Relatable Code

Share this post
An attack on NPM? And explaining exactly what is Edge computing
relatablecode.substack.com

An attack on NPM? And explaining exactly what is Edge computing

Let's go over a recent update with NPM where it underwent an attack campaign with stolen OAUTH tokens and going over edge computing.

Diego Ballesteros
Jun 3
Share this post
An attack on NPM? And explaining exactly what is Edge computing
relatablecode.substack.com

šŸ—ž News

Twitter avatar for @GitHubSecurityGitHub Security @GitHubSecurity
GitHub has been actively investigating the attack campaign around stolen OAuth tokens, of which @npmjs was a victim organization. Today we’re sharing our final impact analysis for npm as well as additional findings.
github.blog/2022-05-26-npm…

GitHub Security @GitHubSecurity

GitHub has uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI. Read more about the impact to GitHub, npm, and our users. https://t.co/eB7IJfJfh1

May 27th 2022

117 Retweets225 Likes

Back in April GitHub released a blog post detailing an attack campaign with stolen OAuth user tokens. The investigation was still ongoing so this article covers several interesting tidbits on the attack!

Essentially the initial breakthrough by the hacker/bad actor was done with third-party integrations tokens from Heroku and TravisCI. From there they essentially went down a rabbit hole of different integrations and functionalities to obtain the login information for 100k+ users as well as a ton of private repository information ranging from secret keys to private company data.

If you happened to be affected GitHub ideally would have notified you already.

This is just another reminder to not have any sensitive information in your repository even if it’s private (unless it’s a secret that can only be accessed from the GitHub portal).

Full article:
Full attack on NPM article with OAUTH tokens

Twitter avatar for @heyAustinGilAustin Gil šŸ”œ VueConf US @heyAustinGil
Do you want to learn about edge compute? Do you like dogs in hats? Then you're in luck! In my latest blog post, I explain edge compute with the analogy of knitting hats for dogs. Let me know what you think :D
What is Edge Compute? It’s kind of like knitting dog hatsEdge compute is the new frontier in computing technology. This article explains what it is and why it’s awesome, all along with cute pictures of dogs.austingil.com

May 23rd 2022

4 Retweets6 Likes

ā€œThe Edgeā€ is quickly becoming a buzzword and concept that is spreading like wildfire. Many call it the future of web application sites. But what exactly does it mean?

In the article, Austin Gil goes over edge computing making a cute analogy with knitting dog hats.

Let’s break down the definitions he goes over:

Compute - Anything a machine returns something

Edge - As close as possible to the client’s browser/machine/what have you

Essentially edge computing is bringing to the client the application (maybe HTML?) or API results as close as possible. The biggest benefit of this is that it lowers the response time from the server to the user.

Check out the article for a full explanation.

šŸ“¦ More interesting Articles

āš› React

  • Ultra, the new react web framework

šŸŽØ CSS

  • Headless UI releases version 1.6.0

  • The Dark Yellow problem in design system color palettes

  • Typography tooling

šŸ”§ Other

  • Building a design system monorepo with Turborepo

  • Full attack on NPM article with OAUTH tokens

  • Processing arrays non destructively

  • Localizing Slack

  • Designing a better language selector

Share this post
An attack on NPM? And explaining exactly what is Edge computing
relatablecode.substack.com
Comments

Create your profile

0 subscriptions will be displayed on your profile (edit)

Skip for now

Only paid subscribers can comment on this post

Already a paid subscriber? Sign in

Check your email

For your security, we need to re-authenticate you.

Click the link we sent to , or click here to sign in.

TopNew

No posts

Ready for more?

Ā© 2022 Diego Ballesteros
Privacy āˆ™ Terms āˆ™ Collection notice
Publish on Substack Get the app
SubstackĀ is the home for great writing