Slothy

New supply chain attack this time for npm axios, the most popular HTTP client library with 300M weekly downloads. Scanning my system I found a use imported from googleworkspace/cli from a few days ago when I was experimenting with gmail/gcal cli. The installed version (luckily) resolved to an unaffected 1.13.5, but the project dependency is not pinned, meaning that if I did this earlier today the code would have resolved to latest and I'd be pwned. It's possible to personally defend against these to some extent with local settings e.g. release-age constraints, or containers or etc, but I think ultimately the defaults of package management projects (pip, npm etc) have to change so that a single infection (usually luckily fairly temporary in nature due to security scanning) does not spread through users at random and at scale via unpinned dependencies. More comprehensive article: https://t.co/EJAZbqAPIQ

I'd like to compare Toad's UI against "native" CLIs. In the following videos, both terminals should be working with the same agents. It's only how the output is presented that should differ. Although in practice, there does seem to be some differences introduced by the ACP layer. I'd like to compare and contrast the UI, which will reflect my personal opinion of how these things should work. The differences in the tech will also make a difference. Specifically the holy war of scrollback vs alternate screen. Not dissing any of the builders behind the CLI agents. Toad couldn't exist without their work. By implementing ACP or providing an SDK to do so, they allow you to use any UI you like.