- in your npmjs account set the publishing access to "Require two-factor authentication or an automation or granular access token" (with just two-factor auth publishing will bork).
- in your npmjs account create an automation token (or a 'finegrained' one) and remember the key to paste ...
- under your repo's settings -> secrets and variables -> actions add an NPM_TOKEN and paste the key from your npmjs account in it
- add below workflow files to .github/workflows
- the setup uses
npm clean-install
(=npm ci
) so it needs a package-lock.json- change .npmrc so it allows for package locks
- ensure .gitignore doesn't contain a line for package-locks
- run
npm i
to generate the package lock
- commit & push the shebang
- on GitHub create a release (or prerelease)
# the grep --invert-match to prevent deletion of branches you'd want to keep no matter what | |
git branch | grep LCM | grep --invert-match master | sed s/^/git\ branch\ -D/g | sh |
You have a cookie that stores a client's session id. To validate the session you probably need to check it against a server. An attacker might exploit this. E.g. with the big list of naughty strings [^0], or with a big string crafted for the occasion.
We're going to look at one such example and try to find a way to prevent these attacks
{SAFe} ∩ {Agile} = ∅ |
# This is Git's per-user configuration file. | |
[user] | |
name = redacted | |
email = redacted@users.noreply.github.com | |
signingkey = REDACTED3REDACTE | |
[credential] | |
helper = osxkeychain | |
[format] | |
pretty = %Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset | |
[alias] |
// bookmarklettalize with e.g. https://chimurai.github.io/bookmarklet/ | |
/* global document */ | |
/* eslint-disable no-console, unicorn/prevent-abbreviations, security/detect-object-injection */ | |
function htmlCollectionToArray(pElementArray) { | |
let lReturnValue = []; | |
for (let lElement of pElementArray) lReturnValue.push(lElement); | |
return lReturnValue; | |
} |
defaults delete com.apple.systempreferences AttentionPrefBundleIDs
Where I'm fast with upgrading most software I tend to wait out with major OSX upgrades till the kinks get ironed out. So today I set my machine to upgrade itself (took a few hours likely) and after logging on preference panel had a little nag icon. Apple apparently wants me to sign into their 'iCloud' offering. As I only use my laptop for writing code and making music (and an occasional youtube bing) I don't see the added value. I'm glad I took this long to upgrade because now there's all kinds of answers to fix it: