GitHub

Just some notes, stored on GitHub instead of a blog.

I am not a native English speaker, so please excuse any language mistakes.

Yarn transferred npm credentials over unencrypted http connection (2019-07-13)
Enumerating Bitbucket repos and private issue titles (2018-05-10)
On Node.js CTC decision making (part 1) (2017-05-05/2017-08-30)
Gathering weak npm credentials (2017-06-21)
Improper markup sanitization in popular software (2017-04-13)
Short-term package manager wishlist (2016-11-03)
On npmjs.com tokens visibility, XSS, and clickjacking (2016-10-18)
Stealing Travis secure variables (2016-07-07)
Let's fix Buffer API (2016-01-15)
Buffer knows everything (2016-01-14)
Do not underestimate credentials leaks (2015-12-04)

Name		Name	Last commit message	Last commit date
Latest commit History 108 Commits
.github		.github
media		media
.gitignore		.gitignore
Buffer-knows-everything.md		Buffer-knows-everything.md
Do-not-underestimate-credentials-leaks.md		Do-not-underestimate-credentials-leaks.md
Enumerating-Bitbucket-repos-and-private-issue-titles.md		Enumerating-Bitbucket-repos-and-private-issue-titles.md
Gathering-weak-npm-credentials.md		Gathering-weak-npm-credentials.md
Improper-markup-sanitization.md		Improper-markup-sanitization.md
Lets-fix-Buffer-API.md		Lets-fix-Buffer-API.md
On-decision-making-part-1.md		On-decision-making-part-1.md
On-npmjs-tokens-visibility.md		On-npmjs-tokens-visibility.md
README.md		README.md
Short-term-package-manager-wishlist.md		Short-term-package-manager-wishlist.md
Stealing-Travis-secure-variables.md		Stealing-Travis-secure-variables.md
Yarn-vuln.md		Yarn-vuln.md

Provide feedback