Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
helvede.net is one of the many independent Mastodon servers you can use to participate in the fediverse.
Velkommen til Helvede, fediversets hotteste instance! Vi er en queerfeministisk server, der shitposter i den 9. cirkel. Welcome to Hell, We’re a DK-based queerfeminist server. Read our server rules!

Administered by:

Server stats:

159
active users

helvede.net: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#npm

1 post1 participant0 posts today
Public *
skry

“slopsquatting, a new term for a surprisingly effective type of software supply chain attack that emerges when LLMs “hallucinate” package names that don’t actually exist. If you’ve ever seen an AI recommend a package and thought, “Wait, is that real?”—you’ve already encountered the foundation of the problem.

And now attackers are catching on.”

The Rise of Slopsquatting: How #AI Hallucinations Are Fueling... socket.dev/blog/slopsquatting- #npm #dev #infosec

Edit: more info: bleepingcomputer.com/news/secu

SocketThe Rise of Slopsquatting: How AI Hallucinations Are Fueling...Slopsquatting is a new supply chain threat where AI-assisted code generators recommend hallucinated packages that attackers register and weaponize.
Public
It's Richie

Package Manager for Markdown

I'm working on a project that is intended to encourage folk to make markdown text files which can be bundled together in different bundles of text files using a package manager.

Question for coders; Which package manager would you suggest I use?

Main criterias (in order) are:

1. Easy for someone with basic command line skills to edit the file and update version numbers and add additional packages.

2. All being equal, more commonly and easy to setup is preferred.

#Markdown #CommonMark #PackageManager #Programming #Dev
#NPM #RubyGems #Cargo #PickingAMastodonInstance
#Ruby #Python #Rust #Javascript #NodeJs #Lisp #CommonGuide

Replied in thread
Public
Andrija Petrovic

@henry Having (almost fully) switched to #NodeJS in 2012, I quickly recognized the danger of relying to _anything_ (#npm included, this one gave me a lot of pain for several times over the years).
Ended up with a monstrous monorepo. Forked (and improved) just 2 other people's repos, one abandoned and one that took months to finally get it right regarding garbage collection, but I had no time to wait.
Thereby I never got to a situation to hate a programming language because of the hype around it, but it surely got me coding a ton of #javascript.
The experience helped me a lot in JS5=>ECMAScript and ECMAScript=>TypeScript switching in the last year or so.

Replied to Aral Balkan
Public
Thor A. Hopland

Out of pure curiosity, and because I'm on that #webdev #framework discovery tip. Heck, this project even made me download an IDE for Android lol

Just to read `install.bin` - which is an sh script.

Excuse me, but why are you bundling #nodejs and #npm? Is it to facilitate a setup process for containers, or is it merely to make the process easy?

I'm a bit sceptical to that sort of thing, especially when fetching from a vendors domain directly.

Any plans to build packages via CI?

@aral @andre

Public
Avoid the Hack! :donor:

Week 11 of the #Privacy Roundup is out. Featuring:

- Data broker bragging about having personal information of billions of people
- How the ESP32 #Bluetooth backdoor isn't a backdoor
- North Korean government APTs spreading #malware on #Google play, #npm
- An ICE OSINT Tool that can monitor 200+ websites of a target
- #Apple patching an exploited zero-day in WebKit
- #Microsoft Patch Tuesday, 6 exploited zero-days

... and more, of course.

#privacymatters #cybersecurity #cve

avoidthehack.com/privacy-week1

Avoid the Hack (avoidthehack!)Privacy Roundup: Week 11 of Year 2025Week 11 of the Privacy Roundup. Features data brokers bragging about collecting personal information, Apple patching an exploited zero-day in WebKit, AI and price discrimination, and an ICE OSINT tool that can monitor 200+ websites.
Public
Benjamin Carr, Ph.D. 👨🏻‍💻🧬

#NorthKorea's #Lazarus hackers infect hundreds via #npm packages
Six malicious packages have been identified on npm.The packages, which have been downloaded 330 times, are designed to steal account credentials, deploy backdoors on compromised systems, and extract sensitive cryptocurrency information.
Threat group is known for pushing malicious packages into software registries like npm which is used by millions of JavaScript developers, and compromising systems passively.
bleepingcomputer.com/news/secu

BleepingComputer · North Korean Lazarus hackers infect hundreds via npm packagesBy Bill Toulas
Public
Aral Balkan

Just released Node Pebble version 5.1.1

• Updated to Pebble version 2.7.0.

• Now also supports macOS and arm64 (because Pebble itself does).

codeberg.org/small-tech/node-p

Node Pebble is a Node.js wrapper for Let’s Encrypt’s¹ Pebble² that:

• Downloads the correct Pebble binary for your platform.

• Launches and manages a single Pebble process.

• Returns a reference to the same process on future calls (safe to include in multiple unit tests where order of tests is undetermined)

• Automatically patches Node.js’s TLS module to accept Pebble server’s test certificate as well as its dynamically-generated root and intermediary CA certificates.

¹ letsencrypt.org

² “A miniature version of Boulder, Pebble is a small RFC 8555 ACME test server not suited for a production certificate authority.” github.com/letsencrypt/pebble

Codeberg.orgnode-pebbleA Node.js wrapper for Let’s Encrypt’s Pebble (a small RFC 8555 ACME test server not suited for a production certificate authority)
#LetsEncrypt#TLS#SSL
ExploreLive feeds
About