Michael Rowe<p>Completely refactored my server. Registration API working fine, put APN still not working. Sigh <a href="https://mstdn.social/tags/apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>apple</span></a> <a href="https://mstdn.social/tags/developer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>developer</span></a> <a href="https://mstdn.social/tags/nodejs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nodejs</span></a></p>
mastodon.ie is one of the many independent Mastodon servers you can use to participate in the fediverse.
Irish Mastodon - run from Ireland, we welcome all who respect the community rules and members.
Administered by:
Server stats:
1.6Kactive users
mastodon.ie: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.2
#nodejs
13 posts · 10 participants · 0 posts today
The Curious Guy<p>Introducing node-cmd-exec for Node.js! 🎉</p><p>Run shell commands like a pro, async or sync, Promises & callbacks supported, zero dependencies.</p><p>Unleash the full power of Node.js scripting! </p><p>🌟 Star the repo - your support means a lot!</p><p>🔗 npm: <a href="https://www.npmjs.com/package/node-cmd-exec" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">npmjs.com/package/node-cmd-exec</span><span class="invisible"></span></a><br>🔗 GitHub: <a href="https://github.com/DhanushNehru/node-cmd-exec" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/DhanushNehru/node-c</span><span class="invisible">md-exec</span></a></p><p>❤ + 🔁<br>Like + RT for reach.</p><p><a href="https://mastodon.social/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>programming</span></a> <a href="https://mastodon.social/tags/nodejs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nodejs</span></a> <a href="https://mastodon.social/tags/developer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>developer</span></a> <a href="https://mastodon.social/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a> <a href="https://mastodon.social/tags/like" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>like</span></a> <a href="https://mastodon.social/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>technology</span></a> <a href="https://mastodon.social/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ai</span></a> <a href="https://mastodon.social/tags/ChatGPT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ChatGPT</span></a> <a href="https://mastodon.social/tags/technews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>technews</span></a></p>
ReynardSec<p>A grumpy ItSec guy walks through the office when he overhears an exchange of words.</p><p>Dev0: Hey, this isn't working, I hate containers...<br>Dev1: Maybe just add the --privileged flag!</p><p>ItSec: Just… no. Simply no. No privileged mode - the grumpy fellow interjects as he walks away.</p><p>Dev0: Jesus, fine - no privileged mode.<br>Dev1: Okay, but… why?</p><p>Here's why (one, simple example): </p><p>Docker's --privileged flag lifts almost all restrictions from your container - exactly the opposite of --cap-drop=ALL. Let's demo the difference. </p><p>1) Start two containers. </p><p>docker run -itd --privileged --name ubuntu-privileged ubuntu<br>docker run -itd --name ubuntu-unprivileged ubuntu</p><p>2) Inspect /dev in the unprivileged container.</p><p>docker exec -it ubuntu-unprivileged bash<br>ls /dev<br>exit</p><p>You'll only see a limited set of devices. No disk access. </p><p>3) Now inspect /dev in the privileged container.</p><p>docker exec -it ubuntu-privileged bash<br>ls /dev</p><p>/dev/sda exposed! Sometimes you may see /dev/mapper when LVM is in place. Then "apt update && apt install -y lvm2" and "lvscan" may help during next phase. </p><p>4) Exploitation part (inside the privileged container) - simply mount /dev/sda to any writable path in container.</p><p>mkdir /tmp/whatever<br>mount /dev/sda1 /tmp/whatever</p><p>5) You can now enumerate - and access - the Docker host's logical volume.</p><p>ls -la /tmp/whatever</p><p>6) If you wish, you can even chroot into the host:</p><p>chroot /tmp/whatever /bin/bash</p><p>The moral of the story is to avoid privileged mode, because in the event of an incident (e.g. an attacker compromising an app running inside a container), you significantly increase the likelihood of successful lateral movement from the container to the Docker host - and from there into the rest of your infrastructure.</p><p>Usually the grumpy guy means well. He just doesn't know how to explain it properly.</p><p><a href="https://infosec.exchange/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devops</span></a> <a href="https://infosec.exchange/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>programming</span></a> <a href="https://infosec.exchange/tags/webdev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webdev</span></a> <a href="https://infosec.exchange/tags/java" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>java</span></a> <a href="https://infosec.exchange/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/php" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>php</span></a> <a href="https://infosec.exchange/tags/nodejs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nodejs</span></a></p>
🦠Toxic Flange (Gurjeet)🔬⚱️🌚<p>Ugh 2:40 am and I just wanna figure out the best way to make a simple a <a href="https://infosec.exchange/tags/nodejs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nodejs</span></a> / <a href="https://infosec.exchange/tags/express" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>express</span></a> app. Mostly to learn it as a back end service but for uploading files to or cobble together a simple API.. </p><p>Spent all night just pursuing mangafire/mangadex instead. Dummy.</p>
