Chellappan

51.4K posts

Chellappan

@chellaInTech

#Angular #React #JS #webcomponent #NodeJS #Design Systems #Next.js #FrontEndDev #ChennayinFC-è nel sangue @chennaiyinfc junior vibe coder.

Your heart Katılım Mayıs 2013

3.6K Takip Edilen1.3K Takipçiler

Sabitlenmiş Tweet

Chellappan@chellaInTech·19 Şub

Warning to customers: @GoNorthEastIN @GoHomestay @GoJammukashmir @GoMaharashtra_ After my earlier tweet, @GoHimachal_ CEO @SidHimachal promised to transfer ₹46K. Still unpaid. No call response, only daily “today” excuses. @VinojBJP please help me recover my money.

English

270

Chellappan retweetledi

Syntax@syntaxfm·20h

Who will be crowned the inaugural March MadCSS Champion? @JoshWComeau OR @stolinski The final premieres TOMORROW at 10AM EST. youtube.com/watch?v=7rOUgT…

YouTube

English

3.8K

Chellappan retweetledi

Alex Inkin@Waterplea·20h

This is not an April's Fool joke. Taiga UI 5.0 has hit the npm! 🎉 Check out our shiny new website: taiga-ui.dev/getting-started Then hit: ng update @taiga-ui/cdk or: nx migrate @taiga-ui/cdk nx migrate --run-migrations=migrations.json Changelog: github.com/taiga-family/t… 😎

English

1.6K

Chellappan@chellaInTech·19h

Hi All Im using the Image component with CloudFront. All domains are in remotePatterns, and it works locally. After deployment remote images fail to load. I even tried a custom loade no luck. Any tips on debugging this post-deployment? @cramforce @samselikoff @timneutkens

English

Chellappan retweetledi

Savukku Shankar@SavukkuOfficial·1d

இந்த சங்கி யாரு ? @mkstalin

PttvOnlinenews@PttvNewsX

முழு சங்கியாகவே மாறிவிட்டார்.. - மு.க.ஸ்டாலின் #MKStalin | #DMK | #ADMK | #BJP | #ElectionWithPT

தமிழ்

393

1.8K

38.6K

Chellappan retweetledi

MDN Web Docs@MozDevNet·1d

🆕 Document.caretPositionFromPoint() is Newly Available! Give it an (x, y) coordinate and get back the exact DOM node and character offset. Perfect for click-to-edit interfaces. Check it out 👇 developer.mozilla.org/en-US/docs/Web…

English

249

11.2K

Chellappan retweetledi

Vercel Developers@vercel_dev·2d

The Vercel security and compute teams have conducted an investigation into the malicious takeover of the 𝚊𝚡𝚒𝚘𝚜@𝟷.𝟷𝟺.𝟷 npm package. • We’ve blocked outgoing access from our build infrastructure to the Command & Control hostname 𝚜𝚏𝚛𝚌𝚕𝚊𝚔.𝚌𝚘𝚖. • The malicious version of the package has been blocked and unpublished from npm. • Vercel’s own infrastructure and applications have been unaffected. • We recommend checking your supply chain for exposure. For more information, read the full advisory ↓ vercel.com/changelog/axio…

English

101

552

79.1K

Chellappan retweetledi

Google Maps@googlemaps·2d

Ask Maps is now available to everyone in the U.S. and India. Here are six prompts to get you started. 🧵

English

172

528

5.7K

670.8K

Chellappan retweetledi

Andrej Karpathy@karpathy·2d

New supply chain attack this time for npm axios, the most popular HTTP client library with 300M weekly downloads. Scanning my system I found a use imported from googleworkspace/cli from a few days ago when I was experimenting with gmail/gcal cli. The installed version (luckily) resolved to an unaffected 1.13.5, but the project dependency is not pinned, meaning that if I did this earlier today the code would have resolved to latest and I'd be pwned. It's possible to personally defend against these to some extent with local settings e.g. release-age constraints, or containers or etc, but I think ultimately the defaults of package management projects (pip, npm etc) have to change so that a single infection (usually luckily fairly temporary in nature due to security scanning) does not spread through users at random and at scale via unpinned dependencies. More comprehensive article: stepsecurity.io/blog/axios-com…

Feross@feross

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios @1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.

