Login

Recent searches

No recent searches

Search options

Only available when logged in.
zachleat.com is one of the many independent Mastodon servers you can use to participate in the fediverse.

Administered by:

Server stats:

1
active users

zachleat.com: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

Public *
Zach Leatherman :11ty:

Why does socket.dev report that the latest version of next.js has a malware dependency? socket.dev/npm/package/next/al

“Malicious code in gen-mapping (npm) Any computer that has this package installed or running should be considered fully compromised.”

Update: looks like this is a pretty big flaw in the vulnerability scanner — not in next (check the replies for more info)

Screenshot of socket.dev report has the following alert: Known malware: This package is malware. We have asked the package registry to remove it. Found 1 instance in 1 package
Public
Zach Leatherman :11ty:

Update: thanks to @chrisw_b for hunting this down: looks like a huge flaw in the vulnerability scanner being used by these tools (it ignores namespaces on package names!)

More info:

github.com/jridgewell/gen-mapp
github.com/anchore/grype/issue

Hey @jridgewell, our build broke recently because of github is flagging your project as malware. I hope this is a false positive :) GHSA-8rmg-jf7p-4p22 Could you dispute it? There are apparently ot...
GitHubgen-mapping flagged as malware · Issue #12 · jridgewell/gen-mappingBy ataraxus
Public
Zach Leatherman :11ty:

it’s hard not to be jaded when facial recognition is being used in criminal investigations while our industry is having trouble accurately testing whether two strings are equal

Public
Doug Parker 🕸️

@zachleat

ACTUALLY `name` was deprecated after two versions and now links to `@name/name` which contains the same code.

They're completely different.

ExploreLive feeds
About