An attack on NPM? And explaining exactly what is Edge computing

Let's go over a recent update with NPM where it underwent an attack campaign with stolen OAUTH tokens and going over edge computing.

🗞 News

GitHub Security @GitHubSecurity

GitHub has been actively investigating the attack campaign around stolen OAuth tokens, of which @npmjs was a victim organization. Today we’re sharing our final impact analysis for npm as well as additional findings. github.blog/2022-05-26-npm…

GitHub Security @GitHubSecurity

GitHub has uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI. Read more about the impact to GitHub, npm, and our users. https://t.co/eB7IJfJfh1

6:56 AM ∙ May 27, 2022

---

Back in April GitHub released a blog post detailing an attack campaign with stolen OAuth user tokens. The investigation was still ongoing so this article covers several interesting tidbits on the attack!

Essentially the initial breakthrough by the hacker/bad actor was done with third-party integrations tokens from Heroku and TravisCI. From there they essentially went down a rabbit hole of different integrations and functionalities to obtain the login information for 100k+ users as well as a ton of private repository information ranging from secret keys to private company data.

If you happened to be affected GitHub ideally would have notified you already.

This is just another reminder to not have any sensitive information in your repository even if it’s private (unless it’s a secret that can only be accessed from the GitHub portal).

Full article:
Full attack on NPM article with OAUTH tokens

Austin Gil 🔜 VueConf US @heyAustinGil

Do you want to learn about edge compute? Do you like dogs in hats? Then you're in luck! In my latest blog post, I explain edge compute with the analogy of knitting hats for dogs. Let me know what you think :D

austingil.comWhat is Edge Compute? It’s kind of like knitting dog hatsEdge compute is the new frontier in computing technology. This article explains what it is and why it’s awesome, all along with cute pictures of dogs.

4:22 PM ∙ May 23, 2022

---

“The Edge” is quickly becoming a buzzword and concept that is spreading like wildfire. Many call it the future of web application sites. But what exactly does it mean?

In the article, Austin Gil goes over edge computing making a cute analogy with knitting dog hats.

Let’s break down the definitions he goes over:

Compute - Anything a machine returns something

Edge - As close as possible to the client’s browser/machine/what have you

Essentially edge computing is bringing to the client the application (maybe HTML?) or API results as close as possible. The biggest benefit of this is that it lowers the response time from the server to the user.

Check out the article for a full explanation.

📦 More interesting Articles

⚛ React

• Ultra, the new react web framework

🎨 CSS

• Headless UI releases version 1.6.0

• The Dark Yellow problem in design system color palettes

• Typography tooling

🔧 Other

• Building a design system monorepo with Turborepo

• Full attack on NPM article with OAUTH tokens

• Processing arrays non destructively

• Localizing Slack

• Designing a better language selector