Oliver Montes

New supply chain attack this time for npm axios, the most popular HTTP client library with 300M weekly downloads. Scanning my system I found a use imported from googleworkspace/cli from a few days ago when I was experimenting with gmail/gcal cli. The installed version (luckily) resolved to an unaffected 1.13.5, but the project dependency is not pinned, meaning that if I did this earlier today the code would have resolved to latest and I'd be pwned. It's possible to personally defend against these to some extent with local settings e.g. release-age constraints, or containers or etc, but I think ultimately the defaults of package management projects (pip, npm etc) have to change so that a single infection (usually luckily fairly temporary in nature due to security scanning) does not spread through users at random and at scale via unpinned dependencies. More comprehensive article: https://t.co/EJAZbqAPIQ

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

Fun fact: OpenAI handles 800 million users on ChatGPT with just one PostgreSQL primary and 50 read replicas 🤯 Today, OpenAI published an engineering blog explaining how they scaled their Postgres setup to support a massive 800 million users using a single primary and 50 multi-region replicas. They dive into details around their scaling approach, the PgBouncer proxy, cache locking, and cascading read replicas. It is genuinely neat and impressive. I just published a video on my YouTube channel where I dissect the blog and break down the nuances. Give it a watch - it is short and fun.

🟠 You can now connect Supabase to Levante in just a couple of clicks. Thanks to OAuth integration, setting up your backend is now: -> Fast -> Secure -> Zero manual configuration Less friction. More building. 💙 Levante is open source — contributions, feedback, and stars are welcome. --> Github repo: https://t.co/VX24BdStIG --> web: https://t.co/1sNITnAg5D

Launching this Thursday, Nov 6, 2025 → Levante v1.3 open beta A local MCP client that makes MCPs practical for developers. Local-first. Multi-provider (OpenRouter, Vercel Gateway, Ollama, Claude, ChatGPT, Groq, xAI, Google AI). Want to collaborate? Get early access → https://t.co/wBuY2Mp5Da Repo → https://t.co/VX24BdStIG

LALIGA is trending again, so it's worth giving an update. We previously wrote about how this soccer league in Spain was granted broad internet censorship powers[1]. 1️⃣ Vercel's customers have been unaffected We've taken drastic measures to ensure the uptime of our customers. While we rejected LALIGA's broad approach, our goal at Vercel is to protect and maximize our customers' and developers' freedoms within the limits of the law. We gave them a dedicated email inbox and an incident response automation. We have instructed our on-call SRE to expedite the review of these reports, because they can result in the loss of availability of entire sections of other, law-abiding customers. This is what their email reports look like: 2️⃣ LALIGA's reports have been accurate For every report we've received, we were able to verify that the URLs were hosting illegal streams of their copyrighted material. I have condemned LALIGA's unprecedented and indiscriminate blocks[2], and have warned of the potential for this power to be misused. So far, their reports have so far been valid. We expediently acted on them, in order to minimize the collateral damage. 3️⃣ Blocking hostnames vs blocking networks If you look at their email report above, you'll notice they single out an IP address. The crux of the issue is that in modern CDN networks, that IP address can represent hundreds or thousands of legitimate customers. The appropriate response would be to block *only the infringing hostname* by using the SNI fragment of the TLS handshake (e.g.: imagine blocking "𝚏𝚛𝚎𝚎𝚕𝚊𝚕𝚒𝚐𝚊𝚜𝚝𝚛𝚎𝚊𝚖.𝚝𝚟"). Since some CDNs don't offer this "granular blocking" possibility (given they encrypt SNI via a TLS protocol extension called "Encrypted Client Hello"), and ostensibly due to them not acting on the copyright reports, they're seeing significant collateral damage[3] With over 150,000 paying teams and thousands of Enterprise accounts hosting critical services in areas like health care, emergency response, banking, government, and more, we're always working to protect our uptime, security, and availability. [1] https://t.co/ufFVNUyfOE [2] https://t.co/6MRSA8TedI [3] https://t.co/JcSvRlx8Cf