HackerLangs
トップ新着トレンドコメント過去質問紹介求人

ebfe1

no profile record

投稿

Show HN: Yes, I vibed coded something But not sure what to do with it

trustenvelope.com
2 ポイント·投稿者 ebfe1·2 か月前·2 コメント

Ask HN: Do you use your phone as hotel/free WiFi condom for laptops?

4 ポイント·投稿者 ebfe1·8 か月前·5 コメント

S1ngularity/nx attackers strike again

aikido.dev
1 ポイント·投稿者 ebfe1·10 か月前·1 コメント

コメント

ebfe1
·8 か月前·議論
I will look into that, thanks for the recommendation!
ebfe1
·8 か月前·議論
TIL! Thank you!
ebfe1
·10 か月前·議論
Anyone know if there is a public events feed/firehouse for npm ecosystem system? Similar to GitHub public events feed?

We, at ClickHouse, love big data and it would be super cool download and analyse patterns of all these data & provide some tooling to help with combatting this wide spread issue.
ebfe1
·10 か月前·議論
I found there are many links from stepsecuritiy, socket.dev but aikido seems to have the most up to date information about this ongoing npm hack.
ebfe1
·10 か月前·議論
Is it just me who think this could have been prevented if npm admins put in some sort of cool off period to only allow new versions or packages to be downloaded after being published by "x" amount of hours? This way the npm maintainer would get notifications on their email and react immediately? And if it is urgent fix, perhaps there can be a process to allow npm admin to approve and bypass publication cool off period.

Disclaimer: I don't know enough of npm/nodejs community so I might be completely off the mark here
ebfe1
·2 年前·議論
clickhouse has pretty good github_events dataset on playground that folks can use to do some research - some info on the dataset https://ghe.clickhouse.tech/

Example of what this user JiaT75 did so far:

https://play.clickhouse.com/play?user=play#U0VMRUNUICogRlJPT...

pull requests mentioning xz, 5.6 without downgrade, cve being mentioned in the last 60 days:

https://play.clickhouse.com/play?user=play#U0VMRUNUIGNyZWF0Z...