Naka-pin na Tweet
I used to work 10hrs a day
But thanks to AI
Now I work 14hrs a day
GIF
English
Tejash Mishra
1.2K posts
Tejash Mishra
@hellotejash
Into : AI ML and building : Neural AI (incubated at IIT Madras)
GPU centre Sumali Ocak 2026
119 Sinusundan166 Mga Tagasunod
Total 188 verbs Claude code uses
Anthropic engineers must be contemplating today
English
@IndianTechGuide It should’ve been released before Valentine’s Day
This isn’t the right time to launch it
English
🚨 Indian fitness brand Beast Life has announced the world's first protein condom, sparking viral debate online just days before April Fool's Day.
English
@alexinexxx Claude code really forgot what shipping means….... ended up shipping itself
English
in one week
>npm axios attack
>claude code leak
>FBI director’s gmail hacked
great time to be in security rn
English
Claude code source code has been leaked via a map file in their npm registry!
Code: …a8527898604c1bbb12468b1581d95e.r2.dev/src.zip
English
Tech bros say the name Claude more than their girlfriend’s name these days
English
Tejash Mishra nag-retweet
New supply chain attack this time for npm axios, the most popular HTTP client library with 300M weekly downloads.
Scanning my system I found a use imported from googleworkspace/cli from a few days ago when I was experimenting with gmail/gcal cli. The installed version (luckily) resolved to an unaffected 1.13.5, but the project dependency is not pinned, meaning that if I did this earlier today the code would have resolved to latest and I'd be pwned.
It's possible to personally defend against these to some extent with local settings e.g. release-age constraints, or containers or etc, but I think ultimately the defaults of package management projects (pip, npm etc) have to change so that a single infection (usually luckily fairly temporary in nature due to security scanning) does not spread through users at random and at scale via unpinned dependencies.
More comprehensive article:
stepsecurity.io/blog/axios-com…
Feross@feross
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
English
Can’t believe I spent years learning all the Tailwind class names just to have AI write them for me
English
@Dominos_UK Hey @KITKAT I think dominos stole it for launching their new pizza
English
@ProtonMail So that means you actually know who stole it?
Privacy concern
English
From: ████
To: ███████
Subject: Huge KitKat (12T) opportunity I just stumbled upon
███████████████████████████████████████████████████████████████████████
Sent with Proton Mail secure email.
English