Relatable Code

Share this post

An attack on NPM? And explaining exactly what is Edge computing

relatablecode.substack.com

An attack on NPM? And explaining exactly what is Edge computing

Let's go over a recent update with NPM where it underwent an attack campaign with stolen OAUTH tokens and going over edge computing.

Diego Ballesteros
Jun 3, 2022
Share this post

An attack on NPM? And explaining exactly what is Edge computing

relatablecode.substack.com

🗞 News

Twitter avatar for @GitHubSecurity
GitHub Security @GitHubSecurity
GitHub has been actively investigating the attack campaign around stolen OAuth tokens, of which @npmjs was a victim organization. Today we’re sharing our final impact analysis for npm as well as additional findings. github.blog/2022-05-26-npm…
Twitter avatar for @GitHubSecurity
GitHub Security @GitHubSecurity
GitHub has uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI. Read more about the impact to GitHub, npm, and our users. https://t.co/eB7IJfJfh1
6:56 AM ∙ May 27, 2022
225Likes117Retweets

Back in April GitHub released a blog post detailing an attack campaign with stolen OAuth user tokens. The investigation was still ongoing so this article covers several interesting tidbits on the attack!

Essentially the initial breakthrough by the hacker/bad actor was done with third-party integrations tokens from Heroku and TravisCI. From there they essentially went down a rabbit hole of different integrations and functionalities to obtain the login information for 100k+ users as well as a ton of private repository information ranging from secret keys to private company data.

If you happened to be affected GitHub ideally would have notified you already.

This is just another reminder to not have any sensitive information in your repository even if it’s private (unless it’s a secret that can only be accessed from the GitHub portal).

Full article:
Full attack on NPM article with OAUTH tokens

Twitter avatar for @heyAustinGil
Austin Gil 🔜 VueConf US @heyAustinGil
Do you want to learn about edge compute? Do you like dogs in hats? Then you're in luck! In my latest blog post, I explain edge compute with the analogy of knitting hats for dogs. Let me know what you think :D
austingil.comWhat is Edge Compute? It’s kind of like knitting dog hatsEdge compute is the new frontier in computing technology. This article explains what it is and why it’s awesome, all along with cute pictures of dogs.
4:22 PM ∙ May 23, 2022
6Likes4Retweets

“The Edge” is quickly becoming a buzzword and concept that is spreading like wildfire. Many call it the future of web application sites. But what exactly does it mean?

In the article, Austin Gil goes over edge computing making a cute analogy with knitting dog hats.

Let’s break down the definitions he goes over:

Compute - Anything a machine returns something

Edge - As close as possible to the client’s browser/machine/what have you

Essentially edge computing is bringing to the client the application (maybe HTML?) or API results as close as possible. The biggest benefit of this is that it lowers the response time from the server to the user.

Check out the article for a full explanation.

📦 More interesting Articles

⚛ React

  • Ultra, the new react web framework

🎨 CSS

  • Headless UI releases version 1.6.0

  • The Dark Yellow problem in design system color palettes

  • Typography tooling

🔧 Other

  • Building a design system monorepo with Turborepo

  • Full attack on NPM article with OAUTH tokens

  • Processing arrays non destructively

  • Localizing Slack

  • Designing a better language selector

Share this post

An attack on NPM? And explaining exactly what is Edge computing

relatablecode.substack.com
Comments
TopNew

No posts

Ready for more?

© 2023 Diego Ballesteros
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing