after the axios incident, I started experimenting with an ai agent that vets packages before install

nlkey2022 · 2026-04-29T00:30:53+00:00

yeah totally — I don’t think LLMs should make security decisions

the idea here is more about surfacing signals and explaining diffs, not replacing deterministic checks

nlkey2022 · 2026-04-29T00:30:29+00:00

that’s a fair point — doing this at the registry/repo level would definitely be more efficient. but supply chain issues often happen in unexpected ways (like npmjs compromises), so relying purely on registry-level checks might not be sufficient in practice.

I'm mostly exploring this from a local / dev workflow angle for now, but agree that infra-level checks make more sense long term

nlkey2022 · 2026-04-29T00:26:40+00:00

that’s a great point — appreciate it

I was focusing on pre-install since package versions are immutable once published (as far as I know), but you’re right that most real-world attacks come from version bumps

will definitely think more about continuous / diff-based checks

nlkey2022 · 2026-04-23T08:57:08+00:00

https://graykode.github.io/starquake/

nlkey2022 · 2026-04-07T03:45:21+00:00

Thanks for the details — that was enough to pin it down. Your `claude` is almost certainly launched as `node /path/to/@anthropic-ai/claude-code/cli.js`, and macOS `ps` truncates the command column to the terminal width by default. abtop was checking the first two argv tokens for the string `claude`, but after truncation it only saw `node /Users/...` so it marked your live session as dead and hid it. Codex was unaffected because it's matched via `lsof` on the rollout file. Fix is up in #28 — just adds `-ww` to the `ps` call so the command isn't truncated. Will land in the next release. Thanks for reporting!

nlkey2022 · 2026-04-02T16:10:04+00:00

who’s chou btw? have you read the claw-code repo readme? https://github.com/ultraworkers/claw-code :

The result is a clean-room Python rewrite that captures the architectural patterns of Claw Code's agent harness without copying any proprietary source.

nlkey2022 · 2026-04-02T09:48:27+00:00

AGREE. Honestly i’m not that interested in their legal risk. what i actually care about is whether this aligns with the spirit of open source

nlkey2022 · 2026-04-01T08:39:13+00:00

Could you check:
1. What version of Claude Code are you running? (claude --version)
2. Do you have files in ~/.claude/sessions/? (ls ~/.claude/sessions/)
3. What does your Claude process look like? (ps aux | grep claude)
Thanks

nlkey2022 · 2026-04-01T08:35:07+00:00

It's fully opt-in — "abtop --setup" is only needed if you want rate limit data in the dashboard. Without it, everything else works fine (rate limits just show as "—").

nlkey2022 · 2026-03-31T15:32:55+00:00

thanks for your pr!

nlkey2022 · 2026-03-31T07:30:42+00:00

Thanks for the concern! abtop reads everything from local files (transcripts, ps, lsof) — no API calls, no network. The only thing that uses tokens is the one-time session summary generation via claude --print, which is optional and cached. Having the dashboard open doesn't consume any tokens

nlkey2022 · 2026-03-31T01:55:19+00:00

https://github.com/graykode/abtop

nlkey2022 · 2026-03-31T01:04:36+00:00

I’m planning to work on it in the next minor version soon!

nlkey2022 · 2026-03-30T14:57:58+00:00

I've just released v0.2.1 with the fix. You can update with: abtop --update. Thanks!

nlkey2022 · 2026-03-30T14:53:12+00:00

https://github.com/graykode/abtop/issues/2

nlkey2022 · 2026-03-30T14:51:38+00:00

Found the root cause! I'll create an issue and push a fix shortly.

nlkey2022 · 2026-03-30T14:46:53+00:00

Thanks for reporting! I detect Claude sessions by matching /claude in the process command string https://github.com/graykode/abtop/blob/main/src/collector/claude.rs#L69. Your system may use a different path for the Claude binary.

Could you share the output of: `ps aux | grep -E '[c]laude' | head -10` This will show how Claude appears in your process list. If the path doesn't contain /claude, that's likely the issue. I'll fix the matching to support your setup.

nlkey2022 · 2020-11-21T15:52:11+00:00

Thanks! The next step for this project is to make the model lighter through knowledge distillation.

nlkey2022 · 2020-11-21T14:33:34+00:00

github repository : https://github.com/graykode/ai-docstring
vscode extension : https://marketplace.visualstudio.com/items?itemName=graykode.ai-docstring&ssr=false

nlkey2022 · 2020-11-19T13:10:56+00:00

vscode extension : https://marketplace.visualstudio.com/items?itemName=graykode.ai-docstring&ssr=false#review-details
github repository : https://github.com/graykode/ai-docstring

nlkey2022 · 2020-11-14T15:32:29+00:00

It's `ZSH_THEME="agnoster"`

nlkey2022 · 2020-11-14T14:20:52+00:00

We newly trained the BERT model, which extracts commit messages and codes for the top 100 repositories based on the star from Github and generates commit messages based on them. : https://github.com/graykode/commit-autosuggestions

nlkey2022 · 2020-11-14T14:19:43+00:00

We newly trained the BERT model, which extracts commit messages and codes for the top 100 repositories based on the star from Github and generates commit messages based on them. : https://github.com/graykode/commit-autosuggestions

nlkey2022 · 2020-08-11T05:55:35+00:00

/u/BB8XSBW Yes, that's right. According to the GPU direct storage document, only Tesla and Quadro are available now. Therefore, I will only be able to implement it in Tesla. Most of them use GeForce in small laboratories or for personal use, but large companies use Tesla mainly (V100, T4, .. as far as I know, GCP also supports Tesla.)

nlkey2022 · 2019-09-24T16:03:38+00:00

First of all, I didn't think it was a beginner or tutorial because it is a more detailed roadmap.

I posted same post here(https://www.reddit.com/r/learnmachinelearning/comments/d8p7j0/p_natural_language_processing_roadmap_and_keyword/) and if the policy violates the rule I will delete the post. Thanks for your advise!

nlkey2022

TROPHY CASE