feross

Tues Sep 1, 2009 4:56am PST

Karma:

47627

about

Founder & CEO, Socket <https://socket.dev> – Socket makes a developer-first security platform that prevents vulnerable and malicious open source dependencies from infiltrating your software supply chain.

Stanford visiting lecturer, CS 253 Web Security <https://cs253.stanford.edu> – Principles of web security, attacks and countermeasures, and more...

Open source maintainer – 100+ open source packages on npm, including WebTorrent <https://webtorrent.io>, StandardJS <https://standardjs.com>, BitMidi <https://bitmidi.com>, simple-peer <https://github.com/feross/simple-peer>, and more <https://socket.dev/npm/user/feross>.

You can reach me at {my username}@feross.org, or find out more on my website: https://feross.org/resume

[ my public key: https://keybase.io/feross; my proof: https://keybase.io/feross/sigs/gO6pVIJ1DXdy9Y21yil6nlyk_by5BE_GaaWOOQJ5PvQ ]

submitted

Fri Oct 10, 2025 10:32pm PST

Socket Integrates with Bun 1.3's Security Scanner API

Fri Oct 10, 2025 10:01pm PST

North Korea's Contagious Interview Campaign Escalates: 338 Malicious NPM

Fri Oct 10, 2025 5:01pm PST

It's OpenAI's world, we're just living in it

Fri Oct 10, 2025 4:47pm PST

Next.js 16 (Beta)

Fri Oct 10, 2025 4:15pm PST

Fascism can't mean both a specific ideology and a legitimate target

Fri Oct 10, 2025 4:00pm PST

Google's OSV Fix Just Added 500 New Advisories – All Thanks to One Small Policy

Thurs Oct 9, 2025 6:32pm PST

First Brands Is Missing Some Money

Thurs Oct 9, 2025 5:47pm PST

Malicious NPM Packages Host Phishing Infrastructure Targeting 135

Thurs Oct 9, 2025 5:31pm PST

Python 3.14 Released with Template String Literals, Deferred Annotations, and

Thurs Oct 9, 2025 5:03pm PST

September 2025 (Version 1.105)

Thurs Oct 9, 2025 3:16pm PST

Socket Integrates with Bun 1.3's Security Scanner API

Thurs Oct 9, 2025 10:02am PST

The OpenAI Hype Cycle, Microsoft's Game Pass Failure, Verizon's Satellites

Thurs Oct 9, 2025 9:47am PST

Tracy Britt Cool: Brick by Brick

Tues Oct 7, 2025 10:17pm PST

Python 3.14 Released with Template String Literals, Deferred Annotations, and

Tues Oct 7, 2025 6:02pm PST

Sports Bets at the Stock Exchange

Tues Oct 7, 2025 4:03pm PST

Bring Python ASGI to Your Node.js Applications

Tues Oct 7, 2025 3:05pm PST

Is everyone switching to MoQ from WebRTC?

