Never understood those. I can ask ai to help me or even do all the changes but I still have to make sure the changes make sense and I’ll never let it make pr for me

Attackers Are Impersonating a Linux Foundation Leader in Sla... OpenSSF has issued a high-severity advisory warning open source developers of an active Slack-based campaign using impersonation to deliver malware.

Attackers are impersonating a @linuxfoundation.org leader in Slack to target #opensource developers with a multi-stage attack that ends in malware delivery. @openssf.org issued a high-severity advisory.

More details and screenshots of the lure: socket.dev/blog/attacke... #infosec

dist - cytoscape@3.33.2 - npmx Browse source code for cytoscape@3.33.2

npmx.dev/package-code...

Oh and .production, .development versions

Actually I’ve seen almost like that

Node + cjs + esm + umd, amd (or whatever they did back then), bun, deno, browsers, also minified version for each (x2) and types.

I've seen talk of AI removing the need for frameworks. As an author using AI to assist writing, it feels we aren't there. Trying to debug/fix framework code without introducing regressions is non-trivial. To think app code isn't going to be missing edge cases is fanciful.

There we go! Great to see npm releasing new features. Who is on the other side working on it? Let's talk!

North Korea’s Contagious Interview Campaign Spreads Across 5... Malicious packages published to npm, PyPI, Go Modules, crates.io, and Packagist impersonate developer tooling to fetch staged malware, steal credentia...

🚨 North Korea’s Contagious Interview campaign is now spreading across 5 ecosystems.

We found coordinated malicious packages on npm, PyPI, Go Modules, Crates, and Packagist delivering staged RAT payloads that steal credentials, wallets & browser data.

socket.dev/blog/contagi...

Release 0.2.16 · SuperchupuDev/tinyglobby Fixed Upgraded picomatch to 4.0.4, mitigating any potential exposure to CVE-2026-33671 and CVE-2026-33672 Changed Overhauled and optimized most internals by @Torathion Ignore patterns are no lon...

tinyglobby 0.2.16 is out!!

this is a small release that contains some good optimizations and refactors :) it also updates picomatch to make sure people don't get affected by the recent picomatch cve!

github.com/SuperchupuDe...

AI is useful

It's always politics 😔

a screenshot of npmx showing "You might not need this dependency", and "This package can be replaced with util.styleText available since Node 20.12.0".

coming soon 🎉 module replacements v3 has been a chunky piece of work inside @e18e.dev . it updates our data set to define individual replacements and their min engine versions.

this means we can show much richer messaging like this example in npmx

>upstream service provider shits itself and dies
>half this site: "HAHAHAHAHAHA SEE IT'S BECAUSE YOU FUCKERS ARE *VIBE CODING*"

I wish these people would just leave. They contribute less than nothing to the site at large at this point.

napi-rs/wasm-runtime increased size by 1MB in a patch (1.1.2) 👀

he is

Good morning 🌞

👀🫥

I’m so lucky to have time

On the other hand, building for the web has never been healthier. This is what the downloads look like for every popular web library. We're in a golden age of indie web dev.

this is good and you should read it

I wish I could be there

In a couple of years maybe

Tkt Smart GIF Alt: Tkt Smart GIF

Can't leak source maps if you're already open source

Honestly, this isn't just an open source maintainer or crypto exec problem.

This is a social engineering attack that can be used against literally anyone, from journalists to organizers of any stripe.

It's worth reading up on the details of what happened here if you use a computer and video calls

1M downloads, crazy! Was really a good idea to collab on this with @43081j.com for @e18e.dev

Awesome work by Florian here. Always happy to be able to collab with such great people too 🙏

a photo of me stroking a black and white cat and smiling at the camera

nice to hang out with @patak.cat

DDoS'ing the human brain AI made us mass produce code at a scale we never could before. More code, more problems, same brain. Somehow I'm more productive and more exhausted at the same time.

Some thoughts about AI-assisted coding and how it affects my brain. I'm more productive and more exhausted at the same time.

marvinh.dev/blog/ddosing...

✂️ Knip v6.3.0 is out

Just here to say we're still in great shape 🤸

Releases: github.com/webpro-nl/kn...
Knip: knip.dev

Companies are gambling at this point. If you can, please speak up inside your company so they up their open source strategy and commit (more) funds to make our shared commons sustainable. We're going to lose it all. Funding dynamics in OSS need to change. Fast.