English

531

1.1K

10.4K

1.3M

Chellappan retweetledi

Socket@SocketSecurity·2d

🚨 Active supply chain attack on axios@1.14.1. The latest version pulls in plain-crypto-js@4.2.1 -- a brand-new package that didn't exist before today. Socket's AI analysis flags it as a malicious obfuscated dropper: runtime deobfuscation, dynamic execSync loading, payload staging to temp/ProgramData directories, and post-execution artifact deletion. Consistent with supply chain malware. We're still investigating. If you use axios, pin your version and audit your lockfile.

English

246

230.8K

Chellappan retweetledi

Feross@feross·2d

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.

English

530

4.1K

16.3K

11.9M

Chellappan retweetledi

Wes Bos@wesbos·2d

‼️Do not npm install or deploy anything right now Supply chain attack on axios 1.14.1 - even if you don’t use axios it may be a nested dep. Pin versions or wait until this is resolved

Maxwell@mvxvvll

@npmjs @GHSecurityLab there is an active supply chain attack on axios@1.14.1 which pulls in a malicious package published today - plain-crypto-js@4.2.1 - someone took over a maintainer account for Axios

English

168

1.8K

1.6M

Chellappan retweetledi

Chennaiyin F.C.@ChennaiyinFC·3d

Our cutest and youngest fan ever 😍 #AllInForChennaiyin

English

124

1.5K

Chellappan retweetledi

Addy Osmani@addyosmani·4d

I can't remember the last time I was truly stuck on a coding problem. AI agents changed this. Going from "sometimes blocked" to "always moving" is wild.

English

492

30.4K

Chellappan retweetledi

Addy Osmani@addyosmani·4d

Build the thing that feels too ambitious. If you're using agents to do exactly what you were doing before - just faster - you may be thinking too small. Ambitious is the right size side-project.

Cheng Lou@_chenglou

My dear front-end developers (and anyone who’s interested in the future of interfaces): I have crawled through depths of hell to bring you, for the foreseeable years, one of the more important foundational pieces of UI engineering (if not in implementation then certainly at least in concept): Fast, accurate and comprehensive userland text measurement algorithm in pure TypeScript, usable for laying out entire web pages without CSS, bypassing DOM measurements and reflow

English

469

63.1K

Chellappan retweetledi

Alex Inkin@Waterplea·5d

#AngularTip for the day! You can trigger InjectionToken factory by providing it: { provide: TOKEN }. In case you ever need a default token value again, check out this snippet:

English

Chellappan retweetledi

GitHub@github·5d

🆕 The Awesome GitHub Copilot project has a new home. Head over to explore hundreds of community-built customizations: 🔍 Full-text search for agents and skills 📚 A dedicated Learning Hub ⚡ 1-click plugin installs for Copilot CLI & @code Built by the community, for the community. Check it out.👇 awesome-copilot.github.com

English

508

47.2K

Chellappan retweetledi

Angular@angular·5d

x.com/i/article/2037…

ZXX

14K

Chellappan retweetledi

Coder girl 👩‍💻@dev_maims·6d

POV: Software engineers 3 hours before the deadline. 😂

English

343

2.5K

24.7K

1.7M

Chellappan retweetledi

Ahmad Shadeed@shadeed9·25 Mar

After a year of building, The Layout Maestro is officially live! 🎹🥳 An interactive CSS course that teaches you how to think in CSS layouts. 70+ lessons, 7 layouts, 150+ interactive demos! Ready to level up your layout skills? Enroll now👇: thelayoutmaestro.com

English

8.6K

Chellappan retweetledi

Matthieu Riegler@Jean__Meche·25 Mar

We've talked about it recently, but the work is finally done and the feature is merged! In v22 OnPush is the default for CD! Less boilerplate and more happy developers 😄 github.com/angular/angula…

English

106

5.8K

Keşfet

@JoshWComeau @stolinski @taiga @cramforce @samselikoff @timneutkens @mkstalin @code