Sign up to save your podcasts
Or
Share npm’s Biggest Supply Chain Attack (and What We Learned)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
npm’s Biggest Supply Chain Attack (and What We Learned)
Just 5 months ago we covered how Storybook 9 was in beta, and already Storybook 10 is in beta. The biggest change is that Storybook is going all in on ESM and dropping CJS support, which is making for some big performance gains and smaller bundle sizes.
This past week, npm suffered the largest supply chain attack in its history when a prolific OSS maintainer got phished. Luckily, the attack was noticed and reported within the hour and it looks like the hackers got next to nothing for their efforts, but it serves as another reminder to be extra careful before clicking links in emails.
In the same security vein, browser company Brave uncovered a security vulnerability in AI-browser Comet where malicious instructions on a web page could cause the agent to “go rogue” while it was being asked to summarize a page’s contents. Perplexity has since added more guardrails to try and mitigate this sort of thing, but be cognizant of the data and site access you’re giving to AI agents.
Timestamps:
- 1:12 - Storybook 10
- 7:53 - npm’s supply chain attack
- 17:24 - Brave discloses a security vulnerability in Comet
- 26:38 - You’re absolutely right!
- 35:26 - What’s making us happy
Links:
- Paige - Storybook 10 beta and Storybook 9 features
- Jack - npm just suffered the largest supply chain attack in its history
- TJ - Brave discloses a security vulnerability in Comet
- Someone made a customizable website to count how many times Claude Code says “You’re absolutely right!” in a day
- Paige - Silicon Valley TV show
- Jack - Shokz OpenComm2 bone conduction headphones
- TJ - macOS text message forwarding
Thanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.
- Front-end Fire website
- Blue Collar Coder on YouTube
- Blue Collar Coder on Discord
- Reach out via email
- Tweet at us on X @front_end_fire
- Follow us on Bluesky @front-end-fire.com
- Subscribe to our YouTube channel @Front-EndFirePodcast
View all episodes
By TJ VanToll, Paige Niedringhaus, Jack Herrington
4.5
1111 ratings
Just 5 months ago we covered how Storybook 9 was in beta, and already Storybook 10 is in beta. The biggest change is that Storybook is going all in on ESM and dropping CJS support, which is making for some big performance gains and smaller bundle sizes.
This past week, npm suffered the largest supply chain attack in its history when a prolific OSS maintainer got phished. Luckily, the attack was noticed and reported within the hour and it looks like the hackers got next to nothing for their efforts, but it serves as another reminder to be extra careful before clicking links in emails.
In the same security vein, browser company Brave uncovered a security vulnerability in AI-browser Comet where malicious instructions on a web page could cause the agent to “go rogue” while it was being asked to summarize a page’s contents. Perplexity has since added more guardrails to try and mitigate this sort of thing, but be cognizant of the data and site access you’re giving to AI agents.
Timestamps:
- 1:12 - Storybook 10
- 7:53 - npm’s supply chain attack
- 17:24 - Brave discloses a security vulnerability in Comet
- 26:38 - You’re absolutely right!
- 35:26 - What’s making us happy
Links:
- Paige - Storybook 10 beta and Storybook 9 features
- Jack - npm just suffered the largest supply chain attack in its history
- TJ - Brave discloses a security vulnerability in Comet
- Someone made a customizable website to count how many times Claude Code says “You’re absolutely right!” in a day
- Paige - Silicon Valley TV show
- Jack - Shokz OpenComm2 bone conduction headphones
- TJ - macOS text message forwarding
Thanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.
- Front-end Fire website
- Blue Collar Coder on YouTube
- Blue Collar Coder on Discord
- Reach out via email
- Tweet at us on X @front_end_fire
- Follow us on Bluesky @front-end-fire.com
- Subscribe to our YouTube channel @Front-EndFirePodcast
More shows like Front-End Fire
View all
The Changelog: Software Development, Open Source
288 Listeners
The a16z Show
1,099 Listeners
ShopTalk
501 Listeners
Software Engineering Daily
624 Listeners
JavaScript Jabber
62 Listeners
Syntax - Tasty Web Development Treats
990 Listeners
The Diary Of A CEO with Steven Bartlett
8,852 Listeners
Practical AI
212 Listeners
All-In with Chamath, Jason, Sacks & Friedberg
10,224 Listeners
Hard Fork
5,546 Listeners
PodRocket
60 Listeners
devtools.fm: Developer Tools, Open Source, Software Development
25 Listeners
The Startup Ideas Podcast
212 Listeners
Latent Space: The AI Engineer Podcast
98 Listeners
This Day in AI Podcast
229 Listeners