v1.0 is out now! 🙌
It took more than a decade, TypeORM was considered dead by many over the past years...
But since late 2024 a group of dedicated maintainers was working hard and finally shipped what so many developers were waiting for: the first officially stable version!
Some news: I'm stepping in to lead the maintenance of
PR Agent 🚀
The project is moving to a community-owned org
(The-PR-Agent), license going back to Apache 2.0,
governance committee forming.
Huge props to @QodoAI and @DanaFine7 for doing this
the right way.
https://t.co/S2HuDeXgle
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages.
The latest [email protected] now pulls in [email protected], a package that did not exist before today. This is a live compromise.
This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now.
Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that:
• Deobfuscates embedded payloads and operational strings at runtime
• Dynamically loads fs, os, and execSync to evade static analysis
• Executes decoded shell commands
• Stages and copies payload files into OS temp and Windows ProgramData directories
• Deletes and renames artifacts post-execution to destroy forensic evidence
If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
FYI on April 24th GitHub will begin training on your code for GitHub Copilot so unless you want this forced default opt-in, go to settings and disable 👇
🎉TypeORM v1.0 Beta is here!
After 10+ years, 190M+ downloads, and 3.6M weekly installs, TypeORM is finally approaching v1.0.
The beta is available now: npm install typeorm@beta
We need your help getting it across the finish line. 🧵
LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below
@oriSomething@cherkaskyb הבנתי מחבר שמבחינת עלויות שווה ללכת על Github Enterprise ואז אתה מקבל כמות משמעותית של קרדיטים לactions ואז זה יוצא יותר משתלם אבל אני לא בדקתי בעצמי אם זה מדוייק
@cherkaskyb יש כל מיני פיצ'רים נחמדים כמו פיצול טסטים לפי זמנים של טסטים וSSH לראנר גם שהוא לא self hosted שבGithub Actions אתה צריך לממש בעצמך, זו לא בהכרח סיבה מספיק טובה לצאת מהבאנדל אבל זה כן משהו לקחת בחשבון
AI Tutor crossed 500 NPM downloads and 50 stars in 2 days!
Let's go!
Want to learn AI concepts you see day to day when using code agents, right from your terminal?
Check it out: https://t.co/HXEBN7I2eZ
#AIEngineering#AI