InfoWorld

Malicious npm packages contain Vidar infostealer

Researchers say the malware was in the repository for two weeks, advise precautions to defend against malicious packages.
GitHub

Vizro is a low-code toolkit for building high-quality data visualization apps

Vizro is an open-source Python-based toolkit. Use it to build beautiful and powerful data visualization apps quickly and easily, without needing advanced engineering or visual design expertise. Then ...
CSO Online

Malicious packages in npm evade dependency detection through invisible URL links: Report

Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.
heise online

Dangerous and invisible worm found in Visual Studio Code extensions

For a few days now, a supply chain attack has been running through the Visual Studio Code marketplaces. Both Microsoft's Marketplace and the alternative Open-VSX marketplace of the Eclipse Foundation ...
InfoWorld

Self-propagating worm found in marketplaces for Visual Studio Code extensions

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain attacks they’ve seen, and it’s spreading. A month after a self-propagating ...
TWCN Tech News

How to use Deepseek in Visual Studio Code

If you want to set and use Deepseek-R1 in Visual Studio Code, follow the steps below. Install Visual Studio Code Download Ollama Install the CodeGPT Extension Install DeepSeek models Use DeepSeek in ...
GitHub

Debugging/running python in multi package monorepo not passing correct arguments to debugpy

I've tried setting up zed to work with a python monorepo and could not get the debugger and "run module" tasks to work. Please see the attachment for the reproduction ...