Anyone have old Mac minis they have sitting around and want to sell me?
October 21, 2025 at 3:00 AM
Anyone have old Mac minis they have sitting around and want to sell me?
Reposted by Bret Comnes
We’re system architects at core. We built a decentralized network so you could run your own moderation, but beyond that our upcoming healthy discourse project is taking some swings at the interaction model that drives these dynamics on Bluesky. Excited to start seeing it in action.
October 3, 2025 at 1:49 PM
We’re system architects at core. We built a decentralized network so you could run your own moderation, but beyond that our upcoming healthy discourse project is taking some swings at the interaction model that drives these dynamics on Bluesky. Excited to start seeing it in action.
Reposted by Bret Comnes
Recognition for Sarah! So deserved! @sarahgooding.bsky.social
October 16, 2025 at 2:50 PM
Recognition for Sarah! So deserved! @sarahgooding.bsky.social
Reposted by Bret Comnes
Maintainer compromises used to be rare. Now they’re happening at an alarming rate, as seen in recent attacks. Today we’re giving developers a new layer of defense with Socket Firewall, a free tool that blocks malicious dependencies at install time.
September 30, 2025 at 5:21 PM
Maintainer compromises used to be rare. Now they’re happening at an alarming rate, as seen in recent attacks. Today we’re giving developers a new layer of defense with Socket Firewall, a free tool that blocks malicious dependencies at install time.
Reposted by Bret Comnes
🚨 Open source supply chain attacks are exploding.
Starting today, that ends.
We’re releasing Socket Firewall — FREE, zero-config, CLI that blocks malware before it lands on your laptop or CI.
Just run:
npm i -g sfw
sfw npm install lodash
Works for: npm, yarn, pnpm, pip, uv, and cargo.
Starting today, that ends.
We’re releasing Socket Firewall — FREE, zero-config, CLI that blocks malware before it lands on your laptop or CI.
Just run:
npm i -g sfw
sfw npm install lodash
Works for: npm, yarn, pnpm, pip, uv, and cargo.
September 30, 2025 at 6:06 PM
🚨 Open source supply chain attacks are exploding.
Starting today, that ends.
We’re releasing Socket Firewall — FREE, zero-config, CLI that blocks malware before it lands on your laptop or CI.
Just run:
npm i -g sfw
sfw npm install lodash
Works for: npm, yarn, pnpm, pip, uv, and cargo.
Starting today, that ends.
We’re releasing Socket Firewall — FREE, zero-config, CLI that blocks malware before it lands on your laptop or CI.
Just run:
npm i -g sfw
sfw npm install lodash
Works for: npm, yarn, pnpm, pip, uv, and cargo.
Anyone know a good leader election library that either uses pg or redis on the backed? Basically, in a horizontally deployed service, I need one instance to do something unique, and something else to take over when it disappears.
September 24, 2025 at 10:14 PM
Anyone know a good leader election library that either uses pg or redis on the backed? Basically, in a horizontally deployed service, I need one instance to do something unique, and something else to take over when it disappears.
Gigantic OOOOOF on this one.
🚨 Supply chain attack on Nx npm packages (4.6M weekly downloads)
Malware abused AI CLI tools (Claude, Gemini, Q) to steal creds + wallets, then exfiltrated to GitHub repos (s1ngularity-repository*).
More than 1,000 victim accounts confirmed.
🔗 socket.dev/blog/nx-pack... #nodejs
Malware abused AI CLI tools (Claude, Gemini, Q) to steal creds + wallets, then exfiltrated to GitHub repos (s1ngularity-repository*).
More than 1,000 victim accounts confirmed.
🔗 socket.dev/blog/nx-pack... #nodejs
Nx npm Packages Compromised in Supply Chain Attack Leveragin...
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malwa...
socket.dev
August 28, 2025 at 1:51 AM
Gigantic OOOOOF on this one.
Reposted by Bret Comnes
Reminder that the major thing that made GitHub succeed over Google Code, Sourceforge etc is to be found in its initial tagline:
“Social coding”
GitHub added a social network on top of the code – highlighting the people rather than just the lines
Any successor to it needs to solve the social layer
“Social coding”
GitHub added a social network on top of the code – highlighting the people rather than just the lines
Any successor to it needs to solve the social layer
August 11, 2025 at 10:50 PM
Reminder that the major thing that made GitHub succeed over Google Code, Sourceforge etc is to be found in its initial tagline:
“Social coding”
GitHub added a social network on top of the code – highlighting the people rather than just the lines
Any successor to it needs to solve the social layer
“Social coding”
GitHub added a social network on top of the code – highlighting the people rather than just the lines
Any successor to it needs to solve the social layer
Didn't know @pfrazee.com was moonlighting at openai
August 7, 2025 at 6:24 PM
Didn't know @pfrazee.com was moonlighting at openai
Reposted by Bret Comnes
You can now view and edit your auth tokens in your account page. More auth token features like a CRUID ui and old token cleanup coming soon. Sorry for the slow pace of development lately, just trying to get core features implemented correctly.
