#npm#Github
New measure to combat supply chain attacks, so get prepare for these changes.
GitHub to Disable npm Install Scripts by Default .
#javascript#js
https://t.co/ZW1H6EJdAF
@venelinkochev For those using WordPress dont include:
/wp-admin, /wp-content, /wp-includes,/wp-login, cause you will block access to admin and client side.
For those endpoints use rate limiting.
🚨 Security Alert: axios versions 1.14.1 and 0.30.4 were compromised on npm with a remote access trojan hidden in a postinstall script. Both versions have since been removed.
This was not a Laravel vulnerability — but we're taking proactive steps to protect our community from this supply chain attack.
If you installed or updated axios in the last 24 hours, scan your machine.
What we did:
• Pinned axios to safe versions in laravel/laravel
• laravel/installer now runs package installs with --ignore-scripts by default
• Blocked the attacker's domain across Laravel Cloud
More info: https://t.co/GhcKIAIEXE
At @LaraconEU, @ShaneDRosenthal showed smth revolutionary for @NativePHP.
Code-name "Super native".
You can access ALL mobile native components from PHP.
And it's FASTER than Flutter/React Native.
He said it'll be out in a few months.
Watch video: https://t.co/mQ0Velmj2n
This week Livewire 4 comes out
Laracasts will have a series
Laravel news will have a post
JMac will have a Shift
Laravel HQ getting Boost and other OSS ready
Pretty cool how the community comes through ❤️
Part 1: SSH Tunnels Deep Dive - Local Port Forwarding (+labs)
Most people only use SSH for logging into a remote machine, and they never look beyond that. But SSH can do far more than provide a secure shell. One of its most powerful but overlooked features is tunneling, the ability to move traffic through an encrypted channel and reach services you normally can’t access.
At first, SSH tunnels feel confusing. That’s normal. Many admins and developers struggle with them until they see them demonstrated in real scenarios and work through them hands-on. That’s the goal of this series: to break down SSH tunneling into clear, practical parts, each one supported by labs you can run on your own machine. All the lab files are available in the GitHub repository.
This series will cover the four major types of SSH tunnels:
• Local Port Forwarding
• Remote Port Forwarding
• Proxy Tunneling through a Bastion Host
• Dynamic Port Forwarding (SOCKS5)
Each part focuses on one pattern, explains when it’s useful, and walks you through a complete lab environment that demonstrates the behaviour step by step.
In this first part, we’ll start with the most familiar one, Local Port Forwarding, and see how a simple SSH connection can give you access to services that would normally be unreachable.
Learn more in this guide:
https://t.co/39QWgfNZfE
Sorteo Licencia anual JetBrains para el IDE que tú quieras!
Participa:
✅ Sígueme
🔄 Comparte el post
🌐 Sorteo global
ℹ️ Publicaré el resultado el sábado. Suerte! 🤘
I'm releasing Testing Laravel on Friday 31st Oct
Over 40 video lessons on real-world Laravel testing...
...it's worth $50 but I'm giving 3 of em away
You want it? Just 🔁 or ❤️
Details in the comments...winners picked next Tuesday 🏆
GLHF
@taylorotwell@Bitwarden the free version offers what you have to paid in others and premium pay version the cheapest.
I always recommend the pay version to support the project almost anyone can afford it.
Free, open source, self hosted version also available.
After watching how many commands @hugosaintemarie had to run to setup a Laravel app on his machine I immediately shipped this new setup command to Laravel's composer.json file.
A good starting point but you can customize it for your own application.
- clone project
- composer setup
- composer dev
💆♂️
⚠️ A single click on a fake site can hijack your password manager.
Researchers found 11 popular extensions (1Password, LastPass, iCloud & more) vulnerable—putting logins, 2FA codes, and credit cards at risk.
6 vendors still haven’t patched.
Protect your PASSWORDS ↓ https://t.co/C7GrZY7K2f
@ClaroRD Algo de los aumentos no cuadra bien
- Los que tienen el plan 50Mbps/25Mbps pasan a 75Mbps/40Mbps
- Lo que tienen el plan 60Mbps/30Mbps pasan a 150Mbps/50Mbps
Planes prácticamente casi iguales, al de 60Mbps le dan 90Mbps de bajada más y al otro de 50Mbps le 25Mbps.🤔
🔑 There’s something deeply enjoyable when logging in with a passkey. No email/password to type, no redirect to third parties, superfast, …
📦 Creating a little something to make this super easy in #Laravel.
https://t.co/idt0nGCWCC
🫡 Will blog about it tomorrow