The Hacker News

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Malicious npm package '@openclaw-ai/openclawai' downloaded 178 times installs GhostLoader RAT, stealing credentials and crypto wallets.

New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.
GitHub

A high-performance Apache Thrift IDL parser written in Rust that converts Thrift IDL files to JSON AST.

The program takes 0.03 seconds, which is nearly a 10x performance improvement compared to the JavaScript implementation. The test file contains approximately 15,000 lines of code.