Unexplanations: relational algebra is math
https://www.reddit.com/r/programming/comments/1nagb22/unexplanations_relational_algebra_is_math/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.scattered-thoughts.net/writing/unexplanations-relational-algebra-is-math/) [comments] (https://www.reddit.com/r/programming/comments/1nagb22/unexplanations_relational_algebra_is_math/)
https://www.reddit.com/r/programming/comments/1nagb22/unexplanations_relational_algebra_is_math/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.scattered-thoughts.net/writing/unexplanations-relational-algebra-is-math/) [comments] (https://www.reddit.com/r/programming/comments/1nagb22/unexplanations_relational_algebra_is_math/)
Odin does have undefined behavior
https://www.reddit.com/r/programming/comments/1nagb9c/odin_does_have_undefined_behavior/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.youtube.com/watch?v=k8iCkbbBHyg) [comments] (https://www.reddit.com/r/programming/comments/1nagb9c/odin_does_have_undefined_behavior/)
https://www.reddit.com/r/programming/comments/1nagb9c/odin_does_have_undefined_behavior/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.youtube.com/watch?v=k8iCkbbBHyg) [comments] (https://www.reddit.com/r/programming/comments/1nagb9c/odin_does_have_undefined_behavior/)
Local-first access control
https://www.reddit.com/r/programming/comments/1nagbhh/localfirst_access_control/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.inkandswitch.com/keyhive/notebook/) [comments] (https://www.reddit.com/r/programming/comments/1nagbhh/localfirst_access_control/)
https://www.reddit.com/r/programming/comments/1nagbhh/localfirst_access_control/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.inkandswitch.com/keyhive/notebook/) [comments] (https://www.reddit.com/r/programming/comments/1nagbhh/localfirst_access_control/)
Debugging a dropped async Task
https://www.reddit.com/r/programming/comments/1nagbv7/debugging_a_dropped_async_task/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://slugcat.systems/post/25-08-27-debugging-a-dropped-async-task/) [comments] (https://www.reddit.com/r/programming/comments/1nagbv7/debugging_a_dropped_async_task/)
https://www.reddit.com/r/programming/comments/1nagbv7/debugging_a_dropped_async_task/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://slugcat.systems/post/25-08-27-debugging-a-dropped-async-task/) [comments] (https://www.reddit.com/r/programming/comments/1nagbv7/debugging_a_dropped_async_task/)
Developing a Space Flight Simulator in Clojure
https://www.reddit.com/r/programming/comments/1nagc85/developing_a_space_flight_simulator_in_clojure/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.wedesoft.de/software/2025/09/05/clojure-game/) [comments] (https://www.reddit.com/r/programming/comments/1nagc85/developing_a_space_flight_simulator_in_clojure/)
https://www.reddit.com/r/programming/comments/1nagc85/developing_a_space_flight_simulator_in_clojure/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.wedesoft.de/software/2025/09/05/clojure-game/) [comments] (https://www.reddit.com/r/programming/comments/1nagc85/developing_a_space_flight_simulator_in_clojure/)
Patterns, Predictions, and Actions – A story about machine learning
https://www.reddit.com/r/programming/comments/1nagdms/patterns_predictions_and_actions_a_story_about/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://mlstory.org/) [comments] (https://www.reddit.com/r/programming/comments/1nagdms/patterns_predictions_and_actions_a_story_about/)
https://www.reddit.com/r/programming/comments/1nagdms/patterns_predictions_and_actions_a_story_about/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://mlstory.org/) [comments] (https://www.reddit.com/r/programming/comments/1nagdms/patterns_predictions_and_actions_a_story_about/)
How to (actually) become an expert in .NET
https://www.reddit.com/r/programming/comments/1nap35c/how_to_actually_become_an_expert_in_net/
submitted by /u/Metalnem (https://www.reddit.com/user/Metalnem)
[link] (https://mijailovic.net/2025/09/07/dotnet/) [comments] (https://www.reddit.com/r/programming/comments/1nap35c/how_to_actually_become_an_expert_in_net/)
https://www.reddit.com/r/programming/comments/1nap35c/how_to_actually_become_an_expert_in_net/
submitted by /u/Metalnem (https://www.reddit.com/user/Metalnem)
[link] (https://mijailovic.net/2025/09/07/dotnet/) [comments] (https://www.reddit.com/r/programming/comments/1nap35c/how_to_actually_become_an_expert_in_net/)
Prey 2006 project to create open-source FPS game port by integrating its codebase with Doom 3 GPL release
https://www.reddit.com/r/programming/comments/1nax3re/prey_2006_project_to_create_opensource_fps_game/
submitted by /u/r_retrohacking_mod2 (https://www.reddit.com/user/r_retrohacking_mod2)
[link] (https://krispy-the-goat.itch.io/prey-2006) [comments] (https://www.reddit.com/r/programming/comments/1nax3re/prey_2006_project_to_create_opensource_fps_game/)
https://www.reddit.com/r/programming/comments/1nax3re/prey_2006_project_to_create_opensource_fps_game/
submitted by /u/r_retrohacking_mod2 (https://www.reddit.com/user/r_retrohacking_mod2)
[link] (https://krispy-the-goat.itch.io/prey-2006) [comments] (https://www.reddit.com/r/programming/comments/1nax3re/prey_2006_project_to_create_opensource_fps_game/)
[Open Source] LLM Agents & Ecosystem Handbook — 60+ agent skeletons + tutorials for devs who want to build with LLMs
https://www.reddit.com/r/programming/comments/1nbch63/open_source_llm_agents_ecosystem_handbook_60/
<!-- SC_OFF -->Hey everyone, I’ve been working on an open-source project called LLM Agents & Ecosystem Handbook, aimed at developers who want to explore the practical side of building with large language models. Why it might interest programmers (even if you’re not deep into ML): - 🛠 60+ agent skeletons (each with its own README + main.py) to show design patterns (scraping, analysis, scheduling, translation, RAG, MCP integrations, voice, games…)
- 📚 Tutorials on RAG, memory, fine-tuning, and building chat agents over custom data (like PDFs or APIs)
- ⚙ Framework comparison: what to use when (LangChain, AutoGen, CrewAI, Smolagents, etc.)
- 🛠 Tools & infra: evaluation frameworks, local inference options (Ollama, llama.cpp), LLMOps practices
- ⚡ Agent generator noscript to scaffold new projects fast The idea is to provide a “handbook” — part educational, part practical — so devs can go from “I want to try LLMs” to building working prototypes and production-ready agents. Repo link: https://github.com/oxbshw/LLM-Agents-Ecosystem-Handbook Would love to hear feedback from the programming community — especially around design patterns and best practices for structuring these agents. <!-- SC_ON --> submitted by /u/Fearless-Role-2707 (https://www.reddit.com/user/Fearless-Role-2707)
[link] (https://github.com/oxbshw/LLM-Agents-Ecosystem-Handbook) [comments] (https://www.reddit.com/r/programming/comments/1nbch63/open_source_llm_agents_ecosystem_handbook_60/)
https://www.reddit.com/r/programming/comments/1nbch63/open_source_llm_agents_ecosystem_handbook_60/
<!-- SC_OFF -->Hey everyone, I’ve been working on an open-source project called LLM Agents & Ecosystem Handbook, aimed at developers who want to explore the practical side of building with large language models. Why it might interest programmers (even if you’re not deep into ML): - 🛠 60+ agent skeletons (each with its own README + main.py) to show design patterns (scraping, analysis, scheduling, translation, RAG, MCP integrations, voice, games…)
- 📚 Tutorials on RAG, memory, fine-tuning, and building chat agents over custom data (like PDFs or APIs)
- ⚙ Framework comparison: what to use when (LangChain, AutoGen, CrewAI, Smolagents, etc.)
