For tools in the npm ecosystem, the prepack script is a useful opportunity to modify the package immediately before publication.
Unfortunately, it is not safe to modify package.json itself as part of the prepack script. Doing so will result in subtly broken packages.
This is true for all npm-compatible tools that I know of, including npm and yarn.
I reported a security flaw to npm on 13 April 2024. The security flaw itself is not particularly serious, and as far as I know has never been exploited, but the underlying problem does manifest quite often in the wild as extremely unexpected behaviour when developers install packages using very recent versions of npm, or release packages using any npm-compatible tools.
When I reported this, npm didn't provide a particularly satisfactory response or pay me a bounty, and I think three months is plenty of time for them to have fixed the problem, so I'm documenting it here. Since this problem does come up in the wild fairly often, I want to be able to point developers to a page that explains what's going on.
I haven't checked if npm have done anything to fix or mitigate this problem, but from reports from other developers it appears that they have not. The npm repository itself is affected, and potentially any tools that consume packages from the npm repository are also affected.
| Notification.requestPermission() | |
| .then(() => new Notification("Welcome to ecco", { | |
| body: "This is some body text" | |
| })); | |
| // See: https://developer.mozilla.org/en-US/docs/Web/API/Notification/Notification |
| type Branded<T, U extends string> = T & { [Symbol.species]: U }; | |
| // if targeting ES5, change to: | |
| // type Branded<T, U> = T & { ['Brand']: U }; | |
| // FOO | |
| type FooId = Branded<number, 'FooId'>; | |
| // BAR | |
| type BarId = Branded<number, 'BarId'>; |
In the Unity editor:
“Visible Meta Files” causes Unity to place .meta files next to each of your assets. It’s important to check these files into version control because they contain the settings associated with those assets that you set in the Unity editor.
“Asset Serialization: Force Text” causes Unity to write its .meta and other files in a more-or-less human-readable text format, which makes it a lot easier to understand what has changed when you look at version control logs. Also it’s feasible to merge these text files by hand, whereas it’s not really possible to do that with Unity’s default binary file format.
| class Base { } | |
| class A extends Base { } | |
| class B extends Base { } | |
| interface Constructor<T> { | |
| new(): T; | |
| } |
| -- Adapted from | |
| -- https://www.haskell.org/haskellwiki/Generic_number_type#squareRoot | |
| floorSqrt :: Integer -> Integer | |
| floorSqrt 0 = 0 | |
| floorSqrt 1 = 1 | |
| floorSqrt n = | |
| let powers = iterate (^2) 2 | |
| (lowerRoot, lowerN) = | |
| last $ takeWhile ((n>=) . snd) $ zip (1:powers) powers | |
| newtonStep x = (x + (n `div` x)) `div` 2 |
| Clockless unidirectional serial link between a Raspberry Pi and Arduino. | |
| Inspired by every Commodore 64 disk fastloader ever :). | |
| Motivation: I want to send commands from a Raspberry Pi to an Adafruit | |
| Gemma (a tiny Arduino-compatible). Gemma only has three GPIO pins, and one | |
| of them is in use to make LEDs glow pretty colours. I don’t want to have | |
| to worry about tricky timing constraints. | |
| Gemma signals at 3.3V, which is the same level as the Pi. Most other |
| From c896dae0a938b522bd82c8a06e46aaff6670fe71 Mon Sep 17 00:00:00 2001 | |
| From: Daniel Cassidy <[email protected]> | |
| Date: Wed, 28 Aug 2013 17:21:05 +0100 | |
| Subject: [PATCH] [MTOMCAT-236] Upgrade selenium-server to 2.35.0 in | |
| tomcat-maven-archetype. | |
| This fixes an incompatibility between Selenium and Firefox 22 and later. | |
| --- | |
| .../resources/archetype-resources/__rootArtifactId__-webapp-it/pom.xml | 2 +- | |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| function lessThan(a:Number, b:Number):Boolean { | |
| return a < b; | |
| } | |
| function greaterThan(a:Number, b:Number):Boolean { | |
| return a > b; | |
| } | |
| var comparator:Function = lessThan; |
