Matteo Cervelli

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest [email protected] now pulls in [email protected], a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.

When a super pro max plan?? I find the 200k window very good, but having the possibility to switch to 1m when session was proximate to limit permitted me many time to just finish, write continuation.md and then compact and restart! Having the 1m window in subscription enable other workflows

Counterpoint 1st point. I thought the same until today. For the first time ever I risk to hit my weekly limit (90% today, reset Monday 8am). Well, on the contrarian I had probably my most productive week. I refactored lots of obsidian notes, prepared a bunch of legal documents while refactoring many elements shared between my projects into libraries and pushed back to create coherence between some projects. Opus 4.6 together with companion reviews from codex 5.3 is simply amazing and I am using them to solve more complex problems and they usually one shot them together. Also, I saw a great improvement in understanding frontend structure (from code)

Linux is the best profiting platform for all of this. Would it have macOS hw natively… Since the moment I activated parallels, all my application-related coding passwords from Debian/ubuntu vms, for be pushed later to vps for production. Codex cli, or Claude code cli or the sdk versions are just perfect with Linux.

it depends on your use case. Cc CLI requires a more fine tuned environment to get what you can easily do in https://t.co/oq4c7JOToC with projects, a good instruction/prompt and files + memory. However, if you are already confident with your setup plus having a bit of time, moving the whole setup, rebuilding a similar environment, skills, tools in cc leverages it after the first friction. Assuming you are a claude code user already, not from scratch.

Always. Particularly with PRPs, as I want them to be TDD, it helps very much to have one-shot implementation. The Opus orchestrator that plans the following implementation usually comments after this that it is “a straightaway implementation” so that I can’t avoid deleting context after the plan. Opus has full knowledge, and it goes straight with small refactoring after the green phase. With the Codex Companion after implementation, generally it resolves issues, and it reduces a lot the back and forth with review agents in PRs. I never got easy PRs (for important features) before this companion system. Something I need to mention: codex does not work from a blank state, so this system is particularly token-effective in api cost. I realized that with clear specs, Claude is better to implement, and Codex CLI is like a warranty agile second developer that brings to life spectacular adherence to specs. When we spend time on clear specs, this duo is a dream realization machine.

Interesting take. In the same way we use sub https://t.co/oaBfSS6dGC files in subfolders we can use the main https://t.co/oaBfSS6dGC as a subfolder one. However I drive crazy every time I don’t work where the .git folder is, or every time Claude misses a task because of the wrong path. Do you have a good hook for !pwd?