- 🛠 Tools & infra: evaluation frameworks, local inference options (Ollama, llama.cpp), LLMOps practices
- ⚡ Agent generator noscript to scaffold new projects fast The idea is to provide a “handbook” — part educational, part practical — so devs can go from “I want to try LLMs” to building working prototypes and production-ready agents. Repo link: https://github.com/oxbshw/LLM-Agents-Ecosystem-Handbook Would love to hear feedback from the programming community — especially around design patterns and best practices for structuring these agents. <!-- SC_ON --> submitted by /u/Fearless-Role-2707 (https://www.reddit.com/user/Fearless-Role-2707)
[link] (https://github.com/oxbshw/LLM-Agents-Ecosystem-Handbook) [comments] (https://www.reddit.com/r/programming/comments/1nbch63/open_source_llm_agents_ecosystem_handbook_60/)
how did i optimized go-torch to run 115x times faster - a short blog
https://www.reddit.com/r/programming/comments/1nbfcjl/how_did_i_optimized_gotorch_to_run_115x_times/
<!-- SC_OFF -->after this blog, i optimized the library by allocating intermediate buffers during the backward pass and SGC. I'll explain it in the next blog. <!-- SC_ON --> submitted by /u/External_Mushroom978 (https://www.reddit.com/user/External_Mushroom978)
[link] (https://abinesh-mathivanan.vercel.app/en/posts/post-6/) [comments] (https://www.reddit.com/r/programming/comments/1nbfcjl/how_did_i_optimized_gotorch_to_run_115x_times/)
https://www.reddit.com/r/programming/comments/1nbfcjl/how_did_i_optimized_gotorch_to_run_115x_times/
<!-- SC_OFF -->after this blog, i optimized the library by allocating intermediate buffers during the backward pass and SGC. I'll explain it in the next blog. <!-- SC_ON --> submitted by /u/External_Mushroom978 (https://www.reddit.com/user/External_Mushroom978)
[link] (https://abinesh-mathivanan.vercel.app/en/posts/post-6/) [comments] (https://www.reddit.com/r/programming/comments/1nbfcjl/how_did_i_optimized_gotorch_to_run_115x_times/)
C and C++: The Hidden Power Behind Modern Programming
https://www.reddit.com/r/programming/comments/1nbfjci/c_and_c_the_hidden_power_behind_modern_programming/
<!-- SC_OFF -->Think Python and JavaScript run the world? Think again. C and C++ power almost every OS, game engine, and library behind the scenes. My essay explains why these languages remain the foundation of modern programming — plus discussion questions for developers. Check it out and share your thoughts! <!-- SC_ON --> submitted by /u/LI_ProductionsYT (https://www.reddit.com/user/LI_ProductionsYT)
[link] (https://github.com/goldstac/c-cpp-foundation) [comments] (https://www.reddit.com/r/programming/comments/1nbfjci/c_and_c_the_hidden_power_behind_modern_programming/)
https://www.reddit.com/r/programming/comments/1nbfjci/c_and_c_the_hidden_power_behind_modern_programming/
<!-- SC_OFF -->Think Python and JavaScript run the world? Think again. C and C++ power almost every OS, game engine, and library behind the scenes. My essay explains why these languages remain the foundation of modern programming — plus discussion questions for developers. Check it out and share your thoughts! <!-- SC_ON --> submitted by /u/LI_ProductionsYT (https://www.reddit.com/user/LI_ProductionsYT)
[link] (https://github.com/goldstac/c-cpp-foundation) [comments] (https://www.reddit.com/r/programming/comments/1nbfjci/c_and_c_the_hidden_power_behind_modern_programming/)
Goodbye Generative AI
https://www.reddit.com/r/programming/comments/1nbfyyz/goodbye_generative_ai/
submitted by /u/delvin0 (https://www.reddit.com/user/delvin0)
[link] (https://medium.com/gitconnected/goodbye-generative-ai-93fb72b1dd07?sk=b72b68b946d4ce98a283b196ef460e1d) [comments] (https://www.reddit.com/r/programming/comments/1nbfyyz/goodbye_generative_ai/)
https://www.reddit.com/r/programming/comments/1nbfyyz/goodbye_generative_ai/
submitted by /u/delvin0 (https://www.reddit.com/user/delvin0)
