HackerTrans
TopNewTrendsCommentsPastAskShowJobs

vldszn

no profile record

Submissions

Codex is flagged as malware on macOS

github.com
3 points·by vldszn·2 ay önce·3 comments

Nx Console VS Code extension was the initial access vector in the GitHub breach

twitter.com
6 points·by vldszn·2 ay önce·1 comments

T3 Code: A Minimal Web GUI/Desktop App for Coding Agents

github.com
6 points·by vldszn·4 ay önce·0 comments

Timeline: Anthropic, OpenAI, and U.S. Government

anthropic-timeline.vercel.app
99 points·by vldszn·4 ay önce·36 comments

Ask HN: Is Prettier extension working for you in Cursor?

2 points·by vldszn·5 ay önce·0 comments

Prettier in Cursor has been broken for 3 weeks

forum.cursor.com
2 points·by vldszn·5 ay önce·1 comments

[untitled]

1 points·by vldszn·5 ay önce·0 comments

Ask HN: European alternative to Vercel/Cloudflare for hosting

13 points·by vldszn·6 ay önce·20 comments

comments

vldszn
·15 gün önce·discuss
huge momentum for local and open-source LLMs
vldszn
·21 gün önce·discuss
lowkey amazing!
vldszn
·27 gün önce·discuss
building a free and open-source invoice generator https://easyinvoicepdf.com https://github.com/VladSez/easy-invoice-pdf

- No sign-up required & no ads

- Live PDF preview & instant download

- Flexible tax support (VAT, Sales Tax, etc.)

- Fully customizable invoice templates

- 120+ currencies & multi-language support

- 100% In-Browser
vldszn
·28 gün önce·discuss
I applied for the first time a couple of months ago and again this month, but unfortunately I haven’t heard back from them :(

I’m building EasyInvoicePDF - a free and open-source invoice generator. (900+ GitHub stars, 2k monthly users on average, 10k total invoices downloaded)

https://github.com/VladSez/easy-invoice-pdf
vldszn
·2 ay önce·discuss
why?
vldszn
·2 ay önce·discuss
After the recent Codex update, I started seeing this error message on macOS:

“codex” will damage your computer. You should move it to the Bin.

Is anyone else experiencing this?

UPD: reinstalling both the Codex CLI and desktop app seems to resolve the issue.
vldszn
·2 ay önce·discuss
[dead]
vldszn
·2 ay önce·discuss
“Nx Console VS Code extension was the initial access vector in the GitHub breach”

Source: https://news.ycombinator.com/item?id=48216614
vldszn
·2 ay önce·discuss
Yeah..full circle
vldszn
·2 ay önce·discuss
Per security advisory on GitHub:

Root Cause

One of our developers was compromised by a recent supply-chain compromise on Tanstack, which leaked their GitHub credentials through the GitHub CLI (gh). This allowed the attacker to run workflows on our GitHub repository as a contributor.

More links:

https://github.com/nrwl/nx-console/security/advisories/GHSA-...

https://www.stepsecurity.io/blog/nx-console-vs-code-extensio...
vldszn
·2 ay önce·discuss
UPD: it’s confirmed now by the CEO of Nx https://x.com/jeffbcross/status/2057236396658811020?s=46&t=_...
vldszn
·2 ay önce·discuss
so cool!
vldszn
·2 ay önce·discuss
=)
vldszn
·2 ay önce·discuss
[dead]
vldszn
·2 ay önce·discuss
UPD: disable auto-updates for extensions in VS Code/Cursor!
vldszn
·2 ay önce·discuss
friendly reminder:

- disable auto-updates for extensions in VS Code/Cursor

- use static analysis for GitHub Actions to catch security issues in pre-commit hook and on ci: https://github.com/zizmorcore/zizmor

- set locally: pnpm config set minimum-release-age 4320 # 3 days in minutes https://pnpm.io/supply-chain-security

- for other package managers check: https://gist.github.com/mcollina/b294a6c39ee700d24073c0e5a4e...

- add Socket Free Firewall when installing npm packages on CI to catch malware https://docs.socket.dev/docs/socket-firewall-free#github-act...
vldszn
·2 ay önce·discuss
There are rumours that was NX Console VS code extension

https://github.com/nrwl/nx-console/security/advisories/GHSA-...

https://www.stepsecurity.io/blog/nx-console-vs-code-extensio...
vldszn
·2 ay önce·discuss
fair point
vldszn
·2 ay önce·discuss
Disabling vscode/cursor extensions auto-updates also makes sense
vldszn
·2 ay önce·discuss
Nice