CSO Online

Malicious packages in npm evade dependency detection through invisible URL links: Report

Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know

Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the npm (Node Package Manager) ecosystem to install JavaScript and Node.js ...
The Hacker News

175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign

Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign. The ...
GitHub

infrared-remote

WiFi-to-IR Bridge for Air Conditioners (2019→2025) ️ Control Any AC with WiFi : Universal ESP8266-based IR bridge supporting 60+ protocols—works with Daikin, Mitsubishi, Samsung & more. Open-source ...
GitHub

pyscn - Python Code Quality Analyzer

pyscn is a code quality analyzer for Python vibe coders. Building with Cursor, Claude, or ChatGPT? pyscn performs structural analysis to keep your codebase maintainable. Run pyscn analyses straight ...