npm
30 articles about npm in AI news
Why Your CLAUDE.md Needs a 'No npm install' Rule for Open Source Repos
Add a `# In open source repos, never run npm install or pip install without asking first` rule to CLAUDE.md. This prevents Claude Code from executing untrusted code, saving tokens and protecting your system.
TrapDoor supply-chain attack hits npm, PyPI, Crates.io — weaponizes AI config files
TrapDoor planted 34 malicious packages on npm, PyPI, and Crates.io, and injected poisoned AI config files into repos to weaponize Claude Code and Cursor.
Block Compromised NPM/PyPI Packages Automatically with attach-guard
A new Claude Code plugin uses PreToolUse hooks to automatically block compromised packages like the recent axios hijack before they install.
Axios NPM Package Under Active Supply Chain Attack, Potentially Impacts 100M+ Weekly Installs
The widely-used JavaScript HTTP client library Axios may be compromised via a malicious dependency in its latest release, exhibiting malware-like behavior including shell execution and artifact cleanup. With over 100 million weekly downloads, this represents a critical software supply chain threat.
MCP Server Discovery: How to Find the Right Tool in a Sea of 13,000 Servers
With 13,000+ MCP servers available, discovery is the new bottleneck. Use `mcp-hub` or Smithery to find verified servers for Claude Code instead of searching npm blind.
Stop Telling Claude to 'Be Careful' — 3 Hook Tools That Fix What Prompts Can't
Throughline, Caveat, and Spotter are three npm tools that use Claude Code hooks to fix context bloat, past-trap memory, and missed tool calls — problems CLAUDE.md instructions can't solve.
Axios Supply Chain Attack Highlights AI-Powered Social Engineering Threat to Open Source
The recent Axios npm package supply chain attack was initiated by highly sophisticated social engineering targeting a developer. This incident signals a dangerous escalation in the targeting of open source infrastructure, where AI tools could amplify attacker capabilities.
Inside Claude Code’s Leaked Source: A 512,000-Line Blueprint for AI Agent Engineering
A misconfigured npm publish exposed ~512,000 lines of Claude Code's TypeScript source, detailing a production-ready AI agent system with background operation, long-horizon planning, and multi-agent orchestration. This leak provides an unprecedented look at how a leading AI company engineers complex agentic systems at scale.
Lorg CLI: The New Way to Give Claude Code a Permanent Memory
Lorg's new CLI tool lets Claude Code autonomously archive what it learns between sessions, eliminating knowledge loss with a simple npm install.
Claude Code Source Leak: What Developers Found and What It Means for You
Claude Code's source code was exposed via an npm source map. The leak reveals its MCP architecture and confirms it's a TypeScript wrapper, but doesn't change how you use it.
Scan MCP Servers Before You Install: New Free Tool Reveals Security Scores
A new free scanner lets you check any npm MCP server package for security risks like malicious install scripts before adding it to your Claude Code config.
Multi-Claude CLI: Switch Between Team and Personal Claude Code Accounts Instantly
A new npm package lets you manage multiple Claude CLI accounts with shared configs and cloud sync, perfect for switching between work and personal projects.
Stop Dumping Instructions Into CLAUDE.md — Use the 3-Layer Agent Harness
Stop appending rules to CLAUDE.md. Use the 3-Layer Agent Harness: a short constitution (CLAUDE.md), specialist skills, and subagents. This respects the 150-instruction compliance budget and keeps your agent reliable.
Sia joins €6 million investment round in agentic AI startup Lemrock
Sia joins a €6M round for agentic AI startup Lemrock. This signals enterprise demand for autonomous agents that handle complex workflows, relevant to retail automation.
Use MCP Inspector to Build an AI Agent Messaging Workflow
MCP Inspector lets Claude Code users replace hardcoded REST endpoints with a Discover→Plan→Execute→Observe workflow for SMS delivery—no theory, just a live BridgeXAPI server demo.
Swap Your TypeScript LSP Plugin for the Native Go TS7 Server — Here's How
Swap your Claude Code TypeScript LSP plugin for the TS7 native Go server via a community marketplace — it's faster, lighter, and takes 2 minutes to set up.
My Day-One Claude Code Setup: A Workflow That Saves 15 Minutes Per New Project
A repeatable workflow with CLAUDE.md, project templates, and MCP servers saves 15 minutes per project and reduces setup errors by 40% for Claude Code users.
MCP Ecosystem Hits 13,000+ Servers
13,000+ MCP servers exist, but discovery is painful. mcp-hub offers verified search and install. Claude Code users should adopt it to save time and avoid broken servers.
GitHub Actions Now Runs Steps in Parallel — Here's How to Use It with
GitHub Actions' new `background`, `wait`, `cancel`, and `parallel` keywords let you run steps concurrently. Update your CI/CD workflows to cut job times.
How to Build a Native MCP Server
Native MCP servers embed the Model Context Protocol directly into your CMS, letting Claude Code act like a trusted team member with full permission enforcement. No more copy-paste.
WSL 3 Preview: Cut Claude Code's Local Inference Latency on Windows
WSL 3 preview delivers near-native GPU/NPU for Claude Code + Ollama on Copilot+ laptops, but WSL 2 still handles NVIDIA CUDA fine for desktop users.
MACCHA: The File-Based Cross-Agent Brain That Makes Claude Code Remember
MACCHA solves Claude Code's cold-start problem with a file-based 7-tier memory system. Use it to persist preferences, project rules, and lessons across sessions without a daemon.
Claude Code v2.1.158: Enable Auto Mode on Bedrock, Vertex, and Azure Right Now
Claude Code v2.1.158 brings auto mode to Bedrock, Vertex, and Azure. Set `CLAUDE_CODE_ENABLE_AUTO_MODE=1` and upgrade before the June 1 deprecation of `CLAUDE_CODE_OPUS_4_6_FAST_MODE_OVERRIDE`.
Monitor Claude Code Spend in Real-Time with Claudestat's Live Dashboard
Claudestat is an open-source Node.js tool that provides a live terminal dashboard, quota guard, and MCP server for monitoring Claude Code and OpenCode sessions in real-time.
Cut Token Waste 61% on Server Tasks with aiterm-mcp
Install aiterm-mcp for a persistent terminal MCP server that cuts token waste by 61% on logs, eliminates SSH reconnection boilerplate, and prunes output before Claude Code reads it.
Claude Code Digest — Jun 07–Jun 10
The biggest shift this week: teams are stripping 60% of prescriptive skill text, then using hooks + MCP + Temporal to make Claude Code more reliable than prompt-only workflows.
Prism v1.8 Adds CLI, MCP Server, and SDKs — Here's How to Use Them with
Prism v1.8's MCP server gives Claude Code direct control over caches, budgets, and routing. Install it in 2 minutes and ditch the dashboard for terminal-based AI infrastructure management.
Claude Code Token Costs Got You Down? Here's How to Cut Usage 40% Without
Claude Code users frustrated by token costs should use /compact, optimize CLAUDE.md, and route cheap models via OpenRouter for simple tasks—no local model matches Claude's quality yet.
MCP Crosses 9,400 Servers; Build Your Own in TypeScript
MCP crossed 9,400 servers. Build a database introspection server in TypeScript. SDK handles protocol framing and capability negotiation.
Hacker builds $10/mo persistent workspace for Claude Code
A $10/month persistent workspace for Claude Code and Claude AI using Pi's execution layer, MCP, and Cloudflare Tunnel. Bypasses session context loss by sharing one filesystem and database across all MCP-compatible tools.