July 28, 2025 at 5:16 AM
You can now view and edit your auth tokens in your account page. More auth token features like a CRUID ui and old token cleanup coming soon. Sorry for the slow pace of development lately, just trying to get core features implemented correctly.
Reposted by Bret Comnes
Y'all don't sleep on ls-mcp
It's a quick access CLI to detect and list all MCP servers across your AI tools stack
It's a quick access CLI to detect and list all MCP servers across your AI tools stack
July 22, 2025 at 7:27 PM
Y'all don't sleep on ls-mcp
It's a quick access CLI to detect and list all MCP servers across your AI tools stack
It's a quick access CLI to detect and list all MCP servers across your AI tools stack
Is there such a thing as a userQueryState hook? Basically use state but reactive in and out of the query string.
June 14, 2025 at 4:09 PM
Is there such a thing as a userQueryState hook? Basically use state but reactive in and out of the query string.
Reposted by Bret Comnes
deploy-to-neocities helping deploy 1k personal websites! Glad to see it!
May 27, 2025 at 7:46 PM
deploy-to-neocities helping deploy 1k personal websites! Glad to see it!
Is there any good domain registrar left? (Independently run, well made, decent prices?) seems iwantmyname sold out recently.
May 25, 2025 at 7:02 PM
Is there any good domain registrar left? (Independently run, well made, decent prices?) seems iwantmyname sold out recently.
I think it may finally be time to drop .io domains. These stupid things cost $100/yr!
May 22, 2025 at 8:02 PM
I think it may finally be time to drop .io domains. These stupid things cost $100/yr!
This is just going to get worse with AI, when people finally realize the only things these create are derivative ripoffs of original work. Goes for code too!
i don't have the resources nor the energy to spare to pursue this legally but i have lost count of the number of times a major company has deemed it easier to pay a designer to imitate or steal my work than to write me an email.
May 19, 2025 at 11:12 PM
This is just going to get worse with AI, when people finally realize the only things these create are derivative ripoffs of original work. Goes for code too!
Looking for prior art: dissecting GitHub repos into sub-projects, specifically in monorepos.
May 15, 2025 at 4:07 AM
Looking for prior art: dissecting GitHub repos into sub-projects, specifically in monorepos.
You can just build a Steam Machine
I built a Steam Machine and so can you!
bret.io
May 9, 2025 at 3:44 AM
Technology is a fractal for which we are stuck in an ever narrowing corridor
May 2, 2025 at 4:30 AM
Technology is a fractal for which we are stuck in an ever narrowing corridor
Reposted by Bret Comnes
Why we built a new Kafka client for Node.js
The Node.js world needs better tools.
Here’s what you need to know:
Apache Kafka is vital for real-time data. It powers many businesses, especially in Fintech and Media.
These fields see heavy data usage and need reliable solutions.
The Node.js world needs better tools.
Here’s what you need to know:
Apache Kafka is vital for real-time data. It powers many businesses, especially in Fintech and Media.
These fields see heavy data usage and need reliable solutions.
April 30, 2025 at 3:18 PM
Why we built a new Kafka client for Node.js
The Node.js world needs better tools.
Here’s what you need to know:
Apache Kafka is vital for real-time data. It powers many businesses, especially in Fintech and Media.
These fields see heavy data usage and need reliable solutions.
The Node.js world needs better tools.
Here’s what you need to know:
Apache Kafka is vital for real-time data. It powers many businesses, especially in Fintech and Media.
These fields see heavy data usage and need reliable solutions.
Anyone recommend a good image viewer component?
Doesn't need to be react
Doesn't need to be react
April 29, 2025 at 4:22 AM
Anyone recommend a good image viewer component?
Doesn't need to be react
Doesn't need to be react
goversion/v2 is out.
Turns out maybe people were right: major versioning in go is a super big headache.
Not only do you have to update the go.mod file, but also every self reference in every .go file. AND pkg.go.dev and docs.
goversion updates go.mod and .go now too
github.com/bcomnes/gove...
Turns out maybe people were right: major versioning in go is a super big headache.
Not only do you have to update the go.mod file, but also every self reference in every .go file. AND pkg.go.dev and docs.
goversion updates go.mod and .go now too
github.com/bcomnes/gove...
April 27, 2025 at 3:46 AM
goversion/v2 is out.
Turns out maybe people were right: major versioning in go is a super big headache.
Not only do you have to update the go.mod file, but also every self reference in every .go file. AND pkg.go.dev and docs.
goversion updates go.mod and .go now too
github.com/bcomnes/gove...
Turns out maybe people were right: major versioning in go is a super big headache.
Not only do you have to update the go.mod file, but also every self reference in every .go file. AND pkg.go.dev and docs.
goversion updates go.mod and .go now too
github.com/bcomnes/gove...