Denys
@denys.dev
Software architect, writer, founder. Angular, React, Rust. Linguistics and Lexicography. 20+ years of FE/BE engineering experience. London, UK
Reposted by Denys
We've updated our XSS cheat sheet to include 9 new vectors from @garethheyes.co.uk! Here are the top three, you can find the rest here: portswigger.net/web-security...
November 10, 2025 at 2:49 PM
We've updated our XSS cheat sheet to include 9 new vectors from @garethheyes.co.uk! Here are the top three, you can find the rest here: portswigger.net/web-security...
Reposted by Denys
Repeat after me: Do not fill in and sync your government ID data to your Google account
blog.google/products/chr...
blog.google/products/chr...
Chrome now helps you fill in passport, driver’s license, vehicle information and more.
Chrome already saves you time every day by securely filling in your addresses, passwords and payment information. Today, we’re making it even more helpful. For desktop u…
blog.google
November 6, 2025 at 1:10 AM
Repeat after me: Do not fill in and sync your government ID data to your Google account
blog.google/products/chr...
blog.google/products/chr...
Reposted by Denys
Tips and tricks to work around the "unexpected" results of Apple's Liquid Glass design language.
I've no words...
medienbaecker.com/articles/the...
I've no words...
medienbaecker.com/articles/the...
November 4, 2025 at 6:09 PM
Tips and tricks to work around the "unexpected" results of Apple's Liquid Glass design language.
I've no words...
medienbaecker.com/articles/the...
I've no words...
medienbaecker.com/articles/the...
Reposted by Denys
November 3, 2025 at 5:56 PM
Reposted by Denys
Migrating to new Node.js versions via codemods
@nodejs.org @jakob.jingleheimer.dev @augustin-mauroy.bsky.social
nodejs.org/en/learn/get...
#ECMAScript #JavaScript
@nodejs.org @jakob.jingleheimer.dev @augustin-mauroy.bsky.social
nodejs.org/en/learn/get...
#ECMAScript #JavaScript
Node.js — Userland Migrations
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
nodejs.org
November 3, 2025 at 12:41 AM
Migrating to new Node.js versions via codemods
@nodejs.org @jakob.jingleheimer.dev @augustin-mauroy.bsky.social
nodejs.org/en/learn/get...
#ECMAScript #JavaScript
@nodejs.org @jakob.jingleheimer.dev @augustin-mauroy.bsky.social
nodejs.org/en/learn/get...
#ECMAScript #JavaScript
Reposted by Denys
Ever seen `__proto__` in JavaScript and thought nothing of it? 💥
You might be opening the door to prototype pollution - a sneaky vulnerability that lets attackers modify built-in objects like `Object.prototype`.
Learn how it works 👇
developer.mozilla.org/en-US/docs/...
You might be opening the door to prototype pollution - a sneaky vulnerability that lets attackers modify built-in objects like `Object.prototype`.
Learn how it works 👇
developer.mozilla.org/en-US/docs/...
JavaScript prototype pollution - Security | MDN
Prototype pollution is a vulnerability where an attacker can add or modify properties on an object's prototype. This means malicious values can unexpectedly appear on objects in your application, often leading to logic errors or additional attacks like cross-site scripting (XSS).
developer.mozilla.org
November 3, 2025 at 11:56 AM
Ever seen `__proto__` in JavaScript and thought nothing of it? 💥
You might be opening the door to prototype pollution - a sneaky vulnerability that lets attackers modify built-in objects like `Object.prototype`.
Learn how it works 👇
developer.mozilla.org/en-US/docs/...
You might be opening the door to prototype pollution - a sneaky vulnerability that lets attackers modify built-in objects like `Object.prototype`.
Learn how it works 👇
developer.mozilla.org/en-US/docs/...
The new @proton.me Mail app for the iOS is really good. Many thanks to the team!
October 29, 2025 at 1:31 PM
The new @proton.me Mail app for the iOS is really good. Many thanks to the team!
Stunning and massive @bun.sh 1.3.0 release! The release notes take some time to go through
bun.com/blog/release...
bun.com/blog/release...
