friends u don't all need raw html websites really a lot of people's raw html websites were due to laziness not taste sfc's website is that way because we didn't have a lot of time

The OpenJS Foundation is now a CNA for 40 hosted #JavaScript projects, including ESLint, Express, webpack, Fastify, Electron & more. It can assign CVEs, but each project still owns its own disclosure process. ☂️ Learn more: socket.dev/blog/openjs-fo… #CVE #CyberSecurity

"I regret to inform the haters that an AI agent did this while I was out getting a coffee. ... I absolutely didn't need AI to do this, but I was leaving the office anyways and figured why not. Got back and it was done. What a time to be alive." github.com/ghostty-org/gh…

This is why consistency matters so much. It’s not about a single heroic effort. It’s about showing up, over and over, expanding your range. So that what once broke you now barely makes a dent. That’s progress.

TC39 update: #JavaScript is getting some powerful new features! ✅ Array.fromAsync ✅ Error.isError ✅ `using` for explicit resource management All three are headed to the ECMAScript spec, plus 6 more proposals advanced. → socket.dev/blog/tc39-adva…

It’s wild how fast opportunistic threat actors create these attacks. Just days after Vietnam banned Telegram, someone published malicious #Ruby gems to steal Telegram Messenger bot tokens from CI pipelines. cc: Short Ruby Newsletter Lucian Ghinda Pavel Durov

🎉 Socket now supports pylock.toml, enabling secure, reproducible #Python builds with advanced scanning and full alignment with PEP 751. Built for the new standard. Ready when you are. socket.dev/blog/socket-no…

Really excited that Socket is one of the first to support the awesome new Python lock file standard. pylock.toml is a really big step towards finally solving python package management woes!

RIGHT NOW in 1944, this is the scene in Normandy. The liberation of France is underway #DDay

Eisenhower's "Order of the Day" - mad respect for his skill with the quill:

🚨 Think twice before chasing Instagram growth hacks. Socket researchers uncovered a PyPI package disguised as an #Instagram followers booster that harvests user credentials and sends them to bot services. Full investigation → socket.dev/blog/pypi-pack… #Python

Node.js just released Amaro 1.0, its official #TypeScript loader. This sets the stage for TypeScript support in Node to move from “experimental” to “stable” later this year. socket.dev/blog/node-js-m… #nodejs h/t Rob Palmer

🚨 New Socket research on malicious browser extensions: 🔹 Fake Apple popups (tech support scams) 🔹 Wikipedia redirects with XSS risks 🔹 Extensions faking likes & views Our investigation into threats undermining browser security → socket.dev/blog/the-growi…

"The basic idea is to treat security issues like any other bug. They will be made public immediately & fixed whenever maintainers have the time. There will be no deadlines. This policy will probably make some downstream users nervous but maybe it encourages them to contribute..."

adventures in applied retrocausality en.wikipedia.org/wiki/Slopsquat…

So much good security leadership advice packed into this super dense interview Feross did w/ Amplitude’s Terry O’Daniel on his journey from infra engineer to CISO. If you want to learn more about building high-impact security teams, this is a great read: socket.dev/blog/terry-o-d…

Huge shoutout to the team for all the hard work and care that went into this redesign. 💜 So many thoughtful details in every corner of the new Socket dashboard. Go check it out!

A major cheat code in life: The ability to reset fast. You're allowed to start over at 10am, 2pm, or 6:30 at night. Zero reason to let one bad hour carry into the rest of your day. You can’t control what hits you. But you can control how long you sit in it.

🔥 Socket research in The Hacker News again today:

I know you didn’t want to read 100+ GitHub comments, track deleted tweets, & watch a TSC meeting so I did it for you. Here’s a distillation of what’s up with the Node.js homepage support button. These decisions are important and newsworthy as they affect long-term project health.