Kunal Singh
@KunalSin9h
Followers
140
Following
3K
Media
353
Statuses
1K
Engineering at @safedepio
India
Joined October 2020
very close to 1K ⭐ https://t.co/aqR2ZVCUxX
github.com
Protect against malicious open source packages 🤖. Contribute to safedep/vet development by creating an account on GitHub.
2025 checklist: ☑ Survived npm supply chain chaos ☑ Fixed CI that wasn’t your fault ⬜ Help vet reach 1K stars Let’s complete the trilogy before the year ends 😄 https://t.co/7TBhBhQVjS If you’ve used vet..… or just love seeing open source tools grow, your⭐means a lot.
0
0
5
what
once solid state batteries mature and actuators & control systems etc become more efficient, we’ll see 4-6 hrs of work time on a single battery pack for humanoids (~10 yrs) that’s when things will get genuinely interesting.
0
0
0
Technical analysis about recent React Remote Code Execution Vulnerability. https://t.co/HySCF9Mnhh
safedep.io
A critical pre-authenticated remote code execution vulnerability (CVE-2025-55182) was disclosed in React Server Components, affecting Next.js applications using the App Router. Learn about the...
0
1
3
Pro has nailed it, the right one does not look AI generated at all.
0
0
0
Just randomly stumbled upon one of my projects having 151 stars — last time I checked, it was 27. https://t.co/zEh7VrYokF
0
0
3
664 Packages compromised till now, secrets are exposed of nearly 25,000 Developers. Full report:
safedep.io
Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions...
THEY MADE ANOTHER WORMY BOI IN NPM THEY MADE ANOTHER WORMY BOI IN NPM THEY MADE ANOTHER WORMY BOI IN NPM THEY MADE ANOTHER WORMY BOI IN NPM THEY MADE ANOTHER WORMY BOI IN NPM
0
2
6
0
0
1
Cool-down period mitigating supply chain risk is pretty much like all malicious packages will be in CVE / OSV or some database. Still “implicit” trust that “someone” will find and report the issue. This “implicit” trust is what is exploited in supply chain attacks.
> “Supply chain security” is a serious problem. It’s also seriously overhyped > Setting a cooldown of 7 days would have prevented the vast majority of these attacks from reaching end users
0
2
7
wrote a script to aggregate memory usage across entire go program on every GC cycle.
1
0
3
Books that you should read for improving your software engineering skills. Side effect is, they will prepare you for Staff+ roles - Clean Code - Clean Architecture - The Pragmatic Programmer Once you are able to use the ideas: - Designing Data Intensive Applications For
0
1
7
From Code to Server, we’ve got you covered! Integrate SafeDep at every stage of your SDLC and stay protected from malicious open-source software.
0
1
4
Good watch about go runtime and ways to tune it. notes:
knl.co.in
Notes on Paweł Obrępalski’s P99 CONF 2025 talk on optimizing the Go runtime for high-performance systems, focusing on scheduler behavior, garbage collection tuning, and observability. Explores how...
Listening to Paweł Obrępalski talk about making Go faster by turning the runtime, never knew @sharechatapp building with Go. https://t.co/xtZHQg6zbe
0
0
2
⚠️ Open Source Software Supply Chain attack targeting Hyatt internal dependencies through dependency confusion attack. Read more ➡️ https://t.co/Ss2nz5H0ZX
safedep.io
Three malicious npm packages disguised as Hyatt internal dependencies were discovered using install hooks to execute malicious payloads. All packages share identical attack patterns and infrastruct...
0
5
5
Today, Surf goes open: • open source • open (& local) data • open model choice (incl. local) What's Surf? Watch for more.
32
50
721