Home on Kevin Patel

‘No Way To Prevent This,’ Says Only Package Manager Where This Regularly Happens

Fri, 15 May 2026 18:37:53 -0500

SAN FRANCISCO, CA - In the wake of a devastating supply chain attack in the npm registry that left millions of enterprise applications compromised and billions of user records exposed, developers across the JavaScript ecosystem expressed deep sorrow today, lamenting that such a crisis was completely unavoidable.

“It’s a shame, but what can you do? This is just the price of building modern web apps,” said Senior Frontend Engineer Mark Vance, echoing the sentiments of a community that completely relies on a 40-level-deep nested tree of unvetted packages maintained by pseudonymous strangers to capitalize a single string. “There’s absolutely no way to foresee or prevent someone from taking over a long-abandoned utility package and injecting a crypto-miner into every production build in the world. It’s just an act of nature.”

Intro to CSP report-to and report-uri HTTP headers

Thu, 27 Jun 2024 13:43:47 -0500

CSP Directives: `report-to` and `report-uri`

The Content Security Policy (CSP) directives report-to and report-uri are used to specify where the browser should send violation reports when a content security policy is violated on a website.

Why Use Them:

Helps in identifying and fixing security issues on a website.
Provides insights into potential attacks or vulnerabilities.
Enhances the overall security posture of the website.
PCI Compliance

`report-uri` - CSP Directive

Legacy CSP directive that is used for reporting violations
Deprecated but not all browsers support the newer directives so it is still recommended to be used

What Is Content Security Policy

Mon, 13 May 2024 18:34:31 -0500

CSP Directives: `report-to` and `report-uri`

The Content Security Policy (CSP) directives report-to and report-uri are used to specify where the browser should send violation reports when a content security policy is violated on a website.

Why Use Them:

Helps in identifying and fixing security issues on a website.
Provides insights into potential attacks or vulnerabilities.
Enhances the overall security posture of the website.
PCI Compliance

`report-uri` - CSP Directive

Legacy CSP directive that is used for reporting violations
Deprecated but not all browsers support the newer directives so it is still recommended to be used

securityblogs.xyz

Sat, 16 Mar 2024 15:12:26 -0500

A simple webpage that aggregates security related news and blog posts

An Obsidian plugin to automatically switch between day and night themes based on a set schedule

Thu, 28 Jul 2022 00:00:00 +0000

This project is a plugin that automatically switches the theme of Obsidian, a note-taking app that uses plain text files with markdown and interlinking capabilities. The plugin allows users to customize their preferred themes for day and night modes, and set the time intervals for switching. The plugin also detects the system’s dark mode settings and adjusts accordingly. The plugin was developed using Typescript and CSS, and was tested on Windows, and Mac OS.

About

Mon, 01 Jan 0001 00:00:00 +0000

Hi there, I’m Kevin. I am an AppSec engineer at NISC. more to come … some day.

Home on Kevin Patel

‘No Way To Prevent This,’ Says Only Package Manager Where This Regularly Happens

Intro to CSP report-to and report-uri HTTP headers

CSP Directives: report-to and report-uri

report-uri - CSP Directive

What Is Content Security Policy

CSP Directives: report-to and report-uri

report-uri - CSP Directive

securityblogs.xyz

An Obsidian plugin to automatically switch between day and night themes based on a set schedule

About

CSP Directives: `report-to` and `report-uri`

`report-uri` - CSP Directive

CSP Directives: `report-to` and `report-uri`

`report-uri` - CSP Directive