mango

On April 21st, Lydia Hallie from Anthropic is teaching a full-day Claude Code Deep Dive at Frontend Masters. It's free. No subscription. No catch. Just RSVP. The rest of April is stacked too: Apr 6-7: AI Engineering Fundamentals with Scott Moss (Netflix) Apr 9: Svelte 5+ with Rich Harris (the creator) Apr 14: Self-Testing AI Agents with Steve Kinney Apr 16: AWS SPAs v3 with Steve Kinney Apr 28: Cloud CI/CD with Erik Reinert Six workshops. One month. The biggest one costs nothing. See the full schedule and RSVP frontendmasters.com/workshops/?utm…

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.