InfoWorld

The reliability cost of default timeouts

A timeout defines where a failure is allowed to stop. Without timeouts, a single slow dependency can quietly consume threads, ...
SecurityWeek

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM

Hulud-like Sandworm_Mode supply chain attack targets NPM developers to steal secrets and poison AI assistants.
CSO Online

Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
IEEE

PyTrim: A Practical Tool for Reducing Python Dependency Bloat

Abstract: Dependency bloat is a persistent challenge in Python projects, which increases maintenance costs and security risks. While numerous tools exist for detecting unused dependencies in Python, ...
GitHub

Native Python bindings for btrfs — create filesystems, manage subvolumes and snapshots, mount and unmount. No shell commands, no subprocess, no runtime dependencies beyond libc.

Why not the existing btrfs package? The btrfs package on PyPI requires libbtrfsutil installed as a system library. That means distro packages, broken virtualenvs, and ...
GitHub

The VirusTotal for prompt injection — open-source defense with crowdsourced threat intelligence.

A semi-permeable barrier between your AI agent and the world. Scans and sanitizes untrusted content before it reaches your agent's context window. Zero external dependencies. Sub-5ms. Works offline.