# notes **Repository Path**: mirrors_ChALkeR/notes ## Basic Information - **Project Name**: notes - **Description**: Some public notes - **Primary Language**: Unknown - **License**: Not specified - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2020-08-08 - **Last Updated**: 2026-05-23 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README Just some notes, stored on GitHub instead of a blog. I am not a native English speaker, so please excuse any language mistakes. Contents -- * [Yarn transferred npm credentials over unencrypted http connection](https://github.com/ChALkeR/notes/blob/master/Yarn-vuln.md) (2019-07-13) * [Enumerating Bitbucket repos and private issue titles](https://github.com/ChALkeR/notes/blob/master/Enumerating-Bitbucket-repos-and-private-issue-titles.md) (2018-05-10) * [On Node.js CTC decision making (part 1)](https://github.com/ChALkeR/notes/blob/master/On-decision-making-part-1.md) (2017-05-05/2017-08-30) * [Gathering weak npm credentials](https://github.com/ChALkeR/notes/blob/master/Gathering-weak-npm-credentials.md) (2017-06-21) * [Improper markup sanitization in popular software](https://github.com/ChALkeR/notes/blob/master/Improper-markup-sanitization.md) (2017-04-13) * [Short-term package manager wishlist](https://github.com/ChALkeR/notes/blob/master/Short-term-package-manager-wishlist.md) (2016-11-03) * [On npmjs.com tokens visibility, XSS, and clickjacking](https://github.com/ChALkeR/notes/blob/master/On-npmjs-tokens-visibility.md) (2016-10-18) * [Stealing Travis secure variables](https://github.com/ChALkeR/notes/blob/master/Stealing-Travis-secure-variables.md) (2016-07-07) * [Let's fix Buffer API](https://github.com/ChALkeR/notes/blob/master/Lets-fix-Buffer-API.md) (2016-01-15) * [Buffer knows everything](https://github.com/ChALkeR/notes/blob/master/Buffer-knows-everything.md) (2016-01-14) * [Do not underestimate credentials leaks](https://github.com/ChALkeR/notes/blob/master/Do-not-underestimate-credentials-leaks.md) (2015-12-04)