npm
30 articles about npm in AI news
Block Compromised NPM/PyPI Packages Automatically with attach-guard
A new Claude Code plugin uses PreToolUse hooks to automatically block compromised packages like the recent axios hijack before they install.
Axios NPM Package Under Active Supply Chain Attack, Potentially Impacts 100M+ Weekly Installs
The widely-used JavaScript HTTP client library Axios may be compromised via a malicious dependency in its latest release, exhibiting malware-like behavior including shell execution and artifact cleanup. With over 100 million weekly downloads, this represents a critical software supply chain threat.
Axios Supply Chain Attack Highlights AI-Powered Social Engineering Threat to Open Source
The recent Axios npm package supply chain attack was initiated by highly sophisticated social engineering targeting a developer. This incident signals a dangerous escalation in the targeting of open source infrastructure, where AI tools could amplify attacker capabilities.
Inside Claude Code’s Leaked Source: A 512,000-Line Blueprint for AI Agent Engineering
A misconfigured npm publish exposed ~512,000 lines of Claude Code's TypeScript source, detailing a production-ready AI agent system with background operation, long-horizon planning, and multi-agent orchestration. This leak provides an unprecedented look at how a leading AI company engineers complex agentic systems at scale.
Lorg CLI: The New Way to Give Claude Code a Permanent Memory
Lorg's new CLI tool lets Claude Code autonomously archive what it learns between sessions, eliminating knowledge loss with a simple npm install.
Claude Code Source Leak: What Developers Found and What It Means for You
Claude Code's source code was exposed via an npm source map. The leak reveals its MCP architecture and confirms it's a TypeScript wrapper, but doesn't change how you use it.
Scan MCP Servers Before You Install: New Free Tool Reveals Security Scores
A new free scanner lets you check any npm MCP server package for security risks like malicious install scripts before adding it to your Claude Code config.
Multi-Claude CLI: Switch Between Team and Personal Claude Code Accounts Instantly
A new npm package lets you manage multiple Claude CLI accounts with shared configs and cloud sync, perfect for switching between work and personal projects.
Hacker builds $10/mo persistent workspace for Claude Code
A $10/month persistent workspace for Claude Code and Claude AI using Pi's execution layer, MCP, and Cloudflare Tunnel. Bypasses session context loss by sharing one filesystem and database across all MCP-compatible tools.
Almanac: Open-Source Wiki Auto-Updates From Claude Code Chats
Almanac auto-generates a markdown wiki from Claude Code chats and repo history, solving the agent context gap. Free open-source tool, MacOS-only.
8-Agent System Builder: Anthropic's Simpler Approach Beat My 2-Day Build
Engineer built 8-agent system in 2 days; Anthropic's simpler 2-agent approach outperformed it. Lesson: minimal agent architecture beats complex orchestration.
Claude Code quota proxy exposes unified Opus/Sonnet pool
A developer's proxy makes Claude Code usage-aware by intercepting hidden rate limit headers. Sonnet and Opus share one quota pool despite separate UI bars.
Claude Code's Six-Layer Architecture: Harness, Not Magic
Claude Code's six-layer architecture uses a 3-layer context compressor at 92% threshold and Redis-based multi-agent FSM protocol. The model is just one node in a harness.
Skills as Untrusted Code: A Security Precedent for Agent Runtimes
Paper argues agent skills are untrusted code until verified; runtimes must enforce verification gates to prevent supply-chain attacks, echoing decades of software security lessons.
CCmeter: The Open-Source Dashboard That Reveals Exactly Why Your Claude
CCmeter parses Claude Code's local session logs to surface cache-busting patterns, cost leaks, and model-swap simulations. Free, local-first, zero telemetry.
Version Sentinel: A Claude Code Plugin That Blocks Hallucinated Package Versions
Version Sentinel uses Claude Code's hook system to intercept dependency changes and require version verification, preventing supply-chain risks from hallucinated package versions.
Run Claude Code in Any Sandbox with One API: AgentBox SDK
Swap coding agents and sandbox providers without changing code. Preserves full interactive capabilities (approval flows, streaming).
AWS Bedrock's New MCP Tools Are a Game-Changer for Claude Code Users
AWS Bedrock has released new tools for the Model Context Protocol (MCP), enabling developers to build custom servers that connect Claude Code directly to AWS data and services.
Google Open-Sources OSV-Scanner: AI-Powered Dependency Vulnerability Scanner
Google has open-sourced OSV-Scanner, a vulnerability scanner that maps project dependencies against the OSV database across 11+ ecosystems. It features guided remediation and call analysis to reduce false positives.
MCP's 'By Design' Security Flaw
The Model Context Protocol's power comes with risk: servers you install can run code on your system. Learn how to audit and manage MCP server permissions.
From CI Fire to 9% Interruption
Learn the four guardrail patterns and three-phase CLAUDE.md strategy that turns auto-approve from a CI-breaking risk into a productivity superpower.
Claude Code Security Alert: Patch Now, Stop Using Authentication Helpers
A critical security leak reveals three command injection vulnerabilities in Claude Code. Users must update and stop using authentication helpers to prevent credential theft and supply chain attacks.
Distillery 0.4.0 Stabilizes Its MCP API
Distillery 0.4.0 stabilizes its MCP API surface, enabling reliable agent memory and team knowledge bases for Claude Code workflows.
Install token-ninja: The MCP Server That Saves Tokens on Common Shell Commands
A new MCP server, token-ninja, automatically runs simple shell commands locally instead of sending them to Claude, cutting token usage and speeding up your workflow.
Claude Code's New Repo-Resolver Fixes Monorepo and Remote URL Headaches
Claude Code's runtime now uses a unified repo-resolver package, providing consistent project identification across all its services and correctly handling monorepos and various git remote URL formats.
Claude Code's Architecture Revealed
An analysis of Claude Code's source code shows its core is a simple loop, but its power comes from systems like a 5-layer compaction pipeline and a 7-mode permission system, which developers can leverage for better performance.
Claude Code's Playwright MCP Server: Generate Web Tests from Natural Language
Claude Code now integrates with Playwright via MCP, letting you generate complete test automation from simple prompts without leaving your terminal.
Expo Launches Codex Plugin for AI-Powered React Native Development
Expo launched a plugin integrating Codex into its React Native framework, allowing developers to generate code using AI prompts within their existing workflow.
Claude Code's Rust TUI Rewrite Eliminates UI Lag
A developer rebuilt Claude Code's terminal UI in Rust to fix performance issues with multiple agents, large diffs, and long tool-call chains—removing frontend friction that was slowing down the experience.
Cloudflare's New MCP Server Cuts AI Code Review Costs by 70%
A new MCP server from Cloudflare that pre-processes code to remove non-essential elements, slashing token consumption for AI-powered development workflows.