GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Rich Felker (dalias@hachyderm.io)'s status on Wednesday, 24-Sep-2025 21:40:51 JST Rich Felker Rich Felker
    in reply to
    • Zach Leatherman :11ty:

    @zachleat I'm really not. Putting "supply chain" burdens on ordinary people is exploitative and abusive behavior by capitalists.

    What I want to see is npm's "lol here's a million random-provenance micro-deps" model burned to the ground. I'm happy to see it keep being a source of vulns until it's abandoned.

    In conversation about a month ago from hachyderm.io permalink
    • Haelwenn /элвэн/ :triskell: likes this.
    • Embed this notice
      Zach Leatherman :11ty: (zachleat@fediverse.zachleat.com)'s status on Wednesday, 24-Sep-2025 21:40:54 JST Zach Leatherman :11ty: Zach Leatherman :11ty:

      Really appreciate that GitHub is taking steps to lock down npm publishing workflows: https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/

      In conversation about a month ago permalink

      Attachments

      1. Domain not in remote thumbnail source whitelist: github.blog
        Our plan for a more secure npm supply chain
        from Xavier René-Corail
        GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.