Subrata Halder

🚨 Security Alert: axios versions 1.14.1 and 0.30.4 were compromised on npm with a remote access trojan hidden in a postinstall script. Both versions have since been removed. This was not a Laravel vulnerability — but we're taking proactive steps to protect our community from this supply chain attack. If you installed or updated axios in the last 24 hours, scan your machine. What we did: • Pinned axios to safe versions in laravel/laravel • laravel/installer now runs package installs with --ignore-scripts by default • Blocked the attacker's domain across Laravel Cloud More info: https://t.co/GhcKIAIEXE

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest [email protected] now pulls in [email protected], a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.

⚡ WARNING - Axios npm (83M weekly downloads) was compromised, turning installs into a malware delivery path. Versions 1.14.1 and 0.30.4 pulled a fake dependency that dropped a cross-platform RAT, then erased evidence. Published using stolen maintainer credentials. 🔗 What happened and how the attack worked → https://t.co/6BquPCKtID

We will be releasing Laravel 12 on Monday. This is primarily a maintenance focused release that updates upstream dependencies and has minimal breaking changes or major few features. Because of that, the vast majority of applications will be able to upgrade with no changes to your application's code. 🚀 As more and more applications are built with Laravel, we're focusing on shipping new features continually throughout the year without breaking changes, with our yearly releases being utilized to update dependencies or address new PHP version compatibility. The main focus next week will be: - Laravel Cloud - New Laravel Starter Kits - New Laravel Website - Laravel VS Code Extension's Stable Release It's going to be an amazing week for Laravel and PHP. 🤘

Docker vs. Kubernetes. What should we use? 𝗪𝗵𝗮𝘁 𝗶𝘀 𝗗𝗼𝗰𝗸𝗲𝗿? Docker is an open-source platform that simplifies building, distributing, and running applications using containers. It allows you to create lightweight, portable, self-contained containers from any application, bundled with all its dependencies. 𝗪𝗵𝗮𝘁 𝗶𝘀 𝗞𝘂𝗯𝗲𝗿𝗻𝗲𝘁𝗲𝘀? Kubernetes, also known as K8s, is an open-source system for automating deployment, scaling, and management of containerized applications. It groups the containers that comprise an application into logical units for easy management and discovery across a cluster of machines. Kubernetes uses container runtimes like containerd and CRI-O to run containers, instead of Docker Engine. 𝗛𝗼𝘄 𝗱𝗼 𝘁𝗵𝗲𝘆 𝗱𝗶𝗳𝗳𝗲𝗿? Docker focuses on automating individual container creation and deployment on a single host. While it can manage collections of containers with Docker Swarm, it is more limited compared to Kubernetes in terms of scalability and features. Kubernetes takes container orchestration further by managing clusters of hosts running Linux containers. It handles scheduling, load balancing, and provides a robust platform for automating deployment, scaling, and ensuring the desired state of applications. Bottomline: Docker excels at managing containers on a single system, while Kubernetes is designed for managing and scaling multi-container applications across clusters. – Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://t.co/kNfv0DVDdf

CI/CD Pipeline Explained to Kids Section 1 - SDLC with CI/CD The software development life cycle (SDLC) consists of several key stages: development, testing, deployment, and maintenance. CI/CD automates and integrates these stages to enable faster, more reliable releases. When code is pushed to a git repository, it triggers an automated build and test process. End-to-end (e2e) test cases are run to validate the code. If tests pass, the code can be automatically deployed to staging/production. If issues are found, the code is sent back to development for bug fixing. This automation provides fast feedback to developers and reduces risk of bugs in production. Section 2 - Difference between CI and CD Continuous Integration (CI) automates the build, test, and merge process. It runs tests whenever code is committed to detect integration issues early. This encourages frequent code commits and rapid feedback. Continuous Delivery (CD) automates release processes like infrastructure changes and deployment. It ensures software can be released reliably at any time through automated workflows. CD may also automate the manual testing and approval steps required before production deployment. Section 3 - CI/CD Pipeline A typical CI/CD pipeline has several connected stages: - Developer commits code changes to source control - CI server detects changes and triggers build - Code is compiled, tested (unit, integration tests) - Test results reported to developer - On success, artifacts are deployed to staging environments - Further testing may be done on staging before release - CD system deploys approved changes to production – Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://t.co/FIzCeaWsZV