Supply Chain
This Week in Local AI — I Built DFlash and Audited Lightning
I built DFlash from source on a real RTX 3090 and benched both Qwens. Then audited my stack after PyPI's `lightning` package shipped malware that abuses Claude Code hooks.
Lightning 2.6.x Malware: Check Your Local AI Stack
PyPI's lightning package was poisoned April 30 with malware that abuses Claude Code hooks. Here's the 5-minute audit I ran on my own 3090 box.
Claude Code's Source Just Leaked: What 500K Lines of TypeScript Reveal About AI Coding Agents
Claude Code's full source was exposed via npm source maps. Here's what the leaked architecture reveals about multi-agent orchestration, and what it means for local AI agent builders.
Is LM Studio Infected? How to Check Your Install (March 2026)
Reports of possible malware in LM Studio are circulating on Reddit. Here's what we know, how to verify your installation, and what to do if you're affected.