An Active Typosquatting Campaign Targeting npm Users — Security supply chain company Phylum detected a campaign to ‘typosquat’ against a variety of high profile packages. The idea behind typosquatting is that you claim package names similar to others, such as ‘expresss’ for
or ‘ignroe’ for
. The discovered packages were removed from the npm registry but this is an issue to keep an eye out for.
Louis Lang (Phylum)
Axios 1.0: A Reasonably Popular HTTP Client Library — We thought you’d like an understatement.. 😁 With 96k GitHub stars and a presence in many thousands of apps, Axios is very popular and it’s amazing it’s just now reached 1.0. The Fetch API has taken much of its thunder, but like jQuery, it wraps up a lot of functionality into a broadly liked API. v1.0 has lots of minor tweaks and enhancements, but is mostly business as usual. (Official homepage.)
#479 — March 23, 2023 Read on the Web 🔒 npm Granular Access Tokens Now Generally Available — The granular access token feature on the npm registry is now generally available, allowing you to restrict Read more…
#478 — March 16, 2023 Read on the Web Shell-Free Scripts with Execa 7.1 — Execa is a popular process execution library for Node and the latest version includes an interesting 1$ method feature for Read more…