Hacker News
- Risky Biz Podcast: How Shifts in Open Source Made It a Prime Attack Vector https://socket.dev/blog/risky-biz-podcast-how-shifts-in-open-source-made-it-a-prime-attack-vector 0 comments
- SSO https://socket.dev/blog/introducing-sso 0 comments
- German Court Fines Security Researcher for Reporting Company's Vulnerabilities https://socket.dev/blog/ethical-hacking-on-trial-german-court-fines-security-researcher 34 comments
- The Everything NPM Package https://socket.dev/blog/when-everything-becomes-too-much 151 comments
- Is Running Random Code from NPM Safe? https://socket.dev/blog/syntax-podcast-is-running-random-code-from-npm-safe 2 comments
- Chinese devs are storing 1000s of eBooks on GitHub and NPM https://socket.dev/blog/these-china-based-devs-are-using-github-and-npm-to-store-ebooks 12 comments
- Show HN: Socket – Secure your JavaScript supply chain https://socket.dev 42 comments
- How to Use Socket to Find out if You Were Affected by the Backdoored xz Package (including full list of npm, PyPI, and Go packages that bundle or link to xz) https://socket.dev/blog/how-to-use-socket-to-find-out-if-you-were-affected-by-the-backdoored-xz-package 2 comments programming
- Node.js TSC Confirms: No Intention to Remove npm from Distribution https://socket.dev/blog/node-js-tsc-confirms-no-intention-to-remove-npm-from-distribution 10 comments javascript
- Node.js TSC Confirms: No Intention to Remove npm from Distribution https://socket.dev/blog/node-js-tsc-confirms-no-intention-to-remove-npm-from-distribution 20 comments node
- Node.js TSC Confirms: No Intention to Remove npm from Distribution https://socket.dev/blog/node-js-tsc-confirms-no-intention-to-remove-npm-from-distribution 48 comments programming
- JSR: What We Know So Far About Deno’s New JavaScript Package Registry https://socket.dev/blog/jsr-new-javascript-package-registry 2 comments javascript
- Express.js Spam PRs Incident Highlights the Commoditization of Open Source Contributions https://socket.dev/blog/express-js-spam-prs-commoditization-of-open-source 2 comments opensource
- Express.js Spam PRs Incident Highlights the Commoditization of Open Source Contributions https://socket.dev/blog/express-js-spam-prs-commoditization-of-open-source 41 comments javascript
- Express.js Spam PRs Incident Highlights the Commoditization of Open Source https://socket.dev/blog/express-js-spam-prs-commoditization-of-open-source 17 comments webdev
- When "Everything" Becomes Too Much: The npm Package Chaos of 2024 https://socket.dev/blog/when-everything-becomes-too-much 19 comments webdev
- When "Everything" Becomes Too Much: The npm Package Chaos of 2024 https://socket.dev/blog/when-everything-becomes-too-much 225 comments programming
- When "Everything" Becomes Too Much: The npm Package Chaos of 2024 https://socket.dev/blog/when-everything-becomes-too-much 12 comments node
- Node.js Community Debate Intensifies Over Enabling Corepack by Default and https://socket.dev/blog/node-community-debates-enabling-corepack-unbundling-npm 3 comments programming
- Node.js Community Debate Intensifies over Potentially Unbundling NPM https://socket.dev/blog/node-community-debates-enabling-corepack-unbundling-npm 13 comments node
- Node.js Community Debate Intensifies over Potentially Unbundling NPM https://socket.dev/blog/node-community-debates-enabling-corepack-unbundling-npm 46 comments javascript
- Ethical Hacking on Trial: German Court Fines Security Researcher for Reporting a https://socket.dev/blog/ethical-hacking-on-trial-german-court-fines-security-researcher 6 comments programming
- Ethical Hacking on Trial: German Court Fines Security Researcher for Reporting a https://socket.dev/blog/ethical-hacking-on-trial-german-court-fines-security-researcher 8 comments webdev
- Biggest package on npm? 5.96 GB! Longest npm package name? 214 characters! Package with the most maintainers? 554 maintainers! https://socket.dev/blog/2023-npm-retrospective 4 comments node
- When "Everything" Becomes Too Much: The npm Package Chaos of 2024 https://socket.dev/blog/when-everything-becomes-too-much 79 comments programming
- When "Everything" Becomes Too Much: The npm Package Chaos of 2024 https://socket.dev/blog/when-everything-becomes-too-much 5 comments webdev
- Syntax Podcast: "Is Running Random Code From npm Safe?" https://socket.dev/blog/syntax-podcast-is-running-random-code-from-npm-safe 4 comments webdev
- The “Skeleton Squad” is targeting NPM https://socket.dev/blog/skeleton-squad-npm/ 2 comments webdev
- Social engineering campaign targeting tech employees spreading through npm malware https://socket.dev/blog/social-engineering-campaign-npm-malware 12 comments programming
