/u/OtherwisePush6424
Author ProfileClaim This Author Profile
Prove ownership by publishing #HashtagPLUS and this profile link on your author page or an article under your byline. A moderator or admin will review the request before it merges into your real HashtagPLUS username.
π reddit.comSource
What makes an open source npm package trustworthy beyond stars and download counts: provenance attestation, OIDC publishing, changelog quality, security policy, and how past vulnerabilities were handled. submitted by /u/OtherwisePush6424 [link] [comments]
π reddit.comSource
Provenance attestation, OIDC trusted publishing, install script risk, SHA-pinned CI actions, and slopsquatting (where LLMs hallucinate package names and attackers pre-register them). Includes a tiered checklist separating security-critical signals from operational maturity signal
π reddit.comSource
A practical 5-10 minute checklist for vetting npm dependencies before adding them to production. It focuses on provenance attestations, install scripts, CI quality signals, maintainer responsiveness, and security handling. submitted by /u/OtherwisePush6424 [link] [com
π reddit.comSource
Checklist for evaluating third-party npm packages before install submitted by /u/OtherwisePush6424 [link] [comments]
π reddit.comSource
A writeup on probabilistic databases: systems that deliberately trade a small, bounded error for dramatic gains in speed and memory efficiency. The interesting part is the underlying CS: HyperLogLog estimates cardinality of billions of elements with ~1% error using a few KB of me