Rajesh👨‍💻

Your app works locally.
CI suddenly fails.
Nothing changed. 👀 
 Welcome to dependency drift. 
 npm ci saves you by enforcing exact lockfile installs instead of silently resolving newer packages like npm install. 
 Use npm ci in CI/CD. Always.

@rjv_im The next thing which comes is what llm does with this data, on that regulators may provide the new compliances. But yeah we will need to host our own llm as data can not travel outside the country

@rjv_im Yeah, i think this layer plays very important role as it communicates with the database/API, if you have already done, thats good I think many of the compliances are already resolved as part of it

Introducing - AI Agents for Mutual Funds (Video: Onboarding Agent helping distributor collect pan, name, dob and verify it against records) Feels like Mutual Fund workflows are entering a completely different phase Distributors reaching out to AI bots for onboarding, transactions, servicing, reports, and investor follow-ups. Fintechs embedding AI journeys directly inside their existing apps. AMCs offering much faster onboarding, recommendations, support, and servicing experiences. Not by replacing existing apps. But by adding AI agents alongside existing workflows. At MFStack, while continuing to improve UI/UX across our apps, we’ve started building AI-X — AI Experiences for Mutual Funds built over @Cybrilla and @ONDC_Official Agents which can work through chat interfaces, APIs, SDKs, MCP Servers, and A2A integrations ⚡️ Also means solving real infrastructure and engineering problems around privacy, PII leakage into LLMs, India data residency, workflow orchestration, and interoperability, hallucinations. Interesting times ahead 🚀

Install Trivy on macOS using Homebrew 🍺 ➡️ brew install trivy Ready to scan images locally in seconds

Run vulnerability scans locally in seconds with Trivy 🔍 ➡️ trivy image your-image:tag Catch OS + dependency vulnerabilities before pushing to prod 🚀 #DevSecOps #Docker

@NFTCPS Just check the OSINT framework you will realise there are many tools that can be used to get publicly available information

吓到我了！ GitHub上有个工具叫GhostTrack，输入一个手机号，能直接扫出这人在哪些平台注册过账号，还能查IP定位、运营商信息。 克隆代码跑脚本，5分钟搞定，门槛低得离谱。你以为自己在网上隐身呢？ 早被扒得透透的了。信息安全这事，真得重视起来。 🔗 github.com/HunxByts/Ghost…

@nodejs Is it safer? Can we update ? You have to tweet in a way that people can update because lots of vulnerabilities are coming nowadays

Node.js 24.15.0 (LTS) is out now! 💚 nodejs.org/en/blog/releas…

@rixhavraj @nodejs This is what i was thinking 🧐 is it a bug or what 😂

@nodejs New update or a new bug?

@sebastienlorber @rjv_im

New React CVE just dropped 😆 DOS vulnerability in Server Functions Patched versions already out: - 19.0.5 - 19.1.6 - 19.2.5

Your ECR is silently hoarding old images 👀 Fix it in 2 mins: 👉 Add lifecycle policy 👉 Keep last 7 images 👉 Auto-delete the rest Clean registry = lower cost 💸

@mscccc @rjv_im @PlanetScale @planetscalehelp I can see the schema now. Thanks!

@Rajssj4 @rjv_im @PlanetScale @planetscalehelp All fixed! Thanks for letting us know

@PlanetScale Here we come. Doing POC if we can migrate a small fresh instance. cc: @Rajssj4

@maxedapps You are safe, its with latest version, and they have already taken it down

👀

@feross 1.2.6

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.

@rjv_im @PlanetScale @PlanetScale, when does the dashboard show table count? Docs mention it, but I’m not seeing any tables reflected yet 🤔

@CChirchi Yeah thats what i am thinking, Even if AI cut it there would still be need to handle AI, normal people cant handle everything they dont even understand(at least proper)what it is.

@Rajssj4 still hire thru referrals and linkedin. ai can't cut it yet??

Do people still hire developers… or just prompt AI and hope for the best? And if they do — how are they finding the right devs today?

@nodejs @rjv_im we have to update too!

⚠️ Security releases are now available for the 25.x, 24.x, 22.x, 20.x Node.js release lines. Please see the blog post for additional details: nodejs.org/en/blog/vulner…

Building a 404 page I actually enjoy landing on. Terminal vibes, glow, and a little personality.

@khushichetule Github.com/rajeshn95