Readit News logoReadit News
maury91 commented on NPM stylus package contained malicious code and was removed from the registry   npmjs.com/package/stylus/... · Posted by u/vandot
wut42 · a month ago
Could be! Other comments (~~can't find them now as the issue got full of useless comments~~ e.g. https://github.com/stylus/stylus/issues/2938#issuecomment-31...) also noted that the GHSA bot have nuked a lot of other npm packages since days or weeks in the same fashion, so it could also be an AI scanner going full full nuclear.
maury91 · a month ago
Agree it would be nice if people would stop posting "help! how can I fix this?" and "I fixed it by doing X", they were valid comments at the beginning, but now more than half of the comments are just these two
maury91 commented on NPM stylus package contained malicious code and was removed from the registry   npmjs.com/package/stylus/... · Posted by u/vandot
wut42 · a month ago
That could track but people in the GitHub issue ( https://github.com/stylus/stylus/issues/2938#issuecomment-31... ) have found that no "other" version of Stylus has been released.
maury91 · a month ago
It may simply be Github and NPM going nuclear and just flagging everything just in case
maury91 commented on NPM stylus package contained malicious code and was removed from the registry   npmjs.com/package/stylus/... · Posted by u/vandot
maury91 · a month ago
From how is unfolding the most probable outcome is that one of the maintainer is compromised ( Ponya ), all of the packages he contributed to have been marked
maury91 commented on NPM stylus package contained malicious code and was removed from the registry   npmjs.com/package/stylus/... · Posted by u/vandot
kaelwd · a month ago
Removing the entire package is pretty unusual, normally it's only specific compromised versions.
maury91 · a month ago
The advisory says all the versions are affected ">= 0"

https://github.com/advisories/GHSA-fh4q-jc76-r59p

maury91 commented on NPM stylus package contained malicious code and was removed from the registry   npmjs.com/package/stylus/... · Posted by u/vandot
clncy · a month ago
It's so hard to triage this when no justification has been provided for the advisory. Was the GHSA released in response to npm pulling the package, or vice versa?

Many suggestions for workarounds, but if the GHSA is indeed accurate (all versions affected) then that seems unwise.

maury91 · a month ago
Also if all the versions are affected this malware is in stylus since 2010. Honestly, it sounds improbable to me that a malware exists unnoticed in open source software for 15 years. However, even if improbable it's better to play safe and just override the installation of stylus ( especially if you are not using it ) with an empty package until more information is released
maury91 commented on NPM stylus package contained malicious code and was removed from the registry   npmjs.com/package/stylus/... · Posted by u/vandot
maury91 · a month ago
This advisory is pointing to the stylus package

https://github.com/advisories/GHSA-fh4q-jc76-r59p

I'm still unsure if it's a mistake on NPM side or if stylus and the authors are compromised

maury91 commented on In the Age of AI, Is Code Literacy Your Superpower?   pmbanugo.me/blog/ai-code-... · Posted by u/eddieos
saubeidl · 2 months ago
The problem is that AI code is painfully verbose and annoying to read. It's like having a coworker who's kinda shit at his job and who's PRs you have to review and try to get into reasonable shape by requesting changes again and again.

I don't know about you, but I'd rather just write the damn thing properly myself than have to deal with that.

maury91 · 2 months ago
The current AI generation has an additional pain point compared to the bad coworker, it's unable to learn, you can give it a rule file but it doesn't always respect it properly and it doesn't update it itself. TLDR: the bad colleague will stop making the same mistake in the PRs the AI no

Hopefully this will change in future generations of AI

maury91 commented on Gene-edited non-browning banana could cut food waste   theguardian.com/science/2... · Posted by u/geox
maury91 · 6 months ago
I have noticed that putting bananas in the fridge has a weird effect, the peel turns black like if it's outside, but the inside of the banana stays yellow and hard. It is very weird to peel a full black banana and find the inside normal without any browning
maury91 commented on Camera Ignores Perspective and Sees Behind Walls   petapixel.com/2024/12/09/... · Posted by u/PaulHoule
dataflow · 8 months ago
Did I misunderstand what is going on, or is this basically just saying "move the camera around to see behind the object"?

Edit: s/camera/sensor/ if that clarifies

maury91 · 8 months ago
You can visualize it easily if you think about your own vision.

If you put an hand in from of your face ( without covering your eyes ) you will be able to see behind it even if both eyes see only a part of what is behind your hand.

Now regarding the video imagine that each pixel is an eye, and they are spreaded evenly along a circle.

There are a lot of differences between this example and what he actually did, but it should be very easy to visualize ( main difference I can think of is how much amplification he needed to do so each eye is almost blind )

maury91 commented on Live coding a micro front end manager ep 1 [video]   youtube.com/watch?v=yMWO0... · Posted by u/maury91
maury91 · a year ago
This is my second live coding, it is something I started doing two days ago as a way to show my skills and create a portfolio.

I didn't share the first one because was honestly too terrible, but I think this one didn't go as bad as the first one, there's for sure a lot of room for improvement and I will be happy to hear feedback from this community, both positive and negative

m

u/maury91

KarmaCake day791May 17, 2016
About
Software engineer and runner

Feel free to contact me thought any platform:

maury91[at]gmail.com

https://linkedin.com/in/mauriziocarboni

https://github.com/maury91

https://www.strava.com/athletes/maumeda

View Original