home.social

#npmjs — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #npmjs, aggregated by home.social.

  1. I just want to say FUCK YOU NPMJS.COM for making me having to create a new access token every 90 days maximum, and for offering a shitty 2FA without TOTP option

    #npm #developer #webdeveloper #node #npmpackage #javascript #nodejs #node #OpenSource #FreeSoftware #js #typescrypt #web #programmer #npmjs

  2. I just want to say FUCK YOU NPMJS.COM for making me having to create a new access token every 90 days maximum, and for offering a shitty 2FA without TOTP option

    #npm #developer #webdeveloper #node #npmpackage #javascript #nodejs #node #OpenSource #FreeSoftware #js #typescrypt #web #programmer #npmjs

  3. I just want to say FUCK YOU NPMJS.COM for making me having to create a new access token every 90 days maximum, and for offering a shitty 2FA without TOTP option

    #npm #developer #webdeveloper #node #npmpackage #javascript #nodejs #node #OpenSource #FreeSoftware #js #typescrypt #web #programmer #npmjs

  4. I just want to say FUCK YOU NPMJS.COM for making me having to create a new access token every 90 days maximum, and for offering a shitty 2FA without TOTP option

    #npm #developer #webdeveloper #node #npmpackage #javascript #nodejs #node #OpenSource #FreeSoftware #js #typescrypt #web #programmer #npmjs

  5. I just want to say FUCK YOU NPMJS.COM for making me having to create a new access token every 90 days maximum, and for offering a shitty 2FA without TOTP option

    #npm #developer #webdeveloper #node #npmpackage #javascript #nodejs #node #OpenSource #FreeSoftware #js #typescrypt #web #programmer #npmjs

  6. «Passwortsafe Bitwarden — Kommandozeilen-Client trojanisiert:
    Das Bitwarden-Security-Team bestätigt, dass kurzzeitig eine bösartige Version des Kommandozeilen-Client ausgeliefert wurde.»

    Jetzt war @bitwarden daran und das per NPM. Wieviel mal wird dies und ähnliches noch auftauchen? NPM ist leider mittlerweile das Einfallstor für viele Sicherheitslücken.

    🔐 heise.de/news/Passwortsafe-Bit

    #npm #bitwarden #javascript #hacking #passwort #js #npmjs #itsicherheit #it #web #webdev #sicherheit

  7. «Passwortsafe Bitwarden — Kommandozeilen-Client trojanisiert:
    Das Bitwarden-Security-Team bestätigt, dass kurzzeitig eine bösartige Version des Kommandozeilen-Client ausgeliefert wurde.»

    Jetzt war @bitwarden daran und das per NPM. Wieviel mal wird dies und ähnliches noch auftauchen? NPM ist leider mittlerweile das Einfallstor für viele Sicherheitslücken.

    🔐 heise.de/news/Passwortsafe-Bit

    #npm #bitwarden #javascript #hacking #passwort #js #npmjs #itsicherheit #it #web #webdev #sicherheit

  8. «Passwortsafe Bitwarden — Kommandozeilen-Client trojanisiert:
    Das Bitwarden-Security-Team bestätigt, dass kurzzeitig eine bösartige Version des Kommandozeilen-Client ausgeliefert wurde.»

    Jetzt war @bitwarden daran und das per NPM. Wieviel mal wird dies und ähnliches noch auftauchen? NPM ist leider mittlerweile das Einfallstor für viele Sicherheitslücken.

    🔐 heise.de/news/Passwortsafe-Bit

    #npm #bitwarden #javascript #hacking #passwort #js #npmjs #itsicherheit #it #web #webdev #sicherheit

  9. «Passwortsafe Bitwarden — Kommandozeilen-Client trojanisiert:
    Das Bitwarden-Security-Team bestätigt, dass kurzzeitig eine bösartige Version des Kommandozeilen-Client ausgeliefert wurde.»

    Jetzt war @bitwarden daran und das per NPM. Wieviel mal wird dies und ähnliches noch auftauchen? NPM ist leider mittlerweile das Einfallstor für viele Sicherheitslücken.