Mon Oct 6, 2025 5:32pm PST

OpenAI is good at deals

Mon Oct 6, 2025 4:17pm PST

Sora, AI Bicycles, and Meta Disruption

Mon Oct 6, 2025 4:01pm PST

Renewing Our Open Source Pledge for 2025

Fri Oct 3, 2025 9:32pm PST

Online Identity Verification with the Digital Credentials API

Fri Oct 3, 2025 3:17am PST

Stablecoins Make Banking Narrower

Fri Oct 3, 2025 3:02am PST

Release Notes for Safari Technology Preview 229

Fri Oct 3, 2025 2:16am PST

Vote in the 2025 Non-Book Review Contest

Fri Oct 3, 2025 2:03am PST

Core Web Vitals

Thurs Oct 2, 2025 11:47pm PST

PodRocket Podcast: Inside the Recent NPM Supply Chain Attacks

Wed Oct 1, 2025 4:04am PST

Package Maintainers Call for Improvements to GitHub's New NPM Security Plan

Tues Sep 30, 2025 5:46pm PST

Hedge funds have to be big

Tues Sep 30, 2025 2:17pm PST

Socket Firewall: Free, Proactive Protection for Your Software Supply

Fri Sep 26, 2025 10:02pm PST

Review: The Russo-Ukrainian War

Fri Sep 26, 2025 2:32pm PST

2025.39: The YouTube Juggernaut

Tues Sep 23, 2025 3:03pm PST

The Intelligent Command Center for Node.js Is Now Open Source

Tues Sep 23, 2025 11:47am PST

OpenAI does WebRTC in the new GPT-realtime

Tues Sep 23, 2025 10:02am PST

The YouTube Tip of the Google Spear

Mon Sep 22, 2025 6:16pm PST

Bitcoin Treasury Company M&A

Fri Sep 19, 2025 8:16pm PST

Review: Project Xanadu – The Internet That Might Have Been

Fri Sep 19, 2025 2:17pm PST

2025.38: Meta, YouTube, and Tech Press Attention

Thurs Sep 18, 2025 2:33pm PST

Meta Ray-Ban Display, Why Less Is More, Price and the Neural Band

Thurs Sep 18, 2025 2:17pm PST

Ed Stack: Lessons from Dick's Sporting Goods

Wed Sep 17, 2025 7:31pm PST

Identifying and Preventing Fraudulent Engineering Candidates: An Investigation

Mon Sep 15, 2025 11:29pm PST

Active NPM supply chain attack: Tinycolor and 40 Packages Compromised

Thurs Sep 11, 2025 7:16pm PST

An Interview with Dan Kim About Intel, Nvidia, and the U.S. Government

Thurs Sep 11, 2025 6:46pm PST

Lulu Cheng Meservey: How to Build a Cult

Thurs Sep 11, 2025 6:31pm PST

Book Review: If Anyone Builds It, Everyone Dies

Thurs Sep 11, 2025 6:00pm PST

Rust Support Now in Beta

Wed Sep 10, 2025 5:31pm PST

Feross on Risky Business Weekly Podcast: NPM's Ongoing Supply Chain Attacks

Wed Sep 10, 2025 12:01pm PST

Wed Sep 10, 2025 10:47am PST

iPhones 17 and the Sugar Water Trap

Tues Sep 9, 2025 8:01pm PST

Tier 1 Reachability: Precision CVE Triage for Enterprise Teams

Tues Sep 9, 2025 4:15pm PST

DuckDB NPM Account Compromised in Continuing Supply Chain Attack

Fri Sep 5, 2025 9:16pm PST

Malicious NPM Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet

Fri Sep 5, 2025 3:32pm PST

Rv Is a New Rust-Powered Ruby Version Manager Inspired by Python's Uv

Fri Sep 5, 2025 12:16pm PST

Review: Participation in Phase I Clinical Pharmaceutical Research

Thurs Sep 4, 2025 3:46pm PST

Stop Burning Money on Performance Firefighting

Thurs Sep 4, 2025 10:01am PST

An Interview with Cloudflare Founder and CEO Matthew Prince About Internet

Thurs Sep 4, 2025 7:01am PST

Links for September 2025

Wed Sep 3, 2025 10:33pm PST

Release Notes for Safari Technology Preview 227

Wed Sep 3, 2025 8:17pm PST

Nx Investigation Reveals GitHub Actions Workflow Exploit Led to NPM Token Theft

Wed Sep 3, 2025 6:47pm PST

Sports Team Owners Like to Win

Wed Sep 3, 2025 4:18pm PST

Tues Sep 2, 2025 5:01pm PST

Next-Generation Flamegraph Visualization for Node.js

Tues Sep 2, 2025 3:02pm PST

Made by Google 2025, AI Trade-Offs, Google and the Long-Term

Mon Sep 1, 2025 9:03pm PST

Fri Aug 29, 2025 8:02pm PST

Wallet-Draining NPM Package Impersonates Nodemailer to Hijack Crypto

Thurs Aug 28, 2025 5:46pm PST

Benedict Evans: Why AI Isn't What You Think

Thurs Aug 28, 2025 5:32pm PST

The Economics of Envy

Wed Aug 27, 2025 6:19pm PST

VS Code Dev Days – Join an event near you to learn about AI-assisted development

Wed Aug 27, 2025 6:02pm PST

Nx NPM Packages Compromised in Supply Chain Attack Weaponizing AI CLI Tools

Tues Aug 26, 2025 6:16pm PST

Biotech Dividend Arrived Early

Thurs Aug 21, 2025 5:32pm PST

Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials Via

Thurs Aug 21, 2025 5:02pm PST

John Bragg: The Unknown Billionaire Who Controls Half The

Thurs Aug 21, 2025 1:03am PST

Release Notes for Safari Technology Preview 226

Wed Aug 20, 2025 11:02pm PST

Rspack Introduces Rslint, a TypeScript-First Linter Written in Go

Mon Aug 18, 2025 10:16pm PST

Oxlint Introduces Type-Aware Linting Preview

Sat Aug 16, 2025 2:16am PST

New Website "Is It FOSS?" Tracks Transparency in Open Source Distribution

Fri Aug 15, 2025 1:01pm PST

Review: Dating Men in the Bay Area

Fri Aug 15, 2025 10:17am PST

2025.33: Meta and the Benefit of the Doubt

Thurs Aug 14, 2025 3:02pm PST

In Defense of the Amyloid Hypothesis

Thurs Aug 14, 2025 2:46pm PST

Facebook Is Dead; Long Live Meta

Thurs Aug 14, 2025 4:02am PST

Astral Launches Pyx: A Python-Native Package Registry

Wed Aug 13, 2025 6:02pm PST

Static vs. Runtime Reachability: Insights from Latio's on the Record Podcast

Wed Aug 13, 2025 3:15am PST

Dictator Book Club: Mussolini on Fascism

Tues Aug 12, 2025 10:18pm PST

A gentle introduction to anchor positioning

Tues Aug 12, 2025 8:47pm PST

Opengrep Adds Apex Support and New Rule Controls in Latest Updates

Tues Aug 12, 2025 4:00pm PST

Dicing an onion, the mathematically optimal way

Tues Aug 12, 2025 11:17am PST

Highlights from the Comments on Liberalism and Communities

Tues Aug 12, 2025 10:02am PST

China AI Chips, a China Chip Control Framework, Whither HBM

Wed Aug 6, 2025 4:06pm PST

TC39 Advances 11 Proposals for Math Precision, Binary APIs, and More