home.social

#lodash — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #lodash, aggregated by home.social.

  1. 🔖 The latest issue of my is live, issue 013.

    March recap: 12 CVEs across , , & , a state-actor supply chain attack on , and the security bug bounty paused 🔐

    blog.ulisesgascon.com/newslett

  2. 🔖 The latest issue of my #newsletter is live, issue 013.

    March recap: 12 CVEs across #undici, #Fastify, #Lodash & #pathtoregexp, a state-actor supply chain attack on #axios, and the #Nodejs security bug bounty paused 🔐

    blog.ulisesgascon.com/newslett

  3. 🔖 The latest issue of my #newsletter is live, issue 013.

    March recap: 12 CVEs across #undici, #Fastify, #Lodash & #pathtoregexp, a state-actor supply chain attack on #axios, and the #Nodejs security bug bounty paused 🔐

    blog.ulisesgascon.com/newslett

  4. 🔖 The latest issue of my #newsletter is live, issue 013.

    March recap: 12 CVEs across #undici, #Fastify, #Lodash & #pathtoregexp, a state-actor supply chain attack on #axios, and the #Nodejs security bug bounty paused 🔐

    blog.ulisesgascon.com/newslett

  5. 🔐 7 out of 10 of reports for and are invalid.

    The current spike is LLM-generated noise eating volunteers' time that should go to releases, features, and real bugs.

    Our tooling wasn't designed for this volume. Every report still needs to be read, cross-referenced, and responded to. We need better tooling and support to sustain this.

  6. 🔐 7 out of 10 of #security reports for #Lodash and #Express are invalid.

    The current spike is LLM-generated noise eating volunteers' time that should go to releases, features, and real bugs.

    Our tooling wasn't designed for this volume. Every report still needs to be read, cross-referenced, and responded to. We need better tooling and support to sustain this.

  7. 🔐 7 out of 10 of #security reports for #Lodash and #Express are invalid.

    The current spike is LLM-generated noise eating volunteers' time that should go to releases, features, and real bugs.

    Our tooling wasn't designed for this volume. Every report still needs to be read, cross-referenced, and responded to. We need better tooling and support to sustain this.

  8. 🔐 7 out of 10 of #security reports for #Lodash and #Express are invalid.

    The current spike is LLM-generated noise eating volunteers' time that should go to releases, features, and real bugs.

    Our tooling wasn't designed for this volume. Every report still needs to be read, cross-referenced, and responded to. We need better tooling and support to sustain this.

  9. 🔐 7 out of 10 of #security reports for #Lodash and #Express are invalid.

    The current spike is LLM-generated noise eating volunteers' time that should go to releases, features, and real bugs.

    Our tooling wasn't designed for this volume. Every report still needs to be read, cross-referenced, and responded to. We need better tooling and support to sustain this.

  10. 🔖 The latest issue of my is live, issue 011.

    Secure publishing on in 2026, major security overhaul, updated security best practices, fresh release backlog & ecosystem insights from talks, CVEs & community work ✨

    blog.ulisesgascon.com/newslett

  11. 🔖 The latest issue of my #newsletter is live, issue 011.

    Secure publishing on #npm in 2026, major #Lodash security overhaul, updated security best practices, fresh #Express release backlog & ecosystem insights from talks, CVEs & community work ✨

    blog.ulisesgascon.com/newslett

  12. 🔖 The latest issue of my #newsletter is live, issue 011.

    Secure publishing on #npm in 2026, major #Lodash security overhaul, updated security best practices, fresh #Express release backlog & ecosystem insights from talks, CVEs & community work ✨

    blog.ulisesgascon.com/newslett

  13. 🔖 The latest issue of my #newsletter is live, issue 011.

    Secure publishing on #npm in 2026, major #Lodash security overhaul, updated security best practices, fresh #Express release backlog & ecosystem insights from talks, CVEs & community work ✨

    blog.ulisesgascon.com/newslett

  14. Just shipped a new newsletter to Sponsors! 🎁

    Includes the hard truths of security, updates, and the overhaul that put my code in space 🚀.

    Get early access & support my OSS work here: github.com/sponsors/UlisesGasc

  15. Just shipped a new newsletter to Sponsors! 🎁

    Includes the hard truths of #npm security, #Expressjs updates, and the #Lodash overhaul that put my code in space 🚀.

    Get early access & support my OSS work here: github.com/sponsors/UlisesGasc

  16. Just shipped a new newsletter to Sponsors! 🎁

    Includes the hard truths of #npm security, #Expressjs updates, and the #Lodash overhaul that put my code in space 🚀.

    Get early access & support my OSS work here: github.com/sponsors/UlisesGasc

  17. Just shipped a new newsletter to Sponsors! 🎁

    Includes the hard truths of #npm security, #Expressjs updates, and the #Lodash overhaul that put my code in space 🚀.

    Get early access & support my OSS work here: github.com/sponsors/UlisesGasc

  18. 🛠️ Análisis en profundidad del parche de para CVE-2025-13465 en : causa raíz, mecánica de prototype pollution en _.unset/_.omit y detalles del parche.

    orbitant.com/prototype-polluti

  19. 🛠️ Análisis en profundidad del parche de #seguridad para CVE-2025-13465 en #Lodash: causa raíz, mecánica de prototype pollution en _.unset/_.omit y detalles del parche.

    orbitant.com/prototype-polluti

  20. 🛠️ Análisis en profundidad del parche de #seguridad para CVE-2025-13465 en #Lodash: causa raíz, mecánica de prototype pollution en _.unset/_.omit y detalles del parche.

    orbitant.com/prototype-polluti

  21. 🛠️ Análisis en profundidad del parche de #seguridad para CVE-2025-13465 en #Lodash: causa raíz, mecánica de prototype pollution en _.unset/_.omit y detalles del parche.

