Olivia
Online
Walshy
@WalshyDev
Programmer, data collector, #Bitcoin supporter. Working at @Cloudflare on solving the hard issues (tweets don't reflect my employer - you know the gist)
England
Joined October 2013
438 Following
1.9K Followers
1.2K Posts
I've been working on a registry-gateway built on @CloudflareDev Workers due to previous compromises like this.
This is reenforcing my belief that every company will need to have this in the future.
The gateway will:
* Enforce a cooldown period for new versions (similar to how pnpm does it but at a gateway level this enforces it globally and supports ALL package managers)
* Allows blocking packages or package prefixes
* Logs all downloads
* Clone all packages into R2 - this is to avoid any package being replaced and compromised that way. We know byte for byte this will not change (while I don't believe any registries allow this anymore, it's defence in depth)
My gateway currently works for npm and Golang is mostly done now too.
Rust is next up.
I truly believe the future is Enterprises all having their own registry gateways and enforcing security that way.
SECURITY ADVISORY — TanStack npm packages
A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package.
Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down.
Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys.
If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised:
• Rotate cloud, GitHub, and SSH credentials immediately
• Audit cloud audit logs for the last several hours
• Pin to a prior known-good version and reinstall from a clean lockfile
Detection — the malicious manifest contains:
"optionalDependencies": {
"@tanstack/setup": "github:tanstack/router#79ac49ee..."
}
Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root).
Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level.
Full technical breakdown, complete package and version list, and rolling status updates:
https://t.co/Zy8qG7PA9f
Credit to the security researcher for responsible disclosure.
🤸♀️You can now get a single unified trace of your Worker across service bindings and Durable Object calls 🤸♀️
no more manually piecing together multiple traces to see what’s happening within a request
Who to follow
Cloudflare Developers 
@CloudflareDev
Have questions, or building something cool with Cloudflare's Developer products? We're here to help. For help with your account please try @CloudflareHelp
Adam Janiš
@adam_janis
🇨🇿 in 🇵🇹
Staff Engineer, previously @Cloudflare
Builder
🚀 https://t.co/Ud1bdryMU9 - global rate limiting API for distributed applications
Nevi Shah
@nevikashah
building workers observability ✨
pm @cloudflaredev
@CherryJimbo nah can't give agents credit for all my awesome code
@just_some_dev Ooooooo!!!
Go to the Cloudflare office, @nevikashah can show you around
The view is absolutely stunning!
We finally did it!
Email Sending is available for customers!!
This has been one of the biggest feature requests for us for a very long time, super super happy it is now available
Huge congrats to the team for shipping this!
The wait is over. Cloudflare Email Service is now in public beta 📧
Send and receive emails directly from Workers or REST API with global delivery on Cloudflare's network
And just in time for you to build email agents with the Agents SDK!
The wait is over. Cloudflare Email Service is now in public beta 📧
Send and receive emails directly from Workers or REST API with global delivery on Cloudflare's network
And just in time for you to build email agents with the Agents SDK!
@CherryJimbo Hey I'm not the one who has a falling out with my agents 😂😂
When you're too emotionally attached to your AI agent:
I'm gonna be at @Cloudflare Connect tomorrow in London manning the Community Booth!
Let me know if you're gonna be around and definitely come say hi :)
Especially if you don't already know about our awesome communities!
We’re introducing Dynamic Workers, which allow you to execute AI-generated code in secure, lightweight isolates. This approach is 100 times faster than traditional containers. https://t.co/c36Vkb7I0R
@zebassembly Happy birthday you legend!
Last week, I broke production on a personal Cloudflare Workers project with a bad change.
To ensure that never happens again and so I can rollout with confidence, I built CanaryRoll - a fully managed Gradual Deployment system for @CloudflareDev Workers
Link & how I built ⬇️
@ericclemmons ayyy great to hear. Yeah I'm just using API tokens right now from the user, I want to setup an OAuth client for it but it's a tad pain right now
Last Seen Users on Sotwe
CosmicTraining
Seen from United States
Vibi Sarti
Seen from Malaysia
Jam Miranda
Seen from Indonesia
Mbah Dolok
Seen from Indonesia
40++คู่แท้ชอบแนวตื่นเต้น👙(ช่องสำรอง)
Seen from Thailand
Kowy1999
Seen from Indonesia
Max
Seen from Switzerland
PERRITA Y CORNUDO 👰👹
Seen from Turkey
ヨフィ
Seen from Argentina
Rare
Seen from Germany
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers