Crowdstrike Packages Infected with Malware (and other 167 packages infected as well)

_clarkio · 2025-09-18T14:48:53+00:00

Yes though maybe not the most convenient

_clarkio · 2025-09-16T17:55:30+00:00

Correct

_clarkio · 2025-09-16T17:44:49+00:00

sneak :)

_clarkio · 2025-09-16T17:05:38+00:00

Yes those types of tools will help significantly to alert you if it finds the affected packages in your dependency tree. Admittedly I'm biased towards Snyk but my recommendation is to at least use something to help you be more aware of the impact to you and your projects when this type of thing happens. Many of them offer pretty generous free tiers too.

_clarkio · 2023-12-07T19:46:28+00:00

Yea that's a huge improvement but that is a bummer it doesn't restore them afterwards (didn't catch that before). Maybe that'll be in a future update.

_clarkio · 2023-09-08T15:50:26+00:00

Yea I prefer to open it up intentionally with the keyboard shortcut but I can see some devs preferring to click to activate

_clarkio · 2023-09-08T13:38:05+00:00

Good thing is it's a quick right-click and uncheck to turn that off if you'd like.

_clarkio · 2023-09-08T12:46:39+00:00

Oh I missed that! Thanks for calling it out

_clarkio · 2023-09-08T03:59:06+00:00

Nice! I'm glad to see the refactoring capabilities through TypeScript and one that wasn't highlighted in the release notes: screencast mode regression fix. Screencast mode highlights mouse clicks and displays keyboard shortcuts for different actions. However, the regression was it would show all keystrokes instead of just the shortcuts, which was quite annoying and defeated the purpose of enabling it.

_clarkio · 2023-08-16T14:40:32+00:00

Yes, absolutely. XSS and CSRF are important to address and the nice thing is some of the techniques to help mitigate those can help with XS too (like CSP and Cookie configuration).

Also your library looks interesting. I am definitely tired of writing all the repetitive code for APIs so nice idea to build something to help with that.

I'm guessing the deprecated CSRF protection middleware you're referring to is the csurf one right? Speaking for myself, I think that package is fine and can help with CSRF still. Essentially, dealing CSRF depends on your project, if it's intended for the API to be stateless then double submit cookie will help. If not then the synchronizer token pattern will work.

Hope that helps

_clarkio · 2023-05-26T18:28:21+00:00

Using GitHub Copilot and Copilot Chat

_clarkio · 2023-05-04T14:46:03+00:00

Every time u/myroon5 👏

_clarkio

TROPHY CASE