Flux
Toutes les catégories

Programmation

1557 articles

Popular node-ipc npm Package Infected with Credential Stealer
Cybersécurité Programmation

Popular node-ipc npm Package Infected with Credential Stealer

Socket’s threat feed has detected malicious activity in newly published versions of node-ipc, a long-running npm package previously associated with one of the most widely discussed supply chain incidents in the JavaScript ecosystem. The affected versions confirmed as malicious are: node-ipc@9.1.6 node-ipc@9.2.3 node-ipc@12.0.1 Socket’s AI scanner detected the newly published malicious versions within roughly three minutes of publication, classifying the activity as malware. Early analysis…

Socket
Community Corner: Global Accessibility Awareness Day with Joe Devon
Programmation Web

Community Corner: Global Accessibility Awareness Day with Joe Devon

In this episode, Scott talks Global Accessibility Awareness Day with Joe Devon the creator of the day. Links: Our Discord – https://discord.gg/aMTxunVx Buy our shirts – https://store.phparch.com/products/community-corner-podcast-t-shirt Joe’s Links: LinkedIn – https://www.linkedin.com/in/joedevon/ Global Accessibility Awareness Day – https://accessibility.day/ Accessibility and Gen AI Podcast – https://podcasts.apple.com/us/podcast/accessibility-and-gen-ai-podcast/id1759047581 Scott’s Links:…

PHP Architect
datasette-ip-rate-limit 0.1a0
IA Programmation

datasette-ip-rate-limit 0.1a0

Release: datasette-ip-rate-limit 0.1a0 The datasette.io site was being hammered by poorly-behaved crawlers, so I had Codex (GPT-5.5 xhigh) build a configurable rate limiting plugin to block IPs that were hammering specific areas of the site too quickly. Here's the production configuration I'm using on that site for the new plugin: datasette-ip-rate-limit: header: Fly-Client-IP max_keys: 10000 exempt_paths: - "/static/*" - "/-/turnstile*" rules: - name: demo-databases paths: -…

Simon Willison's Weblog
TeamPCP and BreachForums Launch $1,000 Contest for Supply Chain Attacks
Cybersécurité Programmation

TeamPCP and BreachForums Launch $1,000 Contest for Supply Chain Attacks

After months of targeting security tools, CI/CD workflows, and open source packages, TeamPCP is now promoting Shai-Hulud as required tooling for a competition that rewards the biggest compromise with a tiny crypto payout. According to Dark Web Informer, the competition was announced on BreachForums by an account identified as the forum’s owner, in collaboration with TeamPCP. Participants are being offered $1,000 USD in Monero to compromise open source packages with Shai-Hulud, along with the…

Socket
Welcome to the Datasette blog
IA Programmation

Welcome to the Datasette blog

Welcome to the Datasette blog We have a bunch of neat Datasette announcements in the pipeline so we decided it was time the project grew an official blog. I built this using OpenAI Codex desktop, which turns out to have the Markdown session transcript export feature I've always wanted. Here's the session that built the blog. See also issue 179. Tags: ai, datasette, generative-ai, llms, ai-assisted-programming, codex

Simon Willison's Weblog
Packagist Urges Immediate Composer Update After GitHub Actions Token Leak
Cybersécurité Programmation

Packagist Urges Immediate Composer Update After GitHub Actions Token Leak

Packagist is urgently warning PHP projects to update Composer after a GitHub token format change caused some GitHub Actions tokens to be exposed in CI logs. Composer 2.9.8, 2.2.28 LTS, and 1.10.28 fix a vulnerability where Composer could print the full contents of GitHub Actions-issued GITHUB_TOKEN values or GitHub App installation tokens to stderr when the token failed Composer’s validation check. The issue was triggered by GitHub’s rollout of a new token format that includes a hyphen, which…

Socket