Maxwell

@npmjs @GHSecurityLab there is an active supply chain attack on axios@1.14.1 which pulls in a malicious package published today - plain-crypto-js@4.2.1 - someone took over a maintainer account for Axios

@npmjs @GHSecurityLab Pin axios at v1.14.0 - this version is safe If you think you’ve been compromised - rotate your GH, NPM, and any keys available in any environments where you updated this package. The compromised package ran a script that called out to a remote C&C service

@npmjs @GHSecurityLab there is an active supply chain attack on axios@1.14.1 which pulls in a malicious package published today - plain-crypto-js@4.2.1 - someone took over a maintainer account for Axios

@levelsio we’re not ready for the SaaSlop era

Ok I managed to make the code generated interactive so every idea is really becoming an app now Obvious next question, why not just generate every idea automatically and add Stripe to it and launch them?

@auchenberg oh no, time to stop using a SOTA model to run `ls`

Thought: Enjoy the unlimited tokens plans while you can. Thinking a back to the cheap Uber rides...

incredible that we built all this RAG and vector database stuff and it turns out that grep from 1973 works better than all that

Had the chance to connect with @chantastic about shipping embedded code editors in 2025, and how we approached this at @WorkOS to power JWT templates for @authkit.

🚨 Security Alert 🚨 WorkOS is disclosing a critical SAML authentication bypass in xml-crypto and Node.js libraries. This flaw allows attackers to forge SAML responses, potentially granting unauthorized access to any user account in affected applications—including admin accounts—without any user interaction. This enables full account takeovers. WorkOS customers are safe and were not impacted. Any service using xml-crypto or a Node.js SAML implementation using it should update immediately to the latest version. Full blog post with technical details 👇

So cool lo.cafe/notchnook

@csallen A wabi room, in the tradition of Axel Vervoordt. A sparse room where you go to reconnect

What are the coolest ideas you've seen for a spare room in your house/apartment?

@maccaw Feedly

What do you guys use to fill the void from Google Reader?

@gherget @levelsio Yeah, coworking is so hard for those of us who actually need to synchronously collaborate with our team here and there. I'm not a calls all day guy, but even just a few calls throughout the day make coworking a no-op for me (room booking, tiny phone booth)

@levelsio There is always one guy on a call. Tried many co-working spaces and the reason I left was mainly cause of this.

🙏 I beg you not to do calls in a cafe

@dr low-touch customers don't owe you an explanation, unfortunately. in the US, the FTC recently decided co's must provide a cancellation mechanism, "at least as easy to use as the method the customer used to buy the product or service in the first place." niemanlab.org/2021/11/the-en…

Not adding a cancel flow into your app is looked down upon. But I ask Cove users to email to cancel, and I get so much data from that. Each user explains the cancellation reason without me even prompting, and I therefore have an amazing picture of why people churn. 🤷🏻‍♂️

@AnTheMaker I've generally had success with SES or Gmail servers, unless the destination is a super restrictive corporate inbox.

Anyone is an expert in Email deliverability? Seems like some people receive my emails either in their spam folder or not at all if I send them from my company email address (only manual emails, no newsletters/transactional emails)... Any ideas on how to fix this? 😬

@davidu youtu.be/YvN5zYtxxXY this is also really fun to make

One of the saddest things ever is that Yank Sing in SF no longer sells their chili sauce. Having tried dozens off the shelf for years to replicate it, nothing comes close. Anyone know the story about why they stopped? Or an actual identical alternative?

@csallen have ya tried liquidti.me? it has pretty good visualizations; sometimes a little buggy since it's very new but worth it

@nycbabylon congrats on getting #beaumoji on #producthunt! i developed the site with color + information, could you add me as a maker? 🙏🏼