Liran Tal
@lirantal.com
🦄 Node.js Secure Coding: http://nodejs-security.com
🌟 @GitHub Star
🏅 @OpenJS Pathfinder award for Security
🥑 DevRel at @snyksec
🌟 @GitHub Star
🏅 @OpenJS Pathfinder award for Security
🥑 DevRel at @snyksec
What you're saying doesn't make sense. Caret means nothing when you just install a package fresh (you always get latest) and when you already installed then the version is now pinned using a lockfile.
Carets and other versioning schemes are only when you upgrade.
Semantics are important :-)
Carets and other versioning schemes are only when you upgrade.
Semantics are important :-)
November 28, 2025 at 6:52 PM
What you're saying doesn't make sense. Caret means nothing when you just install a package fresh (you always get latest) and when you already installed then the version is now pinned using a lockfile.
Carets and other versioning schemes are only when you upgrade.
Semantics are important :-)
Carets and other versioning schemes are only when you upgrade.
Semantics are important :-)
Good call outs. I'll take a look at adding them in next week. Thanks Jay ❤️
November 28, 2025 at 6:51 PM
Good call outs. I'll take a look at adding them in next week. Thanks Jay ❤️
probably detected you're an ultra slow reader
😆
😆
November 28, 2025 at 6:50 PM
probably detected you're an ultra slow reader
😆
😆
They do, it's called a lockfile :-)
November 28, 2025 at 6:49 PM
They do, it's called a lockfile :-)
So cool Keviv!
It's under Reports. If you're on the free plan it's not there, see here: docs.snyk.io/manage-risk/...
It's under Reports. If you're on the free plan it's not there, see here: docs.snyk.io/manage-risk/...
Available Snyk reports | Snyk User Docs
docs.snyk.io
November 27, 2025 at 1:15 PM
So cool Keviv!
It's under Reports. If you're on the free plan it's not there, see here: docs.snyk.io/manage-risk/...
It's under Reports. If you're on the free plan it's not there, see here: docs.snyk.io/manage-risk/...
there's a deep dive here: pnpm.io/supply-chain...
Mitigating supply chain attacks | pnpm
Sometimes npm packages are compromised and published with malware. Luckily, there are companies like [Socket], [Snyk], and [Aikido] that detect these compromised packages early. The npm registry usual...
pnpm.io
November 27, 2025 at 1:14 PM
there's a deep dive here: pnpm.io/supply-chain...
My point remains - if I'm using it in my app.js but my app is actually part of a framework, which actually already reads .env with its own dotenv, so effectively when the f/w reads "run op://..." then it would fail
November 26, 2025 at 11:38 PM
My point remains - if I'm using it in my app.js but my app is actually part of a framework, which actually already reads .env with its own dotenv, so effectively when the f/w reads "run op://..." then it would fail
you're absolutely right
but for real, of course, the only thing I remember in bash is if statements go inside square brackets. oh and the ; termination and the fi closing statement
and speaking as someone who wrote bash for a living, for real
but for real, of course, the only thing I remember in bash is if statements go inside square brackets. oh and the ; termination and the fi closing statement
and speaking as someone who wrote bash for a living, for real
November 26, 2025 at 11:37 PM
you're absolutely right
but for real, of course, the only thing I remember in bash is if statements go inside square brackets. oh and the ; termination and the fi closing statement
and speaking as someone who wrote bash for a living, for real
but for real, of course, the only thing I remember in bash is if statements go inside square brackets. oh and the ; termination and the fi closing statement
and speaking as someone who wrote bash for a living, for real