packj - malicious dependency scanner

Static and dynamic analysis tool that flags malicious or vulnerable open-source packages across npm, PyPI, RubyGems, and more. Aimed at SolarWinds- and PyTorch-style supply-chain attacks.

Saved Apr 28, 2026View source ↗

#supply-chain #devsecops #python #malware-analysis #developer-tools

This entry doesn't have a long-form writeup yet. Follow the source link above for the full context.

Related entries

GitHub ToolFeatured

Rapid-MLX - 2-4x faster local LLM inference on Apple Silicon

MLX-native inference engine with OpenAI-compatible API. The novel piece: DeltaNet state snapshots bring prompt caching to non-trimmable architectures (Qwen3.5 hybrids), restoring RNN state in ~0.1ms. 2-5x faster TTFT, native Metal kernels, continuous batching.

Why I saved this - DeltaNet state snapshots are described as the first prompt-cache technique for non-trimmable MLX architectures - Ollama and llama.cpp can't match this on hybrid RNN-attention models today.

#developer-tools #local-llm #apple-silicon #python #self-hosted

GitHub Tool

idea-reality-mcp - prior-art MCP for coding agents

MCP server that scans GitHub, Hacker News, npm, PyPI, and Product Hunt before an agent starts building, surfacing whether the idea already exists and at what scale.

#mcp #claude-code #developer-tools #python #research

GitHub Tool

soft-ue-cli - Claude Code bridge for Unreal Engine

Python CLI plus UE plugin that lets Claude Code spawn actors, edit blueprints, call functions, capture screenshots, and manage PIE sessions in real time. Uses an in-process HTTP bridge to UE5.

#claude-code #cli #developer-tools #python

GitHub Tool

kolo - greppable debugger for Python agents

Python debugger built for AI agents: captures every executed function call, return value, local variable, and HTTP request into greppable trace files.

#observability #python #developer-tools