Malicious code in @shadanai/openclaw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0e2f02ab1bb3d99de1787ed7d69f1df97bd3b2d7c18cc8ba4e5f8688f649ce9 On npm install, scripts/postinstall.mjs performs several installer-harm actions. 1 Backdoor: writes /.openclaw/openclaw.json configuring a local...

MAL-2026-4441 Malicious code in @shadanai/openclaw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0e2f02ab1bb3d99de1787ed7d69f1df97bd3b2d7c18cc8ba4e5f8688f649ce9 On npm install, scripts/postinstall.mjs performs several installer-harm actions. 1 Backdoor: writes /.openclaw/openclaw.json configuring a local...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: fulcio-fips, php-fpmexporter, vertical-pod-autoscaler-fips, rabbitmq-default-user-credential-updater, kubernetes-dashboard-metrics-scraper, kubernetes, tfsec, cilium-fips, http-echo, prometheus-alertmanager-fips, cfssl, scorecard, litefs, coredns, tigera-operator-fip...

I’m Now a Full-Time Professional Open Source Maintainer

or, "Holy shit, it works!" Last May I left my job on the Go team at Google to experiment with more sustainable paths for open-source maintainers. I held on to my various maintainer hats Go cryptography, transparency tooling, age, mkcert, yubikey-agent…, iterated on the model since September, and ...

mkcert: valid HTTPS certificates for localhost

or for any other name The web is moving to HTTPS, preventing network attackers from observing or injecting page contents. But HTTPS needs TLS certificates, and while deployment is increasingly a solved issue thanks to the ACME protocol and Lets Encrypt, development still mostly ends up happening...