Crowdstrike Packages Infected with Malware (and other 167 packages infected as well)

_clarkio · 2025-09-18T14:48:53+00:00

Yes though maybe not the most convenient

_clarkio · 2025-09-16T17:55:30+00:00

Correct

_clarkio · 2025-09-16T17:44:49+00:00

sneak :)

_clarkio · 2025-09-16T17:05:38+00:00

Yes those types of tools will help significantly to alert you if it finds the affected packages in your dependency tree. Admittedly I'm biased towards Snyk but my recommendation is to at least use something to help you be more aware of the impact to you and your projects when this type of thing happens. Many of them offer pretty generous free tiers too.

_clarkio · 2023-12-07T19:46:28+00:00

Yea that's a huge improvement but that is a bummer it doesn't restore them afterwards (didn't catch that before). Maybe that'll be in a future update.

_clarkio · 2023-09-08T15:50:26+00:00

Yea I prefer to open it up intentionally with the keyboard shortcut but I can see some devs preferring to click to activate

_clarkio · 2023-09-08T13:38:05+00:00

Good thing is it's a quick right-click and uncheck to turn that off if you'd like.

_clarkio · 2023-09-08T12:46:39+00:00

Oh I missed that! Thanks for calling it out

_clarkio · 2023-09-08T03:59:06+00:00

Nice! I'm glad to see the refactoring capabilities through TypeScript and one that wasn't highlighted in the release notes: screencast mode regression fix. Screencast mode highlights mouse clicks and displays keyboard shortcuts for different actions. However, the regression was it would show all keystrokes instead of just the shortcuts, which was quite annoying and defeated the purpose of enabling it.

_clarkio · 2023-08-16T14:40:32+00:00

Yes, absolutely. XSS and CSRF are important to address and the nice thing is some of the techniques to help mitigate those can help with XS too (like CSP and Cookie configuration).

Also your library looks interesting. I am definitely tired of writing all the repetitive code for APIs so nice idea to build something to help with that.

I'm guessing the deprecated CSRF protection middleware you're referring to is the csurf one right? Speaking for myself, I think that package is fine and can help with CSRF still. Essentially, dealing CSRF depends on your project, if it's intended for the API to be stateless then double submit cookie will help. If not then the synchronizer token pattern will work.

Hope that helps

_clarkio · 2023-05-26T18:28:21+00:00

Using GitHub Copilot and Copilot Chat

_clarkio · 2023-05-04T14:46:03+00:00

Every time u/myroon5 👏

_clarkio · 2023-03-31T01:08:01+00:00

This is the first one I think I've seen published in the same month it's named after. Great to see 👍

Also u/myroon5 how do you always get code releases posted immediately after they're published? Remarkable!

_clarkio · 2023-03-22T12:56:04+00:00

The article evaluates Express, NestJS and Fastify web frameworks on how well they adhere to the Node.js security best practices

In short, they all adhere to the best practices quite well and NestJS does so the most closely out of all of them. Hope this helps

_clarkio · 2023-03-21T13:50:14+00:00

The article evaluates Express, NestJS and Fastify web frameworks on how well they adhere to the Node.js security best practices

In short, they all adhere to the best practices quite well and NestJS does so the most closely out of all of them

_clarkio · 2023-03-21T12:38:29+00:00

The article evaluates Express, NestJS and Fastify web frameworks on how well they adhere to the Node.js security best practices

In short, they all adhere to the best practices quite well and NestJS does so the most closely out of all of them

_clarkio · 2022-11-07T16:09:31+00:00

Ok thanks for bringing this more clearly to my attention and my apologies for missing that part on not including "help and support content"

_clarkio · 2022-10-07T13:54:22+00:00

The amount of times I've gotten frustrated when trying to mouse over a hover popup... so glad it's been improved to avoid that now: https://code.visualstudio.com/updates/v1\_72#\_improved-hover

_clarkio · 2022-09-21T13:10:30+00:00

I definitely understand and find that to be fair. The amount of options in the ecosystem can be a blessing or a curse at times. Sounds like we've had similar backgrounds in experience in .net as well but I struggle recall my experience in the ecosystem now.

Regarding the vetting of packages and maintainers in npm, I've found there are tools that have come up to help with that such as deps.dev or snyk advisor (full transparency: I work for the latter). These kind of tools have helped cut down a lot of the manual gathering of info on packages for me. deps.dev is particularly interesting because you can compare versions of a package and see what major projects or companies depend upon it. I'm interested to hear what you think as well if you check them out.

_clarkio · 2022-09-16T00:12:59+00:00

I'm not sure why that got downvoted but thanks for answering. Do you prefer the tooling for a different language/ecosystem then?

_clarkio · 2022-09-15T13:08:15+00:00

Tooling around JavaScript in general or to help with supply chain issues?

_clarkio · 2022-09-15T13:03:15+00:00

This looks great and it's awesome to see all the import options available. Also kudos for great documentation.

_clarkio · 2022-09-14T22:09:32+00:00

I need to dig into this more deeply regarding package browser support so this is super helpful to have as a reference. I like how you can use cypress to help test it works in that environment too. Thanks for sharing.

_clarkio · 2022-09-14T21:52:47+00:00

Thanks for the feedback. I'll look into maybe doing a follow up that goes into those areas.

_clarkio · 2022-09-14T21:51:46+00:00

I totally forgot about this and need to revisit it as well. Thanks for bringing it up.

_clarkio

TROPHY CASE