Feross Profile picture
Jun 30, 2021 10 tweets 8 min read Read on X
I've been testing #GitHubCopilot in Alpha for the past two weeks. Some of the code suggestions it comes up with are eerily good.

Here's a thread with some examples that I found surprising. Will update with new examples over time.
Here's #GitHubCopilot helping me write a function to change the <meta name='theme-color'> attribute to a random color in a loop for TheAnnoyingSite 🤣


It suggested the exact code I was going to have to look up on StackOverflow. Nice.
Here's #GitHubCopilot helping me make the first version of the inline media viewer on @Wormhole_App.

I started by rendering the media viewer for a specific file type (I used .txt randomly). For all other file types, I wanted it to "fall through" to the standard click handler.
If the file's mime type (media type) is an image, we want to use an <img> tag to render it.

#GitHubCopilot suggests the right code and sets the right value into the appropriate React state.

Then, it writes the whole next else if block for audio files too.
Here I was updating the @Speakeasy_JS website to add boilerplate for upcoming events.

#GitHubCopilot figured out the pattern of our event dates. We host them every week on Fridays and it filled in the correct date, without me needing to check a calendar.
Another @Speakeasy_JS example.

Here you can see that #GitHubCopilot figured out that the getCurrentEvent() function should either return the event, or null if the event is not valid.
Fixing a bug in a @Wormhole_App API endpoint where file extensions should be treated case-insensitively.

#GitHubCopilot suggests the correct bugfix, which is to lowercase the extension.
Making a boolean function to determine if a mime type (media type) is supported by the inline file viewer on @Wormhole_App

#GitHubCopilot suggests the right code
Adding support for text mime types (i.e. media types) on @Wormhole_App. For text files, I want to support any mime type with a "text/" prefix since there are so many.

There's no array of text media types in the code, so #GitHubCopilot suggests a more general solution:
Updating browser detection code to detect Opera on iOS and Android.

I added the code for detecting iOS opera ("opt/") and was about to add iOS Android ("opr/") next, when #GitHubCopilot offers to finish it up for me, in two stages

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Feross

Feross Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @feross

Jun 24, 2023
I wish more developers understood the constant stream of malware that is posted to npm, PyPI, and all package managers...

Here's just a taste of some crazy malware Socket identified in the past couple weeks...

All malware descriptions were FULLY WRITTEN by Socket AI.
This code is using curl to send the contents of the file '/etc/passwd' to a remote server. This is a highly suspicious and potentially malicious behavior as it could cause sensitive data to be sent to an attacker's server.

https://t.co/yaxVgzpZEnsocket.dev/npm/package/se…
The script collects a wide range of information from the user's system, including OS details, network interfaces, and SSH files, and sends it to a remote server via DNS queries.

https://t.co/M7FVhL2kEOsocket.dev/npm/package/@u…
Read 12 tweets
Jun 14, 2023
Read my latest post, featured in the @github ReadME project!

Do your part to secure the open source supply chain!

WE'RE JUST BEGINNING TO RECKON WITH NEW SECURITY RISKS INTRODUCED BY THE TANGLED WEB OF DEPENDENCIES IN OUR APPS. Image
Open source ecosystems have transformed 🔄 software development, but they also come with security 🛡 risks due to third-party dependencies. Supply chain attacks are now a significant threat. ⚠️

READ THE POST: github.com/readme/guides/…
A supply chain attack involves malicious code 🦠 being injected into a vendor’s software. The rise in third-party dependencies and fast-paced updates 🚀 increases the chances of such attacks. Image
Read 9 tweets
Apr 4, 2023
1/ 🚀 Exciting news from Socket! 🎉

Our new Project Health Report helps security teams perform a full security audit of a repo. 🔐👩‍💻👨‍💻

📊 Unlike real-time Socket Alerts which monitor PRs, Project Health Reports analyze a repo and provide a full list of dependency risks. 📋⚠️
2/ 🕵️‍♀️ Security teams can use filters to focus on issues of a certain severity, such as "Critical" or "High" issues, or specific issues like "Network access", "Environment variable access" or "Filesystem access." 📈🔍

Read the full post: socket.dev/blog/announcin…

Or read on...
3/ 🧰 Project Health Reports are an advanced tool to identify dependencies with unacceptable risks for removal in a longer-term timeframe, such as:

• Install Scripts 🛠️📜
• Env Variable Access 🌐🔑
• Filesystem Access 📁🔓
• Maintenance Issues 🛠️⏰
• License Issues 📄⚖️
Read 7 tweets
Mar 30, 2023
✨ HUGE NEWS! ✨

🤖 Introducing Socket AI – ChatGPT-Powered Threat Analysis

@SocketSecurity is using ChatGPT to examine every npm and PyPI package for security issues!

🤯 In just 2 days, we confirmed 227 vulnerable and malware packages, all discovered with the help of ChatGPT
💸⏰ Scaling human analysis to cover the entire npm registry has been prohibitively expensive and time-consuming—until now. 🎉

ChatGPT 🤖 is helping us improve signal-to-noise and speed up manual audit processes so we can cover all OSS.

socket.dev/blog/introduci…
😈 Malware author: *tries to steal data*

🤖 Socket AI: “The script contains a discord token grabber function which is a serious security risk. It steals user tokens and sends them to an external server. This is malicious behavior.”

socket.dev/npm/package/ma…
Read 9 tweets
Mar 30, 2023
📢 Move over Kardashians 📸, John Wick 🕶️🔫 is the new media obsession!

🌊 The npm registry is drowning in a tsunami of spam, and it's all thanks to everyone's favorite gun-toting antihero.

Yesterday, we counted 4,600 npm packages about John Wick. Today, it's almost 5,600! 🤯💥
🚀 That's right, folks – a mind-blowing 0.02% of npm is now dedicated to Mr. Wick.

🍲 We've already cooked up some ways to handle these pesky packages and made some interesting discoveries! 🕵️‍♀️🔍

Follow @SocketSecurity and read on to get the full story: socket.dev/blog/npm-regis…
🕵️‍♀️🔍 The spam attackers are trying to avoid detection by using URL shorteners to disguise sneaky links.

Some links even need JavaScript magic 🎩✨ to reveal their true nature.

So far, it seems to be working:
Read 6 tweets
Jun 14, 2021
Ran into a spectacularly awful Safari bug in the latest Safari (14.1.1 on macOS and iOS 14.6).

Opening an IndexedDB database fails 100% of the time on the first try. 😩

If you refresh, it starts working.

Bug report: bugs.webkit.org/show_bug.cgi?i…

cc @webkit @chris_dumez @Apple
One workaround we've found is to reference the indexedDB global early on, like this:

const idb = globalThis.indexedDB

Then later calls to `indexedDB.open()` will succeed.

If I had to guess, Safari is lazily opening the DB in another process but somehow doing it wrong.
It's really really hard to build reliable websites on macOS and iOS with showstopper bugs like this.

This should have been caught by basic unit testing.

@webkit Please prioritize this bug and release a hotfix.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(