TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

Simona Liao and Leah Tran, product managers at Microsoft, discuss how GitHub Copilot in Visual Studio has evolved from a code completion tool into an agent-driven development workflow -- and share ...

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

In the first five months of 2026, security researchers have flagged more malicious packages on the npm registry than in all ...

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

GlassWorm, a known malware, has put 73 harmful extensions into OpenVSX's registry. Hackers use it to steal developers' crypto wallets and other data.

Cursor is a free, open‑source code editor based on Visual Studio Code. It integrates large language models directly into your workflow, giving you AI‑powered autocomplete, inline code generation, a ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...

Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found by Adversa AI. On March 31, 2026, Anthropic mistakenly included a ...

Anthropic PBC has accidently exposed the source code for its Claude Code command-line interface tool through a packaging error that led to the inclusion of sensitive ...

A packaging error revealed Anthropic’s entire Claude Code codebase, spanning nearly 1,900 TypeScript files and over 512,000 lines of code, after a source map file ...