Naugtur 💔🇺🇦
@naugtur
Working on supply chain security for JS. meet.js Poland organizer. Node.js user since v0.8. Addicted to teaching. Fediverse with me @[email protected]
My activity is on bsky and masto now. Keeping this as means to reach some people if necessary.
Zaskoczenie level 0
Massive scandal in Hungary 🇭🇺 Georg Spöttle, Orban's "best pundit" who has been influencing public opinion for years now, turned out to be a foreign agent (ruzzia), and his handler is colonel Oleg Smirnov (GRU) The Orban-regime is not commenting so far!
I think I saw @dzienko 🤔
JSNation 2025 – What an Experience! Buzzing with energy and yet so cozy — the perfect combo! And how lucky were we with that gorgeous sunny weather?🌞 Want more vibes like this? Join us in New York👉jsnation.us/?utm_source=tw… Or stay tuned for the Amsterdam announcement🎉
JSNation 2025 – What an Experience! Buzzing with energy and yet so cozy — the perfect combo! And how lucky were we with that gorgeous sunny weather?🌞 Want more vibes like this? Join us in New York👉jsnation.us/?utm_source=tw… Or stay tuned for the Amsterdam announcement🎉
6/ If you’re doing `npm install` in 2025 without protection, you’re a sitting duck. Socket is an AI-powered proactive defense layer for the software supply chain. We protect your software from everyone else's. Install Socket for free here: socket.dev
🚨 The fall out of the eslint-config-prettier malicious package version has been spreading - `is` package released malware and then within hours got maintainer attention - stylus package getting swapped out of the registry with a security holding package
Largest attack on npm maintainers taking over legitimate packages and pushing malware is ongoing. bsky.app/profile/checkm… x.com/naugtur/status… bsky.app/profile/jordan… Now is the time to use npmjs.com/package/@lavam… if you haven't already. lavamoat.github.io
Wild to see but we knew this would eventually happen
Largest attack on npm maintainers taking over legitimate packages and pushing malware is ongoing. bsky.app/profile/checkm… x.com/naugtur/status… bsky.app/profile/jordan… Now is the time to use npmjs.com/package/@lavam… if you haven't already. lavamoat.github.io
Largest attack on npm maintainers taking over legitimate packages and pushing malware is ongoing. bsky.app/profile/checkm… x.com/naugtur/status… bsky.app/profile/jordan… Now is the time to use npmjs.com/package/@lavam… if you haven't already. lavamoat.github.io
@toptal is that your org? The package is obviously malware and published by a not account. Looks like a leaked token on your end.
It appears Toptal got hit HARD on GitHub: play.clickhouse.com/play?user=play…
This scene gets more true and more ironic every time I see it.
⚡️Russia threatens to arm Iran with nukes — and Trump won’t even lift a finger for Ukraine. He’s not a leader, he’s Putin’s puppet in a cheap suit
lol gotta love when a new model is jailbroken out of the box by my memories 🤗 GPT-4.1 is a fun one
🔥 Don’t miss @naugtur’s workshop, "Defensive Coding," at React Summit & @thejsnation. 👉 June 11, Amsterdam
I'm open to work! 📢 - Front-end, Design, or Product Engineer (TypeScript, React) - Product-led business, strong engineering culture - Fully Remote (EMEA/async) If you know of an opening, please reach out! Details of my work below. 🧵
I'm running a workshop at @thejsnation on June 11. If you're interested in learning how to write code immune to prototype pollution and how to expand the security to your dependencies too, that's a workshop for you! jsnation.com/#workshop-defe…