A cybersecurity researcher finds that 20% of software packages recommended by GPT-4 are fake, so he builds one that 15,000 code bases already depend on, to prevent some hacker from writing a malware version.
Disaster averted in this case, but there aren't enough fingers to plug all the AI-generated holes 😬
Four months ago, I created a Bluesky account to play around this the API and managed to create a simple node script to post a status to it. I wasn’t able to figure out how to get it to work with IFTTT, though. This week, I spun up a Pipedream workflow to try to post an announcement when a new blog post goes up.
So I just saw a PR for a Node.js project, where the developer had used an npm command I'm unfamiliar with.. or at least, I didn't know of:
npm clean-install
Now, I'm familiar with npm ci, but I had absolutely no idea that the alias of npm clean-install existed. I didn't even realise that's what "ci" stood for "clean install”.
I always thought npm ci meant “the npm command you wanna run in CI environments”
Ah, there's nothing like a good "the whole world has changed" #nodejs#javascript dependency hell to waste a whole morning on, after being away for 2 months not updating a project.
A new project for the #fediverse using #activitypub, this is the deal, in case someone wants to help me, or collab in this adventure. Coding skills required but you do not need to be an expert.
Boost for reach.
I volunteer with a non-profit, and there are a few events where they issue digital badges, for now they are just images. Now, they are looking to do it more formally so we looked for commercial alternatives, like Credly, but they are vey cost prohibitive.
If you run into a "EACCES: permission denied" issue with #npm, try clearing your cache. This article saved the day for me, as I'm not a terminal wizard and rather deal with something else: