HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ebfe1

no profile record

Submissions

Show HN: Yes, I vibed coded something But not sure what to do with it

trustenvelope.com
2 points·by ebfe1·2 mesi fa·2 comments

Ask HN: Do you use your phone as hotel/free WiFi condom for laptops?

4 points·by ebfe1·8 mesi fa·5 comments

S1ngularity/nx attackers strike again

aikido.dev
1 points·by ebfe1·10 mesi fa·1 comments

comments

ebfe1
·8 mesi fa·discuss
I will look into that, thanks for the recommendation!
ebfe1
·8 mesi fa·discuss
TIL! Thank you!
ebfe1
·10 mesi fa·discuss
Anyone know if there is a public events feed/firehouse for npm ecosystem system? Similar to GitHub public events feed?

We, at ClickHouse, love big data and it would be super cool download and analyse patterns of all these data & provide some tooling to help with combatting this wide spread issue.
ebfe1
·10 mesi fa·discuss
I found there are many links from stepsecuritiy, socket.dev but aikido seems to have the most up to date information about this ongoing npm hack.
ebfe1
·10 mesi fa·discuss
Is it just me who think this could have been prevented if npm admins put in some sort of cool off period to only allow new versions or packages to be downloaded after being published by "x" amount of hours? This way the npm maintainer would get notifications on their email and react immediately? And if it is urgent fix, perhaps there can be a process to allow npm admin to approve and bypass publication cool off period.

Disclaimer: I don't know enough of npm/nodejs community so I might be completely off the mark here
ebfe1
·2 anni fa·discuss
clickhouse has pretty good github_events dataset on playground that folks can use to do some research - some info on the dataset https://ghe.clickhouse.tech/

Example of what this user JiaT75 did so far:

https://play.clickhouse.com/play?user=play#U0VMRUNUICogRlJPT...

pull requests mentioning xz, 5.6 without downgrade, cve being mentioned in the last 60 days:

https://play.clickhouse.com/play?user=play#U0VMRUNUIGNyZWF0Z...