Skip to content

Instantly share code, notes, and snippets.

View cometkim's full-sized avatar

Hyeseong Kim cometkim

830 followers · 376 following
View GitHub Profile
@mrousavy
mrousavy / withNoBundleCompression.js
Created February 15, 2025 18:15
Expo Config Plugin to disable JS bundle compression for faster app startup
const {withAppBuildGradle} = require('@expo/config-plugins')
/**
* A Config Plugin to disable bundle compression in Android build.gradle.
* This makes the Android app start faster - in our tests by 400ms!
* @param {import('@expo/config-plugins').ConfigPlugin} config
* @returns {import('@expo/config-plugins').ConfigPlugin}
*/
module.exports = function withNoBundleCompression(config) {
return withAppBuildGradle(config, androidConfig => {
@hackermondev
hackermondev / research.md
Last active April 19, 2025 17:13
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@xrl
xrl / README.md
Last active February 1, 2025 04:38
Quickwit+Vector for Kubernetes (EKS-flavored) Observability
@stevendborrelli
stevendborrelli / bluesky.md
Last active April 19, 2025 04:50
Bluesky Starter Packs
@acutmore
acutmore / ts-blank-space-doc.md
Last active September 20, 2024 03:45
Learnings from 'ts-blank-space`

Learnings from ts-blank-space

tags: TypeScript, type erasure, type stripping

ts-blank-space

As part of my work on the JavaScript Tooling team at Bloomberg I have implemented an experimental (not yet used in production) package to transform TypeScript into JavaScript using a somewhat novel approach.

This is a description of what I learned from implementing the idea. The source code will be open sourced soon - it just needs some regular IP approval.

@smx-smx
smx-smx / XZ Backdoor Analysis
Last active February 26, 2025 01:17
[WIP] XZ Backdoor Analysis and symbol mapping
XZ Backdoor symbol deobfuscation. Updated as i make progress
@OrionReed
OrionReed / dom3d.js
Last active April 19, 2025 12:06
3D DOM viewer, copy-paste this into your console to visualise the DOM topographically.
// 3D Dom viewer, copy-paste this into your console to visualise the DOM as a stack of solid blocks.
// You can also minify and save it as a bookmarklet (https://www.freecodecamp.org/news/what-are-bookmarklets/)
(() => {
const SHOW_SIDES = false; // color sides of DOM nodes?
const COLOR_SURFACE = true; // color tops of DOM nodes?
const COLOR_RANDOM = false; // randomise color?
const COLOR_HUE = 190; // hue in HSL (https://hslpicker.com)
const MAX_ROTATION = 180; // set to 360 to rotate all the way round
const THICKNESS = 20; // thickness of layers
const DISTANCE = 10000; // ¯\\_(ツ)_/¯
@wooorm
wooorm / log.txt
Created February 21, 2024 11:23
Changes in the popular npm packages module formats between Nov 2023 to Feb 2024
Map(5) {
'cjs' => Map(3) {
'esm' => Set(34) {
'mime',
'eslint-plugin-jsdoc',
'@salesforce/sf-plugins-core',
'stylelint-prettier',
'@ckeditor/ckeditor5-core',
'@ckeditor/ckeditor5-upload',
'@ckeditor/ckeditor5-typing',
@WebReflection
WebReflection / proxy-traps-cheat-sheet.md
Last active February 16, 2025 23:41
Proxy Traps Cheat Sheet

Proxy Traps Cheat Sheet

There are various shenanigans around the Proxy API, including issues with Array.isArray and Object.ownKeys so that this gits purpose is to describe all the undocummented caveats to help anyone dealing with all possibilities this half-doomed API offers.

The 3 + 1 Proxy Types

  • object: any non primitive value can be proxied but apply and construct traps won't work with it. If the object somehow wants to represent an array without being one, it's impossible to survive Array.isArray brand check (it will be false) and with ownKeys the target needs to have a non configurable length property or it will also fails once reached
  • array: it's like object but it survives the `
@win3zz
win3zz / GitHub-Leaked-API-Keys-and-Secrets.md
Last active April 18, 2025 20:57

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.