Olivia
Online
Scott
@sprusr
I like maps
Helsinki, Finland
Joined December 2013
483 Following
340 Followers
337 Posts
Thankfully I missed the compromise window, but even if I had been working during it I think pnpm v11 new defaults would have saved my ass!
So I picked a great day yesterday to make my first contribution to TanStack Router ๐
SECURITY ADVISORY โ TanStack npm packages
A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package.
Status: ACTIVE โ packages are deprecated, npm security engaged, publish path being shut down.
Severity: HIGH โ payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys.
If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised:
โข Rotate cloud, GitHub, and SSH credentials immediately
โข Audit cloud audit logs for the last several hours
โข Pin to a prior known-good version and reinstall from a clean lockfile
Detection โ the malicious manifest contains:
"optionalDependencies": {
"@tanstack/setup": "github:tanstack/router#79ac49ee..."
}
Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root).
Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level.
Full technical breakdown, complete package and version list, and rolling status updates:
https://t.co/Zy8qG7PA9f
Credit to the security researcher for responsible disclosure.
@neceros Focus of my project is more about displaying/exporting to SVG a map from data of the real world, rather than making the map itself. Azgaarโs fantasy map generator is a really great thing :)
Been building a vector map rendering library from scratch. Itโs called mewmap and itโs powered by SVG tech built-in to browsers. That allows for pretty small bundle size
I started this as a fun project, but the more Iโm working on it the more it feels like something serious, legit good alternative for 90% of web map use cases
Been building a vector map rendering library from scratch. Itโs called mewmap and itโs powered by SVG tech built-in to browsers. That allows for pretty small bundle size
Doing a talk next week at HelsinkiJS meetup about maps on the web. Bit of history, bit of future. Hopefully interesting and entertaining!
Would probably be best to link to a demo but I didnโt have time to prepare one right now ๐
I put together some vector tiles from the new data (for using on web/mobile apps) and a style to go with them https://t.co/1QEurihbVY
We are pleased to announce the release of updated Natural Earth v6 transportation data, including roads, railroads, and ferries. A big thank you to Zhaoxu Sui for preparing it. https://t.co/MLG7pkcUbB
After that something Iโm excited to explore is server-side rendering + possible lightweight isomorphic React wrapper โก๏ธ
Now with raster (satellite) layers working in mewmap ๐ I think I could probably ship a raster-only version in just a few kb bundle size ๐ค
I have a small roadmap in the GitHub readme, but next focuses are:
- Symbols (text and icons)
- Rendering from geojson (custom markers)
- Bunch of work to support full Maplibre/Mapbox style spec
Can try it out at https://t.co/QUDnK7mvCY but beware it still has a bit of jank in Safari/iOS to figure out
General consensus from over here is that it looks a bit goofy with the directives. But will be trying it out and seeing whether I can get it to play nice in cloudflare workers
Workflow Dev Kit: reliability-as-code
โข "๐๐๐ ๐ ๐๐๐๐๐๐๐ " + "๐๐๐ ๐๐๐๐"
โข Open source and MIT-licensed
โข Designed for AI agents and backends
โข Backend-agnostic (Vercel or self-hosted)
โข Framework-agnostic (Next.js, Nitro & more)
https://t.co/uRzXkbkD3c
Moving to Tokyo tomorrow. Thatโs pretty cool.
Scariest tiles in monopoly in 2022
Going to EMF next week, and also happen to have a spare ticket from a friend who can no longer make it. Free to a good home! ๐
@joakimhi Itโs actually really good, having games work hasnโt actually been a problem (above was me playing around). Would recommend ๐
The Steam Deck is really good
@hiMaisie Iโm sure I do! Iโll take a look later
Last Seen Users on Sotwe
Sabrina๐ค
Oktay Dรผzce
Seen from Turkey
MyHacienda
Seen from Turkey
ๅฐ
Seen from United States
เธญเธด เธเนเธญเธข แถสณแตแตโฑแต แถ สณแตแต ๐
ง
Seen from Brazil
The Sir Bub 
Seen from United States
Dan Salt
Seen from United Kingdom
ฤฐZMฤฐR
Seen from Turkey
midi
Seen from United Kingdom
symphonyofthenight
Seen from Japan
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers