Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
LinkedIn

How to log out a user from all browser tabs and synchronize your frontend application between different tabs

A real-world scenario: the same user opens your app in several tabs. In one tab they perform a major action — for example, they log out. The other tabs remain unaware and allow the user (or someone ...
note

They say Supabase is better than Firebase

I mentioned in my recent article that I started learning TypeScript, but this time I would like to explain Supabase, a BaaS for backend servers. I've been using it since a teammate from a recent app ...
GitHub

A lightweight, zero-dependency web component framework for building modular web applications.

"I designed this framework to empower developers with the ability to componentize their code efficiently and effectively, without the need for a full-scale framework. By focusing on simplicity and ...
GitHub

JSO – OAuth 2.0 Client with Javascript

JSO is a simple and flexible OAuth javascript library to use in your web application or native mobile app. JSO is provided by UNINETT AS, a non-profit company working for educational and research ...