Maintainer compromises used to be rare. Now they’re happening at an alarming rate, as seen in recent attacks. Today we’re giving developers a new layer of defense with Socket Firewall, a free tool that blocks malicious dependencies at install time.

🚨 Open source supply chain attacks are exploding. Starting today, that ends. We’re releasing Socket Firewall — FREE, zero-config, CLI that blocks malware before it lands on your laptop or CI. Just run: npm i -g sfw sfw npm install lodash Works for: npm, yarn, pnpm, pip, uv, and cargo.

Anyone know a good leader election library that either uses pg or redis on the backed? Basically, in a horizontally deployed service, I need one instance to do something unique, and something else to take over when it disappears.

Gigantic OOOOOF on this one.

Reminder that the major thing that made GitHub succeed over Google Code, Sourceforge etc is to be found in its initial tagline: “Social coding” GitHub added a social network on top of the code – highlighting the people rather than just the lines Any successor to it needs to solve the social layer

Didn't know @pfrazee.com was moonlighting at openai

You can now view and edit your auth tokens in your account page. More auth token features like a CRUID ui and old token cleanup coming soon. Sorry for the slow pace of development lately, just trying to get core features implemented correctly.

Y'all don't sleep on ls-mcp It's a quick access CLI to detect and list all MCP servers across your AI tools stack

I ported the Tron Legacy theme to @zed.dev

Is there such a thing as a userQueryState hook? Basically use state but reactive in and out of the query string.

One million sites 🎉

deploy-to-neocities helping deploy 1k personal websites! Glad to see it!

Is there any good domain registrar left? (Independently run, well made, decent prices?) seems iwantmyname sold out recently.

I think it may finally be time to drop .io domains. These stupid things cost $100/yr!

This is just going to get worse with AI, when people finally realize the only things these create are derivative ripoffs of original work. Goes for code too!

Looking for prior art: dissecting GitHub repos into sub-projects, specifically in monorepos.

I finally posted my writeup on my Steam Machine project bret.io/blog/2025/yo...

Technology is a fractal for which we are stuck in an ever narrowing corridor

Why we built a new Kafka client for Node.js The Node.js world needs better tools. Here’s what you need to know: Apache Kafka is vital for real-time data. It powers many businesses, especially in Fintech and Media. These fields see heavy data usage and need reliable solutions.

Anyone recommend a good image viewer component? Doesn't need to be react

goversion/v2 is out. Turns out maybe people were right: major versioning in go is a super big headache. Not only do you have to update the go.mod file, but also every self reference in every .go file. AND pkg.go.dev and docs. goversion updates go.mod and .go now too github.com/bcomnes/gove...

Me subscribing to one more RSS feed

Is there a DockKit gimbal that works with the Apple TV FaceTime?

We just bought a company. Why? Because vulnerability scanning is fundamentally broken. And I’m tired of pretending it’s fine. We acquired Coana, the best reachability analysis engine on the planet.

Funny enough, the LLMs I consulted around go project layout weighed heavily the golang-standards/project-layout reference. However I guess the training data didn't parse out rsc's comment regarding that effort: github.com/golang-stand...

I wrote another new go tool called goversion. It's like npm version for go, and it works with the new go tool directive. github.com/bcomnes/gove...

I wrote another new go tool called goversion. It's like npm version for go, and it works with the new go tool directive. github.com/bcomnes/gove...

FINALLLLYYYY!!! YUSSS

For the love of god, stop downloading executable prebuilt binaries from superbase or S3 in post install scripts. Just put them in the gddmn tarball where they can never change.

Someone stole my lawn chair.

Was thinking of doing a blogpost called "JS, Not JS" where I go over all the almost JS languages. Like a "Is a hotdog a taco" of javascript.

Rate my go todo crud app: github.com/bcomnes/go-t...

Seeing all of the little UI bugs creep in and out of Apple {podcasts,music} (just stupid stuff like play pause button not updating correctly) makes me feel less bad about all the quirks I never quite ironed out of hyperamp.

Happy 900! deploy-to-neocities helping over 900 of you deploy personal websites to the real web on @neocities.org. Onward and upward 🚀

Please match your package names to your repo names.

Mild ongoing annoyance: mismatched package and repo names the git repo: brianc/node-postgres the npm package name: pg Mix that up with orm adapter namespaces and it's confusing.

I love monorepos – except when they are annoying @bret.io bret.io/blog/2025/i-... #ECMAScript #JavaScript

I wrote a new blogpost: "I Love Monorepos—Except When They Are Annoying" bret.io/blog/2025/i-...

sick again

I really hate the teenage engineering computer case btw. Terrible case. Horrible design. Overpriced. Low quality. Besides looking neat, I do not recommend.

Should be required to open source the software on sunset so people can deploy their own updates.

SteamOS 3.6.21 released to Stable! store.steampowered.com/news/app/167...

🚨 New Research: Malicious Go Package Exploits Caching to Persist Undetected 🚨 Socket researchers discovered a backdoored typosquat of BoltDB abusing Go Module Proxy caching to evade detection for over 3 years. socket.dev/blog/malicio... #golang #cybersecurity

javascript is stored in the tarballs

New #npmRelease for #neostandard: github.com/neostandard/... Highlights: - With the addition of eslint-plugin-import-x all the rules from StandardJS have now been added and we are pretty much ready to release 1.0.0 - Pinned stylistic to avoid a recent regression in stylistic/indent

forever thanking @bret.io for the "lockfile surgery" brainworm

Breadcrum.net running on a @daylightco.bsky.social DC-1!

100 users! Happy new year! 🥳

newskies logging on

Like podcasts? Like videos? Please check out breadcrum, a service that lets you watch videos in podcast apps, so I can get 100 users in 2024! Only one more signup to go!