The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
GitHub

typesense-js

Javascript client library for accessing the Typesense HTTP API.
GitHub

GitHub - Shopify/draggable: The JavaScript Drag & Drop library your grandparents warned you ...

Draggable is no longer maintained by its original authors. Maintenance of this repo has been passed on to new collaborators and is no longer worked on by anyone at Shopify. We are still looking for ...