借助LLM重写pycparser
作者描述了如何利用大型语言模型(LLM)的帮助,将其广泛使用的C语言解析器项目pycparser从PLY迁移到更现代的解析器生成器,展示了AI辅助代码重构的实际应用。
相关报道
A compromised version of the LiteLLM Python package (version 1.82.8) was briefly available on PyPI, capable of exfiltrating sensitive credentials like SSH keys and cloud secrets. The malicious package affected any project that depended on LiteLLM, though it was only available for about an hour before discovery.
A supply chain attack has compromised the popular npm axios HTTP client library with 300 million weekly downloads. Malicious versions install a remote access trojan, though some users may have avoided infection through version pinning or older installations. Security experts warn this is a live compromise affecting one of npm's most depended-on packages.
A series of supply chain attacks has affected npm and PyPI repositories within two weeks. The use of large language models is exacerbating these security issues, and existing mitigation measures are insufficient to address the problem.
A security researcher discovered a vulnerability that allowed obtaining full administrator rights in a Replit clone. The vulnerability stemmed from running untrusted code in an insecure manner. This highlights the importance of proper security practices when executing external code.
A social media trick shows that blocking the "claude" user on GitHub reveals projects using Claude Code. The CPython repository, one of the world's most popular open-source projects, now displays contributions from this AI coding agent.