Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
$ npx isj
My best online read ever: More Padding, Please!
I wanted to hug the author after reading.
My most useful site(s): Google & Typescript React Cheat Sheet
Wanted to have only one - but then it would just be google.com, and I have to admit that I use google a lot - why should I spend time solving a problem someone has already encountered before, and probably solved.
My favorite NPM package: storybook
I just love this tool!
My go-to framework react
Whats not to love - really?
My first IDE/editor - FrontPage
Well I say IDE - it was Frontpage... ok next topic
My current IDE - VSC
Still using a MS product 20+ years later I just realised
"hahahaha coding in VSC without a mind-reading plugin" - me in 20 years probably
The first search engine url I can remember using (if I can even remember it right)
https://www.astalavista.box.sk - just looked it up, re-launched and looks quite dark-web like...
That weird weird URL that you go to - often, for some reason well... open it
Pretty sure you now read this and expected to get Rick Rolled - if you even clicked
I only have 3 NPM packages that I have released as I think you have to have something to offer before you takeup a namespace.
I personally believe these 3 packages to be useful - but others may differ in opinion (well thats what I learnt from putting it on social media at least)
One situation arose one day at work where I had a tab open of a product we were working on for my local, development, staging and demo.
This prompted me to make a crude version of this utility, which then grew a little and was just fun to mess around with.
I decided for it to make sense it had to be lightweight (could be smaller I know), and have 0 dependencies.
It weights in at 3.3KB, and 1.3KB gzipped.
I've had a weird inexplicible urge to create a button like the one Netflix uses to countdown to next episode automatically loading.
The component plays very well with Material UI etc.. well you can read all that from the links.
This repo has a storybook online you can check out as well (this uses my last package storybook-facelift
).
I really like storybook - but for a tool that is supposed to present UI, it has some lackings.
And since the only available pendant out there was storybook-dark-mode (and I had certain personal requirements of storybook) - I made this addon.
Also it was good fun making it, and learning about how something you use a lot works is always a good idea.
FAQs
Igor Szyporyn Jørgensen
The npm package isj receives a total of 0 weekly downloads. As such, isj popularity was classified as not popular.
We found that isj demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.