#Security

17 articles

Tech Jan 9, 2026 4 min

Critical vulnerabilities in pnpm < 10.26: Update now

Two critical vulnerabilities (CVE-2025-69263, CVE-2025-69264) were discovered in pnpm 10.0.0–10.25. They allow lockfile integrity bypass and remote code execution, so immediate updates are required.

pnpm Security Vulnerability Node.js

Tech Dec 19, 2025 5 min

Claude Code Permissions: I Have No Idea What I'm Doing

I started tweaking Claude Code's settings files to stop the constant permission prompts, and fell into a rabbit hole. When the official docs say permissions 'can be bypassed' and call them 'tricky,' perfect control is probably not the goal.

Claude Code AI Developer Productivity Configuration Security Experiment

Tech Dec 18, 2025 5 min

React2Shell Was Such a Headache I Migrated from Next.js to Astro

CVSS 10.0 React2Shell, fix it and another vulnerability appears, fix again... I was done. Migrated to Astro — including a lesson learned from installing 60 shadcn UI components and using only one.

Next.js Astro Security Experiment

Tech Dec 10, 2025 2 min

npm Was Broken So I Switched to pnpm [React2Shell Vulnerability]

npm install kept failing with a mysterious error while patching Next.js/React for a security vulnerability. Switching to pnpm fixed it immediately.

npm pnpm Node.js Next.js React Security Troubleshooting Experiment

Tech Dec 10, 2025 updated 6 min

Notes on addressing the Next.js/React 'React2Shell' vulnerability

A summary of how to verify impact and the mitigation steps for the CVSS 10.0 React2Shell vulnerability (CVE-2025-55182 / CVE-2025-66478), plus additional DoS and source code exposure issues.

Next.js React Security Vulnerability Dify