Stealing Usernames, Passwords, and other (Personal) Data via Browsers and NPM Packages

πŸ‘‹ This post also got published on Medium. If you like it, please give it some love a clap over there. Late 2016, Stoyan Stefanov published β€œOversharing with the browser’s autofill”. It’s an article on stealing personal data using the browsers their form autofill feature. The attack works by leveraging abusing the fact that autocompletion […]

TIP: Enable Two Factor Authentication (2FA) with your NPM account

Since early October it’s possible to enable Two Factor Authentication with your NPM account. 2FA is another layer of defense for your account, preventing third parties from altering your code even if they steal or guess your credentials. This is one of the easiest and most important ways to ensure that only you can access […]

Introducing npx: an NPM package runner

Included with [email protected] is an extra binary named npx: npx is a tool intended to help round out the experience of using packages from the NPM registryβ€Šβ€”β€Šthe same way npm makes it super easy to install and manage dependencies hosted on the registry, npx makes it easy to use CLI tools and other executables hosted […]

Faking node_modules in CodePen Projects

With CodePen Projects you have a web IDE right in your browser, with preprocessing built-in. But what about installing dependencies via the npm ecosystem? With some minimal effort it’s possible: All you need to do is make a folder called node_modules, and then inside of that make a file named after the module (e.g. react.js) […]

Why I’m excited about Yarn

Today, Facebook – in collaboration with Google and others – released Yarn, a new package manager for JavaScript. Introducing Yarn: a new package manager for JavaScript from @fbOpenSource, @tildeio, @googledevs & @exponentjs. https://t.co/2LfN5OXjOv — Yarn (@yarnpkg) October 11, 2016 In comparison to npm, the Yarn website pushes these three main benefits forwards: Speed Reliability Security […]

Update package.json dependencies with npm-check-updates

npm-check-updates is a command-line tool that allows you to upgrade your package.json or bower.json dependencies to the latest versions, regardless of existing version constraints. npm-check-updates maintains your existing semantic versioning policies Install it using npm install -g npm-check-updates Then run ncu to check for updates, and run ncu -u to actually update your package.json / […]

Batch install dependencies in all subfolder-organised projects

As a lecturer ICT I have to correct the work our students make. Therefor I collect all solutions and put them in a subfolder-organised structure on disk: per student I create a subfolder and put their solution into that folder(*). $ tree -L 1 . β”œβ”€β”€ student1 β”œβ”€β”€ student2 β”œβ”€β”€ … └── studentN As – […]