Tootfinder

»npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack:
Aikido Security flagged the largest npm attack ever recorded, with 18 packages like chalk, debug, and ansi-styles hacked to hijack crypto wallets via injected code.«
Good heavens! Another example of how "simple" and popular programming languages are misused to exploit users.
😠

npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Aikido Security says attackers injected malware into 18 popular npm packages, including the debug package, with over 2.6B total weekly downloads (Sergiu Gatlan/BleepingComputer)
https://www.bleepingcomputer.com/news/secu

It’s almost like programming language monocultures with “best practices“ and paradigms requiring hundreds or thousands of dependencies even for simple apps are harmful https://www.bleepingcomputer.com/news/security/hackers-hijack-npm-packages-with-2-billion-weekly-downloads-in-supply-chain-attack/

python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…

I generally like FreeBSD. But when it comes to their system of effectively erasing prior versions of packages at the end of the "supported" period - well then I hate FreeBSD with a purple passion.
Just a few days back the 14.2 version feel out of "support". Until then I could install pre-built packages. Today I cannot.
(They say "build 'em from the ports source" - well that means rebuilding tool chains - which is a hell of infinite regression be…

@… thanks, a few observations.
Nine base sets (minimal plus all eight additions) should be rare, not a norm.
The next screenshot shows 311 packages, that's not consistent with the nine base sets. There should be 488 packages, including pkg itself.
The pictured user has not been added to any groups. They'll not benefit from hardware-acc…

UnitTenX: Generating Tests for Legacy Packages with AI Agents Powered by Formal Verification
Yiannis Charalambous, Claudionor N. Coelho Jr, Luis Lamb, Lucas C. Cordeiro
https://arxiv.org/abs/2510.05441

UnitTenX: Generating Tests for Legacy Packages with AI Agents Powered by Formal Verification
This paper introduces UnitTenX, a state-of-the-art open-source AI multi-agent system designed to generate unit tests for legacy code, enhancing test coverage and critical value testing. UnitTenX leverages a combination of AI agents, formal methods, and Large Language Models (LLMs) to automate test generation, addressing the challenges posed by complex and legacy codebases. Despite the limitations of LLMs in bug detection, UnitTenX offers a robust framework for improving software reliability and…

@… ah, yeah — for sure. I just mean that packages using provenance aren’t *required* to use provenance to publish (which was an interesting design decision)

#Go escape, or... //go:noescape
"meaning that the function has an implementation not written in Go"
very mysterious.
https://pkg.go.dev/cmd/compile
Today I learned a few first things about…

python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…