Olivia
Online
zaccaria
@zaccadev
head of tech | 25 |
🇧🇷
Joined July 2020
257 Following
46 Followers
227 Posts
SECURITY ADVISORY — TanStack npm packages
A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package.
Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down.
Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys.
If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised:
• Rotate cloud, GitHub, and SSH credentials immediately
• Audit cloud audit logs for the last several hours
• Pin to a prior known-good version and reinstall from a clean lockfile
Detection — the malicious manifest contains:
"optionalDependencies": {
"@tanstack/setup": "github:tanstack/router#79ac49ee..."
}
Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root).
Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level.
Full technical breakdown, complete package and version list, and rolling status updates:
https://t.co/Zy8qG7PA9f
Credit to the security researcher for responsible disclosure.
@gregceltiano @Nanoorb @maisesportsbr acurácia de 90% seria criminosamente baixo. pra uma feature como essa, teria que girar em torno dos 99.9%, e ainda assim, um em cada mil dada a playerbase gigante pode ser fruto de muita dor de cabeça pro suporte da riot.
@VictorTaelin this pisses me of too. btw, you can edit using ctrl+g, it will open your IDE to edit your full prompt (at least in claude code, idk if same for the other ones).
did Anthropic launch Claude Music or something
// Tool Attention Is All You Need //
New research proposes a practical fix for the hidden "MCP tax."
The work introduces a dynamic tool gating mechanism built on an Intent Schema Overlap score from sentence embeddings, paired with a state-aware gating function that enforces preconditions and access scopes.
A two-phase lazy schema loader keeps a compact summary pool in context and only promotes full JSON schemas for the top-k gated tools.
On a simulated 120-tool benchmark, tool tokens dropped from 47.3k to 2.4k per turn (95% reduction) while effective context utilization rose from 24% to 91%.
Why does it matter?
As MCP ecosystems grow, naive tool exposure will silently wreck both cost and reasoning quality. Dynamic tool gating and lazy schema might help your setup.
Paper: https://t.co/ak4Koy93Ah
Learn to build effective AI agents in our academy: https://t.co/1e8RZKs4uX
se vc não está ficando pra trás, então vc está ficando pra trás
The one employed philosophy PhD right now
Polymer prices hit all-time records before Trump even announced the Iran blockade.
Then he announced it.
Israel just knocked out 85% of Iran's petrochemical capacity.
Physical Brent crude hit $141 — highest since 2008.
Futures say $109.
That $32 gap is the real story.
Thread 🧵
@msdevbr hahahah verdade to me cagando de rir microsoft
@pranavcodes_ @SwaDotDev DON'T. I just migrated from the desktop app to the mobile version. ts is completely unusable.
@obertobr @apogeudanoite exato, o interpretador mesmo foi feito em delphi (object pascal)
The Strait of Hormuz just became the biggest risk to global polyethylene markets in 2026.
Here's what the data shows (and what most traders are missing): 🧵
*Written and Directed by Christopher Nolan*
Need another season of Silicon Valley so badly.
@samsantosb @Sr_Rico1 uma das únicas pessoas que eu encontrei que realmente divulgam um conteúdo hodierno e científico é o elvis. simplesmente ouro, sem clickbait, sem threadzinha pra engajar, apenas ciência e tecnologia.
(elvis, if you are reading this, thank you buddy 🫡)
https://t.co/KgqdHzrYmB
@emseebong @oprimodev os nomes são feios e a lista é longa, mas tem coisa aí que sequer exige profundidade ou uma leitura densa sobre. uma parte considerável só te requer uma leitura não preguiçosa no MDN, lol
Last Seen Users on Sotwe
Hüseyin kurnaz
Seen from Germany
Tổng Hợp Phim Hay
Seen from Vietnam
M ɪ ʀ ᴏ 🫥
Seen from United Arab Emirates
Manzoor Ahmedmuhammadhassn
Seen from Pakistan
Debra
Seen from Turkey
Trai bóng đá dâm 2k2 cto 
Seen from Vietnam
em bé mê cu
Seen from Vietnam
美琴🇦🇬@発泡酒大好き( ˙꒳˙ )
Nazilli Escort
Seen from Turkey
ด้านมืด แนวครอบครัว
Seen from Thailand
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.9M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.3M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers