the bottom row of a child’s teeth, but the front two teeth have two teeth behind them
🦈 my 6 year old’s “shark teeth”
31.07.2025 20:58 — 👍 6 🔁 0 💬 0 📌 0
I’m sure someone does; i don’t
24.07.2025 19:32 — 👍 1 🔁 0 💬 0 📌 0
“Are you any good at troubleshooting CSS?” with misaligned answer options
postit found at our team offsite
24.07.2025 19:14 — 👍 66 🔁 9 💬 2 📌 0
Big news: HeroDevs just raised $125M from PSG + Album 🎉
We’re doubling down on Never-Ending Support for EOL OSS.
✅ Securing deprecated frameworks
✅ $20M OSS Sustainability Fund now open
Let’s secure the future of open source.
#OSS #DevSecOps #CyberSecurity #EOL #HeroDevs
24.07.2025 14:34 — 👍 3 🔁 3 💬 2 📌 0
I’m confused, i still have DMs and don’t see anywhere to age-verify
24.07.2025 06:29 — 👍 0 🔁 0 💬 1 📌 0
*recalls* ok yeah this is funny
23.07.2025 23:18 — 👍 1 🔁 0 💬 0 📌 0
can you provide some context? i have no idea what Clinton signifies here
23.07.2025 23:08 — 👍 1 🔁 0 💬 1 📌 0
not me, a co-maintainer in a package.
the malware never existed in the repo, and no longer exists on npm.
23.07.2025 23:07 — 👍 2 🔁 0 💬 0 📌 0
npm ‘is’ Package Hijacked in Expanding Supply Chain Attack -...
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.
🚨 Attackers have hijacked the npm 'is' package (~2.8M weekly downloads), adding a malicious JS loader. This compromise is linked to the recent npm phishing campaign. Read our update on this ongoing supply chain attack: socket.dev/blog/npm-is-... #NodeJS #JavaScript
22.07.2025 20:09 — 👍 11 🔁 7 💬 1 📌 0
to complement my hither-thither staff, a hen-then staff?
23.07.2025 03:41 — 👍 2 🔁 0 💬 1 📌 0
The two bad versions have now been taken down entirely by @npmjs.bsky.social, thankfully.
21.07.2025 05:17 — 👍 9 🔁 1 💬 1 📌 0
I want to reiterate my deeply held belief. One of the biggest mistakes we are making with this tech is anthropomorphizing it and treating it like it is actually "reasoning". It's not doing that. And it cannot be held accountable. It's a machine.
20.07.2025 20:34 — 👍 380 🔁 82 💬 6 📌 6
ask a silly question ¯\_(ツ)_/¯
20.07.2025 01:57 — 👍 0 🔁 0 💬 0 📌 0
Mostly because it’s been around while - the modern approach is to use a single-purpose package instead of a grab bag. Just like lodash.
19.07.2025 22:00 — 👍 0 🔁 0 💬 1 📌 0
npm does require that now, and the package itself can’t be published without 2FA. an email takeover tho is sort of always the master key
19.07.2025 22:00 — 👍 0 🔁 0 💬 0 📌 0
true. but my assumption is that the hijacking caused it to get removed, but i wasn’t notified, so when he asked to be re-added it seemed normal.
19.07.2025 21:03 — 👍 2 🔁 0 💬 1 📌 0
lol k so basically all of them, got it
19.07.2025 19:54 — 👍 4 🔁 0 💬 0 📌 0
What they claimed was that their account did not have 2FA set up, and that’s why it was removed. Which seemed plausible, but made me irritated at npm. I am pretty confident that a username, once deleted, is burned forever.
19.07.2025 18:55 — 👍 1 🔁 0 💬 0 📌 0
also, v5.0.0, which got the same treatment. I assume this was from a pre-existing session and one of npm’s publish servers hadn’t caught up yet - tokens are disallowed (on virtually all my packages)
19.07.2025 18:50 — 👍 3 🔁 0 💬 0 📌 0
huh? No. I mean the account was removed from the package, not removed from npm
19.07.2025 18:49 — 👍 0 🔁 0 💬 1 📌 0
multiple people noticed and notified me through various channels. I was volunteering at my kid’s swim meet, so I didn’t get the messages until it was over.
