Bienvenido de nuevo a casa, Mou.

claude code is officially open source.

🚨Do not deploy anything right now. axios 1.14.1 is compromised, someone took over a maintainer account and injected a malicious package. even if you don't use axios directly, it could be a nested dependency in your project. check your lock files, pin your versions, wait until this is resolved.

the attacker injected a package called `plain-crypto-js@4.2.1.` this dependency is never actually used by axios - its only function is to trigger a "postinstall" script. the script acts as a remote access trojan (rat) dropper that targets macos, windows, and linux systems alike. once active, the dropper contacts a command-and-control (c2) server at sfrclak[.]com to download platform-specific second-stage payloads. to evade forensic detection, the malware deletes its own footprint and replaces its package.json with a clean version immediately after execution. if you have installed either of the affected axios versions, assume your system is compromised. indicators of compromise (iocs) malicious packages: axios@1.14.1 axios@0.30.4 plain-crypto-js@4.2.1 network c2: sfrclak[.]com (ip: 142.11.206.73) platform-specific files: macos: /library/caches/com.apple.act.mond windows: %programdata%\wt.exe linux: /tmp/ld.py remediation steps: > revert and pin: downgrade to last known safe versions: axios@1.14.0 (for 1.x users); axios@0.30.3 (for 0.x users). >rotate creds: rotate all secrets, api keys, and credentials stored on or accessed by exposed machines. >audit logs: check network logs for outbound connections to sfrclak[.]com or 142.11.206.73. >harden ci/cd: use npm install --ignore-scripts in ci environments to block malicious postinstall scripts.

Axios got compromised 😬

Brohh 😭

OpenAI in 2026. > sora shuts down. > Disney killed $1 billion deal. > Pentagon backlash. > $14 billion in projected losses this year. > $207 billion funding gap > no profitability until 2029 at the earliest. the bubble isn’t bursting. it’s deflating in public.

😂

Scary. Iran is hitting the digital infrastructure. Disrupting AWS regions, targeting the backbone of the internet. The war has gone beyond the land or air… it’s the internet. Iran also threatened to cut Red Sea cables, if that happens, it will impact 95% global internet.

Wth 😬 Everyone doing paid promotion with player zero @playerzero_ai

Day 66 / #90DaysOfGrind 🚀 Yesterday's log: > 🏋️Workout ✅ > 💻DSA: Namaste Dsa❌ > 👨‍💻 Dev ✅ React.js: Namaste React - Custom hooks > 📚 Book read ✅

Day 65 / #90DaysOfGrind 🚀 Today's log: > 🏋️Workout ✅ > 💻DSA: Namaste Dsa❌ > 👨‍💻 Dev ✅ React.js: Namaste React - Class component - React Life Cycles > 📚 Book read ✅

Expectation: Learn to code → get a job → make money Reality: Learn to code Build projects Learn system design Learn cloud Learn networking Learn debugging Send 300 applications Get ghosted Repeat.

GGMU 🤩

Startup School is coming to India! 🇮🇳 Hear from founders like @harshilmathur of Razorpay, @viditaatrey of Meesho, @lkeshre of Groww, @mukundjha of Emergent and more. And join the best builders and hackers from across the country for a day of talks and sessions with YC partners.

Drizzle like syntax!

Creative tho The Guy: 1 | CSBE: 0

😂😭

If you've ever wondered how JavaScript runs your code behind the scenes, this one's for you. In it, @dev_shejan explains how the global execution context works, what the temporal dead zone is, and more. You'll also learn about hoisting (and what gets hoisted) and what happens in the memory phase. freecodecamp.org/news/global…