A Review of the TanStack npm Package Poisoning via CI Cache
2026年5月12日Elecmonkey
Isolation between different trust levels failed in an unexpected place. Supply-chain security in the frontend ecosystem still has a long way to go.
Private Network Access / Local Network Access Issues
2026年4月20日Elecmonkey
Google Chrome's security model drags the entire Web community along by the nose
Some Thoughts on the Axios 202603 Poisoning Incident: CI Best Practices, Supply Chain Security, and Selection Reflections
2026年4月4日Elecmonkey
The second half seems to go off topic... drifting into reflections on choosing network request libraries, from Axios to the Fetch API
Complete Diagram of the OAuth 2.0 Authorization Code Login Flow
2026年2月24日Elecmonkey
One diagram explaining the OAuth 2.0 authorization code login flow and key parameters
Throwing Cold Water on Frontend Frameworks' Server-Side Ambitions: Two Critical React Ecosystem Vulnerabilities in 2025
2025年12月5日Elecmonkey
Maybe just go back to Spring Boot. Modern.js is also a React full-stack framework, but it modestly says its backend is only a 'BFF layer'.
User Authentication System: Stateless Authentication with JWT
2025年3月31日Elecmonkey
JWT authentication study notes. Analysis of stateless authentication principles, frontend and backend implementation solutions, security protection measures, and cross-origin and single sign-on issues encountered in real projects.