Frontend Dogma<p>LLMs Can’t Stop Making Up Software Dependencies and Sabotaging Everything, by <span class="h-card" translate="no"><a href="https://mstdn.social/@thomasclaburn" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>thomasclaburn</span></a></span> (<span class="h-card" translate="no"><a href="https://geeknews.chat/@theregister" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>theregister</span></a></span>):</p><p><a href="https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theregister.com/2025/04/12/ai_</span><span class="invisible">code_suggestions_sabotage_supply_chain/</span></a></p><p><a href="https://mas.to/tags/ai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ai</span></a> <a href="https://mas.to/tags/dependencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dependencies</span></a> <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
sfba.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon instance for the San Francisco Bay Area. Come on in and join us!
Administered by:
Server stats:
2.3Kactive users
sfba.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.4
#dependencies
2 posts · 2 participants · 0 posts today
Frontend Dogma<p>Breaking Down Circular Dependencies in JavaScript, by (unattributable):</p><p><a href="https://www.bryanbraun.com/2025/03/29/breaking-down-circular-dependencies-javascript/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bryanbraun.com/2025/03/29/brea</span><span class="invisible">king-down-circular-dependencies-javascript/</span></a></p><p><a href="https://mas.to/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>javascript</span></a> <a href="https://mas.to/tags/dependencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dependencies</span></a></p>
Frontend Dogma<p>Malware Found on npm Infecting Local Package With Reverse Shell, by @reversinglabs.com:</p><p><a href="https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">reversinglabs.com/blog/malicio</span><span class="invisible">us-npm-patch-delivers-reverse-shell</span></a></p><p><a href="https://mas.to/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a> <a href="https://mas.to/tags/dependencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dependencies</span></a> <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
kodegeek<p>Wrote a little piece about using UV on Fedora Linux, for handling many tasks like installing common tools to managing your own projects dependencies.</p><p><a href="https://fedoramagazine.org/enhancing-your-python-workflow-with-uv-on-fedora/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">fedoramagazine.org/enhancing-y</span><span class="invisible">our-python-workflow-with-uv-on-fedora/</span></a></p><p><a href="https://fosstodon.org/tags/python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>python</span></a> <a href="https://fosstodon.org/tags/uv" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>uv</span></a> <a href="https://fosstodon.org/tags/dependencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dependencies</span></a> <a href="https://fosstodon.org/tags/rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rust</span></a> <a href="https://fosstodon.org/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a></p>
Karl Voit :emacs: :orgmode:<p><a href="https://graz.social/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a>: Malicious <a href="https://graz.social/tags/PyPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PyPI</span></a> Packages Stole <a href="https://graz.social/tags/Cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloud</span></a> <a href="https://graz.social/tags/Tokens" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tokens</span></a>—Over 14,100 Downloads Before Removal<br><a href="https://thehackernews.com/2025/03/malicious-pypi-packages-stole-cloud.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2025/03/mali</span><span class="invisible">cious-pypi-packages-stole-cloud.html</span></a></p><p><a href="https://graz.social/tags/complexity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>complexity</span></a> <a href="https://graz.social/tags/dependencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dependencies</span></a> <a href="https://graz.social/tags/programming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>programming</span></a> <a href="https://graz.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://graz.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Frontend Dogma<p>Lazarus Strikes npm Again With New Wave of Malicious Packages, by <span class="h-card" translate="no"><a href="https://fosstodon.org/@SocketSecurity" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>SocketSecurity</span></a></span>:</p><p><a href="https://socket.dev/blog/lazarus-strikes-npm-again-with-a-new-wave-of-malicious-packages" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">socket.dev/blog/lazarus-strike</span><span class="invisible">s-npm-again-with-a-new-wave-of-malicious-packages</span></a></p><p><a href="https://mas.to/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a> <a href="https://mas.to/tags/dependencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dependencies</span></a> <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Peter N. M. Hansteen<p>No Project Is an Island: Why You Need SBOMs and Dependency Management <a href="https://nxdomain.no/~peter/no_project_is_an_island.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nxdomain.no/~peter/no_project_</span><span class="invisible">is_an_island.html</span></a> <a href="https://mastodon.social/tags/sbom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sbom</span></a> <a href="https://mastodon.social/tags/development" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>development</span></a> <a href="https://mastodon.social/tags/dependencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dependencies</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/cves" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cves</span></a> The system you develop and maintain does not exist in isolation. Providing SBOMs for our work is our way to show we care.</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload