Shiraz
@shiraz.sh
I really like the feed here, something not trynna predict you
November 19, 2025 at 6:01 PM
I really like the feed here, something not trynna predict you
Reposted by Shiraz
i like how the npm ecosystem works in general (packages are good) but if you deal with it regularly you should probably code in a vm or a clean operating system with no sensitive tokens
There has been another serious npm supply-chain attack. Astro is NOT AFFECTED as it does not depend on any of the packages, either directly or indirectly. You should still check your package lock files to ensure you do not have them installed.
socket.dev/blog/tinycol...
socket.dev/blog/tinycol...
Popular Tinycolor npm Package Compromised in Supply Chain At...
Malicious update to @ctrl/tinycolor on npm is part of a supply-chain attack hitting 40+ packages across maintainers
socket.dev
September 16, 2025 at 10:04 AM
i like how the npm ecosystem works in general (packages are good) but if you deal with it regularly you should probably code in a vm or a clean operating system with no sensitive tokens
Google does read your html comments
September 9, 2025 at 8:18 AM
Google does read your html comments
Reposted by Shiraz