Bun 1.3
Bun 1.3 introduces zero-config frontend development, unified SQL API, built-in Redis client, security enhancements, package catalogs, async stack traces, VS Code test integration, and Node.js compatib...
bun.com
October 16, 2025 at 2:09 PM
Stunning and massive @bun.sh 1.3.0 release! The release notes take some time to go through
bun.com/blog/release...
bun.com/blog/release...
OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
github.com/evilsocket/o...
#oss
github.com/evilsocket/o...
#oss
GitHub - evilsocket/opensnitch: OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch. - evilsocket/opensnitch
github.com
October 11, 2025 at 4:37 PM
OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
github.com/evilsocket/o...
#oss
github.com/evilsocket/o...
#oss
Reposted by Denys
we now have an @e18e.dev github action which can diff your dependencies in PRs
things like:
- change in trust level (loss of trusted publisher)
- adding >threshold dependencies
- adding >threshold install size
- bundle size difference (vs main)
- duplicate deps
early days so please give feedback!
things like:
- change in trust level (loss of trusted publisher)
- adding >threshold dependencies
- adding >threshold install size
- bundle size difference (vs main)
- duplicate deps
early days so please give feedback!
GitHub - e18e/action-dependency-diff: A GitHub action to report dependency changes and potential problems
A GitHub action to report dependency changes and potential problems - e18e/action-dependency-diff
github.com
September 26, 2025 at 3:19 PM
we now have an @e18e.dev github action which can diff your dependencies in PRs
things like:
- change in trust level (loss of trusted publisher)
- adding >threshold dependencies
- adding >threshold install size
- bundle size difference (vs main)
- duplicate deps
early days so please give feedback!
things like:
- change in trust level (loss of trusted publisher)
- adding >threshold dependencies
- adding >threshold install size
- bundle size difference (vs main)
- duplicate deps
early days so please give feedback!
Reposted by Denys
Koi Security claims to have spotted the world's first malicious MCP server that secretly copies and stealers all emails passing through a Postmark server
www.koi.security/blog/postmar...
www.koi.security/blog/postmar...
First Malicious MCP in the Wild: The Postmark Backdoor That's Stealing Your Emails | Koi Blog
www.koi.security
September 25, 2025 at 4:25 PM
Koi Security claims to have spotted the world's first malicious MCP server that secretly copies and stealers all emails passing through a Postmark server
www.koi.security/blog/postmar...
www.koi.security/blog/postmar...
Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship
openssf.org/blog/2025/09...
openssf.org/blog/2025/09...
Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship – Open Source Security Foundation
openssf.org
September 25, 2025 at 1:47 PM
Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship
openssf.org/blog/2025/09...
openssf.org/blog/2025/09...
What happens if you don’t own your data:
Slack is extorting us with a $195k/yr bill increase
skyfall.dev/posts/slack
Slack is extorting us with a $195k/yr bill increase
skyfall.dev/posts/slack
Slack is extorting us with a $195k/yr bill increase
An open letter, or something
skyfall.dev
September 22, 2025 at 1:44 AM
What happens if you don’t own your data:
Slack is extorting us with a $195k/yr bill increase
skyfall.dev/posts/slack
Slack is extorting us with a $195k/yr bill increase
skyfall.dev/posts/slack
Every time they tell me #AI hallucinates and invents facts, I look around in NYC… people still pay the palm readers to do the inference…
September 21, 2025 at 1:28 PM
Every time they tell me #AI hallucinates and invents facts, I look around in NYC… people still pay the palm readers to do the inference…
Reposted by Denys
Those on an H1B cannot return to the US from tomorrow (Sunday) unless paying $100K. This is an out-of-the blue presidential action. We’ll see software engineers stranded abroad.
One easy to predict outcome: those on US visas will travel less… for work, for conferences etc.
One easy to predict outcome: those on US visas will travel less… for work, for conferences etc.
September 20, 2025 at 6:16 AM
Those on an H1B cannot return to the US from tomorrow (Sunday) unless paying $100K. This is an out-of-the blue presidential action. We’ll see software engineers stranded abroad.
One easy to predict outcome: those on US visas will travel less… for work, for conferences etc.
