Readit News logoReadit News
eitau_1 commented on Malicious versions of Nx and some supporting plugins were published   github.com/nrwl/nx/securi... · Posted by u/longcat
inbx0 · 4 days ago
Periodic reminder to disable npm install scripts.

    npm config set ignore-scripts true [--global]
It's easy to do both at project level and globally, and these days there are quite few legit packages that don't work without them. For those that don't, you can create a separate installation script to your project that cds into that folder and runs their install-script.

I know this isn't a silver bullet solution to supply chain attakcs, but, so far it has been effective against many attacks through npm.

https://docs.npmjs.com/cli/v8/commands/npm-config

eitau_1 · 3 days ago
Why the same advice doesn't apply to `setup.py` or `build.rs`? Is it because npm is (ab)used for software distribution (eg. see sibling comment: https://news.ycombinator.com/item?id=45041292) instead of being used only for managing library-dependencies?
eitau_1 commented on Open Banking and Payments Competition   bitsaboutmoney.com/archiv... · Posted by u/smitop
elric · 17 days ago
> allowed to wall in their data with no API access

There's PSD2 in the EU (or Eurozone? Not sure actually). Basically forces banks to open common APIs to encourage interopability and competition. However, it's not aimed at users but rather at companies in fintech building applications.

Some banks (Bunq comes to mind) offer APIs to their customers for direct use, but most don't. The reason is obviously security. People still fall for phishing, people still give fake bank staff their access codes on the phone. Giving normal users a way to have API access to their bank account would be disastrous for many of those users.

Now, it would be nice if things like PSD2 were a little more accessible and transparent. Currently you need permission from an institution like The National Bank to gain access. It's expensive and bureaucratic.

eitau_1 · 17 days ago
I'd be more than happy with read-only access. Still potentially bad for 'normal users' but not disastrous.
eitau_1 commented on We shouldn't have needed lockfiles   tonsky.me/blog/lockfiles/... · Posted by u/tobr
PhilipRoman · 24 days ago
Slightly off topic but we need to normalize the ability to patch external dependencies (especially transitive ones). Coming from systems like Yocto, it was mind boggling to see a company bugging the author of an open source library to release a new version to the package manager with a fix that they desperately needed.

In binary package managers this kind of workflow seems like an afterthought.

eitau_1 · 24 days ago
nixpkgs shines especially bright in this exact scenario
eitau_1 commented on AI overviews cause massive drop in search clicks   arstechnica.com/ai/2025/0... · Posted by u/jonbaer
eitau_1 · a month ago
I hope the small web will thrive again once the profit incentive for putting content on the web ceases to exist so SEO/dark-pattern heavy players will give up and stop suppressing valuable (altruistic?) stuff.
eitau_1 commented on Curate your shell history   esham.io/2025/05/shell-hi... · Posted by u/todsacerdoti
eitau_1 · 3 months ago
I wish there was a (Jupyter) notebook-like interface in shells so only the final set of commands is saved in the history after a trial-and-error/refinement cycle
eitau_1 commented on How the U.K. broke its own economy   theatlantic.com/ideas/arc... · Posted by u/speckx
fransje26 · 6 months ago
> When PM Liz Truss tried, it ended with disaster.

The plan Liz Truss proposed was to scrap the top rate of income tax, i.e. giving a tax break to the rich.

And the markets, understanding that it was exactly what the economy needed, reacted accordingly. By crashing.

eitau_1 · 6 months ago
You have a point, I guess.

I'm wildly interested what's your (and hn community's in general) proposed macro policy mix. When accounted for workforce changes (demography+participation), there was absolutely no economic growth in all developed EU economies (+UK) since the GFC. Zero productivity growth.

That's stark difference compared to US. Did Europe over-auster when US massively increased it's debt? But , as above-mentioned example shows, fiscal expansion can be challenging…

eitau_1 commented on How the U.K. broke its own economy   theatlantic.com/ideas/arc... · Posted by u/speckx
cm2187 · 6 months ago
It is also pleagued with high taxes, something the tory party did nothing to address. And labour seems to think the solution is more taxes, and oh surprise, this hurts the economy further.
eitau_1 · 6 months ago
> something the tory party did nothing to address

When PM Liz Truss tried, it ended with disaster.

eitau_1 commented on Mozilla is trying to backtrack on Firefox's controversial data privacy update   pcgamer.com/gaming-indust... · Posted by u/HelloUsername
db48x · 6 months ago
Firefox is actually faster in practice than Chrome. It also uses less memory, often far less, to accomplish the same tasks.
eitau_1 · 6 months ago
Chrome's UI is written in C++/native GUI toolkit. Firefox's UI is written in JavaScript/HTML (thinly wrapped in native toolkit).
eitau_1 commented on Barcelona buys apartment building at center of eviction protests   bloomberg.com/news/articl... · Posted by u/toomuchtodo
bell-cot · 6 months ago
Interesting that the article talks about similar housing crises in other major European cities. But never hints at Vienna having solved the problem a century ago -

https://www.bloomberg.com/news/features/2023-11-08/the-desig...

eitau_1 · 6 months ago
Vienna is less populous now than it was 100 years ago.
eitau_1 commented on My failed attempt to shrink all NPM packages by 5%   evanhahn.com/my-failed-at... · Posted by u/todsacerdoti
cedws · 7 months ago
Are they reproducible? Shipping binaries in JS packages is dodgy AF - a Jia Tan attack waiting to happen.
eitau_1 · 7 months ago
The executables are vendored in the repo [0].

[0] https://github.com/sindresorhus/clipboardy/tree/main/fallbac...

e

u/eitau_1

KarmaCake day166May 31, 2020View Original