//
sign in
Profile
by @danabra.mov
Profile
by @dansshadow.bsky.social
AviHandle
by @danabra.mov
AviHandle
by @dansshadow.bsky.social
ProfileHeader
by @dansshadow.bsky.social
ProfileHeader
by @danabra.mov
ProfileHeaderAlt
by @jakesimonds.com
ProfileMedia
by @danabra.mov
ProfilePlays
by @danabra.mov
ProfilePosts
by @danabra.mov
ProfilePosts
by @dansshadow.bsky.social
ProfileReplies
by @danabra.mov
Record
by @atsui.org
Skircle
by @danabra.mov
StreamPlacePlaylist
by @katherine.computer
+ new component
Profile
Loading...
Open source developer 👨‍💻 Bingo, create-typescript-app, ESLint, Flint, Mocha, OctoGuide, typescript-eslint... 👪 Boston TS Club & SquiggleConf ✍ Learning TypeScript (O'Reilly) 🌟 Microsoft MVP 💌 TC39 Invited Expert https://joshuakgoldberg.com
Josh Goldberg
Loading...
There is a GitHub user (LLM?) that is reporting a lot of "security vulnerabilities" as open issues. They are mostly trash reports (e.g. "if you pass Object.prototype to the setFooOnObject function, it will set Object.prototype.foo so that's prototype pollution"), but what if one is real?
WHOO!
In my opinion, using their PRs essentially validates their behavior. If we all collectively instantly close all automated PRs at the same rate they open them, maybe we'll reach a point where they realize they can't spam half the ecosystem anymore.
17h
2d
1d