Socket

Socket AI

Socket AI

Socket AI

Socket AI

Socket AI

Socket AI

Socket AI

Socket AI

Socket AI

Socket AI

🪿 There are some wild takes out there right now about open source being “dead” after recent supply chain attacks and rapid advances in AI-driven security. Let’s talk goosenomics for a minute → https:

🪿 There are some wild takes out there right now about open source being “dead” after recent supply chain attacks and rapid advances in AI-driven security. Let’s talk goosenomics for a minute → https://t.co/G1RvqcSb3d

Managed Agents launched today. I built a Slack relay, tested it end-to-end. Here's what I found.

Managed Agents dropped a few hours ago. I had been reading the docs ahead of time, so I built a full Slack relay right away - Socket Mode listener, session-per-channel management, SSE streaming, cost tracking via span events. Tested multi-turn conversations, tool usage, session persistence. Wanted to share what I found. The prompt caching is genuinely impressive. My second session cost $0.006 because the system prompt and tool definitions were served from cache automatically. API design is clean. The SDKs work. For simple task execution, it's solid infrastructure. The thing that surprised me most is that the containers have no inbound connectivity. There's no public URL. The agent can reach out (web search, fetch, bash), but nothing can reach in. It can't serve a web page, can't receive a webhook, can't host a dashboard, can't expose an API. It's essentially Claude Code running in Anthropic's cloud - same tools, same agent loop, just in a managed container instead of your terminal. The agent is something you invoke, not something that runs. Cold start is about 130 seconds per new session, so for anything interactive you need to keep sessions alive. Memory is in "research preview" (not shipped yet), so each new session starts fresh. Scheduling doesn't exist - the agent only responds when you message it. The agent definition is static, so it doesn't learn from corrections or adapt over time. If you used Cowork, you know agents benefit from having their own interface. Managed Agents solves the compute problem by moving to the cloud, but there's no UI layer at all. And unlike memory and multi-agent (both in research preview), inbound connectivity isn't on the roadmap. I should be transparent about my perspective. I maintain two open-source projects in this space - Phantom (ghostwright/phantom), an always-on agent with persistent memory and self-evolution, and Specter (ghostwright/specter), which deploys the VMs it runs on. Different philosophy from Managed Agents, so I came into this with opinions. But I was genuinely curious how they'd compare. For batch tasks and one-shot code generation, the infrastructure advantages are real. For anything where the agent needs to be a persistent presence - serving dashboards, learning over time, waking up on a schedule - the architecture doesn't support it. Curious what others are seeing. Has anyone deployed it for a real use case yet? How are you handling the lack of persistent memory? Is anyone running always-on agents on their own infrastructure? submitted by /u/Beneficial_Elk_9867 [link] [comments]

"The whole software supply chain is built on blind trust. You're downloading code from random people on the internet that you've never met, and you're like, let's just run it." - @feross on @tbpn talk

"The whole software supply chain is built on blind trust. You're downloading code from random people on the internet that you've never met, and you're like, let's just run it." - @feross on @tbpn talking about the Axios compromise. Full interview → https://t.co/cabLmjqK5L https://t.co/Ptnq7Vfyb6

Attackers are impersonating a @linuxfoundation leader in Slack to target #opensource developers with a multi-stage attack that ends in malware delivery. @openssf issued a high-severity advisory. More

Attackers are impersonating a @linuxfoundation leader in Slack to target #opensource developers with a multi-stage attack that ends in malware delivery. @openssf issued a high-severity advisory. More details and screenshots of the lure: https://t.co/m42StlGqS9 #infosec

🔥 Socket CEO @feross is live on TBPN right now discussing the Axios compromise: https://t.co/jitJxD02pl

🔥 Socket CEO @feross is live on TBPN right now discussing the Axios compromise: https://t.co/jitJxD02pl

