The adventures of Matt Lawrence and Mike Karan through the world of web development, web design, and small business management. As web development agency owners for the better part of a decade, they’ve worked with all sorts of technologies, through the rise of responsive web design, the revolution of serverless computing, and the popularity gain of many no-code tools for small business owners. They commonly discuss foundational web development technologies like HTML, CSS, and JavaScript - including popular frameworks and tools such as Tailwind CSS, Svelte, WordPress, Vue, and more.
Episodes
3 days ago
3 days ago
In this episode of Web News, Matt and Mike dive into two massive worm attacks that recently hit npm, targeting packages used in millions of projects. While the attackers aimed to steal crypto wallet keys, the actual damage was small—but the implications are enormous. We break down how these man-in-the-middle attacks worked, why shadow dependencies are such a big risk, and what tools like pnpm’s minimum release age can do to help. We also discuss whether AI might allow developers to skip quick one-time npm packages entirely, reducing dependency sprawl and potential vulnerabilities.
Show Notes: https://www.htmlallthethings.com/podcast/the-shai-hulud-worm-attack-npm-hack
No comments yet. Be the first to say something!