    orbitant.com/prototype-polluti

  22. 🛠️ In-depth breakdown of the fix for CVE-2025-13465 in : root cause, prototype pollution mechanics in _.unset/_.omit, and details of the patch.

    orbitant.com/en/prototype-poll

  23. 🛠️ In-depth breakdown of the #security fix for CVE-2025-13465 in #Lodash: root cause, prototype pollution mechanics in _.unset/_.omit, and details of the patch.

    orbitant.com/en/prototype-poll

  24. 🛠️ In-depth breakdown of the #security fix for CVE-2025-13465 in #Lodash: root cause, prototype pollution mechanics in _.unset/_.omit, and details of the patch.

    orbitant.com/en/prototype-poll

  25. 🛠️ In-depth breakdown of the #security fix for CVE-2025-13465 in #Lodash: root cause, prototype pollution mechanics in _.unset/_.omit, and details of the patch.

    orbitant.com/en/prototype-poll

  26. 🥹 Proud to have contributed to the security overhaul. Strengthening governance, security processes, and infrastructure to keep the project healthy for the community 🛡️

    openjsf.org/blog/lodash-securi

  27. 🥹 Proud to have contributed to the #Lodash security overhaul. Strengthening governance, security processes, and infrastructure to keep the project healthy for the community 🛡️

    openjsf.org/blog/lodash-securi

  28. 🥹 Proud to have contributed to the #Lodash security overhaul. Strengthening governance, security processes, and infrastructure to keep the project healthy for the community 🛡️

    openjsf.org/blog/lodash-securi

  29. 🥹 Proud to have contributed to the #Lodash security overhaul. Strengthening governance, security processes, and infrastructure to keep the project healthy for the community 🛡️

    openjsf.org/blog/lodash-securi

  30. Big news 🚀! is now on Open Collective!

    Support the project and be among the first backers or sponsors 🙌

    opencollective.com/lodash

  31. Big news 🚀! #Lodash is now on Open Collective!

    Support the project and be among the first backers or sponsors 🙌

    opencollective.com/lodash

  32. Big news 🚀! #Lodash is now on Open Collective!

    Support the project and be among the first backers or sponsors 🙌

    opencollective.com/lodash

  33. Big news 🚀! #Lodash is now on Open Collective!

    Support the project and be among the first backers or sponsors 🙌

    opencollective.com/lodash

  34. Big news 🚀! #Lodash is now on Open Collective!

    Support the project and be among the first backers or sponsors 🙌

    opencollective.com/lodash

  35. 🔖 The latest issue of my is out, issue 010.

    Stories from reviving & reimagining , secure publishing on , why doesn’t fail because of code, backlog updates &

    blog.ulisesgascon.com/newslett

  36. 🔖 The latest issue of my #newsletter is out, issue 010.

    Stories from reviving #Expressjs & reimagining #Lodash, secure publishing on #npm, why #OSS doesn’t fail because of code, backlog updates & #OpenSSF #Scorecard

    blog.ulisesgascon.com/newslett

  37. 🔖 The latest issue of my #newsletter is out, issue 010.

    Stories from reviving #Expressjs & reimagining #Lodash, secure publishing on #npm, why #OSS doesn’t fail because of code, backlog updates & #OpenSSF #Scorecard

    blog.ulisesgascon.com/newslett

  38. 🔖 The latest issue of my #newsletter is out, issue 010.

    Stories from reviving #Expressjs & reimagining #Lodash, secure publishing on #npm, why #OSS doesn’t fail because of code, backlog updates & #OpenSSF #Scorecard

    blog.ulisesgascon.com/newslett

  39. ✍️ El open source no falla por el código.
    Falla por problemas de gobernanza, burnout y trabajo invisible.

    He escrito sobre lo que aprendí trabajando en y :

    blog.ulisesgascon.com/el-open-

  40. ✍️ El open source no falla por el código.
    Falla por problemas de gobernanza, burnout y trabajo invisible.

    He escrito sobre lo que aprendí trabajando en #Expressjs y #Lodash:

    blog.ulisesgascon.com/el-open-

  41. ✍️ El open source no falla por el código.
    Falla por problemas de gobernanza, burnout y trabajo invisible.

    He escrito sobre lo que aprendí trabajando en #Expressjs y #Lodash:

    blog.ulisesgascon.com/el-open-

  42. ✍️ El open source no falla por el código.
    Falla por problemas de gobernanza, burnout y trabajo invisible.

    He escrito sobre lo que aprendí trabajando en #Expressjs y #Lodash:

    blog.ulisesgascon.com/el-open-

  43. ✍️ Open source doesn’t fail because of code.
    It fails because of governance gaps, burnout, and invisible work.

    I wrote down what I learned working on and

    blog.ulisesgascon.com/open-sou

  44. ✍️ Open source doesn’t fail because of code.
    It fails because of governance gaps, burnout, and invisible work.

    I wrote down what I learned working on #Expressjs and #Lodash

    blog.ulisesgascon.com/open-sou

  45. ✍️ Open source doesn’t fail because of code.
    It fails because of governance gaps, burnout, and invisible work.

    I wrote down what I learned working on #Expressjs and #Lodash

    blog.ulisesgascon.com/open-sou

  46. ✍️ Open source doesn’t fail because of code.
    It fails because of governance gaps, burnout, and invisible work.

    I wrote down what I learned working on #Expressjs and #Lodash

    blog.ulisesgascon.com/open-sou

  47. 📺 ¿Qué viene después del caos?

    Lecciones de revivir y reimaginar .

    youtube.com/watch?v=NHsIxEy0_Qw