Worse, this appears to have worm-like behavior, using credentials stolen in Shai-Hulud repositories to then also compromise additional packages.

Security Advisory | NPM Packages Using Secret Scanning Tools to Steal Credentials A new npm compromise is installing and using secret scanning tools to exfiltrate tokens and keys.

Additional new npm packages were compromised today, this time using secret scanning tools themselves in a post install script to gather and exfiltrate credentials.

Additional details covered in the Semgrep Security Research blog post: semgrep.dev/blog/2025/se...

🎉 Last chance to join Semgrep for our AppSec party at Meow Wolf’s Omega Mart! Skip the lines and tourists and enjoy private access to this mind-bending immersive installation 🌀✨

Event is free to attend and open for your colleagues to join you!

🔗 Save your spot here → semgrep.dev/events/omega...

Product Engineers Should Ship Fast AND Secure Vibe Generated Code It’s one thing to be embarrassed by the first version of your product capabilities and quite another...

Been thinking about the challenges of the Product Engineering role quite a bit, move fast and hack into things:

dev.to/semgrep/prod...

Resource Aggregation March 2025 Update · DevRel-Foundation wg-resource-aggregation · Discussion #49 Greetings Resource Aggregation Working Group! Please take a moment to read because we'd like to keep you informed on our activities and progress. There are also a few small ideas for how you can ge...

Developer Relations Foundation | March Working Group Update
github.com/DevRel-Found...

The next working group call is Thu March 6.
Will be an open discussion on Persona Library requirements and use cases.

I'm investigating whether to put some effort into flushing out personas and wanted to evaluate what works well and what isn't worth the effort. My own experience has had mixed results. If you worked someplace that had very helpful personas and willing to share your insight, would love to chat.

i was looking to see if using AI (Firefly) would save me time for a simple task but prompt engineering is an art in itself

Local Print Spotlight: Blue Sky Kitchen & Bar YouTube video by Staples Stores

I'll have to drop in at Blue Sky next time I'm in the area.

youtu.be/6D_XJd0oeh0?...

What’s the Greatest TV Show of All Time? On the penultimate episode of Still Watching, hosts Hillary Busis, Richard Lawson, and Chris Murphy hand out awards designating which programs deserve to be named the best drama, comedy, and reality s...

From the Still Watching podcast: “The nominees for greatest comedy series of all time were Arrested Development, 30 Rock, and Enlightened.”

This surprised me because I’ve never watched or heard of Enlightened. I’ll give it a try.

www.vanityfair.com/hollywood/st...

First job out of college was QC at a company called Texterity. I proofread ebooks - Palm, Rocketbook, pre-Kindle era. If there were formatting issues I had to fix them. I grew bored of that so learned Perl & regex to automate the process. No more QC needed, so I was moved into engineering instead.

I agreed to do a guest talk next week for a class at Carnegie Mellon. I've been a speaker at re:invent, gluecon, pycon, developerweek, embedded linux conference, o'reilly software architecture, etc. but prep for this one feels much different.

What I've been watching lately...

comedy: The Franchise, S1

comedy-drama: Loudermilk, S1

animated: Arcane, S1

movies: The Creator, Borderlands, and Nyad

(Not sure anybody wants to know any of this, just experimenting)

Books I've been reading recently...

technical: Jobs to Be Done by Stephen Wunker, Jessica Wattman, David Farber

non-fiction: This is How They Tell Me the World Ends by Nicole Perlroth

fiction: The Idiot by Fyodor Dostoyevsky

Previous Bio...
Jayson leads the Developer Relations team for Dolby. He is inspired by the blend of creativity with technology it takes to make great media & entertainment. He devotes himself to improving the everyday developer experiences so that devs can focus on the fun parts of writing code.