📦 Dependency Confusion - buckman

🐙GitHub Blog

cncf.io·

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

📦Package Managers

thehackernews.com··r/programming

Less-relevant results

Week 23 – 2026

🚨Incident Response

thisweekin4n6.com·

If the Shai-Hulud worm reached your GitHub repos, please read this

🐙GitHub Blog

dev.to··DEV

caamer20/Telegram-Drive: Turn your Telegram account into an unlimited, secure cloud storage drive. an Open-source desktop app built with Tauri, Rust, and React.

📱Android Code

github.com··r/learnprogramming

Devs know AI code is riddled with holes, but ship it anyway

🔒Information Security News

theregister.com··Hacker News

AgentGG uses AI agents to reduce false positives in open source code scanning

🛡️OWASP

4sysops.com·

Testing Edge AI from an MCP tool: I pointed mk-qa-master at my webcam and YOLO answered

🔧MCP

pypi.org··DEV

Trivy's March Supply Chain Attack Shows Where Secret Exposure Hurts Most

🐙GitHub Blog

dev.to··DEV

That's what the Finish-Up-A-Thon is all about.

🚂trains

ailipay-production.up.railway.app··DEV

your AI coding agent keeps re-making the bug you already fixed. here's the fix.

🤖Claude Code Code

github.com··DEV

How I fixed a silent hang in the XDG Desktop Portal and turned it into an npm package

🖼️Desktop Environments Reference

npmjs.com··DEV

I Got Tired of Repeating Validation Logic in Every Node.js Project — So I Built Zero Validation

🔌API Design Blog

dev.to··DEV

A popular OpenAI Codex tool with 29,000 weekly downloads has been quietly stealing developer tokens for a month

🤖AI Coding Tools

thenextweb.com·

Microsoft disables over 70 GitHub repos after hackers compromised them with dangerous malware

🐙GitHub News

techradar.com

alexangelzhang/runoff: Multi-step code-change pipelines for coding agents — race mode, git worktree isolation, local traces

🔧MCP Code

github.com··DEV

Python Bytes: #483 Thanks Brian

🐍Python Audio

pythonbytes.fm·

New Shai-Hulud Miasma Wave Hits Hundreds of npm Packages

GitHub nukes 70+ Microsoft repos, breaks CI/CD pipelines, following suspected worm infections

#171

Securing CI/CD for an open source project: Controlling who runs what

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

Week 23 – 2026

If the Shai-Hulud worm reached your GitHub repos, please read this

caamer20/Telegram-Drive: Turn your Telegram account into an unlimited, secure cloud storage drive. an Open-source desktop app built with Tauri, Rust, and React.

Devs know AI code is riddled with holes, but ship it anyway

AgentGG uses AI agents to reduce false positives in open source code scanning

Testing Edge AI from an MCP tool: I pointed mk-qa-master at my webcam and YOLO answered

Trivy's March Supply Chain Attack Shows Where Secret Exposure Hurts Most

That's what the Finish-Up-A-Thon is all about.

your AI coding agent keeps re-making the bug you already fixed. here's the fix.

How I fixed a silent hang in the XDG Desktop Portal and turned it into an npm package

I Got Tired of Repeating Validation Logic in Every Node.js Project — So I Built Zero Validation

A popular OpenAI Codex tool with 29,000 weekly downloads has been quietly stealing developer tokens for a month

Microsoft disables over 70 GitHub repos after hackers compromised them with dangerous malware

alexangelzhang/runoff: Multi-step code-change pipelines for coding agents — race mode, git worktree isolation, local traces

Python Bytes: #483 Thanks Brian