Caio Rhian

New supply chain attack this time for npm axios, the most popular HTTP client library with 300M weekly downloads. Scanning my system I found a use imported from googleworkspace/cli from a few days ago when I was experimenting with gmail/gcal cli. The installed version (luckily) resolved to an unaffected 1.13.5, but the project dependency is not pinned, meaning that if I did this earlier today the code would have resolved to latest and I'd be pwned. It's possible to personally defend against these to some extent with local settings e.g. release-age constraints, or containers or etc, but I think ultimately the defaults of package management projects (pip, npm etc) have to change so that a single infection (usually luckily fairly temporary in nature due to security scanning) does not spread through users at random and at scale via unpinned dependencies. More comprehensive article: stepsecurity.io/blog/axios-com…

@liques @liques e a galera de front do time, fica atualizando localmente? ou compartilha com eles por outra maneira?

@caiorhian Bruno na veia!

Galera de backend, vocês tem documentando API como? Swagger? Postman? Bruno?

@colinhacks that's interesting, does it work on zod3?

whoa. I just found a way to properly infer recursive types in z.object() — no casting, no z.lazy(), no scopes/registries, no special syntax. i've been trying to do this for literally years

@felipeneto cnnbrasil.com.br/blogs/luisa-ma…

O que é a RediRedi? 🔍 Venda produtos online e localmente com o catálogo digital de sua loja. Monte seu catálogo em poucos minutos com ajuda da inteligêcia artificial da RediRedi. Obtenha fotos automáticas dos seus produtos e economize tempo.

@arvidkahl I’m quite happy using @typesense

Full-text search on 500GB+ of data is keeping me awake at night. MySQL's full-text index just can't handle this. Often takes minutes. And Meilisearch, as fast as it is, is hard to wrangle to get it to get only precise results. Anyone here experienced with search at this size?

@jasonbosco @typesense You guys are doing a great job!

Just hit 2 BILLION searches per month on @Typesense Cloud. 2,000,000,000 This time last year, we were just about to reach 500M, and that sounded surreal at the time. We're now doing 4 times that volume, with peaks of 425K searches per minute 🤯

@thdxr That should be fine, I believe dashbird.io works like that. Bundled/minified functions might log huge logs while logging the stack when sourcemap isn’t present. Is that a concern?

@caiorhian i'm not a huge fan of adding yet another library - we'll likely operate off `console.error` calls where you pass in any JS Error not too hard for us to parse those

just put out beta2 of the SST Console logs are now more powerful you can page through the most recent invocations or jump to point in time, plus a bunch of other goodies we built exactly what we needed ourselves to debug errors next step - automatic sourcemap support

e lançaram o MacBook Air 15", considerando a perfomance do 13.6", esse novo promete

#WWDC23 tá começando

@github tá super instável essa semana

@Marcelasmorais Logo é você!!!

É tão bom ver amigos entrando na faculdade e no curso que eles queriam!! 🥺🥺

Rumores de que hoje sai um MacBook novo, será que vem o M2 Pro ai?

@Marcelasmorais haha desde pequena vc tem uma tendência

Tenho vontade de ser medvloger só pra ser fazer patrocinada pela dr cherie

@euascott Melhor jogo

Finalmente vou jogar TLOU

@Lypera Como assim cara? SP é show

Não da pra entender porque o macOS ainda não suporta contas Microsoft nativamente igual suporta as do Google