npm
30 articles about npm in AI news
Block Compromised NPM/PyPI Packages Automatically with attach-guard
A new Claude Code plugin uses PreToolUse hooks to automatically block compromised packages like the recent axios hijack before they install.
Axios NPM Package Under Active Supply Chain Attack, Potentially Impacts 100M+ Weekly Installs
The widely-used JavaScript HTTP client library Axios may be compromised via a malicious dependency in its latest release, exhibiting malware-like behavior including shell execution and artifact cleanup. With over 100 million weekly downloads, this represents a critical software supply chain threat.
Axios Supply Chain Attack Highlights AI-Powered Social Engineering Threat to Open Source
The recent Axios npm package supply chain attack was initiated by highly sophisticated social engineering targeting a developer. This incident signals a dangerous escalation in the targeting of open source infrastructure, where AI tools could amplify attacker capabilities.
Inside Claude Code’s Leaked Source: A 512,000-Line Blueprint for AI Agent Engineering
A misconfigured npm publish exposed ~512,000 lines of Claude Code's TypeScript source, detailing a production-ready AI agent system with background operation, long-horizon planning, and multi-agent orchestration. This leak provides an unprecedented look at how a leading AI company engineers complex agentic systems at scale.
Lorg CLI: The New Way to Give Claude Code a Permanent Memory
Lorg's new CLI tool lets Claude Code autonomously archive what it learns between sessions, eliminating knowledge loss with a simple npm install.
Claude Code Source Leak: What Developers Found and What It Means for You
Claude Code's source code was exposed via an npm source map. The leak reveals its MCP architecture and confirms it's a TypeScript wrapper, but doesn't change how you use it.
Scan MCP Servers Before You Install: New Free Tool Reveals Security Scores
A new free scanner lets you check any npm MCP server package for security risks like malicious install scripts before adding it to your Claude Code config.
Multi-Claude CLI: Switch Between Team and Personal Claude Code Accounts Instantly
A new npm package lets you manage multiple Claude CLI accounts with shared configs and cloud sync, perfect for switching between work and personal projects.
The Senior Engineer's Guide to CLAUDE.md: From Generic to Actionable
Transform your CLAUDE.md from a vague wishlist into a precise, hierarchical configuration file that gives Claude Code the context it needs to execute complex tasks autonomously.
How to Fix Claude Code's Remote Control Issues and Get Visual Feedback
Practical solutions for Claude Code's remote control instability and lack of visual feedback when building UI components.
Claude Code Hooks: How to Auto-Format, Lint, and Test on Every Save
Configure hooks in .claude/settings.json to run prettier, eslint, and tests automatically, ensuring clean code without manual intervention.
Only 20% of MCP Servers Are 'A-Grade' Secure — Here's How to Vet Them Before Installing
Most MCP servers lack documentation or contain security flags. Use specific tools and criteria to install only vetted, safe servers.
Anthropic Scrambles to Contain Major Source Code Leak for Claude Code
Anthropic is responding to a significant internal leak of approximately 500,000 lines of source code for its AI tool Claude Code, reportedly triggered by human error. The incident has drawn attention to security risks in the AI industry and coincides with reports of shifting investor interest toward Anthropic amid valuation disparities with competitors.
Claude Code v2.1.90: /powerup Tutorials, Performance Gains, and Critical Auto Mode Fix
Claude Code v2.1.90 adds interactive tutorials, improves performance for MCP and long sessions, and fixes a critical Auto Mode bug that ignored user boundaries.
Better-Clawd Fork Adds OpenAI & OpenRouter Support to Claude Code
A new fork of Claude Code removes telemetry, adds OpenAI and OpenRouter support, and claims performance improvements—giving developers backend choice.
Anthropic's DMCA Takedown Signals a New Era for Claude Code's IP
Anthropic's DMCA takedown accidentally hit 8,100 GitHub repos — including its own community. The fiasco exposed 44 feature flags, Project KAIROS, and a fundamental tension between open ecosystems and proprietary AI agent logic.
The Axios 1.14.1 Attack: Why Claude Code Users Must Audit Their Lockfiles Now
A compromised version of axios (1.14.1) is a supply chain attack targeting AI-assisted workflows. Check your lockfiles immediately.
Audit Your MCP Servers in 10 Seconds with This Free Security Score API
A new free API gives Claude Code users a Lighthouse-style security score for any MCP server, revealing that 60% of scanned packages have vulnerabilities.
OpenClaw vs. Claude Code: When to Use an Open-Source Agent Framework
OpenClaw is a free, open-source agent framework for complex multi-step tasks, while Claude Code is a purpose-built CLI tool for direct coding. Here's how to choose.
Anthropic Launches Computer Use Feature in Claude Code, Enabling AI to Execute Terminal Commands
Anthropic has activated a 'computer use' capability within its Claude Code environment, allowing the AI assistant to directly execute terminal commands. This marks a significant step toward autonomous coding agents that can interact with development environments.
Add Machine-Enforced Rules to Claude Code with terraphim-agent Verification Sweeps
Add verification patterns to your CLAUDE.md rules so they're machine-checked, not just suggestions. terraphim-agent now supports grep-based verification sweeps.
How to Lock Down Claude Code After the Cowork Prompt Injection Scandal
Claude Code's new Computer Use feature expands attack surfaces. Here's how to configure permissions and audit dependencies to prevent data exfiltration.
Rotifer v0.7.5 Adds Gene Registry & Version Chains — Here's How to Use Them
Rotifer's latest update fixes domain chaos and adds version tracking for genes, plus MCP analytics to see what's actually being used.
Debug Multi-Agent Systems Locally with the A2A Simulator
Test and debug AI agents that communicate via Google's A2A protocol using a local simulator that shows both sides of the conversation.
Safari MCP Cuts Browser Automation CPU Usage by 95% for Mac Developers
Replace your Chromium-based MCP browser tool with Safari MCP to eliminate Chrome's resource drain while keeping your existing logged-in sessions.
Epismo CLI: Save and Reuse Your Claude Code Workflows Like GitHub Repositories
Epismo CLI lets you capture, version, and share multi-step Claude Code workflows as markdown chains, solving the 'how did I get here?' problem.
Secure Your MCP Servers: ClawGuard Scans for Tool Poisoning and Rug Pulls
New security tool ClawGuard scans MCP servers for hidden instructions in tool descriptions, parameter exploits, and malicious updates—critical for Claude Code users connecting to external tools.
Transform Your CLAUDE.md from a Note to a Multi-Agent Command Center
Use CLAUDE.md to coordinate sub-agents, enforce project rules, and cut API costs by 90% with a simple endpoint swap.
GitHub Study of 2,500+ Custom Instructions Reveals Key to Effective AI Coding Agents: Structured Context
GitHub analyzed thousands of custom instruction files, finding effective AI coding agents require specific personas, exact commands, and defined boundaries. The study informed GitHub Copilot's new layered customization system using repo-level, path-specific, and custom agent files.
This Notion MCP Bug Tracker Automates Error Logging—Here's How to Use It
A new MCP server automatically logs and categorizes errors to Notion, turning raw console output into structured bug reports.