Popular 'coa' NPM library hijacked to steal user passwords

This page summarizes the projects mentioned and recommended in the original post on reddit.com/r/javascript

Our great sponsors
  • Appwrite - The Open Source Firebase alternative introduces iOS support
  • Scout APM - Less time debugging, more time building
  • SonarQube - Static code analysis for 29 languages.
  • lodash

    A modern JavaScript utility library delivering modularity, performance, & extras.

    Personally, I try my best to avoid bringing in dependencies as much as possible, and try to limit my exposure to only dependencies with low/shallow transitive dependency counts. Unfortunately, this is pretty hard, especially in corporate settings. What we need more of are the opposite of what we've been collectively praising: we need more monolithic packages. Case in point: lodash.template is currently vulnerable with no mitigation, even though lodash itself is not. That's just sloppy publishing practices. Esbuild is a great start over the webpack/babel maze of dependencies. There's a stdlib effort along those lines that hopefully would also help. There's a bunch of micro-frameworks that are used in production just fine and have little to no dependencies.

  • Mithril.js

    A JavaScript Framework for Building Brilliant Applications

    Personally, I try my best to avoid bringing in dependencies as much as possible, and try to limit my exposure to only dependencies with low/shallow transitive dependency counts. Unfortunately, this is pretty hard, especially in corporate settings. What we need more of are the opposite of what we've been collectively praising: we need more monolithic packages. Case in point: lodash.template is currently vulnerable with no mitigation, even though lodash itself is not. That's just sloppy publishing practices. Esbuild is a great start over the webpack/babel maze of dependencies. There's a stdlib effort along those lines that hopefully would also help. There's a bunch of micro-frameworks that are used in production just fine and have little to no dependencies.

  • Appwrite

    Appwrite - The Open Source Firebase alternative introduces iOS support . Appwrite is an open source backend server that helps you build native iOS applications much faster with realtime APIs for authentication, databases, files storage, cloud functions and much more!

  • hyperapp

    The tiny framework for building hypertext applications.

    Personally, I try my best to avoid bringing in dependencies as much as possible, and try to limit my exposure to only dependencies with low/shallow transitive dependency counts. Unfortunately, this is pretty hard, especially in corporate settings. What we need more of are the opposite of what we've been collectively praising: we need more monolithic packages. Case in point: lodash.template is currently vulnerable with no mitigation, even though lodash itself is not. That's just sloppy publishing practices. Esbuild is a great start over the webpack/babel maze of dependencies. There's a stdlib effort along those lines that hopefully would also help. There's a bunch of micro-frameworks that are used in production just fine and have little to no dependencies.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts