Archive.index
Browse recent writing, or follow the categories and tags that match the questions you care about.
/ Software
The recent Packagist and Composer security update matters because it moves the PHP ecosystem away from best-effort trust and toward stronger release controls, malware filtering, and immutable versions.
More posts
/ Software
TrapDoor stood out because it was not tied to one package registry. It spread across npm, PyPI, and crates.io while targeting crypto developers, AI tooling, and developer workstations.
/ Software
The Laravel-Lang compromise showed how dangerous mutable tags and Composer autoload execution can become when attackers gain push access to a package namespace.
/ Software
Megalodon showed that software supply chain attacks do not need a poisoned package when attackers can backdoor CI workflows across thousands of repositories instead.
/ Software
The AntV wave showed how Mini Shai-Hulud evolved from a high-profile compromise into a mass npm credential-harvesting campaign across hundreds of packages.
/ Software
The poisoned Nx Console release and the resulting GitHub employee-device compromise showed how a developer extension can become a platform-level supply chain problem.
/ Software
The Shai Hulud campaign showed how quickly modern package ecosystems can turn a compromised maintainer or CI path into broad install-time credential theft.
/ Software
The LiteLLM and Telnyx incidents showed how stolen publishing credentials can turn trusted PyPI packages into fast-moving credential harvesters.
/ Software
Laravel Paper lets you use Eloquent against Markdown and JSON files, keeping the familiar Laravel model workflow without reaching for a database first.
/ Ai
Large models can be intimidating to customize: heavy frameworks, complex training loops, and expensive compute all get in the way.
/ Software
Superpowers is an open-source collection of AI-assisted coding utilities that aim to streamline developer workflows.
/ Hardware
WithDiode provides a fast path from idea to working circuit without wrestling with toolchains, bench wiring, or messy breadboards.
/ Ai
Voice synthesis has moved quickly from laboratory demos to production-grade tools. Voicebox aims to put cutting-edge voice cloning into a local-first desktop application.
/ Software
Laravel Introspect turns parts of your Laravel application into something you can query with a fluent API: views, routes, classes, and Eloquent models.