Olivia
Online
Patrick Nelson
@ptrcknlsn
Full stack developer @eBay and all around website guy. Follow me on and
PDX via SFO
Joined March 2009
867 Following
178 Followers
3.7K Posts
@JohnONolan @Ghost As one who has integrated several of those bloated nonsense systems over the years… I can very much confirm this statement!
They’re also monolithic; any change you need to make is usually met with “That’s core functionality” and it’s too hard to change. Difficult nut to crack.
@wesbos Ḫ̴̤̯̂̃̚e̴̪̓̈́ ̶̢̻̼̕l̸̙͔̦̅̂͒̚i̶̘̻͐͘v̶̹̔̆̅ë̸̢̝̳̖́͆s̷̡̘̓
@wesbos Codex mentioned.
@Drevopolis @DraleZero @wesbos lol, wow yeah… I do vaguely remember that. Was definitely talked about a lot. Interesting how priorities shift as you grow up. If only I still had unlimited time to dedicate to trivial crap like that. Awesome learning experience & opportunity to experiment w/ critical thinking
Who to follow
IONOS MX Support
@ionos_ayuda_mx
¡Bienvenido/a a la Cuenta Oficial de soporte técnico de IONOS México!
Somos:
👩 Mónica (mo)
🧑 Jorge (jo)
Estamos aquí para apoyarte con tus productos
Hacked 
@hackedpodcast
Strange tales of hacking, tech, cyber security, AI and internet grifters, with Jordan & @sfwinder.
Jake Schwartz
@jakeschwartz
CEO/Co-Founder/Chairman at Brave Health. Former: CEO and Co-Founder General Assembly
@jasonsaayman @kristovatlas I wonder if NPM notified you that your email account had been changed as well. Please include that detail as well as if the attacker was able to also phish your password (in case any of the changes they made required that confirmation step once they obtained your session cookies)
@jasonsaayman @kristovatlas I’ll follow with notifications. Just tweet it once it’s out and I’ll be interested to read the post mortem. Thanks Jason for the transparency!
@jasonsaayman @mehtadata_ @wesbos The author himself. I can’t believe you showed up in the replies here only hours after and got no love.
BTW: Was this a granular token compromise? If you delete that and move your workflow over to pure OIDC (trusted publisher, not just provenance) it should definitely help. 😊
@simonxabris @wesbos At least with npm, I believe “npm i” and “npm ci” both respect the contents of the package-lockfile.json. The only major difference I’m aware of is that “npm i” will update the lockfile only if the package.json has also drifted. Otherwise, I *think* you’re fine.
@TomWatkins1994 @wesbos Defense in depth; it’s this *and* lots of other options layered on top. Less deps, lock those deps down with lockfiles, set a minimum age, don’t run scripts, use SCA (software composition analysis, i.e. dependabot), etc and so on. 😊
@EIsenah @tristanbob @wesbos Yeah it’s weird that you can do --min-release-age=n and min-release-age=n in .npmrc but there’s no global setting. TBF, it is new (circa npm 11).
@tristanbob @wesbos On the flip slide, as a maintainer, *never* use long-lived creds that bypass 2FA. In CI/CD, you can publish with OIDC (configure in npm with “trusted publishers”). Otherwise, publish manually and just plug in your 2FA each time.
@tristanbob @wesbos Also, in this case, disabling install scripts (i.e. --ignore-scripts, or ignore-scripts=true in .npmrc). The main payload was delivered via a transitive dependency that had a post install script that downloaded a RAT.
@wesbos Yeah. Wow, that’s a shitty thing to do. 🤦♂️
@SnazzyLabs Peak marketing! Get it, Quinn. 😂
@openid Do you guys have a version of this video with sound? https://t.co/GzY07AIIag
It's on the site and seems like a useful high level technical explainer straight from the source, but it's missing a critical element: Audio! 😅
@usrbinsean @wesbos I remember that (and I built loads of ecomm sites prior to 2014). Thanks to widespread adoption of SNI (maybe after 2011? 2012?) we could finally start serving different certs for IPs. And then SANs which I think came later (pack more domains into a single cert).
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.3M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers