feross

Tues Sep 1, 2009 4:56am PST

Karma:

46574

about

Founder & CEO, Socket <https://socket.dev> – Socket makes a developer-first security platform that prevents vulnerable and malicious open source dependencies from infiltrating your software supply chain.

Stanford visiting lecturer, CS 253 Web Security <https://cs253.stanford.edu> – Principles of web security, attacks and countermeasures, and more...

Open source maintainer – 100+ open source packages on npm, including WebTorrent <https://webtorrent.io>, StandardJS <https://standardjs.com>, BitMidi <https://bitmidi.com>, simple-peer <https://github.com/feross/simple-peer>, and more <https://socket.dev/npm/user/feross>.

You can reach me at {my username}@feross.org, or find out more on my website: https://feross.org/resume

[ my public key: https://keybase.io/feross; my proof: https://keybase.io/feross/sigs/gO6pVIJ1DXdy9Y21yil6nlyk_by5BE_GaaWOOQJ5PvQ ]

submitted

Fri Feb 21, 2025 11:15pm PST

Highlights from the Comments on Tegmark's Mathematical Universe

Fri Feb 21, 2025 6:47pm PST

Interop 2025: another year of web platform improvements

Fri Feb 21, 2025 3:01am PST

The Shape of a Mars Mission

Thurs Feb 20, 2025 10:31pm PST

TC39 advances proposals for RegExp Escaping, Float16Array, Redeclarable vars

Thurs Feb 20, 2025 4:31pm PST

An Interview with Manna Founder and CEO Bobby Healy About Drone Delivery

Thurs Feb 20, 2025 4:16pm PST

Lives of the Rationalist Saints

Thurs Feb 20, 2025 4:01pm PST

Deno 2.2 Improves Dependency Management and Expands Node.js Compatibility

Wed Feb 19, 2025 11:32pm PST

How to prove false statements? (Part 3)

Wed Feb 19, 2025 7:17pm PST

ESG Isn't Passive Anymore

Wed Feb 19, 2025 4:32am PST

React Team Updates CRA Migration Guidance After Community Pushback

Wed Feb 19, 2025 3:46am PST

Tegmark's Mathematical Universe Defeats Most Proofs of God's Existence

Wed Feb 12, 2025 11:17pm PST

Deliberative Alignment, and the Spec

Wed Feb 12, 2025 10:32pm PST

PyPI Now Supports iOS and Android Wheels for Mobile Python Development

Wed Feb 12, 2025 10:18pm PST

Release Notes for Safari Technology Preview 213

Wed Feb 12, 2025 7:31pm PST

Not Everywhere Is Insider Trading

Wed Feb 12, 2025 7:03pm PST

U.K. asks to backdoor iCloud Backup encryption

Wed Feb 12, 2025 6:03pm PST

Copilot Next Edit Suggestions (Preview)

Tues Feb 11, 2025 3:47am PST

Create React App Officially Deprecated Amid React 19 Compatibility Issues

Mon Feb 10, 2025 9:46pm PST

Ask Me Anything (2/2025)

Mon Feb 10, 2025 7:16pm PST

Memecoin Pumps Are Just for Fun

Mon Feb 10, 2025 3:46pm PST

Deep Research and Knowledge Value

Mon Feb 10, 2025 3:32pm PST

Bank CEO: Retract your debanking piece? Me: No

Fri Feb 7, 2025 5:31pm PST

Oracle Drags Its Feet in the JavaScript Trademark Dispute

Fri Feb 7, 2025 11:47am PST

1DaySooner's Trump II Health Policy Proposals

Fri Feb 7, 2025 5:46am PST

Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not

Thurs Feb 6, 2025 7:16pm PST

Delaware Tempts Daktronics

Thurs Feb 6, 2025 4:47pm PST

January 2025 (Version 1.97)

Thurs Feb 6, 2025 4:46am PST

Money Saved by Canceling Programs Does Not Flow to the Best Possible

Thurs Feb 6, 2025 4:01am PST

Maven Central Adds Sigstore Signature Validation

Wed Feb 5, 2025 12:47pm PST

Google Earnings, Search Status, China Antitrust Actions

Tues Feb 4, 2025 10:17pm PST

38% of CISOs Fear They're Not Moving Fast Enough on AI

Tues Feb 4, 2025 9:47pm PST

How to prove false statements? (Part 1)

Tues Feb 4, 2025 6:32pm PST

CSS scrollbar-color and scrollbar-gutter are Baseline Newly available

Tues Feb 4, 2025 6:01pm PST

Nontraditional Red Teams

Tues Feb 4, 2025 1:01pm PST

Apple Earnings, OpenAI Deep Research, the Unbundling of Substantiation

Tues Feb 4, 2025 3:16am PST

Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching For

Mon Feb 3, 2025 7:32pm PST

Texas Tempts Meta

Fri Jan 31, 2025 4:01pm PST

An Interview with Matthew Ball About the Gaming Slump

Fri Jan 31, 2025 3:47pm PST

Socket Joins TC54 to Help Shape the Future of SBOMs, CycloneDX, and PURL

Thurs Jan 30, 2025 9:00pm PST

PyPI's New Archival Feature Closes a Major Security Gap

Thurs Jan 30, 2025 7:16pm PST

How Long Do You Have to Be Short?

Thurs Jan 30, 2025 7:01pm PST

From Cold DM to Owning a Soccer Club

Thurs Jan 30, 2025 2:31pm PST

Why Recurring Dream Themes?

Thurs Jan 30, 2025 10:04am PST

New to the Web Platform in January

Thurs Jan 30, 2025 12:16am PST

North Korean Apt Lazarus Targets Developers with Malicious NPM Package

Wed Jan 29, 2025 7:52pm PST

Asianometry on Japan's Chemical Dominance, Stratechery Updates, and Chinese New

Tues Jan 28, 2025 5:47pm PST

DeepSeek Disruption Has Its Upside

Tues Jan 28, 2025 4:17pm PST

The OpenAI Critique, Comparative Advantage and Infrastructure, Aggregation

Tues Jan 28, 2025 4:04pm PST

2024 WebRTC in Open Source Review: A Quantitative Analysis

Tues Jan 28, 2025 2:47pm PST

Opengrep Emerges as Open Source Alternative Amid Semgrep Licensing Controversy

Fri Jan 24, 2025 5:47pm PST

Node.js EOL Versions CVE Dubbed the Worst CVE of the Year by Security Experts

Fri Jan 24, 2025 2:47pm PST

Release Notes for Safari Technology Preview 212

Fri Jan 24, 2025 2:31pm PST

Curl Project and Go Security Teams Reject CVSS as Broken

Thurs Jan 23, 2025 6:31pm PST

Crypto Perpetual Motion Machines

Thurs Jan 23, 2025 1:47pm PST

An Interview with Daniel Gross and Nat Friedman About Models, Margins, and Moats

Wed Jan 22, 2025 7:15pm PST

Bun 1.2 Released with 90% Node.js Compatibility and Built-In S3 Object Support

Wed Jan 22, 2025 2:16pm PST

Stargate, the End of Microsoft and OpenAI

Wed Jan 22, 2025 1:17pm PST

Capture and Replay WebRTC video streams for debugging – video_replay 2025 update

Wed Jan 22, 2025 1:01pm PST

Outgoing Biden Administration Issues Sweeping Executive Order on AI-Driven

Tues Jan 21, 2025 6:33pm PST

The SEC Was Busy Last Week

Mon Jan 20, 2025 6:18pm PST

An Interview with Jon Yu About YouTube and Making Semiconductors

Mon Jan 20, 2025 8:49am PST

No Update: Delayed Interview

Mon Jan 20, 2025 5:32am PST

AI's Uneven Arrival

Mon Jan 20, 2025 5:16am PST

Goodbye Salesforce, Hello Socket

Mon Jan 20, 2025 4:01am PST

Links for January 2025

Mon Jan 20, 2025 3:48am PST

Service Reliability Mathematics

Mon Jan 20, 2025 3:31am PST

Fluent Assertions Faces Backlash After Abandoning Open Source Licensing

Thurs Jan 16, 2025 9:47pm PST

Malicious PyPI Package 'Pycord-Self' Targets Discord Developers with Token Theft

Thurs Jan 16, 2025 7:50pm PST

Provisional Guidance for Users of LLM-Based Code Generators

Thurs Jan 16, 2025 7:18pm PST

You Don't Always Know What Bonds Cost

Thurs Jan 16, 2025 4:32am PST

Highlights from the Comments on Lynn and IQ

Thurs Jan 16, 2025 3:32am PST

UK Officials Consider Banning Ransomware Payments from Public Entities

Tues Jan 14, 2025 4:33pm PST

The Success of Interop 2024

Tues Jan 14, 2025 3:45am PST

Subscrive Drive '25 and Free Unlocked Posts

Mon Jan 13, 2025 10:46pm PST

Kill Switch Hidden in NPM Packages Typosquatting Chalk and Chokidar

Mon Jan 13, 2025 4:34pm PST

Build local and offline-capable chatbots

Fri Jan 10, 2025 11:46pm PST

Pnpm 10.0.0 Blocks Lifecycle Scripts by Default

Fri Jan 10, 2025 3:04pm PST

New Gmail Cyber Attack Warning as Private Key Hackers Strike

Thurs Jan 9, 2025 8:01pm PST

Socket Now Supports Uv.lock Files

Thurs Jan 9, 2025 7:16pm PST

It's Tough to Be a Research Analyst

Thurs Jan 9, 2025 5:04pm PST

Supporters of Chromium-Based Browsers

Thurs Jan 9, 2025 4:32pm PST

Bureaucracy Isn't Measured in Bureaucrats

Wed Jan 8, 2025 10:01pm PST

Gmail for Exfiltration: Malicious NPM Packages Target Solana Private Keys and

Wed Jan 8, 2025 1:30pm PST

Wed Jan 8, 2025 12:47pm PST

Stratechery Year in Review

Wed Jan 8, 2025 2:19am PST

Double-keyed caching: Browser cache partitioning

Tues Jan 7, 2025 11:01pm PST

New Python Packaging Proposal Aims to Solve Phantom Dependency Problem With

Tues Jan 7, 2025 7:16pm PST

Private Equity Wants Your 401(k)

Mon Jan 6, 2025 7:17pm PST

MBA Class Project Got a Bit Too Real

Mon Jan 6, 2025 2:01pm PST

The Cyber Security Council Podcast: Securing Modern Applications in A

Sat Jan 4, 2025 5:26pm PST

Weaponizing OAST: Malicious Packages Exploit NPM, PyPI, and RubyGems

Sat Jan 4, 2025 5:20pm PST

NPM package poses as legit Ethereum smart contract, injects Quasar RAT

Fri Jan 3, 2025 6:31pm PST

Weaponizing OAST: How Malicious Packages Exploit NPM, PyPI, and RubyGems For

Fri Jan 3, 2025 4:38pm PST

Composable Caching with Next.js