Monocle: A TUI* for actually reviewing what your AI coding agent writes

Claude writes code while Monocle shows the diffs live. Flag an issue, submit a review, and the agent receives your feedback instantly via push notification. It fixes the code and the diff updates — a tight loop without leaving the terminal. Monocle helps you actually review all the stuff your coding agents produce. We all talk a big game about "human in the loop", but it turns out that's easier said than done. In my experience moving from fancy autocomplete to fully agentic development, your options realistically end up being: Block every change before it’s written. Sounds safe, but it turns into muscle-memory for “accept accept accept” real fast. Also, it means no work happens while you’re away from your desk. The agent just sits there, waiting. Review diffs locally with git. Great for reading, terrible for giving feedback. You end up jumping back to your agent trying to describe which code you want changed, hoping it finds the right spot. Use GitHub PRs. Best review UX, but the cycle is painfully slow. Commit, push, review, then ask the agent to go fetch your comments via the API. Nobody keeps that up. So I built Monocle, which is basically GitHub’s PR review interface, but for local files with a direct connection to your agent. You let the agent work uninterrupted, then review all the changes as diffs, comment on specific lines across files, and submit a structured review the agent picks up immediately with exact file references and line numbers. Rinse and repeat. Better yet, it also works with Planning artifacts, making sure you can give direct, line-by-line feedback on your agent's plans before you jump to implementation: Review the agent's plan as rendered markdown before any code is written. Leave inline comments to request changes, then see the updated plan arrive as a diff between versions. Use the version picker to compare any revision against the latest. It works with essentially any AI agent that supports MCP tools or Agent Skills, with native registrations for Claude Code, Codex CLI, Gemini CLI, and OpenCode. Communication happens over local Unix sockets so everything stays on your machine. If you’re a Claude Code user specifically, Monocle also uses MCP channels in a unique way, letting you push your review feedback directly into the conversation without the agent needing to poll for it. It’s a small thing on paper but makes the back-and-forth feel way smoother. I built this on paternity leave with a newborn in one arm and my phone SSH’d into my Mac Mini in the other, using Monocle to review Claude’s code as it built Monocle. Would love any feedback: Website | GitHub | Blog Post * If you're not passionate about doing everything in the Terminal and prefer desktop apps, stay tuned! submitted by /u/josephschmitt [link] [comments]

@Dinosn Thank you @anonhaven_com for covering our research on Contagious Interview activities across open source package registries! 🙏

@Dinosn Thank you @anonhaven_com for covering our research on Contagious Interview activities across open source package registries! 🙏

🔥 The Hacker News covered our latest research on the Contagious Interview campaign. We identified coordinated malicious packages across npm, PyPI, Go Modules, crates, and Packagist, all delivering s

🔥 The Hacker News covered our latest research on the Contagious Interview campaign. We identified coordinated malicious packages across npm, PyPI, Go Modules, crates, and Packagist, all delivering staged RAT payloads using a shared loader pattern.

I built Buddy — Claude Code, untethered from the terminal :robot_face::iphone: (open source)

I kept running into the same problem: Claude Code is incredible, but it's chained to my laptop. Terminal open, machine running, me sitting there. So I built Buddy — it breaks Claude Code free and puts it in Slack. Same brain, same tools, any device, any time. Kick off a deploy from your phone on the train. Review a PR from your iPad on the couch. Ask it to investigate a production issue while you're out to dinner. Come back to a thread full of findings. Here's what it looks like in action: Desktop — planning & executing: https://preview.redd.it/gis61rpvowtg1.png?width=2450&format=png&auto=webp&s=d4226e523b5f41438500e4ffd2ab598f9ee9f361 https://preview.redd.it/so0vocaxowtg1.png?width=2447&format=png&auto=webp&s=dbf7566fb64c22ffd980354aeb1b6f2731252816 Mobile — yes, it works great on your phone: https://preview.redd.it/9wjehuezowtg1.png?width=1320&format=png&auto=webp&s=7bafbcde82918c8b7a60166acb0543b335aa12ef What makes it cool: Thread = session. Each Slack thread gets its own isolated Claude worker. No cross-talk. Smart permissions. Approve git status once → similar read-only git commands auto-approve. No click fatigue. Inline diffs. File edits show diffs right in Slack. Review before it lands. Two-speed brain. Heavy lifting on Opus, quick !commands on Haiku — never blocks your main session. Your existing setup. Picks up Claude Code auth, plugins, MCP servers, and skills automatically. Zero extra config. Under the hood: Multi-process architecture (gateway → worker → persistence) over Unix sockets with JSON-RPC. Each thread gets a dedicated worker process — if one crashes, the others keep running. Persistence auto-requeues messages and gateway respawns the worker. Built with TypeScript, Claude Agent SDK, and Slack Bolt. Fully open source, MIT licensed. GitHub: https://github.com/ms-ponyo/buddy Would love your feedback — especially on the permission UX and the streaming experience. What features would you want to see next? submitted by /u/liubinging [link] [comments]

