npm

v0 can now use the exact same components from your design system, supporting imports from GitHub, npm, Storybook, Figma, and more. Tested with Microsoft Fluent, Shopify Polaris, IBM Carbon, Palantir Blueprint, and Vercel Geist.

Tw-fade is a new Tailwind CSS plugin for pure CSS scroll-driven edge masking, providing elegant fade effects without JavaScript.

Magnitude is a coding agent that runs entirely on open models, costing 60% less than Claude Code with no drop in performance. It is available via npm as a CLI tool.

Weekly download growth for open-source crypto libraries: hashes up 4x (48M/week), curves 3x, post-quantum 95x. New self-audited releases of 14 libraries with security upgrades.

pi-vcc is an open-source tool that provides pure algorithmic conversation compression for the Pi coding agent, achieving 35-99% token reduction without LLM calls, with lossless history search via vcc_recall.

The mni.ml ML framework reached 900 GitHub stars and 2000+ npm downloads, with the developers thanking the community and hinting at a next project.

A security researcher details how a fake LinkedIn recruiter sent a GitHub repo containing a backdoor that executes upon npm install, impersonating real developers to trick targets into running malicious code.

Open sourcing the Extend CLI watch Fable, a tool to parse and extract documents end-to-end from the terminal. It includes a built-in agent skill compatible with Claude Code, Codex, and Cursor.

Replaysafe is an open-source npm library that ensures idempotent retries by fingerprinting operations, preventing duplicate side effects in AI agent workflows. It integrates with popular frameworks like LangGraph and CrewAI.

Cline Kanban is a developer tool that abstracts worktrees using a kanban board to run AI agents in parallel without merge conflicts. It allows creating tasks, linking them for autonomous execution, and reviewing diffs.

npm v12 introduces security-related breaking changes to npm install that disable automatic execution of scripts, git dependencies, and remote URL dependencies by default. Users can prepare by upgrading to npm 11.16.0+ and reviewing warnings to explicitly opt into trusted behaviors.

The owner account of mantine-datatable and other packages has been suspended due to a compromise, highlighting supply-chain security risks in the npm ecosystem.

Freddy CLI is an open-source tool that lets users connect their wearable health data to AI agents via MCP, supporting devices like Oura, Polar, and Garmin.

Dozens of Red Hat packages were backdoored through the company's official NPM channel using the Shai-Hulud worm, which compromised Red Hat's CI/CD pipeline via GitHub Actions OIDC. Red Hat has removed the malicious packages and stated they were internal only, but the attack underscores escalating supply-chain risks.

A README for the RedHatInsights/javascript-clients monorepo that auto-generates Javascript API clients for Swagger/OpenAPI specs, using NX for monorepo management and GitHub Actions for CI/CD and NPM publishing.

Tip for installing the Codex CLI via curl, useful for remote VMs and avoiding npm.

The author open-sourced a tool for fetching Binance smart money data, installable via npm, providing professional data including average holding cost of whales.

Rolldown, a build tool bundler, is now available as a Rust crate and will be published continuously there in addition to npm.

A tweet recommends using hardware security keys like Yubikey for SSH keys, referencing an active cross-ecosystem supply chain attack (TrapDoor) on npm, PyPI, and Crates.io involving malicious packages and crypto-stealing malware.

ccglass is a zero-dependency local logging reverse proxy and web dashboard that lets you see in real-time the system prompts, tools, and token usage sent by coding agents like Claude Code to the large model.