feross

Tues Sep 1, 2009 4:56am PST

Karma:

47453

about

Founder & CEO, Socket <https://socket.dev> – Socket makes a developer-first security platform that prevents vulnerable and malicious open source dependencies from infiltrating your software supply chain.

Stanford visiting lecturer, CS 253 Web Security <https://cs253.stanford.edu> – Principles of web security, attacks and countermeasures, and more...

Open source maintainer – 100+ open source packages on npm, including WebTorrent <https://webtorrent.io>, StandardJS <https://standardjs.com>, BitMidi <https://bitmidi.com>, simple-peer <https://github.com/feross/simple-peer>, and more <https://socket.dev/npm/user/feross>.

You can reach me at {my username}@feross.org, or find out more on my website: https://feross.org/resume

[ my public key: https://keybase.io/feross; my proof: https://keybase.io/feross/sigs/gO6pVIJ1DXdy9Y21yil6nlyk_by5BE_GaaWOOQJ5PvQ ]

submitted

Thurs Sep 18, 2025 2:33pm PST

Meta Ray-Ban Display, Why Less Is More, Price and the Neural Band

Thurs Sep 18, 2025 2:17pm PST

Ed Stack: Lessons from Dick's Sporting Goods

Wed Sep 17, 2025 7:31pm PST

Identifying and Preventing Fraudulent Engineering Candidates: An Investigation

Mon Sep 15, 2025 11:29pm PST

Active NPM supply chain attack: Tinycolor and 40 Packages Compromised

Thurs Sep 11, 2025 7:16pm PST

An Interview with Dan Kim About Intel, Nvidia, and the U.S. Government

Thurs Sep 11, 2025 6:46pm PST

Lulu Cheng Meservey: How to Build a Cult

Thurs Sep 11, 2025 6:31pm PST

Book Review: If Anyone Builds It, Everyone Dies

Thurs Sep 11, 2025 6:00pm PST

Rust Support Now in Beta

Wed Sep 10, 2025 5:31pm PST

Feross on Risky Business Weekly Podcast: NPM's Ongoing Supply Chain Attacks

Wed Sep 10, 2025 12:01pm PST

Wed Sep 10, 2025 10:47am PST

iPhones 17 and the Sugar Water Trap

Tues Sep 9, 2025 8:01pm PST

Tier 1 Reachability: Precision CVE Triage for Enterprise Teams

Tues Sep 9, 2025 4:15pm PST

DuckDB NPM Account Compromised in Continuing Supply Chain Attack

Fri Sep 5, 2025 9:16pm PST

Malicious NPM Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet

Fri Sep 5, 2025 3:32pm PST

Rv Is a New Rust-Powered Ruby Version Manager Inspired by Python's Uv

Fri Sep 5, 2025 12:16pm PST

Review: Participation in Phase I Clinical Pharmaceutical Research

Thurs Sep 4, 2025 3:46pm PST

Stop Burning Money on Performance Firefighting

Thurs Sep 4, 2025 10:01am PST

An Interview with Cloudflare Founder and CEO Matthew Prince About Internet

Thurs Sep 4, 2025 7:01am PST

Links for September 2025

Wed Sep 3, 2025 10:33pm PST

Release Notes for Safari Technology Preview 227

Wed Sep 3, 2025 8:17pm PST

Nx Investigation Reveals GitHub Actions Workflow Exploit Led to NPM Token Theft

Wed Sep 3, 2025 6:47pm PST

Sports Team Owners Like to Win

Wed Sep 3, 2025 4:18pm PST

Tues Sep 2, 2025 5:01pm PST

Next-Generation Flamegraph Visualization for Node.js

Tues Sep 2, 2025 3:02pm PST

Made by Google 2025, AI Trade-Offs, Google and the Long-Term

Mon Sep 1, 2025 9:03pm PST

Fri Aug 29, 2025 8:02pm PST

Wallet-Draining NPM Package Impersonates Nodemailer to Hijack Crypto

Thurs Aug 28, 2025 5:46pm PST

Benedict Evans: Why AI Isn't What You Think

Thurs Aug 28, 2025 5:32pm PST

The Economics of Envy

Wed Aug 27, 2025 6:19pm PST

VS Code Dev Days – Join an event near you to learn about AI-assisted development

Wed Aug 27, 2025 6:02pm PST

Nx NPM Packages Compromised in Supply Chain Attack Weaponizing AI CLI Tools

Tues Aug 26, 2025 6:16pm PST

Biotech Dividend Arrived Early

Thurs Aug 21, 2025 5:32pm PST

Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials Via

Thurs Aug 21, 2025 5:02pm PST

John Bragg: The Unknown Billionaire Who Controls Half The

Thurs Aug 21, 2025 1:03am PST

Release Notes for Safari Technology Preview 226

Wed Aug 20, 2025 11:02pm PST

Rspack Introduces Rslint, a TypeScript-First Linter Written in Go

Mon Aug 18, 2025 10:16pm PST

Oxlint Introduces Type-Aware Linting Preview

Sat Aug 16, 2025 2:16am PST

New Website "Is It FOSS?" Tracks Transparency in Open Source Distribution

Fri Aug 15, 2025 1:01pm PST

Review: Dating Men in the Bay Area

Fri Aug 15, 2025 10:17am PST

2025.33: Meta and the Benefit of the Doubt

Thurs Aug 14, 2025 3:02pm PST

In Defense of the Amyloid Hypothesis

Thurs Aug 14, 2025 2:46pm PST

Facebook Is Dead; Long Live Meta

Thurs Aug 14, 2025 4:02am PST

Astral Launches Pyx: A Python-Native Package Registry

Wed Aug 13, 2025 6:02pm PST

Static vs. Runtime Reachability: Insights from Latio's on the Record Podcast

Wed Aug 13, 2025 3:15am PST

Dictator Book Club: Mussolini on Fascism

Tues Aug 12, 2025 10:18pm PST

A gentle introduction to anchor positioning

Tues Aug 12, 2025 8:47pm PST

Opengrep Adds Apex Support and New Rule Controls in Latest Updates

Tues Aug 12, 2025 4:00pm PST

Dicing an onion, the mathematically optimal way

Tues Aug 12, 2025 11:17am PST

Highlights from the Comments on Liberalism and Communities

Tues Aug 12, 2025 10:02am PST

China AI Chips, a China Chip Control Framework, Whither HBM

Wed Aug 6, 2025 4:06pm PST

TC39 Advances 11 Proposals for Math Precision, Binary APIs, and More

Thurs Jul 31, 2025 10:32pm PST

Suddenly, Trait-Based Embryo Selection

Thurs Jul 31, 2025 6:02pm PST

You Can Insider Trade NFTs Now

Thurs Jul 31, 2025 5:17pm PST

Rust Support in Socket

Thurs Jul 31, 2025 12:02am PST

My Heart of Hearts

Wed Jul 30, 2025 11:47pm PST

Ryan Petersen: Building the Hidden Engine of Global Trade

Wed Jul 30, 2025 8:01pm PST

Precomputed Reachability Analysis in Socket

Wed Jul 30, 2025 11:46am PST

Figma S-1, the Figma OS, Figma's AI Potential

Wed Jul 30, 2025 8:47am PST

Happy 20th Birthday MDN

Wed Jul 30, 2025 2:45am PST

Socket Now Protects the Chrome Extension Ecosystem

Tues Jul 29, 2025 8:32pm PST

Socket MCP for Claude Desktop

Tues Jul 29, 2025 12:32pm PST

Tesla and Samsung, Customer Service and Intel, the U.S. Semi Supply Chain

Thurs Jul 24, 2025 12:47am PST

Katharine Graham: The Washington Post

Wed Jul 23, 2025 9:17pm PST

Release Notes for Safari Technology Preview 224

Wed Jul 23, 2025 9:01pm PST

Toptal's GitHub Organization Hijacked: 10 Malicious Packages Published

Wed Jul 23, 2025 6:31pm PST

Meme Stocks Are Back

Wed Jul 23, 2025 3:47pm PST

Surveillance Malware Hidden in NPM and PyPI Packages Targets Developers With

Tues Jul 22, 2025 9:01pm PST

NPM 'Is' Package Hijacked in Expanding Supply Chain Attack

Tues Jul 22, 2025 4:02pm PST

June 2025 Baseline monthly digest

Tues Jul 22, 2025 3:47pm PST

Netflix Earnings, Apple and F1

Tues Jul 22, 2025 3:32pm PST

Daniel Kahneman: Algorithms Make Better Decisions Than You [the Knowledge

Tues Jul 22, 2025 2:46am PST

Bun 1.2.19 Adds Isolated Installs for Better Monorepo Support

Tues Jul 22, 2025 2:40am PST

Apparent Security Incident at Toptal

Mon Jul 21, 2025 6:16pm PST

Private Research Is the New Public Research

Mon Jul 21, 2025 6:01pm PST

Press Any Key for Bay Area House Party

Sat Jul 19, 2025 5:30pm PST

Prettier NPM Packages Compromised in Supply Chain Attack

Sat Jul 19, 2025 1:01am PST

Active Supply Chain Attack: NPM Phishing Campaign Leads to Prettier Tooling

Fri Jul 18, 2025 8:16pm PST

NPM Phishing Email Targets Developers with Typosquatted Domain

Fri Jul 18, 2025 6:04pm PST

Knip Hits 500 Releases with v5.62.0, Improving TypeScript Config Detection and

Fri Jul 18, 2025 4:46pm PST

2025.29: What It Takes to Change the Web

Fri Jul 18, 2025 4:02pm PST

Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai

Fri Jul 18, 2025 3:47pm PST

Review: Islamic Geometric Patterns in the Metropolitan Museum of Art

Thurs Jul 17, 2025 10:01pm PST

Open Source Maintainers Feeling the Weight of the EU's Cyber Resilience Act

Thurs Jul 17, 2025 7:34pm PST

Command GitHub's Coding Agent from VS Code

Thurs Jul 17, 2025 4:31pm PST

Daniel Kahneman: Algorithms Make Better Decisions Than You [the Knowledge

Wed Jul 16, 2025 10:01pm PST

Crates.io Implements Trusted Publishing Support

Wed Jul 16, 2025 1:32pm PST

Cloudflare's Content Independence Day, Google's Advantage, Monetizing AI

Wed Jul 16, 2025 1:31am PST

Tracking Protestware Spread: 28 NPM Packages Affected by Payload Targeting

Tues Jul 15, 2025 1:01pm PST

Book Review: Arguments About Aborigines

Tues Jul 15, 2025 10:02am PST

Cognition Buys Windsurf, Nvidia Can Sell to China, Grok 4 and Kimi