Hacker News new | past | comments | ask | show | jobs | submit | from login

Node.js TSC Votes to Stop Distributing Corepack (socket.dev) 2 points by feross 3 days ago | past | discuss Black Basta's Dependency Confusion Ambitions and Ransomware in Open Source (socket.dev) 2 points by feross 3 days ago | past | discuss Oxlint Now in Beta with 500 Built-In Rules and 2X Faster JavaScript Linting (socket.dev) 4 points by feross 5 days ago | past | discuss GitHub Actions Supply Chain Attack Puts Projects at Risk (socket.dev) 3 points by feross 5 days ago | past | discuss Tick Tock, Your Credentials Are Gone: Maven Package with Monthly Theft Schedule (socket.dev) 2 points by feross 7 days ago | past | discuss Tick Tock, Your Credentials Are Gone: The Maven Package with a Monthly Theft (socket.dev) 3 points by feross 8 days ago | past | discuss Socket and Seal Security Collaborate to Fix Critical NPM Overrides Bug (socket.dev) 2 points by feross 10 days ago | past | discuss The Pair Program Podcast: Feross Aboukhadijeh on Preserving Trust in Open Source (socket.dev) 3 points by feross 12 days ago | past | discuss Opengrep Launches Playground in Alpha: A Faster, More Stable Environment For (socket.dev) 2 points by feross 15 days ago | past Free Software Foundation Goes to Bat for AGPL in Amicus Brief Criticizing (socket.dev) 9 points by feross 16 days ago | past | 1 comment Malicious Go Package Exploits Go Module Proxy Caching for Persistence (socket.dev) 3 points by feross 17 days ago | past New PyPI Malware 'Set-Utils' Exfiltrates Ethereum Private Keys Through (socket.dev) 4 points by feross 17 days ago | past Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS (socket.dev) 11 points by feross 18 days ago | past | 1 comment Bybit Hack Puts Crypto Losses at $1.6B, Surpassing All of Last Year in Just Two (socket.dev) 4 points by feross 18 days ago | past Malicious PyPI Package Exploits Deezer API for Coordinated Music Piracy (socket.dev) 2 points by technonerd 20 days ago | past OpenSSF Launches Open Source Project Security Baseline to Strengthen Software (socket.dev) 3 points by feross 22 days ago | past Michigan TypeScript Founder Successfully Runs Doom Inside TypeScript's Type (socket.dev) 2 points by feross 22 days ago | past Malicious PyPI Package Exploits Deezer API for Coordinated Music Piracy (socket.dev) 3 points by feross 24 days ago | past TC39 advances proposals for RegExp Escaping, Float16Array, Redeclarable vars (socket.dev) 7 points by feross 30 days ago | past Deno 2.2 Improves Dependency Management and Expands Node.js Compatibility (socket.dev) 6 points by feross 30 days ago | past React Team Updates CRA Migration Guidance After Community Pushback (socket.dev) 6 points by feross 31 days ago | past | 1 comment PyPI Now Supports iOS and Android Wheels for Mobile Python Development (socket.dev) 8 points by feross 38 days ago | past Malicious Package Exploits Go Module Proxy Caching for Persistence (socket.dev) 1 point by mooreds 39 days ago | past Create React App Officially Deprecated Amid React 19 Compatibility Issues (socket.dev) 3 points by feross 39 days ago | past Go Supply Chain Attack: fake boltdb (socket.dev) 4 points by pquerna 41 days ago | past | 1 comment Oracle Drags Its Feet in the JavaScript Trademark Dispute (socket.dev) 1 point by feross 43 days ago | past Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not (socket.dev) 6 points by feross 43 days ago | past Maven Central Adds Sigstore Signature Validation (socket.dev) 3 points by feross 44 days ago | past Go Supply Chain Attack: Malicious Package Exploits Go Module (socket.dev) 17 points by bamazizi 45 days ago | past Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching (socket.dev) 4 points by healsdata 45 days ago | past | 1 comment More

Join us for AI Startup School this June 16-17 in San Francisco! Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact Search: