mteam.eth
16K posts
@mteamisloading
cofounder @spire_labs ~ eliminate the middleman
ok but you gotta give it to them, that's a pretty funny feature
Rabby Wallet is live on Tempo With native support for Tempo Transactions, Rabby users get features including: → Approve & swap in a single transaction → Fees paid in any stablecoin → Native fee sponsorship
Prop AMMs enable literally 0 latency order updates. Your contract can change its entire orderbook based on trades throughout the block. Thats very useful if you are the top venue for a token, and I think prop amms for long tail tokens with use this well.
🚨 Active supply chain attack on @tan_stack. 84 npm packages in the @tanstack namespace have been compromised with a credential-stealing worm. @tanstack/react-router alone has 12M+ weekly downloads. The affected packages span react-router, solid-router, vue-router, start, and dozens more across the TanStack ecosystem. Additional compromised packages were also found in the @uipath namespace and several other organizations. Socket flagged every malicious version within six minutes of publication. Here's what the malware does: • Injects a 2.3 MB obfuscated file (router_init.js) that daemonizes itself on install, detaching from the terminal so nothing looks wrong • Harvests credentials from GitHub Actions (including OIDC tokens), AWS (IMDSv2, Secrets Manager, SSM across multiple regions), HashiCorp Vault, and Kubernetes service accounts • Uses stolen OIDC tokens to autonomously republish itself to npm under the compromised maintainer's identity, turning every infected CI pipeline into a new propagation vector • Writes persistence hooks into .claude/ and .vscode/ directories so it survives across reboots and re-executes when developers use Claude Code or open VS Code • Exfiltrates everything through the Session decentralized P2P network, making C2 traffic nearly indistinguishable from encrypted messaging • Commits copies of itself to maintainer repositories via GitHub's GraphQL API, spoofing the author as claude@users.noreply.github.com to blend in with legitimate Claude Code activity • Generates valid Sigstore provenance attestations for the malicious packages, meaning provenance badges alone cannot be trusted as a security signal The attack vector: an orphaned commit (no parent history) in the TanStack/router repo was used to hijack the CI workflow's OIDC token, bypassing existing publishing protections including 2FA. The commit was authored by the account "voicproducoes," whose repos include projects named "A Mini Shai-Hulud has Appeared," linking this to an ongoing campaign Socket has been tracking. TanStack maintainer Tanner Linsley confirmed the attack and the team is unpublishing compromised versions and shutting down publishing pipelines while they remediate. What to do right now: • Check your dependency tree for router_init.js. SHA256: ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c • Rotate npm tokens, GitHub PATs, AWS credentials, Vault tokens, and K8s service account tokens on any system that installed an affected version • Audit .claude/ and .vscode/ directories for router_runtime.js, setup.mjs, or unfamiliar hooks • Check git log for commits authored by claude@users.noreply.github.com that weren't initiated through the legitimate Claude Code app • Block egress to filev2.getsession[.]org at the DNS level • Do not trust Sigstore provenance badges alone Full list of affected packages and IOCs: socket.dev/blog/tanstack-… Developing story...
In Bun’s zig fork, we added parallel semantic analysis and multiple codegen units to the llvm backend on macOS & Linux This makes debug builds of Bun compile > 4x faster, improving internal development velocity
