Craft and publish engaging content in an app built for creators.
NEW
Publish anywhere
Post on LinkedIn & Mastodon too. More platforms coming soon.
Make it punchier 👊
Typefully
@typefully
We're launching a Command Bar today with great commands and features.
AI ideas and rewrites
Get suggestions, tweet ideas, and rewrites powered by AI.
Turn your tweets & threads into a social blog
Give your content new life with our beautiful, sharable pages. Make it go viral on other platforms too.
+14
Followers
Powerful analytics to grow faster
Easily track your engagement analytics to improve your content and grow faster.
Build in public
Share a recent learning with your followers.
Create engagement
Pose a thought-provoking question.
Never run out of ideas
Get prompts and ideas whenever you write - with examples of popular tweets.
@aaditsh
I think this thread hook could be improved.
@frankdilo
On it 🔥
Share drafts & leave comments
Write with your teammates and get feedback with comments.
NEW
Easlo
@heyeaslo
Reply with "Notion" to get early access to my new template.
Jaga
@kandros5591
Notion 🙏
DM Sent
Create giveaways with Auto-DMs
Send DMs automatically based on engagement with your tweets.
And much more:
Auto-Split Text in Posts
Thread Finisher
Tweet Numbering
Pin Drafts
Connect Multiple Accounts
Automatic Backups
Dark Mode
Keyboard Shortcuts
Creators love Typefully
150,000+ creators and teams chose Typefully to curate their Twitter presence.
Marc Köhlbrugge@marckohlbrugge
Tweeting more with @typefully these days.
🙈 Distraction-free
✍️ Write-only Twitter
🧵 Effortless threads
📈 Actionable metrics
I recommend giving it a shot.
Jurre Houtkamp@jurrehoutkamp
Typefully is fantastic and way too cheap for what you get.
We’ve tried many alternatives at @framer but nothing beats it. If you’re still tweeting from Twitter you’re wasting time.
DHH@dhh
This is my new go-to writing environment for Twitter threads.
They've built something wonderfully simple and distraction free with Typefully 😍
Santiago@svpino
For 24 months, I tried almost a dozen Twitter scheduling tools.
Then I found @typefully, and I've been using it for seven months straight.
When it comes down to the experience of scheduling and long-form content writing, Typefully is in a league of its own.
Luca Rossi ꩜@lucaronin
After trying literally all the major Twitter scheduling tools, I settled with @typefully.
Killer feature to me is the native image editor — unique and super useful 🙏
Visual Theory@visualtheory_
Really impressed by the way @typefully has simplified my Twitter writing + scheduling/publishing experience.
Beautiful user experience.
0 friction.
Simplicity is the ultimate sophistication.
Queue your content in seconds
Write, schedule and boost your tweets - with no need for extra apps.
Schedule with one click
Queue your post with a single click - or pick a time manually.
Pick the perfect time
Time each post to perfection with Typefully's performance analytics.
Boost your content
Retweet and plug your posts for automated engagement.
Start creating a content queue.
Write once, publish everywhere
We natively support multiple platforms, so that you can expand your reach easily.
Check the analytics that matter
Build your audience with insights that make sense.
Writing prompts & personalized post ideas
Break through writer's block with great ideas and suggestions.
Never run out of ideas
Enjoy daily prompts and ideas to inspire your writing.
Use AI for personalized suggestions
Get inspiration from ideas based on your own past tweets.
Flick through topics
Or skim through curated collections of trending tweets for each topic.
Write, edit, and track tweets together
Write and publish with your teammates and friends.
Share your drafts
Brainstorm and bounce ideas with your teammates.
NEW
@aaditsh
I think this thread hook could be improved.
@frankdilo
On it 🔥
Add comments
Get feedback from coworkers before you hit publish.
Read, Write, Publish
Read, WriteRead
Control user access
Decide who can view, edit, or publish your drafts.
Finding Hidden Code Clones in npm,
a gem ✨ or a curse 🐞 ?
Learning from reviewing 1,716,061 JavaScript packages on npmjs registry. A thread 🧵
The following are my highlights & interpretations of recent academic research article titled "What the Fork? Finding Hidden Code Clones in npm" (Wyss et al,. 2022)
The research sheds light on a copy&paste phenomenon in which devs re-upload code to new libraries. Why is this bad?
Well, if you take bits and pieces of code from other libraries, or say, StackOverflow, and you glue it with your own code, or just plainly re-upload that as a small library, then you risk the chance of also copying insecure and vulnerable code that is now essentially untracked 😲
It beings by highlighting: "A shrinkwrapped clone is a package which duplicates the code of another package without any indication or reference to the original package"
It identifies (1) identical clones - copy/paste of existing packages and (2) close clones - semantical changes
So, what was found?
Based on a subset of the packages hosted on the npmjs registry, the findings were:
✅ 6,292 clones
⚠️ Up to 2,159 of them relied on vulnerable and outdated dependencies
Here's a code snippet of the npm-registry-fetch npm package. It is downloaded more than 4 million times a week.
This code shows a patched version of the library, found to be vulnerable to sensitive information exposure security.snyk.io/vuln/SNYK-JS-NPMREGISTRYFETCH-575432
guess which package is vulnerable??
Nah, you didn't guess it so let me help :-)
Apparently, there's an npm package under a scope namespace called npmjs.com/package/@evocateur/npm-registry-fetch
✅ It has 333,292 downloads a week
✅ It was last published 3 years ago
❗ IT DOES NOT INCLUDE THE FIX APPLIED TO npm-registry-fetch
The fix to npm-registry-fetch was disclosed on July 7th, 2020, but given that the scoped shrinkwrapped clone hasn't been updated for the last 3 years, it is now effectively vulnerable to the same issue.
But guess what? scanned like npm audit won't tell you that :(
So, what does this teaches us about the entire npmjs registry of JavaScript packages encompassing almost 2 million open source projects?
✅ About 10.4% of packages could be considered clones
✅ Estimated at about 178,470 npm packages at the time of the research
Is there any real-world usage impact?
It seems that the 6.7% of cloned packages found has a relatively low number of downloads per week.
For example, 21 out of the 348 of the identical clones packages have more than 350 weekly downloads. Some users are definitely downloading.
What's the impact of security vulnerabilities to shrinkwrapped clones?
62 out of 348 npm packages of identical clone type contain vulnerabilities that are not present in their most-up-to-date counterparts. It grows to 2,304 out of 5,944 for close clones npm packages (!)
Shrinkwrapped clones of npm packages pose a real threat to the npm ecosystem.
The identified package count are somewhat small in comparison, and the downloads count are small too. Yet the high number of vulnerable clones is alarming.
Great research! web.cs.wpi.edu/~ldecarli/docs/papers/icse22-shrinkwrap.pdf 👏