npm CLI 11.15.0 stages a tarball for maintainer 2FA approval before it hits the registry. Plus --allow-* install controls and how they differ from release-age gates and allowScripts.
May 26, 2026 GitHub Actions auth outage (2h21m): stalled runs, action downloads, running jobs, and cron. Actions' 2nd May incident, separate from May 15's service discovery RCA.
GitHub is investigating TeamPCP's $50K+ sale of ~4,000 internal repos. Count called 'directionally consistent' by GitHub; file list and the VS Code extension attack vector remain unverified.
xAI x-algorithm second commit: Phoenix retrieval+ranking runs locally on 537k sports posts with 3GB artifacts. Ad blending and candidate isolation code added since January.
Tested Orbis in Docker: psf/requests (35 modules) makes a clean 3D graph, expressjs/express (98 modules) collapses into one giant sphere. Notes on what tree-sitter actually captures for code-review prep.
Simon Oxley, the designer behind Twitter's iconic blue bird and GitHub's Octocat mascot, has died at 56. A look back at how stock illustrations sold for dollars became some of tech's most recognizable icons.
colleague.skill, yourself-skill, nuwa-skill and other 'human distillation' OSS tools are exploding in popularity, primarily in China. Seeing a tool that distills colleagues, I wondered 'what if I distilled myself?' and researched how.
On April 2 2026 OpenAI scrapped Codex's per-message credit model for per-token billing tied to API consumption. ChatGPT Business dropped to $20, a Codex-only seat appeared, and Copilot's premium-request model is no longer the reference.
How Copilot CLI's `/fleet` command works and how to use it: it automatically splits tasks, dispatches subagents in parallel, and schedules them while respecting dependencies.
Copilot coding agent was embedding promotional text for Raycast and GitHub features into pull request descriptions. A GitHub search found more than 1.5 million PRs with the same pattern.
A six-phase attack chain showing how the China-linked GTG-1002 group used Claude Code through MCP for autonomous espionage, plus GitHub Copilot's policy change to start using user code for AI training on April 24.
AWS releases "Agent Plugins for AWS" for Claude Code/Cursor, automating everything from infrastructure design to deployment. On the same day, GitHub added AI vulnerability detection to Code Security to supplement Shell, Dockerfile, Terraform, and PHP, which are not compatible with CodeQL.