Flux
Auto mode for Claude Code
IA Programmation

Auto mode for Claude Code

Auto mode for Claude Code Really interesting new development in Claude Code today as an alternative to --dangerously-skip-permissions: Today, we're introducing auto mode, a new permissions mode in Claude Code where Claude makes permission decisions on your behalf, with safeguards monitoring actions before they run. Those safeguards appear to be implemented using Claude Sonnet 4.6, as described in the documentation: Before each action runs, a separate classifier model reviews the conversation…

Simon Willison's Weblog
Package Managers Need to Cool Down
IA Programmation

Package Managers Need to Cool Down

Package Managers Need to Cool Down Today's LiteLLM supply chain attack inspired me to revisit the idea of dependency cooldowns, the practice of only installing updated dependencies once they've been out in the wild for a few days to give the community a chance to spot if they've been subverted in some way. This recent piece (March 4th) piece by Andrew Nesbitt reviews the current state of dependency cooldown mechanisms across different packaging tools. It's surprisingly well supported! There's…

Simon Willison's Weblog
5 Malicious npm Packages Typosquat Solana and Ethereum Libraries to Steal Private Keys
Cybersécurité Programmation

5 Malicious npm Packages Typosquat Solana and Ethereum Libraries to Steal Private Keys

Socket's Threat Research Team identified five malicious npm packages published under the account galedonovan, all targeting cryptocurrency developers. Each package typosquats a legitimate crypto library and exfiltrates private keys to a single hardcoded Telegram bot. The campaign covers both the Solana and Ethereum ecosystems, and the C2 infrastructure was confirmed active as of March 23, 2026. One of the packages, base_xd, was published by the same account but was unpublished within five…

Socket
TeamPCP Is Systematically Targeting Security Tools Across the OSS Ecosystem
Cybersécurité Programmation

TeamPCP Is Systematically Targeting Security Tools Across the OSS Ecosystem

TeamPCP is escalating a coordinated campaign targeting security tools and open source developer infrastructure, and is now openly taking credit for multiple follow-on attacks across ecosystems. In recent Telegram posts, the group has claimed responsibility for expanding beyond the initial Trivy compromise, pointing to attacks on GitHub Actions, OpenVSX extensions, and now PyPI. The latest development includes attacks on Checkmarx' KICS scanner and OpenVSX extensions and a trojanized release of…

Socket
Malicious litellm_init.pth in litellm 1.82.8 — credential stealer
IA Programmation

Malicious litellm_init.pth in litellm 1.82.8 — credential stealer

Malicious litellm_init.pth in litellm 1.82.8 — credential stealer The LiteLLM v1.82.8 package published to PyPI was compromised with a particularly nasty credential stealer hidden in base64 in a litellm_init.pth file, which means installing the package is enough to trigger it even without running import litellm. (1.82.7 had the exploit as well but it was in the proxy/proxy_server.py file so the package had to be imported for it to take effect.) This issue has a very detailed description of what…

Simon Willison's Weblog
How to Build a General-Purpose AI Agent in 131 Lines of Python
IA

How to Build a General-Purpose AI Agent in 131 Lines of Python

The following article originally appeared on Hugo Bowne-Anderson’s newsletter, Vanishing Gradients, and is being republished here with the author’s permission. In this post, we’ll build two AI agents from scratch in Python. One will be a coding agent, the other a search agent. Why have I called this post “How to Build a General-Purpose AI […]

O'Reilly Radar — AI/ML
Streaming experts
IA Programmation

Streaming experts

I wrote about Dan Woods' experiments with streaming experts the other day, the trick where you run larger Mixture-of-Experts models on hardware that doesn't have enough RAM to fit the entire model by instead streaming the necessary expert weights from SSD for each token that you process. Five days ago Dan was running Qwen3.5-397B-A17B in 48GB of RAM. Today @seikixtc reported running the colossal Kimi K2.5 - a 1 trillion parameter model with 32B active weights at any one time, in 96GB of RAM on…

Simon Willison's Weblog
TypeScript 6.0 Released: The Final JavaScript-Based Version
Cybersécurité Programmation

TypeScript 6.0 Released: The Final JavaScript-Based Version

TypeScript 6.0 landed today marking a milestone: this is the final release built on the existing JavaScript codebase. TypeScript 7.0, currently in preview, will run on a Go-native compiler, and the team says the release is imminent. "TypeScript 6.0 acts as the bridge between TypeScript 5.9 and 7.0," Microsoft's TypeScript Principal Product Manager Daniel Rosenwasser said. "As such, most changes in TypeScript 6.0 are meant to help align and prepare for adopting TypeScript 7.0. It may seem…

Socket
datasette-files 0.1a2
IA Programmation

datasette-files 0.1a2

Release: datasette-files 0.1a2 The most interesting alpha of datasette-files yet, a new plugin which adds the ability to upload files directly into a Datasette instance. Here are the release notes in full: Columns are now configured using the new column_types system from Datasette 1.0a26. #8 New file_actions plugin hook, plus ability to import an uploaded CSV/TSV file to a table. #10 UI for uploading multiple files at once via the new documented JSON upload API. #11 Thumbnails are now generated…

Simon Willison's Weblog