profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/naugtur/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

egnyte/ax 46

A CLI tool to query structured logs, including Kibana, Cloudwatch, Stackdriver, Docker and plain JSON file logs.

laucheukhim/instano 33

instano.js - Instant NoScript Detection

naugtur/backbone-redux-migrator 23

Lets Backbone and Redux apps coexist, so you don't have to rewrite everything at once

egnyte/python-egnyte 14

Python client for the Egnyte Public API.

naugtur/aframe-point-component 10

implements a-point based on THREE.js point object

egnyte/egnyte-js-sdk 7

Javascript SDK to work with Egnyte Public APIs

egnyte/ruby-egnyte 6

Ruby client for Egnyte's Public API.

egnyte/wopi-proof-validator 5

A library for validating WOPI Proof Keys coming from Microsoft Office in Node.js

egnyte/egnyte-dotnet 4

.NET SDK for the Egnyte Public API.

naugtur/axons.js 4

A communication channel you always wanted instead of pub-sub

issue commentnpm/rfcs

Open RFC Meeting - Wednesday, September 22, 2021, 2:00 PM EST

Doh, I missed it. Can I get your attention to these two? https://github.com/npm/arborist/pull/323 - should be ready to merge https://github.com/npm/cli/issues/3531 - some pointers on what to call from arborist to see the results?

I'm considering switching from calling npm to using arborist under the hood.

darcyclarke

comment created time in 6 days

push eventnaugtur/podcastmaker-cli

naugtur

commit sha 29e8731b5a9c3ffd5d299221ea1c7f7e8a0bbbbc

fix intro normalization and add more research on clicks

view details

push time in 7 days

PullRequestReviewEvent

Pull request review commentnpm/arborist

Attempt exposing isDirect and types

 class Vuln {   }    toJSON () {-    // sort so that they're always in a consistent order+    const edgesIn = [...this.nodes.values()].flatMap(n => [...n.edgesIn])+    const isDirect = edgesIn.some(e => e.from.isProjectRoot)+    const types = [...new Set(edgesIn.map(a => a.type))].sort()

Extracted here: https://github.com/npm/arborist/pull/323

naugtur

comment created time in 8 days

PR opened npm/arborist

feat: expose isDirect boolean for direct dependencies on the Vuln type

This is in relation to npm/rfcs#372

I've extracted what can already be merged without much controversy from https://github.com/npm/arborist/pull/301 and provided test coverage.

@isaacs let me know if this is ok now, I'd like to merge this one and use it in npm-audit-resolver
and then go back to working on types - the logic there demands I spend some more time figuring out what I want to achieve in more detail than I initially anticipated.

+154 -3

0 comment

4 changed files

pr created time in 9 days

push eventnaugtur/arborist

naugtur

commit sha 40cb98d22c283f6b9af079215fb33dfb4645d453

expose isDirect on Vuln type, not just in JSON outpput

view details

push time in 9 days

issue commentmeetjspl/poznan

Czy warto się uczyć Vue w 2021 roku i dlaczego nie?

Mam pozytywne wrażenia po przeczytaniu zajawki, tytuł jest z pazurem, ale to dobrze 🙂

Piszę o tym bo nie wiem czy się masz ochotę tak konfrontować.

przemyslawjanpietrzak

comment created time in 9 days

create barnchnaugtur/arborist

branch : direct-only

created branch time in 9 days

issue commentmeetjspl/poznan

Czy warto się uczyć Vue w 2021 roku i dlaczego nie?

Mocne. W Poznaniu mieszka jeden czy dwóch core contributorów do Vue i nawet bywał na meet.js-ach - może byśmy z tego zrobili jakiś panel dyskusyjny?

przemyslawjanpietrzak

comment created time in 9 days

Pull request review commentnpm/arborist

Attempt exposing isDirect and types

 class Vuln {   }    toJSON () {-    // sort so that they're always in a consistent order+    const edgesIn = [...this.nodes.values()].flatMap(n => [...n.edgesIn])+    const isDirect = edgesIn.some(e => e.from.isProjectRoot)+    const types = [...new Set(edgesIn.map(a => a.type))].sort()

I actually only needed dev, so I'm reluctant to include this much complexity here for figuring out types. I'm going to split this PR so I can finish isDirect and get it merged and use it, then work on types.

naugtur

comment created time in 11 days

PullRequestReviewEvent

push eventnaugtur/naugtur.github.com

naugtur

commit sha cd409d4e1da37bc438a0612ee55f87fa2f998aad

wearedevelopers update

view details

push time in 13 days

issue commentmeetjspl/poznan

Context API - czy może zastąpić Reduxa?

https://www.meetup.com/meet-js-Pozna%C5%84/events/280614182/ 23 września. Wbijaj

iiskaandar

comment created time in 18 days

issue commentmeetjspl/poznan

Svelte and reactive web apps

Spoko. Ale przyjdź koniecznie - będą foodtrucki 😉

kjeske

comment created time in 20 days

issue commentmeetjspl/poznan

Svelte and reactive web apps

@kjeske Chcesz wystąpić na meet.js 23 września? ;)

kjeske

comment created time in 20 days

issue commentmeetjspl/poznan

Context API - czy może zastąpić Reduxa?

