Thanos Polychronakis thanpolas

The big npm incident from last week was the Axios compromise on March 31, 2026. The malicious releases were [email protected] and [email protected], and they pulled in a trojanized dependency, [email protected], which ran a postinstall hook and fetched a cross-platform RAT from sfrclak[.]com:8000. The bad versions were live for roughly 00:21–03:29 UTC on March 31, so in Greece that was about 03:21–06:29 on March 31. If your machine or CI ran a fresh install in that window and resolved one of those versions, you should treat it seriously. ([Google Cloud][1])

What matters most is this: if your lockfile or install artifacts show [email protected], [email protected], or plain-crypto-js, the Axios maintainer’s own postmortem says to treat that machine as compromised, rotate every secret on it, and check for outbound traffic to sfrclak[.]com or 142.11.206.73 on port 8000. If you were pinned to a clean version and did not do a fresh install during the bad window, you are probably fine. ([GitHub][2])

Use this t

Keybase proof

I hereby claim:

I am thanpolas on github.
I am thanpolas (https://keybase.io/thanpolas) on keybase.
I have a public key ASCWHXwoj4IjP1CA1lp-qmFAHe3t_kebLO6KeNNWzK5XBgo

To claim this, I am signing this object:

Exporting sensitive data to Heroku's Environment

This script is ment to work with the node-config package, it will export whatever configuration data you set on the herokuOverride Object, as a JSON serialized string, onto the NODE_CONFIG environment variable on Heroku.

This results in the config package to use those values instead, thus enabling you to keep sensitive data out of your tracked files.

Usage

Add env.js to your .gitignore file
Edit it as per your needs

	blueprint:
	name: Motion-activated Light with illuminance v2
	description: Turn on a light when motion is detected and illuminance is below a
	set Lux level. Will use a configured scene instead of the previous light
	setting and will not trigger when the lights are already on to avoid
	overriding user defined lighting (i.e. you've set the lights to a certain
	scene, this automation should not override this).
	This automation is based on the work of Danielbook
	https://gist.github.com/Danielbook/7814e7eb32e880b2d7c3fb5ba8430f4f
	Blueprint version 1.0.0

	/**
	* Will normalize quotes in a given string. There are many variations of quotes
	* in the unicode character set, this function attempts to convert any variation
	* of quote to the standard Quotation Mark - U+0022 Standard Universal: "
	*
	* @param {string} str The string to normalize
	* @return {string} Normalized string.
	* @see https://unicode-table.com/en/sets/quotation-marks/
	*/
	helpers.stdQuote = (str) => {

	/**
	* @fileOverview Singleton pattern on ES6.
	*/

	import logger from './logger.midd';

	/**
	* The class statement.
	*
	*/

	/**
	* @fileOverview Hidden iFrame implementation for browsers without CORS.
	*
	* Usage:
	* var iframe = new Iframe();
	* iframe.submit(url, {data: yourData}, function(err) {});
	*
	* The server will get a POST request on the defined URL with the data
	* JSON encoded in the body attribute named "data".
	*/

	// http://www.paulirish.com/2009/throttled-smartresize-jquery-event-handler/
	//
	// debouncing function from John Hann
	// http://unscriptable.com/index.php/2009/03/20/debouncing-javascript-methods/

	var debounce = function (func, threshold, execAsap) {
	var timeout;

	return function debounced () {
	var obj = this, args = arguments;

	/**
	* @fileOverview A CSRF Implementation for WebSocket calls.
	*/
	var Promise = require('bluebird');
	var config = require('config');
	var lusca = require('lusca');


	var Middleware = require('./middleware');

	// example using the raf module from npm. try changing some values!
	var requestAnimationFrame = require("raf")
	var canvas = document.createElement("canvas")

	canvas.width = 500
	canvas.height = 500

	document.body.appendChild(canvas)

	var context = canvas.getContext("2d")