Frontend Dogma<p>Node.js Is Growing Up: 3 Major Releases That Changed the Game, by <span class="h-card" translate="no"><a href="https://mas.to/@hackernoon" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>hackernoon</span></a></span>:</p><p><a href="https://hackernoon.com/nodejs-is-growing-up-3-major-releases-that-changed-the-game" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackernoon.com/nodejs-is-growi</span><span class="invisible">ng-up-3-major-releases-that-changed-the-game</span></a></p><p><a href="https://mas.to/tags/nodejs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nodejs</span></a> <a href="https://mas.to/tags/history" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>history</span></a></p>
Ben Hardill<p>OK, who decided that in</p><p>```<br>for (const index in array) {...}<br>```</p><p>index should be a string and not an number?</p><p><a href="https://bluetoot.hardill.me.uk/tags/NodeJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NodeJS</span></a></p>
Frontend Dogma<p>Proposal—Shift Node.js to Annual Major Releases and Shorten LTS Duration, by @rafaelgss.dev:</p><p><a href="https://github.com/nodejs/Release/issues/1113" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/nodejs/Release/issu</span><span class="invisible">es/1113</span></a></p><p><a href="https://mas.to/tags/discussions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>discussions</span></a> <a href="https://mas.to/tags/nodejs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nodejs</span></a></p>
HackerNoon<p>A technical overview of Node.js versions 22, 23, and 24 detailing key ECMAScript updates, native Web APIs, performance enhancements, and security improvements. <a href="https://hackernoon.com/nodejs-is-growing-up-3-major-releases-that-changed-the-game" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackernoon.com/nodejs-is-growi</span><span class="invisible">ng-up-3-major-releases-that-changed-the-game</span></a> <a href="https://mas.to/tags/nodejs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nodejs</span></a></p>
Greg Slepak<a class="hashtag" href="https://crib.social/tag/javascript" rel="nofollow noopener" target="_blank">#JavaScript</a> developers: do not use `npx`, ever.<br><br>Use <span class="h-card"><a class="u-url mention" href="https://fosstodon.org/@deno_land" rel="nofollow noopener" target="_blank">@<span>deno_land</span></a></span>'s `deno run` instead with appropriate sandboxing flags.<br><br>Example: <a href="https://github.com/okTurtles/chel/pull/58/files" rel="nofollow noopener" target="_blank">https://github.com/okTurtles/chel/pull/58/files</a><br><br><a class="hashtag" href="https://crib.social/tag/nodejs" rel="nofollow noopener" target="_blank">#nodejs</a> <a class="hashtag" href="https://crib.social/tag/npx" rel="nofollow noopener" target="_blank">#npx</a> <a class="hashtag" href="https://crib.social/tag/infosec" rel="nofollow noopener" target="_blank">#infosec</a> <a class="hashtag" href="https://crib.social/tag/security" rel="nofollow noopener" target="_blank">#security</a>
Socket<p>🚨 New Threat Research: We uncovered 4 malicious packages (3 on npm, 1 on PyPI) with 56,000+ downloads, all delivering surveillance malware capable of keylogging, screen capture, and webcam access.</p><p>Here’s what we found: <a href="https://socket.dev/blog/surveillance-malware-hidden-in-npm-and-pypi-packages" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">socket.dev/blog/surveillance-m</span><span class="invisible">alware-hidden-in-npm-and-pypi-packages</span></a> <a href="https://fosstodon.org/tags/NodeJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NodeJS</span></a> <a href="https://fosstodon.org/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JavaScript</span></a> <a href="https://fosstodon.org/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a></p>
Socket<p>🚨 A critical vulnerability in the widely used npm form-data package could allow HTTP Parameter Pollution, potentially impacting millions of projects. The package sees 100M+ downloads weekly.</p><p>Details → <a href="https://socket.dev/blog/critical-vulnerability-in-popular-npm-form-data-package" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">socket.dev/blog/critical-vulne</span><span class="invisible">rability-in-popular-npm-form-data-package</span></a> <a href="https://fosstodon.org/tags/NodeJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NodeJS</span></a> <a href="https://fosstodon.org/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JavaScript</span></a></p>
Socket<p>Bun 1.2.19 introduces isolated installs for monorepos, smarter package management, and 5x faster Bun.sql. 🎉 </p><p>Congrats to <span class="h-card" translate="no"><a href="https://hachyderm.io/@jarredsumner" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>jarredsumner</span></a></span> and all the <span class="h-card" translate="no"><a href="https://bird.makeup/users/bunjavascript" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bunjavascript</span></a></span> contributors: <a href="https://socket.dev/blog/bun-1-2-19-adds-isolated-installs-for-better-monorepo-support" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">socket.dev/blog/bun-1-2-19-add</span><span class="invisible">s-isolated-installs-for-better-monorepo-support</span></a> <a href="https://fosstodon.org/tags/NodeJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NodeJS</span></a></p>
HackerNoon<p>Is Node.js really as slow as it has been portrayed by competitors? <a href="https://hackernoon.com/myth-vs-reality-real-world-runtime-performance-of-nodejs-deno-and-bun" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackernoon.com/myth-vs-reality</span><span class="invisible">-real-world-runtime-performance-of-nodejs-deno-and-bun</span></a> <a href="https://mas.to/tags/nodejs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nodejs</span></a></p>
Bardnet<p>"Hours after we reported on the npm phishing campaign using the typosquatted npnjs.com site, we’re now seeing the first major fallout: popular npm packages, including eslint-config-prettier and eslint-plugin-prettier, were compromised" <a href="https://icosahedron.website/tags/eslint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eslint</span></a> <a href="https://icosahedron.website/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a> <a href="https://icosahedron.website/tags/nodejs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nodejs</span></a></p><p><a href="https://socket.dev/blog/npm-phishing-campaign-leads-to-prettier-tooling-packages-compromise" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">socket.dev/blog/npm-phishing-c</span><span class="invisible">ampaign-leads-to-prettier-tooling-packages-compromise</span></a></p>
Socket<p>🚨 npm phishing alert! <br>Attackers are sending emails from spoofed support@npmjs.org addresses linking to a typosquatted clone site (npnjs.com) to steal credentials. This attack is designed to hijack npm accounts. </p><p><a href="https://socket.dev/blog/npm-phishing-email-targets-developers-with-typosquatted-domain" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">socket.dev/blog/npm-phishing-e</span><span class="invisible">mail-targets-developers-with-typosquatted-domain</span></a> <a href="https://fosstodon.org/tags/nodejs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nodejs</span></a> <a href="https://fosstodon.org/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JavaScript</span></a></p>
Joe Lanman<p>for hot reloading changes, the govuk prototype kit uses nodemon on the back end, and browsersync on the front end. Is this an old way to do it? I get the impression vite can do both but I'm not entirely sure from the docs.</p><p><a href="https://hachyderm.io/tags/nodejs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nodejs</span></a> <a href="https://hachyderm.io/tags/javascript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>javascript</span></a> <a href="https://hachyderm.io/tags/webdev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webdev</span></a></p>
Frontend Dogma<p>Modern Node.js Patterns for 2025, by (not on Mastodon or Bluesky):</p><p><a href="https://kashw1n.com/blog/nodejs-2025/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">kashw1n.com/blog/nodejs-2025/</span><span class="invisible"></span></a></p><p><a href="https://mas.to/tags/nodejs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nodejs</span></a> <a href="https://mas.to/tags/softwaredesignpatterns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>softwaredesignpatterns</span></a> <a href="https://mas.to/tags/esm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>esm</span></a> <a href="https://mas.to/tags/apis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>apis</span></a> <a href="https://mas.to/tags/testing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>testing</span></a> <a href="https://mas.to/tags/asynchronicity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>asynchronicity</span></a> <a href="https://mas.to/tags/streaming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>streaming</span></a> <a href="https://mas.to/tags/workerthreads" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>workerthreads</span></a> <a href="https://mas.to/tags/dx" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dx</span></a> <a href="https://mas.to/tags/monitoring" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monitoring</span></a> <a href="https://mas.to/tags/deploying" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deploying</span></a> <a href="https://mas.to/tags/errors" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>errors</span></a></p>
洪 民憙 (Hong Minhee)<p><strong>Upyo 0.2.0 Release Notes</strong></p>
<p><a href="https://hackers.pub/@hongminhee/2025/upyo-020" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackers.pub/@hongminhee/2025/u</span><span class="invisible">pyo-020</span></a></p>
Felipe 🐁<p>Updates are here!</p><p><a href="https://nodejs.org/en/blog/vulnerability/july-2025-security-releases" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nodejs.org/en/blog/vulnerabili</span><span class="invisible">ty/july-2025-security-releases</span></a></p><p><a href="https://hachyderm.io/tags/software" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>software</span></a> <a href="https://hachyderm.io/tags/dev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dev</span></a> <a href="https://hachyderm.io/tags/node" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>node</span></a> <a href="https://hachyderm.io/tags/nodejs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nodejs</span></a> <a href="https://hachyderm.io/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JavaScript</span></a> <a href="https://hachyderm.io/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
Ducky Fella<p>Is your company looking for a keen self-hoster with plenty of <a href="https://cupoftea.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> experience? I grew up with <a href="https://cupoftea.social/tags/RaspberryPi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RaspberryPi</span></a> and have picked up many skills along the way including <a href="https://cupoftea.social/tags/React" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>React</span></a>, backend JavaScript (<a href="https://cupoftea.social/tags/NodeJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NodeJS</span></a>) and <a href="https://cupoftea.social/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Docker</span></a>. My current obsession is monitoring all the things with <a href="https://cupoftea.social/tags/Grafana" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Grafana</span></a>, <a href="https://cupoftea.social/tags/PRTG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PRTG</span></a> and <a href="https://cupoftea.social/tags/Prometheus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Prometheus</span></a>. I’m based in the UK but open to primarily English-speaking roles in Germany, too. Currently wrapping up my Advanced Software Development degree but eager to continue learning! Boosts appreciated :D</p><p><a href="https://cupoftea.social/tags/GetFediHired" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GetFediHired</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload