OpenCode Go is becoming the best source of data on what models are being used and how
we've made a public stats page so you can see the latest
https://t.co/LGJdkzYUMf
VoidZero, the team behind Vite, Vitest, Rolldown, Oxc, and Vite+, is joining Cloudflare. Vite stays open source, vendor-agnostic, and built for everyone. https://t.co/DJTpX4Q9Xt
Just shipped Telegram integration for Loopi π€
Message your bot from your phone β it creates workflows, runs commands, and builds automations on your desktop. Full AI capabilities, no app open required.
https://t.co/Fo1p6WqWzV
https://t.co/NC2X4yWNIO
@Polymarket What is the point, is it that the person in possession of the AI powered smart fridge won't know what kind of food he/she bought from the market???? π
I wonder... don't they have a policy of having an antivirus in their company's system??
And, if they does have of some kind, was it not capable of catching and isolating it??
1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories.
Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.
@BladeoftheS I think we should look into the side of current AI using gigantic resources like GPUs, RAMs making the consumer market expensive. Secondly, the impact it is having on the mother nature (use of water, electricity, etc).
AI replacing human jobs comes next.
Loopi v1.10 just dropped π§‘
Gave the desktop app a full premium pass.
Same powerful agents, workflows & 80+ integrations β now with the design tier they deserve. π§‘
Download β https://t.co/MlmtMMnKMn
βΌοΈπ¨ BREAKING: A new npm supply-chain attack uses a dead-man's switch. The payload plants a watcher on your machine that nukes your home directory the second you revoke the GitHub token it stole from you.
The compromise happened today, across 42 official tanstack npm packages, 84 malicious versions in total. tanstack/react-router alone pulls more than 12 million weekly downloads.
The attacker forked TanStack's repository and pushed a single hidden commit. From there, they tricked TanStack's own release system into signing the malicious packages as if they were the real thing. To npm, and to anyone checking the cryptographic proof of origin (SLSA provenance), the poisoned versions looked 100% legitimate.
Maintainer Tanner Linsley confirmed the whole team had 2FA enabled. It didn't matter. This is the first documented npm worm in history that ships with a valid, signed certificate of authenticity, the same one defenders rely on to know a package wasn't tampered with.