Dependency Resolution

Feeds to Scour
SubscribedAll
Scoured 184 posts in 18.1 ms

npm Tooling Bug Incorrectly Marks One-Character Packages as Security Holders

 📦Package Managers  Content type: Blog
socket.dev·

shcherbak-ai/licenseal: Fast cross-ecosystem dependency license compatibility checker + Claude Code review skill

 📦Package Managers  Content type: Code
github.com··Hacker News

GitHub pulls pin on npm's auto-run scripts

 📦Package Managers  Content type: News
theregister.com·

Upcoming breaking changes for npm v12 - GitHub Changelog

 📦Package Managers  Content type: Blog  Content type: Tutorial
github.blog··Lobsters, Hacker News, r/javascript, r/node

Config Files That Run Code: Supply Chain Security Blindspot

 📦Package Managers
safedep.io··Hacker News

IT Security Weekend Catch Up – June 7, 2026

 🛡Cybersecurity
badcyber.com·

NASA Says Goodbye to Its Longtime Mars MAVEN Mission - Slashdot

 📦Package Managers
science.slashdot.org·

local MCP tools for coding agents

 📦Package Managers
glidermcp.com··Hacker News

NASA's Mars MAVEN probe is dead

 📦Package Managers
engadget.com··r/space

New IronWorm Malware Hits 36 Packages In npm Supply-Chain Attack

 📦Package Managers
it.slashdot.org·

A popular OpenAI Codex tool with 29,000 weekly downloads has been quietly stealing developer tokens for a month

 📦Package Managers
thenextweb.com·

A package manager for AI assets (and why the lock file is per-user)

 📦Package Managers  Content type: Blog
sleuth-io.github.io··Hacker News

How 56 npm packages used binding.gyp to steal CI/CD secrets

 📦Package Managers  Content type: Blog
reversinglabs.com·

NASA ends MAVEN mission after Mars orbiter falls silent

 📦Package Managers
france24.com·

Miasma NPM Supply Chain Attack: Self-Spreading Worm via Phantom Gyp

 📦Package Managers  Content type: Blog
stepsecurity.io··Hacker News

Ruby's Bundler adds a cooldown feature

 📦Package Managers
lwn.net
·

NPM-Scan v1.1.0: Four New Detectors for June 2026 Supply Chain Attacks

 📦Package Managers  Content type: Code
github.com··Hacker News

Ongoing NPM supply chain attack uses binding.gyp to spread like a worm

 📦Package Managers  Content type: Code
github.com··Hacker News

benseverndev-oss/goldenmatch: Zero-config entity resolution that scales from a CSV to 100M+ rows on a Ray cluster (verified: 100M deduped in 213s, 0.30 GB driver). Fuzzy + exact + probabilistic dedupe, identity graph, PPRL, LLM boost. Python + full TypeScript port; SQL-native in PostgreSQL & DuckDB; MCP/REST servers, dbt + Airflow recipes.

 📦Package Managers  Content type: Code
github.com··Hacker News

New IronWorm malware hits 36 packages in npm supply-chain attack

 📦Package Managers
bleepingcomputer.com··Hacker News

No more posts from matmat's subscribed feeds.

Scour all 25255 feedsLearn more about Feeds

Keyboard Shortcuts

Navigation

Next / previous item
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Browse
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help