NPM version 11.10.0 (Feb 2026) can now consider the relative age of a package release before installing it through the introduction of a new min-release-age config flag.
Limiting package installation based on age is known as dependency cooldown, specifically useful as a low-effort defense to address the rise in supply chain attacks.
Continue reading Give Your Dependencies a RestA security vulnerability was discovered at GitHub back in 2012 that made it possible for an attacker to add new SSH keys to arbitrary GitHub user accounts. Although there was no known malicious activity using this exploit, they took the responsible step to email all their users that have SSH keys associated with their account to verify and approve them before they could be used to clone/pull/push repositories over SSH again.
Continue reading GitHub SSH Public Key Fingerprint CheckingHere’s a tip if you are having trouble connecting to GitHub using Eclipse/Egit with a recently generated SSH key pair…
Continue reading Eclipse, EGit, github, jsch and AES-128 encrypted private keysI recently needed to do some manual word wrapping (and possibly hyphenation) of strings in JavaScript and found some interesting code projects:
I launched a new WordPress blog for a client a few months ago and have been watching as comment spammers find the site and do what they do best, leave spam. As the first few spam comments started coming in I would flag them then manually copy/paste the source IPs and URLs to the built-in WordPress “Comment Blacklist“.
Over time I obviously started seeing some duplicates and I noticed bursts of spam from certain IPs or linking to specific spam URLs. I was curious to see what these top IPs and URLs were, as they would seem the best candidates to include in the blacklist.
So, let’s dig around in the database a bit…
Continue reading Counting your top WordPress comment spam source IPs and URLs