@Fried_rice What if claude leaked its own source code and anthropic is just taking the blame
GIF
English
Vidtreo
19 posts
Vidtreo
@vidtreo
We made video recording cost $0.01/min. everyone said it was impossible. it wasn't. built by 3 engineers and Claude Code. https://t.co/4uCooYDuZ1
Global (Edge Network) Katılım Şubat 2026
17 Takip Edilen7 Takipçiler
Claude code source code has been leaked via a map file in their npm registry!
Code: …a8527898604c1bbb12468b1581d95e.r2.dev/src.zip
English
Vidtreo retweetledi
🚨 Andrej Karpathy just explained the scariest thing happening in software right now..
someone poisoned a Python package that gets 97 million downloads a month.. and a simple pip install was enough to steal everything on your machine..
SSH keys.. AWS credentials.. crypto wallets.. database passwords.. git credentials.. shell history.. SSL private keys.. everything..
and here's the part that should terrify every developer alive..
the attack was only discovered because the attacker wrote sloppy code.. the malware used so much RAM that it crashed someone's computer.. if the attacker had been better at coding.. nobody would have noticed for weeks..
one developer.. using Cursor with an MCP plugin.. had litellm pulled in as a dependency they didn't even know about.. their machine crashed.. and that crash saved thousands of companies from getting their entire infrastructure stolen..
Karpathy's take is the real wake up call.. every time you install any package you're trusting every single dependency in its tree.. and any one of them could be poisoned..
vibe coding saved us this time.. the attacker vibe coded the attack and it was too sloppy to work quietly.. next time they won't make that mistake.
Andrej Karpathy@karpathy
Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
English
@ctranbtw @CloudflareDev @ProductHunt Appreciate it! We're heads down on the product right now — letting the work speak for itself.
If you want to try it: vidtreo.com — $1 free credit, no card needed 🤝
English
Really sharp launch with VIDTREO, nails that balance between power and usability. Simplifying video recording infrastructure into one SDK with transparent pricing is a strong direction. Been helping developer tools like this break into crypto and startup builder circles recently and the overlap is massive. That community moves fast and spends even faster. I've got visibility lined up to get this trending across that lane. DM me let's chat.
English
.@CloudflareDev — we built a video recording API entirely on your stack and just launched on @ProductHunt.
Workers, R2, D1, Pages. No origin servers. No egress fees. The result: $0.01/min video recording with edge delivery in 200+ cities.
Your infra made this possible.
English
We encode video in the browser and deliver from your edge. No transcoding servers. No CDN bills.
That architecture only works because of Cloudflare.
producthunt.com/products/vidtr…
English
If you're building anything that needs video — hiring, edtech, telehealth, feedback — check it out.
Every upvote means a lot to a team this small 🤝
producthunt.com/products/vidtr…
English
We're 3 people building video infrastructure that competes with teams 10x our size.
Our secret? We plan, iterate, and ship with @AnthropicAI Claude Code as our fourth team member.
Small team. Big ambitions.
English
We're live on @ProductHunt 🚀
VIDTREO — video recording API at $0.01/min. No subscriptions. No hidden fees.
Yes, another launch in 2026. No, it's not an AI wrapper.
It's real infrastructure. Built by a team of 3.
We'd love your support 👇
youtube.com/watch?v=2nQZea…
YouTube
English
We're live.
100 free minutes/month. No credit card.
vidtreo.com
docs.vidtreo.com
Already in production with enterprise clients.
If you're paying more than $0.01/min for video recording, we should talk.
English