🚨 North Korea’s Contagious Interview campaign is now spreading across 5 ecosystems. We found coordinated malicious packages on npm, PyPI, Go Modules, Crates, and Packagist delivering staged RAT payl

🚨 North Korea’s Contagious Interview campaign is now spreading across 5 ecosystems. We found coordinated malicious packages on npm, PyPI, Go Modules, Crates, and Packagist delivering staged RAT payloads that steal credentials, wallets & browser data. https://t.co/czJAQveqll

AI agents are executing code, calling APIs, writing to databases, and most deployments have almost no controls around what they can do. @Microsoft just open-sourced a runtime governance toolkit built

AI agents are executing code, calling APIs, writing to databases, and most deployments have almost no controls around what they can do. @Microsoft just open-sourced a runtime governance toolkit built around @owasp's Top 10 for Agentic Applications. Details→ https://t.co/h5ZSZOfROG

"Docker Hardened Images for Node.js, Python, and Rust also include Socket Firewall, which blocks malicious dependencies at install time." Another tool for securing your build pipeline - DHI are fre

"Docker Hardened Images for Node.js, Python, and Rust also include Socket Firewall, which blocks malicious dependencies at install time." Another tool for securing your build pipeline - DHI are free and open source: https://t.co/2HxP7AZJpp

Built a Claude Code plugin to stop npm/pip supply chain attacks

After the axios@1.14.1 and litellm supply chain attacks last week, I tried looking for plugins that could stop Claude Code deterministically from installing any packages that does not have a valid risk score. I couldn't find any plugin, so I built one with Claude Code itself. The plugin uses PreToolUse hooks to intercept install commands and check them against supply chain risk scores before execution. Using hooks mean Claude literally cannot skip the check. What it catches: Known compromised packages (axios@1.14.1, litellm@1.82.8) Packages published less than 48 hours ago Low supply chain scores When the latest version fails, it suggests the newest safe version instead of just blocking It's MIT licensed, open source, no data collection. The repo is using adapter format to hook different scoring providers, I couldn't find anyone other than the socket-dev, so that one is being used by default. Socket provides a free tier but packages other than npm use significantly more credits per hour (100/call out of free tier's 500/hr quota) . Happy to answer questions about the hook architecture or scoring model. Link in comments. submitted by /u/hammadtariq [link] [comments]

I built a mobile remote control for Claude Code (open source)

I got tired of Claude Code sitting idle waiting for permission while I'm away from my desk. So I built claude-control - control your Claude Code sessions from your phone over HTTPS + WebSocket. What it does: - Runs Claude Code in a real PTY (required for interactive mode) inside tmux - Detects permission prompts and sends push notifications to your phone - Allow/Deny buttons right from the notification or the app - Tiling window manager for multiple concurrent sessions - Voice input via Web Speech API - PWA installable on iPhone/Android - no app store - CLI tool (cc) to create, list, attach, and kill sessions How it works: Node.js server with Express + node-pty + tmux on your machine. React client with xterm.js renders the terminal in your browser. WebSocket streams PTY output in real time. Sessions live in tmux so your terminal and phone see the same thing. Works on macOS and Linux (Windows via WSL). GitHub: https://github.com/Unlucko/claude-control Happy to answer questions or take feedback. submitted by /u/Life-Dance-5366 [link] [comments]

@TechCrunch We found this campaign is far more widespread than just Axios - tons of high-impact Node.js package maintainers are actively being targeted right now with the same playbook. Some have gott

@TechCrunch We found this campaign is far more widespread than just Axios - tons of high-impact Node.js package maintainers are actively being targeted right now with the same playbook. Some have gotten frighteningly close to getting compromised: https://t.co/Z91wLu7GRC