Skip to content

Instantly share code, notes, and snippets.

View thanpolas's full-sized avatar

Thanos Polychronakis thanpolas

351 followers · 116 following
View GitHub Profile
@thanpolas
thanpolas / checklist.md
Created April 7, 2026 13:34
Checklist for NPM Supply Chain Attack

The big npm incident from last week was the Axios compromise on March 31, 2026. The malicious releases were axios@1.14.1 and axios@0.30.4, and they pulled in a trojanized dependency, plain-crypto-js@4.2.1, which ran a postinstall hook and fetched a cross-platform RAT from sfrclak[.]com:8000. The bad versions were live for roughly 00:21–03:29 UTC on March 31, so in Greece that was about 03:21–06:29 on March 31. If your machine or CI ran a fresh install in that window and resolved one of those versions, you should treat it seriously. ([Google Cloud][1])

What matters most is this: if your lockfile or install artifacts show axios@1.14.1, axios@0.30.4, or plain-crypto-js, the Axios maintainer’s own postmortem says to treat that machine as compromised, rotate every secret on it, and check for outbound traffic to sfrclak[.]com or 142.11.206.73 on port 8000. If you were pinned to a clean version and did not do a fresh install during the bad window, you are probably fine. ([GitHub][2])

Use this t

@thanpolas
thanpolas / motion-illuminance-v2.yaml
Last active May 12, 2026 22:21
Home Assistant Blueprint for automation that triggers on motion. Taking Illuminance and lights state as criteria for triggering
blueprint:
name: Motion-activated Light with illuminance v2
description: Turn on a light when motion is detected and illuminance is below a
set Lux level. Will use a configured scene instead of the previous light
setting and will not trigger when the lights are already on to avoid
overriding user defined lighting (i.e. you've set the lights to a certain
scene, this automation should not override this).
This automation is based on the work of Danielbook
https://gist.github.com/Danielbook/7814e7eb32e880b2d7c3fb5ba8430f4f
Blueprint version 1.0.0
@thanpolas
thanpolas / stdquote.js
Created June 6, 2021 09:34
Normalize all UTF quotes in Javascript
/**
* Will normalize quotes in a given string. There are many variations of quotes
* in the unicode character set, this function attempts to convert any variation
* of quote to the standard Quotation Mark - U+0022 Standard Universal: "
*
* @param {string} str The string to normalize
* @return {string} Normalized string.
* @see https://unicode-table.com/en/sets/quotation-marks/
*/
helpers.stdQuote = (str) => {
@thanpolas
thanpolas / keybase.md
Created September 14, 2020 08:26

Keybase proof

I hereby claim:

  • I am thanpolas on github.
  • I am thanpolas (https://keybase.io/thanpolas) on keybase.
  • I have a public key ASCWHXwoj4IjP1CA1lp-qmFAHe3t_kebLO6KeNNWzK5XBgo

To claim this, I am signing this object:

@thanpolas
thanpolas / singleton-class.js
Created September 16, 2016 09:45
ES6 Singleton Pattern
/**
* @fileOverview Singleton pattern on ES6.
*/
import logger from './logger.midd';
/**
* The class statement.
*
*/
@thanpolas
thanpolas / hidden-iframe.js
Last active August 8, 2018 03:06
In the absence of CORS support the Hidden Iframe technique is the only way to submit a big amount of data (over 2kb that jsonp can handle).
/**
* @fileOverview Hidden iFrame implementation for browsers without CORS.
*
* Usage:
* var iframe = new Iframe();
* iframe.submit(url, {data: yourData}, function(err) {});
*
* The server will get a POST request on the defined URL with the data
* JSON encoded in the body attribute named "data".
*/
@thanpolas
thanpolas / jquery-debounce.js
Created May 20, 2015 12:22
Angular window resize service
// http://www.paulirish.com/2009/throttled-smartresize-jquery-event-handler/
//
// debouncing function from John Hann
// http://unscriptable.com/index.php/2009/03/20/debouncing-javascript-methods/
var debounce = function (func, threshold, execAsap) {
var timeout;
return function debounced () {
var obj = this, args = arguments;
@thanpolas
thanpolas / hack-lusca.js
Created June 14, 2014 16:31
Hack lusca CSRF store
/**
* @fileOverview A CSRF Implementation for WebSocket calls.
*/
var Promise = require('bluebird');
var config = require('config');
var lusca = require('lusca');
var Middleware = require('./middleware');
@thanpolas
thanpolas / index.js
Created June 10, 2014 13:28
requirebin sketch
// example using the raf module from npm. try changing some values!
var requestAnimationFrame = require("raf")
var canvas = document.createElement("canvas")
canvas.width = 500
canvas.height = 500
document.body.appendChild(canvas)
var context = canvas.getContext("2d")
@thanpolas
thanpolas / README.md
Last active August 29, 2015 14:02
Heroku Environment mass export

Exporting sensitive data to Heroku's Environment

This script is ment to work with the node-config package, it will export whatever configuration data you set on the herokuOverride Object, as a JSON serialized string, onto the NODE_CONFIG environment variable on Heroku.

This results in the config package to use those values instead, thus enabling you to keep sensitive data out of your tracked files.

Usage

  • Add env.js to your .gitignore file
  • Edit it as per your needs