The Hacker News

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

npm 12 disables install scripts by default, requiring explicit approval to reduce dependency-based code execution risks.
InfoWorld

GitHub finally pulls the plug on automatic install script execution for npm

The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took ...

Xiaomi’s New AI Coding Agent Beats Claude Code and is Now Completely Free to Use With a Major Advantage Over Rivals

Xiaomi has open-sourced MiMo Code V0.1.0, a new terminal-based AI coding assistant built for long-running software projects.
The Hacker News

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

VS Code 1.123 adds a two-hour delay before extensions auto-update to newer versions when automatic updates are enabled.

TestSprite launches an open-source command-line tool to help AI agents check their own work

Autonomous artificial intelligence-powered software testing tool TestSprite Inc. today announced that the company has ...
SecurityWeek

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...
MUO on MSN

5 package managers that work on Windows, Mac, and Linux

If reinstalling software feels repetitive, these tools have some ideas.
Pen Test Partners

ClickFix, CrashFix and the growing family of copy and paste attacks

TL;DR Introduction At the start of this year, I wrote a blog on how 2025 was the ‘year of the infostealer’, and it doesn’t ...

Xiaomi announces new AI coding agent that actually remembers what it was doing

Xiaomi just open-sourced MiMo Code V0.1.0, its new terminal-based AI coding assistant that is trying to solve one of the ...
SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...
InfoWorld

Microsoft makes Linux developers feel more at home in Windows with Coreutils release

As well as Coreutils, the Build 2026 developer conference also saw Microsoft announce WSL containers CLI and API to deploy ...