2025-11-15 00:21:05
It’s been more than 1 month now and I learned so many new things.....
at starting I didn’t know why React was even made or what problem it really solved. But when I started learning, I understood it’s not just a library, it’s a full system that makes big complex ui easy to manage. It helps to update parts of page fast without reloading whole page.
When I understood how react’s virtual dom works and how rendering happens, I was like okay now I get why big companies use it. Then I learned about components, props, and state — how data move between them and how React manages everything.
after that I learned about routing, useEffect....
Then I came to redux.. At first it looked confusing, but later I understood why it’s used. When your app becomes big, it’s hard to manage state in many components. redux helps to keep all data in one place, so any part of the app can use it easily. It makes state management simple when the project grows...
While learning i understand how code flow works, how to write cleaner structure, and how to think while building a feature.
I also explored packages like React Hook Form for forms, learned better ways to handle state, how to keep code neat, and how bundlers like Vite make project faster. Even with Tailwind, I learned how to use it in a more proper and professional way.
This one month was not just learning React, but really understanding how it works and why it’s so powerful....
2025-11-15 00:11:04
npm i-ing Blind: Catch Malicious Packages Before They Hit Production
Most developers assume their dependencies are “safe enough.” Run npm audit, fix a few warnings, ship the code, move on.
That mindset is exactly why malware keeps slipping into the npm ecosystem.
Billions have been stolen through malicious npm packages: crypto drainers hidden in postinstall scripts, env-var stealers that exfiltrate API keys, compromised maintainers shipping backdoored updates, and typosquats designed to look like popular libraries. None of this shows up in npm audit because these aren’t vulnerabilities. They’re active malware.
Tools like npm audit, Snyk, and Dependabot match your dependencies against a CVE database. That works for old, disclosed vulnerabilities — but it does nothing against:
Attackers know this. They publish malware specifically because they won’t get caught by CVE-based scanners.
If you install packages blindly, you’re effectively running strangers’ shell scripts inside your CI, dev machine, and production server.
You can’t rely on “stars,” download count, or “it’s popular” as a safety signal. The real indicators are in behavior:
process.env and sending secrets to a remote serverThis is the stuff that drains money, steals credentials, compromises CI tokens, and gives attackers remote access.
I got tired of hoping traditional tools would catch things they were never designed to detect. So I built NPMScan — a simple behavior-based scanner focused specifically on malicious packages, not CVEs.
It tracks known malicious packages in real time and flags patterns like:
child_process usageYou can either search a single package or paste your entire package.json to get a full dependency-tree analysis.
The point is to get a yes/no sanity check before a new dependency ever touches your codebase.
This is the exact process I use now:
I search it on npmscan.com.
If it’s flagged for malware-like behavior, it’s gone. No discussion.
I paste my package.json into NPMScan’s Analyze page.
It quickly shows which dependencies or sub-dependencies are risky.
No tool is magic, but this combination catches 90% of what actually matters in the real world.
If you’re shipping Node.js/TypeScript code, stop installing dependencies blind.
Scan the packages you rely on before they hit production.
Run a check on your current project and see if anything weird shows up:
https://npmscan.com
If it flags something unexpected — or if you want CI integration, GitHub Actions, or VS Code plugins — tell me. I’m actively building the next features based on real developer workflows.
2025-11-15 00:07:28
JavaScript is a programming language used to make web pages interactive.
HTML builds the content, CSS designs it, and JavaScript brings it to life.
If a website reacts, moves, shows messages, validates forms, or updates without reloading, that’s JavaScript doing the work.
Example:
Html:
<p id="msg">Original Text</p>
<button onclick="changeText()">Change</button>
JavaScript:
function changeText() {
document.getElementById("msg").innerText = "Text changed!";
}
Advantages:
- Runs Directly in the Browser
No installation, no setup. Every browser already supports JavaScript.
- Makes Websites Interactive
Animations, form validation, sliders, popups, menus — all powered by JS.
- Fast Execution
Runs immediately in the user’s browser, so no waiting for server responses for every small action.
- Huge Ecosystem
React, Vue, Angular, Node.js — JavaScript has massive libraries and frameworks for building anything.
- Works on Both Frontend and Backend
With Node.js, you can build servers, APIs, and full apps using just JavaScript.
2025-11-15 00:02:19
Bill Simmons, Sean Fennessey, and Van Lathan slap on their detective hats to rewatch Brian De Palma’s 1998 thriller Snake Eyes, dissecting Nic Cage’s over-the-top heroics, Gary Sinise’s corrupt cop swagger, and Carla Gugino’s standout charm—earnest banter guaranteed, crowned “kings of the sewer.”
Produced by Craig Horlbeck, Chia Hao Tat, and Eduardo Ocampo, this episode is sponsored by PayPal’s holiday Pay in 4 deal (5% cash back through 12/31). Subscribe to The Ringer on YouTube and your favorite podcast app to keep the movie party rolling.
Watch on YouTube
2025-11-15 00:01:58
Sean Fennessey and Amanda Dobbins team up with Van Lathan to commiserate over the surprisingly bland fall lineup, wondering why both critics and audiences seem to be giving everything the cold shoulder this season. They kick things off by dissecting Edgar Wright’s new Glen Powell thriller, The Running Man—a movie they admit is a bit of a narrative mess but can’t deny boasts some seriously slick action set pieces.
Then it’s on to Now You See Me: Now You Don’t, where Jesse Eisenberg and Dave Franco return for more heists, and Rosamund Pike steals the show as an evil diamond heiress. The crew weighs in on the film’s legacy-sequel charms and whether it can still turn a profit. Finally, Wright himself drops by to spill the tea on crafting blockbuster action sequences, the casting saga that landed Powell in the lead, and what the future holds for big-studio filmmaking.
Watch on YouTube
2025-11-15 00:01:45
Everything Wrong With Jurassic World Rebirth In 17 Minutes Or Less takes the usual CinemaSins approach, poking fun at the never-ending dino-resurrections and on-screen blunders in record time. Along the way, they remind viewers to check out their main site, hit up their Linktree for the latest updates, weigh in on a quick poll, and consider supporting the channel on Patreon.
Behind the scenes, the video credits a team of writers (Jeremy, Chris, Aaron, Jonathan, Deneé, Ian and Daniel) complete with social links. Fans are also invited to join the action on Discord, Reddit, Instagram and TikTok—or even pick up Jeremy’s new book.
Watch on YouTube