Home » Tags

Security

Pi Agent terminal showing the dep-audit widget flagging a critical lodash vulnerability

Building a Dependency Audit Extension for Pi Agent - and What Mini Shai Hulud Taught Me About npm Supply Chains

Last week, Microsoft’s Defender research team published details of an attack campaign they’re calling Mini Shai Hulud. A threat actor compromised maintainer accounts for the @antv npm organisation - the team behind popular charting libraries like G2 and G6 - and published malicious versions containing a 499 KB obfuscated payload that ran automatically during npm install. The blast radius was significant: echarts-for-react, one of the downstream dependents, has over a million weekly downloads. GitHub pulled 640 package versions and invalidated 61,274 npm tokens before it was contained. ...

21 May 2026 · 9 min · Tom Cocking
Terminal output showing pip-audit reporting no known vulnerabilities found against a requirements.txt file

How to Secure a Python Project Against Supply Chain Attacks: Dependabot, pip-audit, and Branch Protection

I built a small Python TUI to help manage power consumption on my aging Dell laptop. The battery is at 37% health - 18,992 mWh left from a 51,999 mWh design capacity - and the Windows power settings are buried three menus deep. Nothing complicated: a couple of hundred lines using Textual and psutil, showing real-time discharge rates from WMI and letting me cap the CPU speed without clicking through Settings every time. ...

16 May 2026 · 11 min · Tom