To może dodamy xstate i jakieś jeszcze buzzwordy do tytułu żeby przyciągnąć więcej ludzi? 😅

iiskaandar

comment created time in 21 days

issue commentmeetjspl/poznan

Context API - czy może zastąpić Reduxa?

Super! Dzięki za zgłoszenie.

Wystarczy miejsca w prezentacji żeby zestawić to podejście z użyciem valtio, ewentualnie zustand?

iiskaandar

comment created time in 21 days

issue commentmeetjspl/poznan

Optymalizacja rozmiaru paczki produkcyjnej z Webpack

Właśnie ogłosiłem meet.js Poznań na 23 września. Wbijasz? :D

kvas-damian

comment created time in 21 days

issue commentmeetjspl/poznan

Optymalizacja rozmiaru paczki produkcyjnej z Webpack

cześć @kvas-damian Odżywamy po pandemii. Temat aktualny?

kvas-damian

comment created time in 22 days

PR opened fossas/fossa-cli

Fix npm installation for correctness and security

changes and why:

  • switch from npm install to npm ci that respects the contents of package-lock.json
  • add --ignore-scripts to avoid executing malicious scripts for a fossa user who's otherwise secure in their build pipeline

--ignore-scripts could depend on external configuration or be passed from the top as well,

context

Many npm packages consumers set up their pipelines to avoid consequences of running postinstall scripts from all packages in their dependencies in case a tiny irrelevant package gets taken over by a malicious actor.

https://dev.to/naugtur/get-safe-and-remain-productive-with-can-i-ignore-scripts-2ddc https://snyk.io/blog/npm-security-malicious-code-in-oss-npm-packages/

discussion

Let's discuss if the change I suggested makes sense for the overall usecase. Maybe you support incredibly old versions of npm and a bit of if-else is necessary here? Or should the --ignore-scripts param be also documented? Postinstall scripts can do anything, so they can also install additional packages probably. It's less of an omission than skipping entire devDependencies where frontend build tool plugins might exist and they could be adding polyfills and other code to the final shippable bundle. So if running --production and documenting it so is fine, --ignore-scripts should be much less controversial.

+1 -1

0 comment

1 changed file

pr created time in 22 days

push eventnaugtur/fossa-cli

Zbyszek Tenerowicz

commit sha bad350a00c521dd5ea3892ada8d4f83e8d75c801

Fix npm installation for correctness and security - switch from `npm install` to `npm ci` that respects the contents of package-lock.json - add --ignore-scripts to avoid executing malicious scripts for a fossa user who's otherwise secure in their build pipeline --ignore-scripts could depend on external configuration or be passed from the top as well,

view details

push time in 22 days

fork naugtur/fossa-cli

Fast, portable and reliable dependency analysis for any codebase. Supports license & vulnerability scanning for large monoliths. Language-agnostic; integrates with 20+ build systems.

https://fossa.com

fork in 22 days

push eventnaugtur/naugtur.github.com

naugtur

commit sha 84a559617414fdd7d38cb3351010f8654e3629ae

malicious package presentation

view details

push time in 25 days

push eventnaugtur/naugtur.github.com

naugtur

commit sha 9efa8f738b28878677343ec7fa90028b3eea4f4c

that works

view details

push time in a month

push eventnaugtur/naugtur.github.com

naugtur

commit sha 1c189216e825a03781931e2298be3baba2f9ae24

first full story

view details

naugtur

commit sha 474d106d311b5022327f28bfd5eb78b01b8a7c2f

subtitle version

view details

push time in a month

create barnchnaugtur/naugtur.github.com

branch : malicious-package

created branch time in a month

startedoptoolco/tonic

started time in a month

startedIBM/core-dump-handler

started time in a month

push eventnaugtur/hackme-package

naugtur

commit sha 30b74180c7726b57fd5c0561fc48dd9878f0645d

rename to something less controversial to automated scripts

view details

push time in a month

push eventnaugtur/hackme-package

naugtur

commit sha 5af6d761009807a8add63e5151785cced7877559

prepare to publish the first one

view details

push time in a month