One easy to predict outcome: those on US visas will travel less… for work, for conferences etc.
New Hammerhead AI toolkit release - 0.4.0
Bug fixes, experimenting with the "@xenova/transformers" and lightweight "Xenova/distilbart-cnn-6-6" model for chat title summarization.
github.com/Kesertki/ham...
Bug fixes, experimenting with the "@xenova/transformers" and lightweight "Xenova/distilbart-cnn-6-6" model for chat title summarization.
github.com/Kesertki/ham...
Release 0.4.0 · Kesertki/hammerhead
[0.4.0] - 2025-09-19
🚀 Features
Integrate AI summarization for chat title generation (#66)
🐛 Bug Fixes
Update button styles for dark theme
Update button styles for improved accessibility and dar...
github.com
September 19, 2025 at 7:28 PM
New Hammerhead AI toolkit release - 0.4.0
Bug fixes, experimenting with the "@xenova/transformers" and lightweight "Xenova/distilbart-cnn-6-6" model for chat title summarization.
github.com/Kesertki/ham...
Bug fixes, experimenting with the "@xenova/transformers" and lightweight "Xenova/distilbart-cnn-6-6" model for chat title summarization.
github.com/Kesertki/ham...
Reposted by Denys
On October 15th 2025, Cloudflare is enabling Web Analytics for all free domains by default—helping you see how your site performs around the world in real time, without ever collecting personal data. https://cfl.re/3IuBjuT
The RUM Diaries: enabling Web Analytics by default
We’re excited to announce the start of a major upgrade to Cloudflare’s performance analytics suite: Web Analytics as part of our real user monitoring (RUM) tools will soon be combined with network-lev...
cfl.re
September 17, 2025 at 7:23 PM
On October 15th 2025, Cloudflare is enabling Web Analytics for all free domains by default—helping you see how your site performs around the world in real time, without ever collecting personal data. https://cfl.re/3IuBjuT
Reposted by Denys
Today we’re publishing research on 80 confirmed fraudulent candidates who applied for Socket engineering roles in the past 2 months. They’re part of a coordinated campaign, including suspected North Korean operators, aiming to infiltrate hiring pipelines.
socket.dev/blog/fraudul...
socket.dev/blog/fraudul...
September 17, 2025 at 5:23 PM
Today we’re publishing research on 80 confirmed fraudulent candidates who applied for Socket engineering roles in the past 2 months. They’re part of a coordinated campaign, including suspected North Korean operators, aiming to infiltrate hiring pipelines.
socket.dev/blog/fraudul...
socket.dev/blog/fraudul...
Reposted by Denys
I've published my perspective of the @ctrl/tinycolor NPM supply chain attack. This whole thing got me to finally make a blog.
sigh.dev/posts/ctrl-t...
sigh.dev/posts/ctrl-t...
@ctrl/tinycolor Supply Chain Attack Post-mortem
Lessons learned from becoming the unexpected face of a npm supply-chain attack.
sigh.dev
September 17, 2025 at 4:06 PM
I've published my perspective of the @ctrl/tinycolor NPM supply chain attack. This whole thing got me to finally make a blog.
sigh.dev/posts/ctrl-t...
sigh.dev/posts/ctrl-t...
Reposted by Denys
✍️ "Hard truths about AI-assisted coding" tips & tricks in my latest article: bit.ly/ai-assisted
While AI-Assisted coding can get you 70% of the way there (great for prototypes or MVPs), the final 30% requires significant human intervention for quality and maintainability.
While AI-Assisted coding can get you 70% of the way there (great for prototypes or MVPs), the final 30% requires significant human intervention for quality and maintainability.
December 5, 2024 at 12:07 AM
✍️ "Hard truths about AI-assisted coding" tips & tricks in my latest article: bit.ly/ai-assisted
While AI-Assisted coding can get you 70% of the way there (great for prototypes or MVPs), the final 30% requires significant human intervention for quality and maintainability.
While AI-Assisted coding can get you 70% of the way there (great for prototypes or MVPs), the final 30% requires significant human intervention for quality and maintainability.
