Gal Weizman
@weizman.bsky.social
Security (Browser / JavaScript / Client-side) | Focusing on the “Same Origin Concern” | Unfriendly to iframes at MetaMask’s LavaMoat 🌋
ZB talks about yet another really interesting supply chain ecosystem security concern
Spoiler alert: as always, this results in another wonderful LavaMoat security tool so you can protect yourself against this one too 🫡
Spoiler alert: as always, this results in another wonderful LavaMoat security tool so you can protect yourself against this one too 🫡
A Phish on a Fork, no Chips.
One more thing to beware in the world of software supply chain risks.
Read if you care about your GitHub actions or dependencies.
Or read it for the fish puns. 🫣
dev.to/naugtur/a-ph...
One more thing to beware in the world of software supply chain risks.
Read if you care about your GitHub actions or dependencies.
Or read it for the fish puns. 🫣
dev.to/naugtur/a-ph...
A Phish on a Fork, no Chips
So you were told that this is the safest way to install a package from github with npm: "test262":...
dev.to
January 30, 2025 at 7:51 AM
ZB talks about yet another really interesting supply chain ecosystem security concern
Spoiler alert: as always, this results in another wonderful LavaMoat security tool so you can protect yourself against this one too 🫡
Spoiler alert: as always, this results in another wonderful LavaMoat security tool so you can protect yourself against this one too 🫡
Yoav was the one who helped me navigate attempting to introduce new stuff into our web, it's worth reading his summary of the process
If you want to get into web platform development and push features into browsers, I wrote a few words that I hope can be useful: blog.yoav.ws/posts/so_you...
So, you want to push a web platform feature?
blog.yoav.ws
January 21, 2025 at 9:16 AM
Yoav was the one who helped me navigate attempting to introduce new stuff into our web, it's worth reading his summary of the process
Guided by @yoav.ws and other great folks on the same origin concern, I had to get my hands dirty with all sorts of web-related things such as Chromium source code, SOP implementation, same vs cross origin iframes usage across the web and more
Decided to turn it into a post👇
Decided to turn it into a post👇
December 4, 2024 at 1:34 PM
Guided by @yoav.ws and other great folks on the same origin concern, I had to get my hands dirty with all sorts of web-related things such as Chromium source code, SOP implementation, same vs cross origin iframes usage across the web and more
Decided to turn it into a post👇
Decided to turn it into a post👇