[link] (https://medium.com/gitconnected/goodbye-generative-ai-93fb72b1dd07?sk=b72b68b946d4ce98a283b196ef460e1d) [comments] (https://www.reddit.com/r/programming/comments/1nbfyyz/goodbye_generative_ai/)
How I solved a distributed queue problem after 15 years
https://www.reddit.com/r/programming/comments/1nbg6u1/how_i_solved_a_distributed_queue_problem_after_15/
submitted by /u/self (https://www.reddit.com/user/self)
[link] (https://www.dbos.dev/blog/durable-queues) [comments] (https://www.reddit.com/r/programming/comments/1nbg6u1/how_i_solved_a_distributed_queue_problem_after_15/)
https://www.reddit.com/r/programming/comments/1nbg6u1/how_i_solved_a_distributed_queue_problem_after_15/
submitted by /u/self (https://www.reddit.com/user/self)
[link] (https://www.dbos.dev/blog/durable-queues) [comments] (https://www.reddit.com/r/programming/comments/1nbg6u1/how_i_solved_a_distributed_queue_problem_after_15/)
SOLID Principles Unseen Questions with Answers Explained: Intermediate to Expert-Level
https://www.reddit.com/r/programming/comments/1nbh1pe/solid_principles_unseen_questions_with_answers/
<!-- SC_OFF -->The SOLID principles are the cornerstone of object-oriented design. They provide a set of guidelines that help developers write code that is more maintainable, scalable, and reusable. While most developers can name the five principles, truly understanding and applying them in complex scenarios is the mark of an expert. Undoubtedly, theory is essential, putting that knowledge to the test is the best way to prepare. This article presents advanced-level Multiple-Choice Questions (MCQs) with answers explained (https://javatechonline.com/solid-principles-interview-questions-and-answers/) designed for those who want to go beyond the basics. <!-- SC_ON --> submitted by /u/erdsingh24 (https://www.reddit.com/user/erdsingh24)
[link] (https://javatechonline.com/solid-principles-interview-questions-and-answers/) [comments] (https://www.reddit.com/r/programming/comments/1nbh1pe/solid_principles_unseen_questions_with_answers/)
https://www.reddit.com/r/programming/comments/1nbh1pe/solid_principles_unseen_questions_with_answers/
<!-- SC_OFF -->The SOLID principles are the cornerstone of object-oriented design. They provide a set of guidelines that help developers write code that is more maintainable, scalable, and reusable. While most developers can name the five principles, truly understanding and applying them in complex scenarios is the mark of an expert. Undoubtedly, theory is essential, putting that knowledge to the test is the best way to prepare. This article presents advanced-level Multiple-Choice Questions (MCQs) with answers explained (https://javatechonline.com/solid-principles-interview-questions-and-answers/) designed for those who want to go beyond the basics. <!-- SC_ON --> submitted by /u/erdsingh24 (https://www.reddit.com/user/erdsingh24)
[link] (https://javatechonline.com/solid-principles-interview-questions-and-answers/) [comments] (https://www.reddit.com/r/programming/comments/1nbh1pe/solid_principles_unseen_questions_with_answers/)
Sphere and Ray Collision Detection Tutorial
https://www.reddit.com/r/programming/comments/1nbhxjj/sphere_and_ray_collision_detection_tutorial/
submitted by /u/PeterBrobby (https://www.reddit.com/user/PeterBrobby)
[link] (https://youtu.be/XiXiHeVVssQ?si=yIe6XK_touxCKhlO) [comments] (https://www.reddit.com/r/programming/comments/1nbhxjj/sphere_and_ray_collision_detection_tutorial/)
https://www.reddit.com/r/programming/comments/1nbhxjj/sphere_and_ray_collision_detection_tutorial/
submitted by /u/PeterBrobby (https://www.reddit.com/user/PeterBrobby)
[link] (https://youtu.be/XiXiHeVVssQ?si=yIe6XK_touxCKhlO) [comments] (https://www.reddit.com/r/programming/comments/1nbhxjj/sphere_and_ray_collision_detection_tutorial/)
95% of AI Pilots Crash – Engineers are paying the price
https://www.reddit.com/r/programming/comments/1nbi2xn/95_of_ai_pilots_crash_engineers_are_paying_the/
