Lightnews — Scholar-powered news

Reposted by Bret Comnes

Socket @socket.dev · 9d

Maintainer compromises used to be rare. Now they’re happening at an alarming rate, as seen in recent attacks. Today we’re giving developers a new layer of defense with Socket Firewall, a free tool that blocks malicious dependencies at install time.

1 2 9

Reposted by Bret Comnes

Feross @feross.bsky.social · 9d

🚨 Open source supply chain attacks are exploding.

Starting today, that ends.

We’re releasing Socket Firewall — FREE, zero-config, CLI that blocks malware before it lands on your laptop or CI.

Just run:

npm i -g sfw
sfw npm install lodash

Works for: npm, yarn, pnpm, pip, uv, and cargo.

7 12 44

Bret Comnes @bret.io · 15d

Anyone know a good leader election library that either uses pg or redis on the backed? Basically, in a horizontally deployed service, I need one instance to do something unique, and something else to take over when it disappears.

Bret Comnes @bret.io · 22d

Fair

Bret Comnes @bret.io · 29d

Or like multisignature publish flow where two accounts need to sign off on it.

1

Bret Comnes @bret.io · Aug 28

Gigantic OOOOOF on this one.

Socket @socket.dev · Aug 27

🚨 Supply chain attack on Nx npm packages (4.6M weekly downloads)

Malware abused AI CLI tools (Claude, Gemini, Q) to steal creds + wallets, then exfiltrated to GitHub repos (s1ngularity-repository*).

More than 1,000 victim accounts confirmed.
🔗 socket.dev/blog/nx-pack... #nodejs

Nx npm Packages Compromised in Supply Chain Attack Leveragin...

Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malwa...

socket.dev

1

Reposted by Bret Comnes

Pelle Wessman @voxpelli.com · Aug 11

Reminder that the major thing that made GitHub succeed over Google Code, Sourceforge etc is to be found in its initial tagline:

“Social coding”

GitHub added a social network on top of the code – highlighting the people rather than just the lines

Any successor to it needs to solve the social layer

1 2 9

Bret Comnes @bret.io · Aug 12

Lost its spark

2

Bret Comnes @bret.io · Aug 12

Actually a good model. Meeting people at the movie store is a core memory.

3

Bret Comnes @bret.io · Aug 12

They were supposed to be the valve software of open source.

Bret Comnes @bret.io · Aug 12

Bad omen

Bret Comnes @bret.io · Aug 7

Didn't know @pfrazee.com was moonlighting at openai

1 12

Reposted by Bret Comnes

🥖 Breadcrum.net @breadcrum.net · Jul 28

You can now view and edit your auth tokens in your account page. More auth token features like a CRUID ui and old token cleanup coming soon. Sorry for the slow pace of development lately, just trying to get core features implemented correctly.