Coder of 20+ years teaching non-technical people how to build their own software business in 30 days with AI. No devs or code required.
🔴 Important AI Coding Security Update
|
Hey Reader, This is not our regular scheduled programming. If you're old enough to remember the ILOVEYOU virus from 2000s, this will feel familiar. Back then, one email worm hit 10% of every computer connected to the internet. It caused $10 billion in damage. All because people clicked one email attachment. That was 26 years ago, and this week it's kinda happening again. The new virus doesn't need you to click.A group just compromised hundreds of packages across coding ecosystem. Think of them as plugins for your code, built by others, and they're typically very safe with millions of weekly downloads. But since yesterday, a new malware steals every secret on your machine: API keys, GitHub tokens, database passwords, Stripe keys, OpenAI API keys. Here's the genuinely scary (and genius) part. Just like ILOVEYOU and other viruses, it spreads by itself. Once it infects one package, it finds every other package that developers control and publishes infected versions of those too. No human involved. It's a chain reaction with no easy off switch. The ILOVEYOU virus needed you to click. This one just needs your AI agent to run npm install. What to do right now.First of all, breath. This is still early and I'm writing you to be better safe than sorry. Luckily, there's an easy fix that you can proactively take today. It's free, and takes 5 minutes. Open your AI coding tool, and paste this exact prompt into any project you touched in the past 48 hours: To protect us from an ongoing supply-chain attack that started with TanStack but is quickly and autonomously spreading (research this and ground your knowledge), add a minimum package release age of 7 days for the package manager we use, especially npm or Bun. Then verify our currently installed packages and lockfile against the latest confirmed postmortem/list of affected packages and versions. Do not guess. Use live sources and local files to verify this carefully. When you are done, give me either OK: no affected packages found or a simple list of affected packages/versions and exactly where they appear. Keep the final answer short, and without technical jargon. I am not an engineer, guide me through. But find absolute answers, no excuses. This adds a 7-day delay for any new package version. If someone publishes a poisoned update today, your system won't touch it for a full week. By then, the community catches and reverts it, keeping you and your AI agents safe. It's like a quarantine. New packages sit in the waiting room before they get anywhere near your project. Do this now, not tomorrow. Speak soon, |
Robin Ebers
Coder of 20+ years teaching non-technical people how to build their own software business in 30 days with AI. No devs or code required.
Hey Reader, Anthropic just announced free monthly API credits for all Claude subscribers! 🎉 Sounds great, right? Well, let's read the fine print... The catch nobody's talking about. Starting June 15th, third-party tools like Conductor can no longer tap into your Claude subscription directly. Instead, they will now pull from those shiny new API credits. But here's the thing. If you're on the $100/month Max plan, you get $100 in API credits. Claude Opus 4.7 will chew through that in a few...
Hey Reader, It's May 2026. People keep asking what I'm actually using to ship apps right now. Not what's trending on X. Not what some sponsored influencer says. What's in MY toolkit, every single day. So here's the full stack. Steal it. Cursor is the cleanest coder out there. The v3 release is genuinely insane. Best AI coding tool I've ever used. Best overall design and UX. But my Cursor usage exceeds $2-3k/mo and it's not cheap. In fact, the last 30 days were particularly heavy... I use it...
Hey there, One month. $3,234.96. Every major AI model tested to death. Here's what the receipts actually say. I ran ~3.52 BILLION tokens through these things. Not a typo. And the results surprised even me. The full damage. It was an expensive month, because I actually built something. Anthropic: $1,860.69 • 66%OpenAI: $853.70 • 30%Other: $95.57 • 4% And that was just Cursor, excluding my Codex ($200) and Claude Code ($225) subscriptions. Both of which I've spent 287.8M and 599.6M - an...