The Hacker News

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Malicious npm package '@openclaw-ai/openclawai' downloaded 178 times installs GhostLoader RAT, stealing credentials and crypto wallets.

New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.
GitHub

shipurjan/subtitle-to-lrc

One use case is to convert podcast subtitles to the lyrics format (.lrc), which can then be played on various portable music/media players such as foobar2000 with OpenLyrics plugin ...
GitHub

A high-performance Apache Thrift IDL parser written in Rust that converts Thrift IDL files to JSON AST.

The program takes 0.03 seconds, which is nearly a 10x performance improvement compared to the JavaScript implementation. The test file contains approximately 15,000 lines of code.