<!-- SC_OFF -->A fresh MIT study just uncovered a shocking truth: $35‑40 B spent on AI pilots, and 9‑out‑of‑10 deliver zero ROI. Why do so many experiments stall? Scope creep – trying to solve everything at once dilutes impact. In‑house models – custom builds eat time, talent, and budget. Wrong targets – low‑value, high‑visibility tasks rarely pay off. The winning formula is to pick one narrow problem, grab a battle‑tested off‑the‑shelf tool, and set a clear KPI. Teams that did this turned no revenue into $20 M in a year. Check the AI Disaster Report article, a practical checklist, and a ready-to-copy email template to help you avoid common pitfalls in your next AI experiment. <!-- SC_ON --> submitted by /u/gabortilldotcom (https://www.reddit.com/user/gabortilldotcom)
[link] (https://techleadmastery.substack.com/p/ai-disaster-report-95-percent-pilots-fail-checklist) [comments] (https://www.reddit.com/r/programming/comments/1nbi2xn/95_of_ai_pilots_crash_engineers_are_paying_the/)
https://www.reddit.com/r/programming/comments/1nbi2xn/95_of_ai_pilots_crash_engineers_are_paying_the/
<!-- SC_OFF -->A fresh MIT study just uncovered a shocking truth: $35‑40 B spent on AI pilots, and 9‑out‑of‑10 deliver zero ROI. Why do so many experiments stall? Scope creep – trying to solve everything at once dilutes impact. In‑house models – custom builds eat time, talent, and budget. Wrong targets – low‑value, high‑visibility tasks rarely pay off. The winning formula is to pick one narrow problem, grab a battle‑tested off‑the‑shelf tool, and set a clear KPI. Teams that did this turned no revenue into $20 M in a year. Check the AI Disaster Report article, a practical checklist, and a ready-to-copy email template to help you avoid common pitfalls in your next AI experiment. <!-- SC_ON --> submitted by /u/gabortilldotcom (https://www.reddit.com/user/gabortilldotcom)
[link] (https://techleadmastery.substack.com/p/ai-disaster-report-95-percent-pilots-fail-checklist) [comments] (https://www.reddit.com/r/programming/comments/1nbi2xn/95_of_ai_pilots_crash_engineers_are_paying_the/)
Europe’s leading AI Hackathon is here!
https://www.reddit.com/r/programming/comments/1nbi8jr/europes_leading_ai_hackathon_is_here/
<!-- SC_OFF -->Applications for Junction 2025 in are now OPEN! This November, we’re bringing the future to Espoo, and now’s your chance to be a part of it. 🫵 This November you get to explore the edges of innovation, and what lies beyond. Are you part of building a better future? Or will you unmask the bias and challenge the system? Utopia or Dystopia? You build the difference. Apply now and join us in Espoo. Link here: https://eu.junctionplatform.com/events/junction-2025 <!-- SC_ON --> submitted by /u/JunctionKids (https://www.reddit.com/user/JunctionKids)
[link] (https://eu.junctionplatform.com/events/junction-2025) [comments] (https://www.reddit.com/r/programming/comments/1nbi8jr/europes_leading_ai_hackathon_is_here/)
https://www.reddit.com/r/programming/comments/1nbi8jr/europes_leading_ai_hackathon_is_here/
<!-- SC_OFF -->Applications for Junction 2025 in are now OPEN! This November, we’re bringing the future to Espoo, and now’s your chance to be a part of it. 🫵 This November you get to explore the edges of innovation, and what lies beyond. Are you part of building a better future? Or will you unmask the bias and challenge the system? Utopia or Dystopia? You build the difference. Apply now and join us in Espoo. Link here: https://eu.junctionplatform.com/events/junction-2025 <!-- SC_ON --> submitted by /u/JunctionKids (https://www.reddit.com/user/JunctionKids)
[link] (https://eu.junctionplatform.com/events/junction-2025) [comments] (https://www.reddit.com/r/programming/comments/1nbi8jr/europes_leading_ai_hackathon_is_here/)
Search to Connect with talented people
https://www.reddit.com/r/programming/comments/1nbkddr/search_to_connect_with_talented_people/
