I started by rendering the media viewer for a specific file type (I used .txt randomly). For all other file types, I wanted it to "fall through" to the standard click handler.
If the file's mime type (media type) is an image, we want to use an <img> tag to render it.
#GitHubCopilot suggests the right code and sets the right value into the appropriate React state.
Then, it writes the whole next else if block for audio files too.
Here I was updating the @Speakeasy_JS website to add boilerplate for upcoming events.
#GitHubCopilot figured out the pattern of our event dates. We host them every week on Fridays and it filled in the correct date, without me needing to check a calendar.
Here you can see that #GitHubCopilot figured out that the getCurrentEvent() function should either return the event, or null if the event is not valid.
Fixing a bug in a @Wormhole_App API endpoint where file extensions should be treated case-insensitively.
#GitHubCopilot suggests the correct bugfix, which is to lowercase the extension.
Making a boolean function to determine if a mime type (media type) is supported by the inline file viewer on @Wormhole_App
Adding support for text mime types (i.e. media types) on @Wormhole_App. For text files, I want to support any mime type with a "text/" prefix since there are so many.
There's no array of text media types in the code, so #GitHubCopilot suggests a more general solution:
Updating browser detection code to detect Opera on iOS and Android.
I added the code for detecting iOS opera ("opt/") and was about to add iOS Android ("opr/") next, when #GitHubCopilot offers to finish it up for me, in two stages
• • •
Missing some Tweet in this thread? You can try to
force a refresh
I wish more developers understood the constant stream of malware that is posted to npm, PyPI, and all package managers...
Here's just a taste of some crazy malware Socket identified in the past couple weeks...
All malware descriptions were FULLY WRITTEN by Socket AI.
This code is using curl to send the contents of the file '/etc/passwd' to a remote server. This is a highly suspicious and potentially malicious behavior as it could cause sensitive data to be sent to an attacker's server.
The script collects a wide range of information from the user's system, including OS details, network interfaces, and SSH files, and sends it to a remote server via DNS queries.
Read my latest post, featured in the @github ReadME project!
Do your part to secure the open source supply chain!
WE'RE JUST BEGINNING TO RECKON WITH NEW SECURITY RISKS INTRODUCED BY THE TANGLED WEB OF DEPENDENCIES IN OUR APPS.
Open source ecosystems have transformed 🔄 software development, but they also come with security 🛡 risks due to third-party dependencies. Supply chain attacks are now a significant threat. ⚠️
A supply chain attack involves malicious code 🦠 being injected into a vendor’s software. The rise in third-party dependencies and fast-paced updates 🚀 increases the chances of such attacks.
Our new Project Health Report helps security teams perform a full security audit of a repo. 🔐👩💻👨💻
📊 Unlike real-time Socket Alerts which monitor PRs, Project Health Reports analyze a repo and provide a full list of dependency risks. 📋⚠️
2/ 🕵️♀️ Security teams can use filters to focus on issues of a certain severity, such as "Critical" or "High" issues, or specific issues like "Network access", "Environment variable access" or "Filesystem access." 📈🔍
🤖 Socket AI: “The script contains a discord token grabber function which is a serious security risk. It steals user tokens and sends them to an external server. This is malicious behavior.”