- Social engineering campaign targeting tech employees spreading through npm malware https://socket.dev/blog/social-engineering-campaign-npm-malware 3 comments frontend
- Social engineering campaign targeting tech employees spreading through npm malware https://socket.dev/blog/social-engineering-campaign-npm-malware 2 comments node
- It's highly likely AI will be able to start reviewing smart contracts and blockchain code soon to find flaws https://socket.dev/blog/introducing-socket-ai-chatgpt-powered-threat-analysis 14 comments cryptocurrency
- We scanned every NPM and PyPI package for malware with ChatGPT https://socket.dev/blog/introducing-socket-ai-chatgpt-powered-threat-analysis 24 comments netsec
- Introducing "safe npm" – magical NPM wrapper to protect developers from malware https://socket.dev/blog/introducing-safe-npm 3 comments javascript
- These Chinese devs are storing 1000s of eBooks on GitHub and npm https://socket.dev/blog/these-china-based-devs-are-using-github-and-npm-to-store-ebooks 2 comments frontend
- These Chinese devs are storing 1000s of eBooks on GitHub and npm - Socket https://socket.dev/blog/these-china-based-devs-are-using-github-and-npm-to-store-ebooks 17 comments node
- These Chinese devs are storing 1000s of eBooks on GitHub and npm https://socket.dev/blog/these-china-based-devs-are-using-github-and-npm-to-store-ebooks 20 comments programming
- Announcing Socket for GitHub 1.0 https://socket.dev/blog/socket-for-github-1.0 2 comments programming
- Announcing Socket for GitHub 1.0 https://socket.dev/blog/socket-for-github-1.0 2 comments javascript
- What's Really Going On Inside Your node_modules Folder? https://socket.dev/blog/inside-node-modules 4 comments javascript
- What's Really Going On Inside Your node_modules Folder? - Socket https://socket.dev/blog/inside-node-modules 3 comments programming
Linking pages
- GitHub - webtorrent/webtorrent: ⚡️ Streaming torrent client for the web https://github.com/feross/webtorrent 148 comments
- WebTorrent FAQ https://webtorrent.io/faq 141 comments
- The massive bug at the heart of the npm ecosystem https://blog.vlt.sh/blog/the-massive-hole-in-the-npm-ecosystem 137 comments
- GitHub - standard/standard: 🌟 JavaScript Style Guide, with linter & automatic code fixer https://github.com/feross/standard 113 comments
- GitHub - SocketDev/wormhole-crypto: Streaming encryption for Wormhole.app, based on Encrypted Content-Encoding for HTTP (RFC 8188) https://github.com/SocketDev/wormhole-crypto 68 comments
- Please Stop Sending Me Nested Dependency Security Reports | Goldblog https://www.joshuakgoldberg.com/blog/please-stop-sending-me-nested-dependency-security-reports/ 13 comments
- What's in your package.json? with Tobie Langel (JS Party #210) |> Changelog https://changelog.com/jsparty/210 10 comments
- Better npm search proposal https://astoilkov.com/better-npm-search-proposal 9 comments
- htmx: a new old way to build the web with Carson Gross & Alex Russell (JS Party #307) https://changelog.com/jsparty/307 3 comments
- Securing the open source supply chain with Feross Aboukhadijeh on the launch of Socket (The Changelog #482) |> Changelog https://changelog.com/podcast/482 2 comments
- Node.js Security Best Practices | Node.js https://nodejs.org/en/docs/guides/security/ 2 comments
- Socket lands $20M investment to help companies secure open source software | TechCrunch https://techcrunch.com/2023/08/01/socket-lands-20m-investment-to-help-companies-secure-open-source-software/ 2 comments
- This Week In React #97: React vs Solid, Headless Components, FS-structure, Remotion, Gatsby, React-Native, Expo, Skia, Vitest, Socket, Interop 2022... | Revue https://www.getrevue.co/profile/thisweekinreact/issues/this-week-in-react-97-react-vs-solid-headless-components-fs-structure-remotion-gatsby-react-native-expo-skia-vitest-socket-interop-2022-1065004 1 comment
- Kaizen! Should we build a CDN? with Gerhard Lazu (Changelog & Friends #26) |> Changelog https://changelog.com/friends/26 1 comment
- Amazon's silent sacking with Justin Garrison (Changelog Interviews #573) https://changelog.com/podcast/573 1 comment
- Frontend security primer https://frontendmastery.com/posts/frontend-security-primer/ 0 comments
- Post-Advisory Exposure | Open Source Insights https://blog.deps.dev/post-advisory-exposure/ 0 comments
- Socket nabs $4.6M to audit/catch malicious open source code https://techcrunch.com/2022/05/11/socket-audit-open-source-code/ 0 comments
- How did they become GitHub Stars - Learn from their journey ⭐ https://vinitshahdeo.dev/how-did-they-become-github-stars-discover-their-journey-in-their-own-words 0 comments
- Google launches ‘open-source maintenance crew’ | VentureBeat https://venturebeat.com/2022/05/12/google-open-source-maintenance-crew/ 0 comments