<!-- SC_OFF -->Hey everyone! I’m working on a personal project and looking to collaborate with talented people in computer science, coding, or engineering . If you or someone you know might be interested, feel free to DM me! Thanks 🙏 <!-- SC_ON --> submitted by /u/Easy-Rule4477 (https://www.reddit.com/user/Easy-Rule4477)
[link] (https://en.m.wikipedia.org/wiki/History_of_Wikipedia) [comments] (https://www.reddit.com/r/programming/comments/1nbkddr/search_to_connect_with_talented_people/)
https://www.reddit.com/r/programming/comments/1nbkddr/search_to_connect_with_talented_people/
<!-- SC_OFF -->Hey everyone! I’m working on a personal project and looking to collaborate with talented people in computer science, coding, or engineering . If you or someone you know might be interested, feel free to DM me! Thanks 🙏 <!-- SC_ON --> submitted by /u/Easy-Rule4477 (https://www.reddit.com/user/Easy-Rule4477)
[link] (https://en.m.wikipedia.org/wiki/History_of_Wikipedia) [comments] (https://www.reddit.com/r/programming/comments/1nbkddr/search_to_connect_with_talented_people/)
Package Managers are Evil
https://www.reddit.com/r/programming/comments/1nbkwzt/package_managers_are_evil/
submitted by /u/gingerbill (https://www.reddit.com/user/gingerbill)
[link] (https://www.gingerbill.org/article/2025/09/08/package-managers-are-evil/) [comments] (https://www.reddit.com/r/programming/comments/1nbkwzt/package_managers_are_evil/)
https://www.reddit.com/r/programming/comments/1nbkwzt/package_managers_are_evil/
submitted by /u/gingerbill (https://www.reddit.com/user/gingerbill)
[link] (https://www.gingerbill.org/article/2025/09/08/package-managers-are-evil/) [comments] (https://www.reddit.com/r/programming/comments/1nbkwzt/package_managers_are_evil/)
The Subtle Art of Taming Flows and Coroutines in Kotlin, or 'How Not to DDoS Yourself with Server-Sent Events'
https://www.reddit.com/r/programming/comments/1nbl1dm/the_subtle_art_of_taming_flows_and_coroutines_in/
submitted by /u/cekrem (https://www.reddit.com/user/cekrem)
[link] (https://cekrem.github.io/posts/the-subtle-art-of-taming-flows-and-coroutines-in-kotlin/) [comments] (https://www.reddit.com/r/programming/comments/1nbl1dm/the_subtle_art_of_taming_flows_and_coroutines_in/)
https://www.reddit.com/r/programming/comments/1nbl1dm/the_subtle_art_of_taming_flows_and_coroutines_in/
submitted by /u/cekrem (https://www.reddit.com/user/cekrem)
[link] (https://cekrem.github.io/posts/the-subtle-art-of-taming-flows-and-coroutines-in-kotlin/) [comments] (https://www.reddit.com/r/programming/comments/1nbl1dm/the_subtle_art_of_taming_flows_and_coroutines_in/)
Largest NPM Compromise in History - Supply Chain Attack
https://www.reddit.com/r/programming/comments/1nbqt4d/largest_npm_compromise_in_history_supply_chain/
<!-- SC_OFF -->Hey Everyone We just discovered that around 1 hour ago packages with a total of 2 billion weekly downloads on npm were compromised all belonging to one developer https://www.npmjs.com/~qix ansi-styles (371.41m downloads per week)
debug (357.6m downloads per week)
backslash (0.26m downloads per week)
chalk-template (3.9m downloads per week)
supports-hyperlinks (19.2m downloads per week)
has-ansi (12.1m downloads per week)
simple-swizzle (26.26m downloads per week)
color-string (27.48m downloads per week)
error-ex (47.17m downloads per week)
color-name (191.71m downloads per week)
is-arrayish (73.8m downloads per week)
slice-ansi (59.8m downloads per week)
color-convert (193.5m downloads per week)
wrap-ansi (197.99m downloads per week)
ansi-regex (243.64m downloads per week)
supports-color (287.1m downloads per week)
strip-ansi (261.17m downloads per week)