    🔐 heise.de/news/Passwortsafe-Bit

    #npm #bitwarden #javascript #hacking #passwort #js #npmjs #itsicherheit #it #web #webdev #sicherheit

  10. «Passwortsafe Bitwarden — Kommandozeilen-Client trojanisiert:
    Das Bitwarden-Security-Team bestätigt, dass kurzzeitig eine bösartige Version des Kommandozeilen-Client ausgeliefert wurde.»

    Jetzt war @bitwarden daran und das per NPM. Wieviel mal wird dies und ähnliches noch auftauchen? NPM ist leider mittlerweile das Einfallstor für viele Sicherheitslücken.

    🔐 heise.de/news/Passwortsafe-Bit

    #npm #bitwarden #javascript #hacking #passwort #js #npmjs #itsicherheit #it #web #webdev #sicherheit

  11. I'm having issues with build tooling, so needing to do slash and burn dev development.

    Have deployed a rate limitor on ? I have only deployed ~ 400 packages *today* to a single IP, so i should be inside reasonable usage.
    My package-lock say packages are installed, but the files aren't present.

    I would be downloading less packages if I have a way to remove dev-dep without `rm-rf`

  12. I'm having issues with build tooling, so needing to do slash and burn dev development.

    Have #MSFT deployed a rate limitor on #NPMJS? I have only deployed ~ 400 packages *today* to a single IP, so i should be inside reasonable usage.
    My package-lock say packages are installed, but the files aren't present.

    I would be downloading less packages if I have a way to remove dev-dep without `rm-rf`

  13. 🔍 Sharing a quick win from our M365 environment.

    When the axios npm supply chain attack dropped (March 31, 2026), I needed a fast way to scan our Intune-managed Windows fleet for the IOC — without E3/E5.

    One script, deployed in minutes:
    ✅ Success = clean
    ❌ Failed = wt.exe found in %ProgramData%

    🔗 github.com/Bluewal/m365-intune

    First post on my new toolkit repo, more scripts coming

    #infosec #Intune #Microsoft365 #BlueTeam #PowerShell #npmjs

  14. npmjs.com anyone? Slow as hell. Same for stackoverflow sites.❓

    #npmjs #stackoverflow #internetSlow

  15. > New TOTP (Time-based One-Time Password) setups for npm access will be permanently disabled. Existing TOTP configurations will continue to work for now, but they will be phased out in the coming months.

    no, i zaraz tylko zintegrują webauthn z dowodami cyfrowymi i nie będzie można publikować pakietów w npmjs bez potwierdzenia tożsamości.

    Przegapiłem też że #npmjs to teraz gith..., eee, micro$oft

    github.blog/changelog/2025-09-

    #javascript #programowanie

  16. Nobody should be using npmjs without checking also this:

    npm.anvaka.com/#/view/2d/decom

    And btw, how stupid is it that npmjs allows to sort by dependents but not by the number of transitive dependencies. And why don't they show transitive dependencies anyway? It would make it blatantly obvious what an abyss many packages are.

    #npm #npmjs #javascript #webdev

  17. @cloudflare Cloudflare, are you blocking anything with the word “camel” in it? Such as NPM modules that have `camelcase` in the name?

    #outage #npmjs #cloudflare #camel

  18. Looking for a simple way to provide a compressed archive from a web application with the requirement to create the archive in the browser, not on the server.

    - JSZip: 12 (transitive) dependencies
    - tar-js: 0 dependencies

    While zip may be more common, the 0-dependencies is a unique selling point for me!

    #javascript #zip #tar #programming #npmjs

  19. How many vanilla.js/zero-dependency reusable components are there on npmjs.com? I can easily write my own components for simple things, like a Dark Mode switch, as plain old JavaScript classes that directly manipulate the DOM. Why can't I simply add a bunch of these components to my project and use import-maps to load them?

