cd/entity/npm· home entities npm
grep -l @npm /news/*.json | wc -l → 154

npm

mentions 154 type Organization page 3/8 feed RSS

// recent coverage 154 mentions

18:35
2026-06-20
sinn.io
developer-tools

Getting OpenCode plugins working in your organisation

OpenCode, an open-source coding agent, faces plugin management issues in enterprise deployments, including stale versions and private registry failures. A workaround involves using exact version pinni…

15:03
2026-06-20
devclubhouse.com
ai-safety

North Korean Hackers Poison Mastra AI in npm Attack

North Korean threat actor Sapphire Sleet compromised the Mastra AI open-source framework on June 17, 2026, by hijacking a maintainer's npm credentials and poisoning 141 packages within 88 minutes. The…

11:51
2026-06-20
github.com
ai-agents

MCP tool that catches AI-agent scope creep

A new open-source tool called Overreach detects when AI coding agents add unauthorized code—such as endpoints, dependencies, or cron jobs—beyond the original prompt. The tool compares a developer's pr…

06:58
2026-06-20
news.ycombinator.com
large-language-models

Ask HN: Will we start seeing tools for LLM use?

A Hacker News user asks whether the community will develop tools that structure command-line output specifically for LLM consumption, noting that current compression methods save tokens but may increa…

20:24
2026-06-19
sauleau.com
ai-safety

Hide Secrets from AI Agents and NPM install using Airgap

Airgap, a new Linux tool, wraps programs in namespaces to hide secrets from AI agents and block npm malware that steals credentials at install time. It redacts sensitive files like .env and SSH keys f…

17:05
2026-06-19
fogknife.com
large-language-models

The Rapture of the Programming Languages

Generative AI coding assistants are making programming language popularity less relevant, as tools like Claude Code can work with older languages like Perl if sufficient documentation exists. The auth…

16:41
2026-06-19
dev.to
developer-tools

Toy Story: The Open-Source Ecosystem

A developer created a Toy Story-themed analogy for the open-source ecosystem, personifying tools like Python's cpython and Facebook's React as characters. The story explores conflicts between legacy a…

13:10
2026-06-18
github.com
ai-tools

MCP-customs: NPM audit, but for MCP servers

A new open-source CLI tool, mcp-customs, scans MCP servers for security risks before installation, running fully offline with no telemetry. It checks for issues like shell injection, path traversal, a…

11:16
2026-06-17
byteiota.com
ai-agents

144 Mastra npm Packages Backdoored: What to Check Right Now

An attacker hijacked a dormant contributor account and published malicious versions of 144 packages under the @mastra npm scope between 01:15 and 02:36 UTC, targeting the TypeScript AI agent framework…

← prev page 3 / 8 next →
// co-occurs with top 8 entities