@ivantodorov been using #npm #nginxproxymanager for years. While there are certainly alternatives out there, it has proven to be rock solid, easy to use and easy to setup. LE cert generation never missed a single refresh with 6 root domains and over 40 records across.
my2c
Wo wir schon bei Supply-Chain-Attacken sind:
OHAI #npm
https://socket.dev/blog/npm-phishing-campaign-leads-to-prettier-tooling-packages-compromise
NPM continues to be an attractive target for threat actors. These are the most common attack vectors:
1. Typosquatting: Mimicking popular packages (e.g., web3-wrapper-ethers vs ethers) [1]
2. Package Impersonation: Creating near-identical copies of legitimate libraries [2]
3. Legitimate Package Compromise: Hijacking established packages (eslint-config-prettier) [3]
4. Malicious Pull Requests: Introducing dependencies via seemingly legitimate contributions [4]
5. Phishing: Credential theft using typosquatted domains (npnjs.com) [5]
## References
[1] https://www.aikido.dev/blog/malicious-package-web3
[2] https://socket.dev/blog/north-korean-contagious-interview-campaign-drops-35-new-malicious-npm-packages
[3] https://www.stepsecurity.io/blog/supply-chain-security-alert-eslint-config-prettier-package-shows-signs-of-compromise
[4] https://www.reversinglabs.com/blog/malicious-pull-request-infects-vscode-extension
[5] https://socket.dev/blog/npm-phishing-email-targets-developers-with-typosquatted-domain
North Korean hackers unleashed 67 malware-ridden packages on npm in their ongoing "Contagious Interview" campaign, spreading the XORIndex loader to steal data & FckCrypto 
Over 17,000 downloads caught in this supply chain attack! Stay vigilant & verify packages carefully! #Cybersecurity #NPM #Malware #SupplyChainAttack
Read more: https://www.techradar.com/pro/security/north-korean-hackers-release-malware-ridden-packages-into-npm-registry #newz
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader, by @SocketSecurity:
https://socket.dev/blog/contagious-interview-campaign-escalates-67-malicious-npm-packages
Tool: npm Package Checker, by (not on Mastodon or Bluesky):
#North #Korea-linked actors spread #XORIndex #malware via 67 malicious #npm packages
https://securityaffairs.com/179950/hacking/north-korea-linked-actors-spread-xorindex-malware-via-67-malicious-npm-packages.html
#securityaffairs #hacking
Introducing #Upyo!
A simple, cross-runtime email library that works seamlessly on #Deno, #Node.js, #Bun, and edge functions. Zero dependencies, unified API, and excellent testability with built-in mock transport.
Switch between #SMTP, #Mailgun, #SendGrid without changing your code. Available on #JSR & #npm!
When contributing to #PHP #OSS dependencies, I usually used "composer --prefer-source" to get the dependencies installed as git repos.This way, when I make modifications, I can test them inside a larger codebase immediately while easily being able to check my changes and commit+push them upstream.
What is the process for #JavaScript? Is there a similar pattern with #NPM? Or what is the approach JavaScript OSS contributors take?
30 Years of JavaScript: 10 Milestones That Changed the Web, by @ricmac (@TheNewStack):
https://thenewstack.io/30-years-of-javascript-10-milestones-that-changed-the-web/
#javascript #anniversaries #history #ecmascript #ajax #jquery #web2.0 #nodejs #npm #react #typescript #webassembly
Are npm packages and dependencies an unmitigated disaster, or is it just me?
Nginx Proxy Manager 2.12.4 lands with API schema fixes, performance improvements, and a batch of new DNS providers for Certbot plugin support.
https://linuxiac.com/nginx-proxy-manager-2-12-4-released-with-certbot-enhancements/
While #npm and some other central services have #outages I wonder if there is some is some #decentral or #federated solution for this? Otherwise #Javascript world is pretty fucked up if #Github / #Microsoft pulls the plug https://status.npmjs.org/
Are you reviewing your NPM dependancies for malicious code? #devsecops #appsec #npm
https://www.scworld.com/news/complex-npm-attack-uses-7-plus-layers-of-obfuscation-to-spread-pulsar-rat
Malicious #npm packages posing as utilities delete project directories
️ 
