Founder & CEO, Socket <https://socket.dev> – Socket makes a developer-first security platform that prevents vulnerable and malicious open source dependencies from infiltrating your software supply chain.
Stanford visiting lecturer, CS 253 Web Security <https://cs253.stanford.edu> – Principles of web security, attacks and countermeasures, and more...
Open source maintainer – 100+ open source packages on npm, including WebTorrent <https://webtorrent.io>, StandardJS <https://standardjs.com>, BitMidi <https://bitmidi.com>, simple-peer <https://github.com/feross/simple-peer>, and more <https://socket.dev/npm/user/feross>.
You can reach me at {my username}@feross.org, or find out more on my website: https://feross.org/resume
[ my public key: https://keybase.io/feross; my proof: https://keybase.io/feross/sigs/gO6pVIJ1DXdy9Y21yil6nlyk_by5BE_GaaWOOQJ5PvQ ]
- North Korean Contagious Interview Campaign Drops 35 New Malicious NPM Packages
by feross on 6/25/25, 6:42 AM, with comments
- Everything Is an ETF Now
by feross on 6/24/25, 6:32 PM, with comments
- Malicious Python Package Typosquats Popular Passlib Library, Shuts Down Windows
by feross on 6/24/25, 6:17 PM, with comments
- Protestware in JavaScript UI Toolkits on NPM Target Russian Language Sites
by feross on 6/19/25, 9:38 AM, with comments
- Lawyers Are Mad About Salt
by feross on 6/18/25, 6:16 PM, with comments
- JSON module scripts are now Baseline Newly available
by feross on 6/18/25, 4:49 PM, with comments
- XAI Raising Money, XAI and Oracle, Xbox = Windows
by feross on 6/18/25, 2:46 PM, with comments
- It's Not Gambling, It's Predicting
by feross on 6/18/25, 12:17 PM, with comments
- ACX Grants 1-3 Year Updates
by feross on 6/18/25, 12:02 PM, with comments
- Microsoft-OpenAI Drama Continues, WhatsApp Ads, Channel Subscriptions and The
by feross on 6/18/25, 3:16 AM, with comments
- Libxml2 Maintainer Ends Embargoed Vulnerability Reports, Citing Unsustainable
by feross on 6/18/25, 3:01 AM, with comments
- Selfish reasons for building accessible UIs
by feross on 6/17/25, 1:16 AM, with comments
- The Growing Risk of Malicious Browser Extensions
by feross on 6/13/25, 7:47 PM, with comments
- 2025.24: Apple and Its Safe Place
by feross on 6/13/25, 10:02 AM, with comments
- Minutes with a Stranger
by feross on 6/12/25, 8:17 PM, with comments
- High-Speed Traders Slow Down
by feross on 6/12/25, 5:17 PM, with comments
- May 2025 (Version 1.101)
by feross on 6/12/25, 5:03 PM, with comments
- "But" vs. "Yes, But"
by feross on 6/12/25, 3:17 PM, with comments
- 2025 Blockchain and Cryptocurrency Threat Malware in the Open Source
by feross on 6/12/25, 3:01 PM, with comments
- An Interview with "Apple in China" Author Patrick McGee
by feross on 6/12/25, 10:01 AM, with comments
- Release Notes for Safari Technology Preview 221
by feross on 6/11/25, 9:33 PM, with comments
- Node.js Moves Toward Stable TypeScript Support with Amaro 1.0
by feross on 6/11/25, 7:05 PM, with comments
- Pnpm 10.12 Introduces Global Virtual Store and Expanded Version Catalogs
by feross on 6/11/25, 7:02 PM, with comments
- I'm Doing a Little Consulting
by feross on 6/11/25, 1:02 AM, with comments
- People Are Worried About Private Market Liquidity
by feross on 6/10/25, 6:02 PM, with comments
- Partial Keyframes
by feross on 6/10/25, 3:32 PM, with comments
- Apple Retreats
by feross on 6/10/25, 2:17 PM, with comments
- 2025.23: What Nike Learned About E-Commerce
by feross on 6/6/25, 10:02 AM, with comments
- Chrome achieves highest score ever on Speedometer 3, saving users millions of
by feross on 6/5/25, 5:04 PM, with comments
- The Loneliness Epidemic, in Data [video]
by feross on 6/5/25, 2:16 PM, with comments
- An Interview with Cursor Co-Founder and CEO Michael Truell About Coding with AI
by feross on 6/5/25, 10:32 AM, with comments
- Whose Money Should You Manage?
by feross on 6/4/25, 6:01 PM, with comments
- May 2025 Baseline monthly digest
by feross on 6/4/25, 1:18 PM, with comments
- Anduril and Meta, Silicon Valley and The Pentagon, Meta's Motivations
by feross on 6/4/25, 11:32 AM, with comments
- Malicious RubyGems pose as Fastlane to steal Telegram API data
by feross on 6/4/25, 3:24 AM, with comments
- The Fannie and Freddie Stakes Are High
by feross on 6/3/25, 6:16 PM, with comments
- Nike on Amazon; Nike's Disastrous Pivot; Inevitability, Intentionality, and
by feross on 6/3/25, 12:31 PM, with comments
- WebRTC's NetEQ Jitter Buffer Provides Smooth Audio
by feross on 6/3/25, 12:16 PM, with comments
- Choose Nonbook Review Finalists 2025
by feross on 6/3/25, 11:31 AM, with comments
- Shop Talk Show episode 667
by feross on 6/2/25, 9:33 PM, with comments
- Malicious NPM Package Wipes Codebases with Remote Trigger
by feross on 5/30/25, 3:11 PM, with comments
- 2025.22: What LLMs Could Be in the Workplace
by feross on 5/30/25, 10:01 AM, with comments
- Bayes for Everyone
by feross on 5/30/25, 2:46 AM, with comments
- The Headlines Are Evil, and They're Bringing Us Down
by feross on 5/29/25, 6:46 PM, with comments
- Sorry, I Still Think Mr Is Wrong About Usaid
by feross on 5/29/25, 1:15 AM, with comments
- Release Notes for Safari Technology Preview 220
by feross on 5/28/25, 9:47 PM, with comments
- Fannie and Freddie Get a Guarantee
by feross on 5/28/25, 6:02 PM, with comments
- Pakistan Arrests 21 in 'Heartsender' Malware Service
by feross on 5/28/25, 5:46 PM, with comments
- The ESPN Streaming Service, the Status of U.S. Sports Rights, the Danger Of
by feross on 5/28/25, 1:18 PM, with comments
- Sell Your Crypto on the Stock Exchange
by feross on 5/27/25, 6:47 PM, with comments