Tag: security

6 min read 0

My React2Shell Story

  • 2026-03-04
Gather 'round, friends! It's time to hear the story of how I led the charge to mitigate React2Shell: a dangerous remote code execution vulnerability which…
6 min read 0

Be careful with that VS Code Extension!

  • 2026-02-24
Those extensions and themes you’ve been installing in your IDE could be dangerous. I understand that there are a lot of cool extensions and themes…
8 min read 0

1Password CLI Adds Risk

  • 2026-02-17
In October of 2023, I reported a vulnerability to 1Password regarding their op (a.k.a. 1password-cli) program. In my report I detailed that their approach to…
3 min read 0

Introducing the Poison-Pillminder

  • 2026-02-03
Do you manage a GitHub org with a bunch of repositories? Do you have a hard time scrambling when the latest NPM supply-chain attack hits,…
4 min read 0

Secrets in Lambda Env Vars

  • 2024-04-25
Hello, friends! I’m here on this fine Thursday with some low-key advice on a very serious problem: you—or someone you know—has been putting secrets into…
5 min read 0

How to Cheat in JS Object Manipulation

  • 2023-06-28
Often in JavaScript, we’ve got to manipulate JavaScript Objects in order to serve a purpose. Today I’m going to cover a quick way to cheat…
4 min read 0

String Manipulation of URLs is an Anti-Pattern.

  • 2021-08-31
Quick note before we get started: this piece is Node-centric in its examples, but this anti-pattern is polyglottal. As with most anti-patterns, this isn’t about…
5 min read 0

Warning: Elaborate Scams Abound!

  • 2021-04-13
Hey all! This post won’t be long, and I’m sorry but it won’t be terribly technical either. Tonight I had an encounter with a scam…