@dantekakhadze

The Axios npm supply chain attack: a North Korean trojan inside the world's most popular HTTP library

6h ago · 6 min read · On March 31, 2026, someone hijacked the npm account of the lead Axios maintainer and published two poisoned versions of one of the most-downloaded packages in the JavaScript ecosystem. Axios pulls over 100 million weekly downloads. If you've built an...

The Claude Code leak: 512,000 lines, one misconfigured file, and the future of AI IP protection

6h ago · 8 min read · At roughly 4 AM UTC on March 31, 2026, Anthropic pushed version 2.1.88 of its @anthropic-ai/claude-code package to the npm registry. Inside was a 59.8 MB source map file that should never have shipped. That single file contained pointers to the compl...

From toolbox to instructions: why endpoint-level MCP isn't enough

Mar 21 · 7 min read · The MCP ecosystem is booming. Every week, new MCP servers pop up wrapping another SaaS API: Stripe, Salesforce, GitHub, Jira, Notion. Tools like Speakeasy and Stainless can auto-generate an MCP server from any OpenAPI spec in minutes. The toolbox is ...

Vibe coding is great until your agent has to do real work

Mar 16 · 5 min read · Vibe coding is great until your agent has to do real work Vibe coding, describing what you want in plain English and letting AI generate the code, is how most developers prototype in 2026. It's fast. It produces working code from a description in sec...

Agentic ops in production: what it takes to run AI workflows that modify real data

Mar 16 · 6 min read · What it actually takes to run AI workflows in production The industry spent two years building AI agents. 2026 is the year those agents need to work for real. Not in sandboxes. Not in demos. Not in internal tools that three people use. In production,...