Popular Tinycolor npm Package Compromised in Supply Chain Attack Affecting 40+ Packages
https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages
Compromised Packages and Versions
The following npm packages and versions have been confirmed as affected:
Malicious update to @ctrl/tinycolor on npm is part of a supply-chain attack hitting 40+ packages across maintainers
https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages
Compromised Packages and Versions
The following npm packages and versions have been confirmed as affected:
angulartics2@14.1.2
@ctrl/deluge@7.2.2
@ctrl/golang-template@1.4.3
@ctrl/magnet-link@4.0.4
@ctrl/ngx-codemirror@7.0.2
@ctrl/ngx-csv@6.0.2
@ctrl/ngx-emoji-mart@9.2.2
@ctrl/ngx-rightclick@4.0.2
@ctrl/qbittorrent@9.7.2
@ctrl/react-adsense@2.0.2
@ctrl/shared-torrent@6.3.2
@ctrl/tinycolor@4.1.1, @4.1.2
@ctrl/torrent-file@4.1.2
@ctrl/transmission@7.3.1
@ctrl/ts-base32@4.0.2
encounter-playground@0.0.5
json-rules-engine-simplified@0.2.4, 0.2.1
koa2-swagger-ui@5.11.2, 5.11.1
@nativenoscript-community/gesturehandler@2.0.35
@nativenoscript-community/sentry 4.6.43
@nativenoscript-community/text@1.6.13
@nativenoscript-community/ui-collectionview@6.0.6
@nativenoscript-community/ui-drawer@0.1.30
@nativenoscript-community/ui-image@4.5.6
@nativenoscript-community/ui-material-bottomsheet@7.2.72
@nativenoscript-community/ui-material-core@7.2.76
@nativenoscript-community/ui-material-core-tabs@7.2.76
ngx-color@10.0.2
ngx-toastr@19.0.2
ngx-trend@8.0.1
react-complaint-image@0.0.35
react-jsonschema-form-conditionals@0.3.21
react-jsonschema-form-extras@1.0.4
rxnt-authentication@0.0.6
rxnt-healthchecks-nestjs@1.0.5
rxnt-kue@1.0.7
swc-plugin-component-annotate@1.9.2
ts-gaussian@3.0.6
Socket
Popular Tinycolor npm Package Compromised in Supply Chain At...
Malicious update to @ctrl/tinycolor on npm is part of a supply-chain attack hitting 40+ packages across maintainers
‼️ Ongoing Supply Chain Attack Targets CrowdStrike npm Packages ‼️
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Halud" supply chain attack that previously hit Tinycolor and 40+ other packages.
https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages
#security
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Halud" supply chain attack that previously hit Tinycolor and 40+ other packages.
https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages
#security
Socket
Updated and Ongoing Supply Chain Attack Targets CrowdStrike ...
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packag...
🤬1
https://youtrack.jetbrains.com/articles/WEB-A-233538660/WebStorm-2025.2.2-252.26199.162-build-Release-Notes?utm_source=product&utm_medium=link&utm_campaign=TBA
hope this release can fix freeeeezim my webstorm on new macos.... rrrr....
UPDATE:
it's work! ) ❤️
hope this release can fix freeeeezim my webstorm on new macos.... rrrr....
UPDATE:
it's work! ) ❤️
Top 10 Mistakes Angular Developers Make (and How to Avoid Them)
Is it relevant on 2025?! YES!!!
Please don't skip "best practices" and add this into your style/code-guidelines!
1. Keeping Too Much Logic in Components
2. Ignoring Change Detection Strategy
3. Overusing Input() and Output()
4. Not Unsubscribing from Observables
5. Mixing Template Logic with HTML
6. Not Using Lazy Loading for Modules
7. Ignoring Angular CLI and Schematics
8. Neglecting Error Handling in HTTP Calls
9. Not Using TrackBy in ngFor
10. Skipping Testing
Is it relevant on 2025?! YES!!!
Please don't skip "best practices" and add this into your style/code-guidelines!
❤2