Tootfinder

Node.js devs, so picture this: you run `npm install` and you get a bunch of packages with audit errors.
The only thing I want to know at that point is what’s the root package that these dependencies belong to? (Running npm audit fix is a last resort as I don’t like it fiddling around with the dependencies of nested packages.)
It’s also not a straightforward thing to do, but it’s nothing jq and a bit of piping can’t fix:
```bash
npm audit --json | jq -r '.vulnerabil…

And that's a wrap - the newly refreshed laptop has been handed over to teen with most of the packages functional. Thanks for following along on this @… installation journey with me and thanks to all #linux maintainers, forum contributors and FOSS advocates around keeping the system running.
👏 WE REALLY APPRECIATE YOU!👏
The final judgement won't be clear until Monday when the first log in at school happens but hopefully it will be successful, or the IT support is going to have to deal with some very salty comments (from me).
16/16
FIN

#ReleaseWednesday — Thanks to a user suggestion, I've added support for declarative canvas pixel density adjustments in the following packages:
- https://thi.ng/hiccup-canvas
-

Hiccup shape tree renderer for vanilla Canvas 2D contexts

Furloughed federal employee delivering food, packages in Massachusetts during shutdown to pay bills - CBS Boston
https://www.cbsnews.com/boston/news/furloughed-federal-employee-delivering-food-shutdown/

»Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack:
Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated effort.«
How do you check if the JavaScript libraries and their libraries on which they are based are now safe?!??
🧑‍💻

Over 46,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack
A mysterious npm worm published 46K fake packages in a two-year spam campaign, exposing major security gaps.

Don't forget to upgrade your downgrade!
#endeavourOS #linux #pacman

@… historically, I relied upon on fetching packages before a dry run. As far as I recall, this always allowed the dry run to tell the truth – the complete truth – about what would be removed, and so on.
More recent results – technology preview – were thought-provoking. From <

I have had problems with nala in the linux terminal. It find updates and can list them - but sudo nala upgrade -y don't do the work. I have to get back to sudo apt upgrade -y to get the updates when I've inspected upgradable packages. Anyone else that has the same problem? #linux #terminal

{testthat} is great for automatic testing. Here are some tricks for the heavy user: #rstats

@… thanks.
I had the same thought about persistence of non-automatic packages in my very early days (probably with PC-BSD, around a decade ago, before TrueOS), but soon discovered that sometimes:
― accepting an upgrade will remove a required package.
It took years for me to come close to a full understanding of the multi-layered causes of remo…