 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
A denial of service attack happened briefly after three attackers flooded the npm open source package repository for Node.js with bogus packets, according to Hacker News.
The attackers created malicious websites and published empty packets with links to the websites, “taking advantage of open source ecosystems’ good reputation on search engines,” Checkmarx’s Jossef Harush Kadouri said in a blog post about the attacks.
“The attacks caused a denial-of-service (DoS) that made npm unstable with sporadic ‘Service Unavailable’ errors,” he noted. “The campaigns included a malware infection campaign, a referral scam campaign linked to AliExpress, and a crypto scam campaign targeting Russian users on Telegram.”
The npm is a package manager for JavaScript maintained by npm, Inc. and is also the default package manager for the Node.js.
This was the worst month for attacks on the open source ecosystems in the past year, but March was by far the worst one we’ve seen yet, Kadouri said.
“Typically, the number of package versions released on npm is approximately 800,000,” Kadouri said. “However, in the previous month, the figure exceeded 1.4 million due to the high volume of spam campaigns.”
This week, htmx released version 1.9.0, which includes support for view transitions and bug fixes, as well as a website migration off 11ty to static site engine Zola.
Htmx is relatively new HTML extension framework designed to simplify web development and shift it away from the single-page application approach. It’s “JavaScript library for “performing AJAX requests, triggering CSS transitions, and invoking WebSocket and server-sent events directly from HTML elements,” according to a 2021 LogRocket blog post. Essentially, htmx lets developers build modern user interfaces with simple markup.
The site underwent a migration to static site engine zola off 11ty, which this announcement noted cut “way down” on the number of development JavaScript dependencies. Besides the site switch and a fixed memory leak, new features include:
The Python Foundation is worried that two proposed European Union acts could create risks for open source software.
The foundation stated that while it agrees with the stated goals of the policies of increased security and accountability for European software consumers, it fears the overly broad policies in the Cyber Resilience Act and Product Liability Act “will unintentionally harm the users they are intended to protect.”
“Many modern software companies rely on open source software from public repositories without notifying the author, and certainly without entering into any kind of commercial or contractual relationship with them,” wrote Deb Nicholson, executive director of the Python Foundation. “If the proposed law is enforced as currently written, the authors of open source components might bear legal and financial responsibility for the way their components are applied in someone else’s commercial product.”
Under the current language, the foundation could be potentially liable for any product that includes Python code without have received any monetary gain from these products. That risk of potential costs would make it “impossible in practice for us to continue to provide Python and the Python Package Index to the European public,” she wrote.
She noted that the existing language does not differentiate between independent authors who have never been paid for the supply of software, and big corporations that sell products for end-users.
“We believe that increased liability should be carefully assigned to the entity that has entered into an agreement with the consumer,” Nicholson added.
The Eclipse Foundation and NLnet Labs also have voiced concerns about how these policies could affect global open source projects, she said.
The Flutter team released its roadmap for 2023 this month. Tim Sneath wrote about the news on Medium. Sneath is a project manager and UX director for developer frameworks and languages at Google. That includes overseeing Flutter, which is an open source portable UI framework that gives developers the ability to build apps for any platform from a single codebase.
Flutter builds on Dart, a multiplatform language that enables “cornerstone Flutter features that include stateful hot reload; fast, iterative compilation to native and web; and a thriving package ecosystem,” the documentation states.
The document notes that over the coming years, the framework faces a number of challenges, including migrating the ecosystem to null safety without fragmentation and binding an ecosystem that is self-sustaining.
Still, Sneath writes that the platform has a competitive edge in that it has long focused on developer experience as a fundamental value.
The 2023 investments will focus on six “sub-areas” of developer experience:
Google eventually plans for Flutter to work with Wasm.
