Skip to content
gentic.news — AI News Intelligence Platform
Connecting to the Living Graph…

npm

30 articles about npm in AI news

Why Your CLAUDE.md Needs a 'No npm install' Rule for Open Source Repos

Add a `# In open source repos, never run npm install or pip install without asking first` rule to CLAUDE.md. This prevents Claude Code from executing untrusted code, saving tokens and protecting your system.

75% relevant

TrapDoor supply-chain attack hits npm, PyPI, Crates.io — weaponizes AI config files

TrapDoor planted 34 malicious packages on npm, PyPI, and Crates.io, and injected poisoned AI config files into repos to weaponize Claude Code and Cursor.

85% relevant

Block Compromised NPM/PyPI Packages Automatically with attach-guard

A new Claude Code plugin uses PreToolUse hooks to automatically block compromised packages like the recent axios hijack before they install.

78% relevant

Axios NPM Package Under Active Supply Chain Attack, Potentially Impacts 100M+ Weekly Installs

The widely-used JavaScript HTTP client library Axios may be compromised via a malicious dependency in its latest release, exhibiting malware-like behavior including shell execution and artifact cleanup. With over 100 million weekly downloads, this represents a critical software supply chain threat.

99% relevant

MCP Server Discovery: How to Find the Right Tool in a Sea of 13,000 Servers

With 13,000+ MCP servers available, discovery is the new bottleneck. Use `mcp-hub` or Smithery to find verified servers for Claude Code instead of searching npm blind.

84% relevant

Stop Telling Claude to 'Be Careful' — 3 Hook Tools That Fix What Prompts Can't

Throughline, Caveat, and Spotter are three npm tools that use Claude Code hooks to fix context bloat, past-trap memory, and missed tool calls — problems CLAUDE.md instructions can't solve.

70% relevant

Axios Supply Chain Attack Highlights AI-Powered Social Engineering Threat to Open Source

The recent Axios npm package supply chain attack was initiated by highly sophisticated social engineering targeting a developer. This incident signals a dangerous escalation in the targeting of open source infrastructure, where AI tools could amplify attacker capabilities.

85% relevant

Inside Claude Code’s Leaked Source: A 512,000-Line Blueprint for AI Agent Engineering

A misconfigured npm publish exposed ~512,000 lines of Claude Code's TypeScript source, detailing a production-ready AI agent system with background operation, long-horizon planning, and multi-agent orchestration. This leak provides an unprecedented look at how a leading AI company engineers complex agentic systems at scale.

86% relevant

Lorg CLI: The New Way to Give Claude Code a Permanent Memory

Lorg's new CLI tool lets Claude Code autonomously archive what it learns between sessions, eliminating knowledge loss with a simple npm install.

89% relevant

Claude Code Source Leak: What Developers Found and What It Means for You

Claude Code's source code was exposed via an npm source map. The leak reveals its MCP architecture and confirms it's a TypeScript wrapper, but doesn't change how you use it.

95% relevant

Scan MCP Servers Before You Install: New Free Tool Reveals Security Scores

A new free scanner lets you check any npm MCP server package for security risks like malicious install scripts before adding it to your Claude Code config.

87% relevant

Multi-Claude CLI: Switch Between Team and Personal Claude Code Accounts Instantly

A new npm package lets you manage multiple Claude CLI accounts with shared configs and cloud sync, perfect for switching between work and personal projects.

95% relevant

Stop Dumping Instructions Into CLAUDE.md — Use the 3-Layer Agent Harness

Stop appending rules to CLAUDE.md. Use the 3-Layer Agent Harness: a short constitution (CLAUDE.md), specialist skills, and subagents. This respects the 150-instruction compliance budget and keeps your agent reliable.

100% relevant

Sia joins €6 million investment round in agentic AI startup Lemrock

Sia joins a €6M round for agentic AI startup Lemrock. This signals enterprise demand for autonomous agents that handle complex workflows, relevant to retail automation.

68% relevant

Use MCP Inspector to Build an AI Agent Messaging Workflow

MCP Inspector lets Claude Code users replace hardcoded REST endpoints with a Discover→Plan→Execute→Observe workflow for SMS delivery—no theory, just a live BridgeXAPI server demo.

