161 verified AI package hallucinations across 8.5M indexed — open dataset TL;DR: DepScope is a free MCP server + REST API that AI coding agents call before installing packages. We index 8.5M+ packages across 19 ecosystems and track 45K+ vulnerabilities in real time. We also publish a verified open corpus of LLM-hallucinated package names — every entry cross-validated daily, CC-BY-NC-SA. Cite us
A LinkedIn recruiter pitched me a remote "Software Engineer at a DEX" project this week. Reasonable comp range, tech stack squarely in my wheelhouse. After a couple of friendly exchanges, she asked me to "review the codebase before the technical interview" and sent me a GitHub repo link plus a Calendly invite for the call. The repo was malware. It didn't get me, but it's something developers shoul
Harbor cities understand accumulated risk. Cargo moves in quietly. Weather shifts by degrees. One bad assumption can sit unnoticed until it reaches critical mass. Halifax has lived with that kind of memory for more than a century. On December 6, 1917, a collision in Halifax Harbor triggered the largest man-made explosion prior to the atomic bomb, a disaster that directly changed the lives of over
On April 7 Anthropic published technical Mythos report,as well as announced Claude Mythos Preview and Project Glasswing. The claim was that their newest model could autonomously identify and exploit real vulnerabilities in major open-source projects at unprecedented scale. One of Anthropic's public showcase examples was the Linux kernel, which is not some toy repo but the operating system underne
In today's digital landscape, website security isn't just a best practice—it's a necessity. From protecting user data to boosting your SEO, an SSL certificate (Secure Sockets Layer) is non-negotiable. Yet, many domain registrars, including Namecheap, often push users towards paid SSL solutions, despite excellent free alternatives existing. This guide will walk you through how to implement free SSL
Hi everyone! I wanted to share a small project I’ve been working on lately. The premise is simple: every time we share a photo or a document, we inadvertently leak a massive amount of personal data — from home GPS coordinates to camera serial numbers and even the edit history of a PDF. Using "online privacy services" to clean your files always felt like a paradox to me (sending private data to a s
Vibe coding is a good starting point, but it is not where serious AI-assisted development ends. The next step is agentic engineering: using AI coding agents inside a controlled engineering workflow, with context, tests, review and clear boundaries. Vibe coding often focuses on the generated output: Ask for feature -> get code -> run it -> ask for fixes Agentic engineering focuses on the system ar
The "Ghost" in the Codebase We’ve all been there. You’re running a security audit on an old repository, and your scanner flags 45 "Potential Secrets." You spend the next two hours manually checking them, only to realize 44 are revoked, test strings, or old keys from a defunct project. In the industry, we call these Zombie Keys—credentials that look like a threat but are actually dead. The proble