#npm
I've had to install #npm on #Windows to fix a security vulnerability in a #Javascript library we're using in #Friendica, I feel dirty now.
#reproducible-builds in May: https://reproducible-builds.org/reports/2022-05/ with research, #python, #SPDX Software-BOM, Talks, #npm, #boot2now, #Google, #rust, #ArchLinux, #Debian, #openSUSE
Can we #trust you more than we can trust #npm?
Open Source: NPM-Paket löscht Dateien aus Protest gegen Ukrainekrieg - Golem.de
Was für ein Idiot. Sowas ist totaler Bullshit.
#Microsoft #GitHub is a really bad workplace, having already repelled many insiders, who protested not just dodgy contracts but also a toxic management team; yet the media isn’t willing to speak about • Techrights ⚓ http://techrights.org/2022/02/28/github-reality/ ䷉ #Techrights #deletegithub #npm | ♾ Gemini address: gemini://gemini.techrights.org/2022/02/28/github-reality/
The time seems right to resume this series, more so now that the #SoftwareFreedomConservancy (SFC) and the #FreeSoftwareFoundation (FSF) grapple with the legal chaos caused by Team Mono inside Microsoft’s #GitHub • Techrights ⚓ http://techrights.org/2022/02/28/microsoft-github-expose-part-xviii-the-story-of-npm/ ䷉ #Techrights #NPM | ♾ Gemini address: gemini://gemini.techrights.org/2022/02/28/microsoft-github-expose-part-xviii-the-story-of-npm/
#Microsoft #GitHub Exposé — Part XVIII — The Story of #NPM • Techrights ⚓ http://techrights.org/2022/02/28/microsoft-github-expose-part-xviii-the-story-of-npm/ ䷉ #Techrights #deletegithub | ♾ Gemini address: gemini://gemini.techrights.org/2022/02/28/microsoft-github-expose-part-xviii-the-story-of-npm/
Soon in #techrights we'll reveal some of the story behind #microsoft #github #npm ... the #pentagon contractors are taking over the whole "supply chain"... at TAXPAYERS' expense? http://techrights.org/2022/02/04/the-united-states-government-should-quit-bailing-out-microsoft-at-taxpayers-expense/
Empire: let's pay #microsoft money at taxpayers' expense and help it scoop up #githlab #npm and the rest of the "supply chain" (we can better tailor back doors that way; also, NSA executives have since then appointed GitHub managers) http://techrights.org/2022/02/04/the-united-states-government-should-quit-bailing-out-microsoft-at-taxpayers-expense/
https://twitter.com/molly0xFFF/status/1484921201340211201
12 high severity vulnerabilities
— Molly White (@molly0xFFF) January 22, 2022
$ npm audit fix --force
16 high severity vulnerabilities
#osi fails to note #npm is #microsoft and #github banned a developer for doing what he wanted with his code. Microsoft is the 'boss' of OSI: http://techrights.org/2021/12/30/osi-budget-for-proprietary-software-monopoly/
Remember that #npm itself is part of the problem that developer was bemoaning. #microsoft #github #ProprietarySoftware #raiding
#npm = #microsoft ... so they may be missing the point here. https://devops.com/npms-sabotaged-as-oss-sustainability-crisis-continues/ #deletegithub #corporateRaiding
"it removed the code, added the commit message "endgame," and replaced the ReadMe file with the question, "What really happened with Aaron Swartz?"" https://www.theregister.com/2022/01/10/npm_fakerjs_colorsjs/ #deletegithub #npm #microsoft
#lwn frustratingly fails to note that this is #microsoft and instead uses their dodging aliases #npm and #github (the #nsa in charge of the "supply chain") https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
● NEWS ● #TheVerge #Programming ☞ Open source developer corrupts widely-used libraries, affecting tons of projects https://www.theverge.com/2022/1/9/22874949/developer-corrupts-open-source-libraries-projects-affected relying on #microsoft (or #npm its tentacle) is bad for #security too
Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
This!
"If you have problems with business using your free code for free, don't publish free code. By sabotaging your own widely used stuff, you hurt not only big business but anyone using it. This trains people not to update, 'coz stuff might break."