Try Seer Agent for free - https://sentry.io/fireship. It uses all of Sentry's context on your app to investigate production issues for you. Earlier this week Tanstack was poisoned with a sophisticated supply chain attack . In this video we break down how it happened and how you can protect yourself in the future. #coding #programming Want more Fireship? 🗞️ Newsletter: https://bytes.dev 🧠 Courses: https://fireship.dev
ADVERTISEMENT
Claude, please fix NPM. Make no mistakes.
These days, updating to the latest versions of things is more of a security threat than waiting lol
NPM stands for Neatly Packaged Malware
closing my laptop, throwing it in the ocean, and becoming a carpenter. peace out guys.
News is either a new AI model or a hack nowadays
Why is it, when something happens, it is always you three? -NPM -NPM -NPM
A second worm has hit the registry
"No way to prevent this", says only industry where this regularly happens
'Blocked by Defult' - you misspelled Default. As someone who reviews code for a living, I'm proud I caught this.
You can hate me or love me but you can't ignore me. - Javascript
I'm tired, boss
2016: make sure to always update your software to prevent getting hacked 2026: make sure to never update your software to prevent getting hacked
If everyone uses the "don't download this unless it's at least a day old" settings, don't the odds of malware being detected in that first 24 hours go down dramatically?
Claude, make tanstack ecosystem. Make no mistakes
"If it ain't broke, don't auto-update it." - Wayne Gretzky
Haha, I love automatically downloading arbitrary code from the Internet and running it on my critical infrastructure.
That worn is diabolical. Damn
This was just one giant PR move to make sure Dune Part 3 is forefront on everyones mind. (PR, pun intended)
massive security vulnerabilities getting exploited hourly at this point lol
That's pretty freaking alarming. So anything with Tanstack on it is basically compromised.