    #npmjs #vanillajs #javascript

  20. i just explained that i don't want to pull in a dependency from #npmjs because george washington taught me to avoid entangling alliances, how's your monday goin

  21. hmm, i know it's early but is npmjs showing 404s for a lot of packages right now? seems so

    every "popular library" on npmjs.com/ is a 404 if clicked

    #npmjs #npm

  22. In the last 6 months, roughly 70% of new #npm packages were #spam. What does this mean for supply chain security?

    At Black Hat USA? Find us in Startup City booth SC203!

    #npmjs #node #javascript #typescript #infosec #opensource

    blog.phylum.io/the-great-npm-g

  23. Advanced threat actors have not let up on their attacks against the software supply chain. We catalog recent attacks from North Korean state actors in our new blog post!

    #npm #javascript #typescript #malware #cybersecurity #npmjs

    blog.phylum.io/new-tactics-fro

  24. #DailyBloggingChallenge (320/365)

    Implementing ICS was quite easy after finding a functional library on #npmjs.

    The difficulty was creating a parsing function that takes the already existing data format and put it into the #ical one. This means the new property duration was introduced using the same schema as provided from the ics library.

  25. We've uncovered new #malware packages published to #npm that appear to be an evolution on a previous supply chain attack carried out by nation state backed actors ☠

    blog.phylum.io/north-korean-st

    #npmjs #javascript #supplychainattack #opensource #infosec #reverseengineering #typescript

  26. It's been ... a while ... since I tried to log into #npmjs.org. So long that now #2fa is required. I don't have an "authenticator" with them and I don't have my "recovery codes". Now I can't login at all. I can't contact them on the support page because I have to "sign in for assistance".

    My email history says I enabled it 2 years ago. But my phone from that time is gone.

    Have I permanently lost the account? Do I have any other recourse? #javascript #security

  27. For reasons I can't yet fathom, #npm has specifically blocked me at a WAF level from accessing yarn.npmjs.org. I've not been doing anything other than normal yarn installs, so this is super confusing, and reaching out to npm support has so far been fruitless - with them asking for an npm debug log :(

    Does anyone know anyone at #npmjs or #GitHub who might be able to help resolve this? :boostRequest:​

  28. I wish we could document maintainers for npm packages without those people having direct publish access (i.e., forcing publishes to go through CI/CD)

    #npm #npmjs

  29. #npm had 2.5 million live packages by the end of 2023, downloaded 184+ billion times per month. 5k #malware and 15k #spam packages were found last year. There's a package named 214x the letter "a". There's one almost 6 GB in size!

    Remember to always use as less #npmjs dependencies as possible, carefully vet what you're using and to run it in a container (also during dev).

    socket.dev/blog/2023-npm-retro

  30. 24: #npmjs (Node Package Manager) - "The world's largest software registry for JavaScript."

  31. What's the deal with all the nolb - No one left behind-packages people publish on NPM and similar libraries at GitHub?

    #NPM #NPMJS #Node #NodeJS #GitHub #NOLB

  32. Guys!
    If you want to make a #crossplatform #app, and you don't know what's framework should I use?
    Just use #Tauri and don't waste your time on #electronjs, #flatten or other stuff.
    Tauri is light and too easy.
    Check out the Tauri site:
    #rust #rustlang #javascript #typescript #npmjs #npm #cargo #programming #program #code #hacker #hack #gui #uidesign #ui #uxdesign #ux
    tauri.app/

  33. Totally unrelated: I wonder how many people using libheif-js through heic-decode and heic-convert on are actually violating 's license, because heic-decode and heic-convert are not LGPL licensed even though libheif-js is, and most people probably use them without digging through the licenses of the dependencies.

  34. @Perl There’s something to be said for putting a small speed bump in front of #developers before they can post #software to a well-indexed central repository: “One In Two New #npm Packages Is #SEO #Spam Right Now” blog.sandworm.dev/one-in-two-n

    How to start with #Perl’s #CPAN via #PAUSE:
    1) Read cpan.org/modules/04pause.html
    2) Visit pause.perl.org

    #JavaScript #Node #NodeJs #NpmJs #Yarn #MetaCPAN