LOG IN
← Back to all posts

So Nerdy Planet #9

Sep 22, 2025
Connect

Hello, My Fellow Nerds! 

This is the last newsletter with issues numbered with only one digit :) And actually one of the last with three digits of subscribers :D Thanks for such amazing trust! Before we start - if you'd like to send news, or provide feedback - please feel free to ping me through dima@sonerdy.me 

Today we will speak about:

  1. NPM ecosystem vulnerability and how it impacts the whole JavaScript stack
  2. RTO, AI, and interviews. How is it connected?
  3. New H1B visa policy in the US and how it can impact tech companies

NPM ecosystem vulnerability

A couple of years ago, if you wanted to launch a startup, the tech stack was obvious - JavaScript / TypeScript. And it is making so much sense: you can write backend and frontend parts of your solution using the same language, meaning that you don't need to have such wide expertise. Of course, writing backend and frontend requires different skill sets, but at least you can make it easier to become a full-stack engineer ( well, someday we will specify what it means )

But now, when the tech stack is selected, there is a new issue to think about - npm vulnerability. If you think, for the last month, there were two big supply chain attacks:

  1. The developer account that was maintaining popular open-source maintainer Qix- was compromised. That included access to popular repos like chalk or color-convert. These packages are used in tons of other packages that rely on them. Code injected into dependent packages tried to steal crypto. JFrog mentioned that it was probably one of the biggest npm compromises in history:
We've been tracking what appears to be the largest npm compromise in history over the past 24 hours, and it's still unfolding. 

The potential blast radius of compromised packages was reaching nearly 34% of all NPM packages.

Subscribe to keep reading this post

Subscribe

Already have an account? Log in

Loading...
So Nerdy Planet #11
So Nerdy Planet! is a weekly ( at least I am trying ) newsletter about different news that seems to be important. In this newsletter, we will speak about: How AI saved from a fake interview One more protocol for working with AI Parallel coding agents as a new development style AI saved an engineer from a hack on a fake interview No one likes when a test task is a part of the interview proces...
So Nerdy Planet #10
Hey Nerds! Welcome to issue #10 of this newsletter.  So today we're gonna speak about: New OpenAI and Stripe Integration, and also Agentic Commerce Protocol Ads based on conversation with AI  OpenAI ( again ) and personalized AI New OpenAI and Stripe Integration. ACP There are plenty of predictions of how AI will grow. CloudFlare got ones, NVIDIA has its own, and so on. To cut a long story s...
So Nerdy Planet #8
Hello, Dear Nerds, This week, everything is about Apple's presentation and how "not innovative" but for some reason "cool" new iPhones. I won't stop on this, since if you are interested, you probably read or watched some reports on this already!  That means that today we will speak about: New report from LeadDev One more nation in the AI race - United Arab Emirates Sam Altman, Tucker Carlson, ...

So Nerdy Planet

Weekly posts about Engineering Management, Technology, and all the Nerdy stuff!
© 2026 So Nerdy!
Powered by Kajabi

GET THE FREE GUIDE

Enter your details below to get this free guide.