GitSpy is live
before you fork a repo or add a dependency - you should probably
know what's inside it
pip install gitspy-cli
gitspy scan https://t.co/kVZdXvY3ur
checks the entire git history for leaked secrets, vulnerable deps, backdoors and suspicious patterns. gives you a trust score 0 - 100.
fully offline, no api keys needed. ai classification is optional.
https://t.co/VlQnIb4t9H
#cybersecurity #opensource
ok this one got me. everyone's sharing that NYT piece about a guy who "built a billion-dollar company with AI" and i kept scrolling past it thinking it's another hype story. then i actually read it and it's way more interesting than the headline.
so Matthew Gallagher, 41, dude from LA, drops $20K on AI tools, spends 2 months building a telehealth site called Medvi. his only hire is his brother. the site sells compounded GLP-1 drugs - basically the same active ingredient as Ozempic but mixed by smaller pharmacies for ~$179/mo instead of $1,300+. NYT checked the books: $401M revenue in 2025, 16.2% net margin, tracking $1.8B this year. with two people.
the thing is - he doesn't touch anything medical. doctors come from a platform called CareValidate, drugs get made and shipped by compounding pharmacies through OpenLoop. Medvi is literally just a website, ads, and a call center - all built and run by AI. ChatGPT, Grok and Claude wrote the code, Midjourney did the images, Runway made the video ads, ElevenLabs handles phone calls.
but here's where it gets spicy. FDA ended the semaglutide shortage in Feb 2025 - and that shortage was the whole legal basis for selling these cheaper compounded versions. since then they've fired off 85+ warning letters to telehealth companies, Medvi included. Hims & Hers got referred to DOJ. the entire $1.8B forecast depends on regulators not pulling the plug.
so yeah - the first "AI billion-dollar company" isn't an AI company at all. it's a guy who spotted a massive price gap in a regulatory grey zone and used AI to move faster than anyone else could. speed was the moat, not the tech. whatever you think about the business itself - respect for the execution @galligator
https://t.co/YnuFohu79T
@Samaira_twts looks like a MacBook until it sounds like a jet engine😂 but seriously though, this actually looks clean. Dell might be onto something here
Currently working on a project called GitSpy - an open-source supply-chain security scanner. Scans secrets, dependencies, code patterns and repo trust signals. One command, full security audit.
- CVE lookup via OSV/NVD
- Backdoor detection with tree-sitter
- AST Trust score 0-100 Optional
- AI classification
- Python, runs offline
Coming soon...
@ApplyWiseAi@Fried_rice true, for anyone who knows what to look for the context patterns are arguably the bigger leak. can't be fun for anthropic either way tho
after @Fried_rice flagged the claude code leak - went through the repo myself. anthropic shipped a .map file inside their npm package. the full source just sitting there - 512k+ lines of typescript, ~1,900 files, all on Bun + React/Ink
the amount of stuff they have built is wild:
- 25+ tools, 20+ slash commands
- multi-agent orchestration with agent swarms (AgentTool + coordinator/)
- bridge system for VS Code and JetBrains over JWT
- persistent memory across sessions (memdir/)
- buddy/ - a companion sprite, literally labeled "Easter egg" in the tree
- QueryEngine.ts alone is ~46k lines
feature flags via bun:bundle - KAIROS, VOICE_MODE, PROACTIVE, DAEMON, AGENT_TRIGGERS and more. all compiled out of the public build
and they have an "undercover mode" to not leak internal stuff when committing to open source. the irony writes itself
no customer data leaked. just the engineering
respect to the team tho. this codebase is serious
@Fried_rice 512k lines of typescript, 44 feature flags, tons of unreleased features. the funniest part - they built an "undercover mode" to hide internal info when committing to open source repos. and then leaked everything through a forgotten .map file in npm 😀
built a real-time cyber attack map
when you launch it and see ssh brute forces, port scans, telnet bots all flying in from around the world - like 30 countries at once - you genuinely can't look away
under the hood it's fastapi + websocket, frontend is maplibre gl with a globe. attacks fly as comet-like arcs from source to target. spent way too long on the animation but it's buttery smooth now
project is open source - plug in your abuseipdb key or hook up a t-pot honeypot and watch your real traffic. or just spin up the demo locally and see for yourself
https://t.co/sV9qVB0kDa
#cybersecurity
made a thing that shows cyber attacks on a globe in real time. every arc is an actual attack pulled from live threat feeds. stay tuned, plugging in more sources
Level up your Solidity - from your first NFT to a full DEX
Found the best resource to boost your dev skills - @buidlguidl It’s all here: from deploying smart contracts and launching NFTs to building a complete DEX.
Linea is launching its token soon. Here’s everything you need to know about the airdrop, tokenomics, and multipliers.
I also made a free tool to check multiple wallets at once - no wallet connection required. Wrote it quickly and hosted it on my domain, might be useful for someone: https://t.co/dBkYSP5qZG