161 verified AI package hallucinations across 8.5M indexed — open dataset TL;DR: DepScope is a free MCP server + REST API that AI coding agents call before installing packages. We index 8.5M+ packages across 19 ecosystems and track 45K+ vulnerabilities in real time. We also publish a verified open corpus of LLM-hallucinated package names — every entry cross-validated daily, CC-BY-NC-SA. Cite us
A common problem with a familiar shape: a process can dial outbound to the internet, but nothing on the internet can dial it back. Your dev server on a laptop. A service in a private VPC. A homelab app behind your router. A container in a pod with no ingress. Same shape every time — outbound works, inbound doesn't. rift is a small Go binary I built to solve that. Run it as a server on a VPS you ow
A LinkedIn recruiter pitched me a remote "Software Engineer at a DEX" project this week. Reasonable comp range, tech stack squarely in my wheelhouse. After a couple of friendly exchanges, she asked me to "review the codebase before the technical interview" and sent me a GitHub repo link plus a Calendly invite for the call. The repo was malware. It didn't get me, but it's something developers shoul
We're all learning how to ship more side projects. If you're "in the bubble" it can feel like everyone is repo-maxxing. Shipping weekly. Spinning up agents to scaffold full apps overnight. New OSS dropped every Friday. The reality I see with most developers is much more normal: They have six or seven repos sitting in various states of half-attention. A side project from last year that still gets a
LibreFang 2026.4.27 Released LibreFang v2026.4.27 ships the changes below. See the full changelog for the complete list. TUI setup wizard now offers microsoft, zai, zai_coding, volcengine, volcengine_coding, byteplus, byteplus_coding alongside the existing first-run options. The wizard's PROVIDERS list had drifted from PROVIDER_REGISTRY and silently hid these from new installs; a unit test now p
Harbor cities understand accumulated risk. Cargo moves in quietly. Weather shifts by degrees. One bad assumption can sit unnoticed until it reaches critical mass. Halifax has lived with that kind of memory for more than a century. On December 6, 1917, a collision in Halifax Harbor triggered the largest man-made explosion prior to the atomic bomb, a disaster that directly changed the lives of over
I build mdedit.io — a no-account Markdown editor with live preview, collaboration and AI assistance I’m looking for feedback on the public beta of mdedit.io: https://mdedit.io Repository: https://github.com/MatthiasHertel21/mdedit mdedit.io is a browser-based Markdown editor focused on writing, structuring, previewing, sharing and exporting longer Markdown documents. It does not require an accou
Background A nasty surprise Last summer while trying to deliver a feature for one of our customers, I encountered a nasty situation. The software we were developing, depended on a production grade license of Gurobi. People were on vacations except of my team and some unrelated staff, so developing the feature was in principle blocked. As I learnt due to some other situations, research