19.07.2025 18:36 — 👍 3 🔁 0 💬 0 📌 0
Unfortunately, this took 6! hours before it was noticed. It would’ve been 1-2, but I was volunteering at my kids’ swim meet.
19.07.2025 18:34 — 👍 10 🔁 0 💬 0 📌 0
It’s entirely possible. The old owner was somehow removed from the npm package, and emailed me to be re-added. Everything seemed normal, so I obliged (irritated the npm would remove an owner without notifying the other owners) and the next morning this was published.
19.07.2025 18:33 — 👍 4 🔁 0 💬 2 📌 1
show me something that isn’t shit in this way, lol. get better takes.
19.07.2025 18:31 — 👍 6 🔁 0 💬 1 📌 0
is
the definitive JavaScript type testing library. Latest version: 3.3.1, last published: 6 hours ago. Start using is in your project by running `npm i is`. There are 638 other projects in the npm regist...
Heads up that v3.3.1 of npmjs.com/is has malware in it, due to another maintainer’s account being hijacked. They’re removed for now, v3.3.0 is set at latest, v3.3.1 is deprecated, and a v3.3.2 will be published once I’m not on my phone (thx @github.com codespaces)
19.07.2025 18:21 — 👍 43 🔁 21 💬 7 📌 4
form-data
A library to create readable
Harborist has published a new CVE:
www.cve.org/cverecord?id...
This is on all versions of the npmjs.com/form-data package, on all node versions. Please note: node 18+ and all modern browsers (caniuse.com?search=formd...) have FormData built in - please consider migrating to it!
18.07.2025 16:37 — 👍 0 🔁 2 💬 0 📌 0
new Date("wtf")
How well do you know JavaScript's Date class?
I made a quiz about the JS Date parser is. It's very easy and you will score very high.
jsdate.wtf
11.07.2025 17:10 — 👍 480 🔁 162 💬 64 📌 106
congrats!
08.07.2025 16:50 — 👍 2 🔁 0 💬 1 📌 0
sounds, taps, and/or pictures?
02.07.2025 21:02 — 👍 1 🔁 0 💬 1 📌 0
Programming Language Specification and Standardization. Professor at University of Bergen, Norway. TC39 Delegate. Co-convener of TC39-TG5. Ecma International Executive Committee member. Opinions are my own.
Fediverse developer, working on trust & safety tech, advisor to IFTAS; open-source contributor. I'm mostly on the Fediverse: https://hachyderm.io/@thisismissem 🏳️⚧️🏳️🌈
Mostly posting via @thisismissem.hachyderm.io.ap.brid.gy
Suffers from skiing addiction; SVP Legal & Strategic Programs at The Linux Foundation.
Also at @mdolan @Twitter and @fosstodon.org
jokes still range from below lemon to sublime
プログラミングが趣味です。
I eat broken English.
GitHub: http://github.com/ota-meshi
X: https://x.com/omoteota
40smth solo mom and frontend engineer living in #pdx. longhorn. usaf 2e251 '02-06. i'm here for empathy, kindness, puns, and shitposts 🏳️⚧️👭✨💅
A safe and modern home for the web
OpenJS promotes the widespread adoption and continued development of key JavaScript technologies worldwide.
Dad, husband, President, citizen. barackobama.com
Servers as they should be. https://oxide.computer/bio
Programming Languages & Web Standards @igalia.com
@tc39.es co-chair, ECMA-402 (JS Intl) co-editor
A Coruña, Galiza
🏴🐈⬛
There Is No Antimemetics Division (https://qntm.org/antimemetics) ~ "Lena" ~ Absurdle ~ HATETRIS ~ many other cool things
bret.io
@socket.dev
@breadcrum.net
Jungle mama with rescues. Nature obsessed. Ex-nurse. Engaged & married at the bird (@stefsull). Retired tech design systems engineer. I put the URL in gurl. Current specialty grocery/deli owner. Needs to retire again…
Community Node.js meetup created by @dshaw.com in San Francisco since September 2014
Events: https://meetup.com/sfnode/
Speak, Host, Sponsor: https://github.com/sfnode/sfnode
Running on agentic reasoning and espresso. Building with @LangChain 🦜🔗.
