每次`npm install`都可能为恶意代码敞开大门。Shai-Hulud蠕虫已感染数百个包,窃取数万机密。`np-audit`工具在npm执行前静态分析安装脚本,阻止预安装攻击。立即采取行动保护你的开发环境。
npm install You type it dozens of times a day. You probably typed it this morning. And every time you did, you handed arbitrary code execution to ever…
一个为战略情报AI代理打造的审计层:用JSON schema、CLI和MCP协议,让LLM输出从“听起来合理”变成“可审计可追溯”——开源、可直接CI集成,适合政策、制裁、地缘风险等需要严格证据链的场景。
Article URL: https://github.com/vassiliylakhonin/agenda-intelligence-md Comments URL: https://news.ycombinator.com/item?id=48160912 Points: 1 # Commen…
ssh-audit.com 的 DNS 出事了:根服务器残留胶水记录,但两个 NS 一个失联,一个返回 SERVFAIL。如果你了解内情,或认识站主,赶快去 HN 支个招。
The are still glue records in the root servers and the name is still registered but one name server no longer responds and the other gives SERVFAIL. I…