サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
デスク環境を整える
socket.dev
Security News pnpm 9.5 Introduces Catalogs: Shareable Dependency Version Specifiers pnpm 9.5 introduces a Catalogs feature, enabling shareable dependency version specifiers, reducing merge conflicts and improving support for monorepos. pnpm is eight years into its unique approach to package management, and continues to gain traction, especially among those who need efficiency and support for monor
Security News Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China. More than 110K websites using the Polyfill.io service have been impacted by a supply chain attack after a Chinese company bought the service earlier this year. The C
Express.js Spam PRs Incident Highlights the Commoditization of Open Source ContributionsA mountain of spam PRs landed in the Express.js project repo after a popular YouTube tutorial used it as an example for contributing to open source. This put a spotlight on the mandate for job seekers to find a way to contribute to OSS. A tidal wave of spam pull requests recently hit the popular Express.js open
Node.js Community Debate Intensifies Over Enabling Corepack by Default and Potentially Unbundling npmThe Node community is wrestling with the decision to enable Corepack by default, which has sparked a debate about the potential of removing npm from the Node.js binary. A heated debate is happening in the Node.js community over a proposal to enable Corepack by default that was opened in November 20
When "Everything" Becomes Too Much: The npm Package Chaos of 2024An NPM user named PatrickJS launched a troll campaign with a package called "everything," which depends on all public npm packages. Happy 2024, folks! Just when we thought we'd seen it all, an npm user named PatrickJS, aka gdi2290, threw us a curveball. He (along with a group of contributors) kicked off the year with a bang, launchin
Concatenated JSONJSON does not natively provide a means of streaming multiple root values without waiting for a complete end of a root value; however, JSON values do not overlap in grammar (except in the case of numbers) and as such can be concatenated without ambiguity if treating the end of a value as the end of an entry in the stream generally. So, for these cases many JSON parsers do allow for
Introducing "safe npm", a Socket npm WrapperSocket is proud to introduce an exciting new tool—“safe npm”—that protects developers whenever they use npm install. Socket is proud to introduce an exciting new tool—“safe npm”—that protects developers whenever they use npm install. Socket’s “safe npm” CLI tool transparently wraps the npm command and protects developers from malware, typosquats, install
Secure your dependencies. Ship with confidence.Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.
このページを最初にブックマークしてみませんか?
『Socket - Secure your dependencies. Ship with confidence.』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く