InfoWorld

New npm worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
InfoQ

GitHub Agentic Workflows Unleash AI-Driven Repository Automation

Recently launched in technical preview, GitHub Agentic Workflows introduce a way to automate complex, repetitive repository ...
GitHub

xianyu110/awesome-openclaw-tutorial

从零开始玩转OpenClaw:最全面的中文教程,涵盖安装、配置、实战案例和避坑指南(github版) - xianyu110/awesome-openclaw-tutorial ...
GitHub

RevDra/human-face-detection

Real-time detection from your webcam Side-by-side video feed and detection results Live statistics (FPS, face count, duration) Start/stop controls Human_face_detection/ ├── .github/ # CI/CD & ...