact with various open source communities
Drive early resolution of issues
Present knowledge via articles, blogs, and conference presentations
Requirements:
Minimum of 10 years of software development and design, systems administration, or level 3-4 technical support experience
Minimum 5 years development, design, implementation, and troubleshooting experience on AngularJS
At least 2 years in a senior position ( senior/lead developer, engineer, or software architect)
Experience resolving remotely exploitable CVEs & cross-site scripting vulnerabilities
10+ years of hands on experience working w/ JavaScript technologies:
Highly-skilled JavaScript developer with extensive knowledge of theoretical Angular software engineering
Strong expertise w/ HTML, CSS, & writing cross-browser compatible code
Understanding of AJAX and #JavaScript DOM manipulation Techniques
Experience w/ RESTful services
Experience in JavaScript build tools like #Gulp or #Grunt
Familiar with JavaScript testing frameworks
Virtualization and cloud experience with qemu/kvm, #Azure, #AWS, VirtualBox, #Vagrant
Experience working in production environments, especially enterprise/carrier environments
Technical knowledge, skills & expertise in complex infrastructure, web-based software and enterprise software
Preference given to candidates with
implementation and troubleshooting experience on one or more of the following: #Node.js, #npm, #React, #Redux, Vue.js, Aurelia, Apache Cassandra, Jenkins CI, #DockerCE, #ElasticSearch, #Kubernetes, or #MongoDB
Experience migrating AngularJS to Angular
Experience transitioning AngularJS to other modern JavaScript solutions
Committer status on AngularJS product
Configured, installed, & maintained JavaScript applications at scale in a production environment
Experience tuning JavaScript for reliability & speed
https://nu.federati.net/url/280588 -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Friday, 23-Oct-2020 16:16:49 UTC
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
Uh oh. Malicious person takes over a set of ad-blocking and security browser extensions. https://soylentnews.org/article.pl?sid=20/10/23/0417228
Source: https://shitposter.club/objects/97707ce0-5019-4519-b348-d790c5efd538
Mentions #npm and #github, but I can't see any reference in the article (using phone) -
Strypey (strypey@mastodon.nzoss.nz)'s status on Tuesday, 31-Mar-2020 00:16:08 UTC 
Strypey
Anyone GNU/Linux users out there keen to kick the tyres on the #Scuttlebutt / #SSB network, without having to wrestle with #npm? #TIL that #Patchwork, apparently the most noob-friendly SSB app, has been packaged as an #AppImage:
https://appimage.github.io/Patchwork/ -
Strypey (strypey@mastodon.nzoss.nz)'s status on Saturday, 14-Mar-2020 09:41:21 UTC
Strypey
@salixlucida from a report on an earlier crypto heist affecting code distributed by #npm:
"This vandalism is a stark reminder of the dangers of relying on deep and complex webs of dependencies in software"
https://www.theregister.co.uk/2018/11/26/npm_repo_bitcoin_stealer/ -
Strypey (strypey@mastodon.nzoss.nz)'s status on Tuesday, 10-Mar-2020 01:50:53 UTC
Strypey
@christianbundy I do have #npm on my travel laptop, installed at #Coopathon in #HongKong, but I keep meaning to expunge it. The dependence on npm stuff is the main reason I haven't tried #Scuttlebutt yet. Especially given it was a package created by Dominic (SSB creator) that was at the centre of the Great npm Crypto Robbery ;)
@clacke @alcinnz -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Sunday, 01-Dec-2019 01:46:34 UTC
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
I was thinking about playing with #SSB, but every app I see requires #NPM (and presumably #Node.js). I'm not looking with the idea of having a pile of #JabbaShit #JavaScript potentially listening on an external interface. -
Strypey (strypey@mastodon.nzoss.nz)'s status on Thursday, 13-Dec-2018 17:17:41 UTC
Strypey
@xj9 BTW I'm a keen tester of bleeding edge apps and I haven't tried #SSB yet, because I can't install it on a 32-bit PC without going through the valley of the shadow of death that is #NPM. If there's one thing I agree with Drew about, it's that choosing the right tools for the job matters. Like folks building #Electron apps, I think Dominic chose the wrong tools. Until that's fixed, SSB will remain a promising concept, but far from being ready for primetime. @alcinnz @Wolf480pl
-
r҉ustic cy͠be̸rpu̵nk🤠🤖 (cypnk@mastodon.social@mastodon.social)'s status on Friday, 13-Jul-2018 11:36:42 UTC 
r҉ustic cy͠be̸rpu̵nk🤠🤖
Oh good
“Compromised #JavaScript Package Caught Stealing npm Credentials”
Once again, #npm delivers
-
Divan (divan@social.targaryen.house)'s status on Sunday, 06-May-2018 13:29:22 UTC 
Divan
First publish to #npm in a while https://www.npmjs.com/package/open-80
One of the upsides to the low barrier to entry in the #node ecosystem is the feeling of accomplishment.
-
☠️ Grumpy Oldman (grmpyoldman@quitter.se)'s status on Thursday, 22-Feb-2018 19:57:07 UTC 
☠️ Grumpy Oldman
#npm #javascript any1? https://1n.pm/31dYs -
∑ XahLee (xahlee@noagendasocial.com)'s status on Saturday, 06-Jan-2018 23:29:10 UTC 
∑ XahLee
major disaster from #npm again https://github.com/npm/registry/issues/255
#javascript -
Rysiekúr Memesson (rysiek@mastodon.social)'s status on Sunday, 12-Nov-2017 11:45:40 UTC 
Rysiekúr Memesson
@saper @charlag heh.... I don't care much for how #npm is reinventing the wheel of package management.
-
Hallå Kitteh (clacke@social.heldscal.la)'s status on Saturday, 23-Sep-2017 01:21:25 UTC 
Hallå Kitteh
Dependency hell, illustrated.
http://npm.anvaka.com/#/view/2d/browserify
#node #npm -
Dr. Roy Schestowitz (罗伊) ✅ (schestowitz@mastodon.technology)'s status on Wednesday, 09-Aug-2017 05:23:45 UTC 
Dr. Roy Schestowitz (罗伊) ✅
Malicious code in the #Nodejs #npm registry shakes open source trust model
http://www.csoonline.com/article/3214624/security/malicious-code-in-the-node-js-npm-registry-shakes-open-source-trust-model.html
but at least it got caught -
Joel Purra (joelpurra@quitter.se)'s status on Saturday, 05-Aug-2017 08:29:05 UTC 
Joel Purra
Typosquatted #NPM package steals #credentials etc in environment variables https://www.theregister.co.uk/2017/08/02/typosquatting_npm/ -
Christine Lemmer-Webber (cwebber@octodon.social)'s status on Thursday, 03-Aug-2017 14:47:59 UTC 
Christine Lemmer-Webber
Cycles, cycles everywhere, too self-recursive to link #npm
-
worst girl 🏴☠️ (xj9@sunshinegardens.org)'s status on Tuesday, 11-Jul-2017 16:01:31 UTC 
worst girl 🏴☠️
@sc a much better version of #npm https://yarnpkg.com/en/
facebook tech
All Federati Nu: Federated N-series GNU Social content and data are available under the