I’ve used AI every day for the past 3 years. Claude, ChatGPT, n8n, Perplexity...
I’ve automated almost everything:
- write content 10 times faster
- handle email in 5 minutes instead of 2 hours
- do the work of 3 people in a single day
Status: Draft v1 (language-agnostic)
Purpose: Define a service that orchestrates coding agents to get project work done.
Symphony is a long-running automation service that continuously reads work from an issue tracker (Linear in this specification version), creates an isolated workspace for each issue, and runs a
tuannvm
/ axios-scan.sh
Created
March 31, 2026 13:14
Axios npm compromise scanner - one-liner bash command to detect malicious versions 1.14.1, 0.30.4, plain-crypto-js trojan, and C2 callbacks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo "=== Axios Compromise Scanner ===" && echo "Malicious: 1.14.1, 0.30.4 | Attack: 2026-03-31" && echo && find ~ -path "*/node_modules/axios/package.json" -type f 2>/dev/null | while read p; do v=$(jq -r '.version' "$p" 2>/dev/null || grep -o '"version"[[:space:]]*:[[:space:]]*"[^"]*"' "$p" 2>/dev/null | head -1 | cut -d'"' -f4); case "$v" in 1.14.1|0.30.4) echo "🚨 MALICIOUS: $p → $v" ;; *) echo "✓ Safe: $p → $v" ;; esac; done && echo && if find ~ -path "*/node_modules/plain-crypto-js" -type d 2>/dev/null | head -1 | grep -q .; then echo "🚨 TROJAN: plain-crypto-js present"; else echo "✓ No trojan package"; fi && echo && if find ~ -path "*/node_modules/axios/*" -type f -name "*.js" -exec grep -l "sfrclak\.com" {} \; 2>/dev/null | head -1 | grep -q .; then echo "🚨 C2 CALLBACK: sfrclak.com found"; else echo "✓ No C2 callbacks"; fi |
tuannvm
/ axios-scan.sh
Created
March 31, 2026 13:12
Axios npm compromise scanner - checks for malicious versions 1.14.1 and 0.30.4, plain-crypto-js trojan, and C2 callbacks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo "=== Axios Compromise Scanner ===" | |
| echo "Malicious versions: 1.14.1, 0.30.4" | |
| echo "Checking..." | |
| echo | |
| find ~ -path "*/node_modules/axios/package.json" -type f 2>/dev/null | while read p; do | |
| v=$(jq -r .version "$p" 2>/dev/null || grep -oP '"version":\s*"\K[^"]+' "$p" | head -1) | |
| case "$v" in | |
| 1.14.1|0.30.4) echo "🚨 MALICIOUS: $(dirname $p) → $v" ;; |
tuannvm
/ gist:bceae613979f7b91586c75262ca37b81
Created
March 31, 2026 13:10
Axios npm compromise scanner - checks for malicious versions 1.14.1 and 0.30.4, plain-crypto-js trojan, and C2 callbacks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Axios NPM Compromise Scanner | |
| # Malicious versions: 1.14.1, 0.30.4 | Attack: March 31, 2026 | |
| # https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan | |
| ## One-liner (curl | bash) | |
| ```bash | |
| curl -sL https://gist.githubusercontent.com/tuannvm/bceae613979f7b91586c75262ca37b81/raw/axios-scan.sh | bash | |
| ``` | |
| ## Direct one-liner |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -u | |
| CCODEX_CMD="${HOME}/.local/bin/ccodex" | |
| ALIAS_FILE="${HOME}/.oh-my-zsh/custom/ccodex-alias.zsh" | |
| CCODEX_INSTALL_URL="${CCODEX_INSTALL_URL:-https://gist.github.com/tuannvm/6fe6cf37c05265a9ee0acbd3d2da52d4/raw/ccodex}" | |
| has_cmd() { | |
| command -v "$1" >/dev/null 2>&1 |
tuannvm
/ Code Mode: the better way to use MCP.md
Last active
September 26, 2025 22:07
Code Mode: the better way to use MCP.md
https://blog.cloudflare.com/code-mode/
Cloudflare’s blog post “Code Mode: the better way to use MCP,” authored by Kenton Varda and Sunil Pai, introduces a new approach to using the Model Context Protocol (MCP) that significantly improves AI agent performance. Traditional MCP usage involves directly exposing tools to large language models (LLMs), but this method faces limitations due to LLMs’ limited familiarity with tool-call tokens, resulting in difficulty with complex or numerous tools.
The new Code Mode approach converts MCP tools into a TypeScript API and instructs the LLM to write code that calls the API. This provides several advantages:
- Improved Tool Handling: LLMs handle more tools and complex interactions better because they are extensively trained on real-world TypeScript code rather than synthetic tool-calling data.
- Efficient Multi-Call Execution: Code Mode allows LLMs to chain multiple tool calls without looping every result back through the neural network, reducing token
argocd cluster add docker-desktophttps://registry.terraform.io/providers/oboukili/argocd/latest/docs/resources/cluster
- https://github.com/varmaprr/Confluent-Kafka-Certification
- https://github.com/afonsir/apacha-kafka-ccdak
- https://www.confluent.io/wp-content/uploads/confluent-kafka-definitive-guide-complete.pdf
- https://kafka.apache.org/documentation/
- https://docs.confluent.io/platform/current/platform.html
- Developer questions
- Administrator questions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "io/ioutil" | |
| "log" | |
| "net/http" | |
| "github.com/gorilla/mux" | |
| ) |
NewerOlder