How to build two-factor authentication with a TOTP app such as Google Authenticator. Includes an explanation of the mechanism and a TypeScript implementation example.
Why Supabase is designed to expose API keys in the frontend, and how Row Level Security (RLS) protects data. Also covers why AI-generated apps are being targeted.
Using character voting as an example, this article explains the design and implementation of voting-right patterns such as time limits, social-login auth, and serial codes.
Two critical vulnerabilities (CVE-2025-69263, CVE-2025-69264) were discovered in pnpm 10.0.0–10.25. They allow lockfile integrity bypass and remote code execution, so immediate updates are required.
An explanation of how the Mintlify vulnerability differs from React2Shell, and why it matters to separate framework-level problems from implementation-level ones.
I started tweaking Claude Code's settings files to stop the constant permission prompts, and fell into a rabbit hole. When the official docs say permissions 'can be bypassed' and call them 'tricky,' perfect control is probably not the goal.
CVSS 10.0 React2Shell, fix it and another vulnerability appears, fix again... I was done. Migrated to Astro — including a lesson learned from installing 60 shadcn UI components and using only one.
The Node.js security release originally planned for December 15, 2025 was delayed four times and is now scheduled for January 13, 2026. The release will include fixes for three High-severity vulnerabilities.
A command-injection vulnerability was found in Windows PowerShell's `Invoke-WebRequest` cmdlet. When fetching a web page, embedded scripts could be executed.
A summary of how to verify impact and the mitigation steps for the CVSS 10.0 React2Shell vulnerability (CVE-2025-55182 / CVE-2025-66478), plus additional DoS and source code exposure issues.