75% relevant

Swap Your TypeScript LSP Plugin for the Native Go TS7 Server — Here's How

Swap your Claude Code TypeScript LSP plugin for the TS7 native Go server via a community marketplace — it's faster, lighter, and takes 2 minutes to set up.

85% relevant

My Day-One Claude Code Setup: A Workflow That Saves 15 Minutes Per New Project

A repeatable workflow with CLAUDE.md, project templates, and MCP servers saves 15 minutes per project and reduces setup errors by 40% for Claude Code users.

95% relevant

MCP Ecosystem Hits 13,000+ Servers

13,000+ MCP servers exist, but discovery is painful. mcp-hub offers verified search and install. Claude Code users should adopt it to save time and avoid broken servers.

89% relevant

GitHub Actions Now Runs Steps in Parallel — Here's How to Use It with

GitHub Actions' new `background`, `wait`, `cancel`, and `parallel` keywords let you run steps concurrently. Update your CI/CD workflows to cut job times.

70% relevant

How to Build a Native MCP Server

Native MCP servers embed the Model Context Protocol directly into your CMS, letting Claude Code act like a trusted team member with full permission enforcement. No more copy-paste.

85% relevant

WSL 3 Preview: Cut Claude Code's Local Inference Latency on Windows

WSL 3 preview delivers near-native GPU/NPU for Claude Code + Ollama on Copilot+ laptops, but WSL 2 still handles NVIDIA CUDA fine for desktop users.

98% relevant

MACCHA: The File-Based Cross-Agent Brain That Makes Claude Code Remember

MACCHA solves Claude Code's cold-start problem with a file-based 7-tier memory system. Use it to persist preferences, project rules, and lessons across sessions without a daemon.

95% relevant

Claude Code v2.1.158: Enable Auto Mode on Bedrock, Vertex, and Azure Right Now

Claude Code v2.1.158 brings auto mode to Bedrock, Vertex, and Azure. Set `CLAUDE_CODE_ENABLE_AUTO_MODE=1` and upgrade before the June 1 deprecation of `CLAUDE_CODE_OPUS_4_6_FAST_MODE_OVERRIDE`.

100% relevant

Monitor Claude Code Spend in Real-Time with Claudestat's Live Dashboard

Claudestat is an open-source Node.js tool that provides a live terminal dashboard, quota guard, and MCP server for monitoring Claude Code and OpenCode sessions in real-time.

70% relevant

Cut Token Waste 61% on Server Tasks with aiterm-mcp

Install aiterm-mcp for a persistent terminal MCP server that cuts token waste by 61% on logs, eliminates SSH reconnection boilerplate, and prunes output before Claude Code reads it.

95% relevant

Claude Code Digest — Jun 07–Jun 10

The biggest shift this week: teams are stripping 60% of prescriptive skill text, then using hooks + MCP + Temporal to make Claude Code more reliable than prompt-only workflows.

95% relevant

Prism v1.8 Adds CLI, MCP Server, and SDKs — Here's How to Use Them with

Prism v1.8's MCP server gives Claude Code direct control over caches, budgets, and routing. Install it in 2 minutes and ditch the dashboard for terminal-based AI infrastructure management.

73% relevant

Claude Code Token Costs Got You Down? Here's How to Cut Usage 40% Without

Claude Code users frustrated by token costs should use /compact, optimize CLAUDE.md, and route cheap models via OpenRouter for simple tasks—no local model matches Claude's quality yet.

90% relevant

MCP Crosses 9,400 Servers; Build Your Own in TypeScript

MCP crossed 9,400 servers. Build a database introspection server in TypeScript. SDK handles protocol framing and capability negotiation.

90% relevant

Hacker builds $10/mo persistent workspace for Claude Code

A $10/month persistent workspace for Claude Code and Claude AI using Pi's execution layer, MCP, and Cloudflare Tunnel. Bypasses session context loss by sharing one filesystem and database across all MCP-compatible tools.

90% relevant