chalk (299.99m downloads per week) The compromises all stem from a core developers NPM account getting taken over from a phishing campaign The malware itself, luckily, looks like its mostly intrested in crypto at the moment so its impact is smaller than if they had installed a backdoor for example. How the Malware Works (Step by Step) Injects itself into the browser Hooks core functions like fetch, XMLHttpRequest, and wallet APIs (window.ethereum, Solana, etc.). Ensures it can intercept both web traffic and wallet activity. Watches for sensitive data Scans network responses and transaction payloads for anything that looks like a wallet address or transfer. Recognizes multiple formats across Ethereum, Bitcoin, Solana, Tron, Litecoin, and Bitcoin Cash. Rewrites the targets Replaces the legitimate destination with an attacker-controlled address. Uses “lookalike” addresses (via string-matching) to make swaps less obvious. Hijacks transactions before they’re signed Alters Ethereum and Solana transaction parameters (e.g., recipients, approvals, allowances). Even if the UI looks correct, the signed transaction routes funds to the attacker. Stays stealthy If a crypto wallet is detected, it avoids obvious swaps in the UI to reduce suspicion. Keeps silent hooks running in the background to capture and alter real transactions Our blog is being dynamically updated - https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised <!-- SC_ON --> submitted by /u/Advocatemack (https://www.reddit.com/user/Advocatemack)
[link] (https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised) [comments] (https://www.reddit.com/r/programming/comments/1nbqt4d/largest_npm_compromise_in_history_supply_chain/)
https://www.reddit.com/r/programming/comments/1nbqt4d/largest_npm_compromise_in_history_supply_chain/
<!-- SC_OFF -->Hey Everyone We just discovered that around 1 hour ago packages with a total of 2 billion weekly downloads on npm were compromised all belonging to one developer https://www.npmjs.com/~qix ansi-styles (371.41m downloads per week)
debug (357.6m downloads per week)
backslash (0.26m downloads per week)
chalk-template (3.9m downloads per week)
supports-hyperlinks (19.2m downloads per week)
has-ansi (12.1m downloads per week)
simple-swizzle (26.26m downloads per week)
color-string (27.48m downloads per week)
error-ex (47.17m downloads per week)
color-name (191.71m downloads per week)
is-arrayish (73.8m downloads per week)
slice-ansi (59.8m downloads per week)
color-convert (193.5m downloads per week)
wrap-ansi (197.99m downloads per week)
ansi-regex (243.64m downloads per week)
supports-color (287.1m downloads per week)
strip-ansi (261.17m downloads per week)
chalk (299.99m downloads per week) The compromises all stem from a core developers NPM account getting taken over from a phishing campaign The malware itself, luckily, looks like its mostly intrested in crypto at the moment so its impact is smaller than if they had installed a backdoor for example. How the Malware Works (Step by Step) Injects itself into the browser Hooks core functions like fetch, XMLHttpRequest, and wallet APIs (window.ethereum, Solana, etc.). Ensures it can intercept both web traffic and wallet activity. Watches for sensitive data Scans network responses and transaction payloads for anything that looks like a wallet address or transfer. Recognizes multiple formats across Ethereum, Bitcoin, Solana, Tron, Litecoin, and Bitcoin Cash. Rewrites the targets Replaces the legitimate destination with an attacker-controlled address. Uses “lookalike” addresses (via string-matching) to make swaps less obvious. Hijacks transactions before they’re signed Alters Ethereum and Solana transaction parameters (e.g., recipients, approvals, allowances). Even if the UI looks correct, the signed transaction routes funds to the attacker. Stays stealthy If a crypto wallet is detected, it avoids obvious swaps in the UI to reduce suspicion. Keeps silent hooks running in the background to capture and alter real transactions Our blog is being dynamically updated - https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised <!-- SC_ON --> submitted by /u/Advocatemack (https://www.reddit.com/user/Advocatemack)
[link] (https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised) [comments] (https://www.reddit.com/r/programming/comments/1nbqt4d/largest_npm_compromise_in_history_supply_chain/)