Malicious npm Packages Found Inside Red Hat's Own Cloud Services Repos
Malicious npm packages hit Red Hat repos, Anthropic files to go public, Gemma 4 runs on old Xeons, and ChatGPT Sheets plugins leak data.
Good morning! Welcome to Builder's Briefing for June second, twenty twenty-six. I'm Alex, Sam's here with me, and today — buckle up — because the theme is basically 'your supply chain is trying to kill you.'
Yeah, it's one of those days where every other story makes you want to go audit something. We've got compromised npm packages inside Red Hat's own repos, ChatGPT add-ons exfiltrating spreadsheet data, Anthropic going public, and a ten-year-old Xeon running Gemma 4. Let's get into it.
Alright, the big story. Malicious npm packages were found inside Red Hat's official JavaScript client libraries — their own GitHub org, the RedHatInsights repos. We're talking Insights, Vulnerability, Compliance clients. Over six hundred points on Hacker News, three hundred plus comments. This one rattled people.
And rightfully so, because this isn't some random typosquatting on a package called 'left-padd' with two D's. This is compromised code inside an enterprise vendor's official repos. If you're auto-updating dependencies from this ecosystem, you might already have this in your build.
Exactly. So if you've pulled from any of those RedHatInsights JS clients recently, stop what you're doing and run npm audit. Check your lockfiles for unexpected version bumps, pin your versions, verify checksums. And honestly, if you haven't set up Socket.dev or Snyk or even just GitHub's dependency review action in your CI — this is the forcing function.
The bigger signal here is that supply chain attacks are moving upstream. We're past worrying about obscure packages. When Red Hat gets hit, the blast radius is every enterprise app that trusts their dependency graph. You have to treat that graph like an attack surface, because it is one.
And speaking of attack surfaces expanding — the security stories today are wild. PromptArmor demonstrated that ChatGPT integrations for Google Sheets can be manipulated to silently send your entire workbook to external servers. Prompt injection in cell contents can trigger it.
That's terrifying because those add-ons typically get full read access to your workbooks. You install some AI-powered Sheets plugin thinking it'll help with formulas, and suddenly your financial projections are being exfiltrated. If you've installed any LLM-powered Sheets add-ons, audit those permissions today.
There's also a new side-channel attack that fingerprints users by analyzing SSD activity through the browser. Storage I/O timing as a fingerprinting vector — we're now beyond cookies, beyond canvas fingerprinting, into hardware-level signals.
Right, and what's wild is how hard that is to mitigate. You can block cookies, you can mess with canvas, but how do you mask the timing characteristics of your actual storage hardware? If you're building privacy tools or anti-tracking features, your threat model just got a lot more complicated.
Let's pivot to AI. This one made me smile — Point-Free demonstrated running Google's Gemma 4 on a twenty-sixteen Xeon. No GPU required. Just a ten-year-old server chip doing local inference.
I love this because it completely undercuts the 'I need a four thousand dollar GPU to even experiment with LLMs' excuse. You can grab one of these Xeons off eBay for practically nothing and start prototyping local inference features today. The barrier to entry just keeps dropping.
Also worth flagging — Stanford's CS three thirty-six course, Language Modeling from Scratch, is open again. And this time it includes a CLAUDE.md file giving AI coding agents explicit guidelines for completing the assignments. So you've got world-class learning material and a practical template for scoping agent behavior in your own repos.
That CLAUDE.md thing is actually super interesting as a pattern. We're seeing more repos ship with explicit instructions for AI agents — it's becoming a standard artifact, like a README but for your coding assistant. I'd recommend anyone running AI agents on their codebase look at that as a template.
Okay, big startup news — Anthropic has filed a confidential S-1 with the SEC. They're going public.
This is huge for anyone building on the Claude API. Going public means Anthropic is betting on long-term revenue stability, but it also means public market pressure replaces the growth-at-all-costs incentive. Translation: expect API pricing to go up post-IPO.
Yeah, the subsidized pricing era has an expiration date. If your margins depend on cheap API calls, now's the time to diversify your model provider strategy or explore local inference. That twenty-sixteen Xeon is looking real attractive suddenly.
Ha! Full circle. And on the other end of the spectrum, DuckDuckGo is leaning hard into 'no-AI search' and their traffic is booming. There's a real market of users who explicitly don't want AI in their search results.
That's interesting because it suggests offering an AI-free mode in your product might be a genuine differentiator now, not just a niche preference. Something to think about.
Quick hits on launches — Meta is rolling out paid subscriptions across Instagram, Facebook, and WhatsApp with AI features gated behind paid tiers. If you're building on Meta's platforms, the economics just changed. Paying users expect more reliability and better integrations.
Nvidia also announced RTX Spark — details are thin but it's targeting a compact form factor. If it delivers desktop-class GPU compute in a smaller package, that could reshape local inference hardware for devs who don't want a full tower.
And Microsoft shipped open-source Copilot Studio skills — YAML-based, designed explicitly for Claude Code and GitHub Copilot CLI. If you're building enterprise agent workflows, that's your schema-validated starting point. Link in the briefing for all of these.
Oh, and I have to shout out GoDoxy — a Go-based reverse proxy with container orchestration built in, trending on GitHub. If you're self-hosting and tired of configuring Nginx and Docker Compose separately, this collapses both into one tool with auto-discovery. Pretty slick.
Rapid fire quick hits — only seventeen percent of sixty-four-bit integers are products of two thirty-two-bit integers. Fun CS trivia from Daniel Lemire. The Pirate Bay turns twenty years post-raid and is somehow still running. And someone made their phone intentionally slow as a digital wellness experiment.
Also, Microsoft's nineteen ninety-four internship interview had just four programming questions. Compare that to today's six-round gauntlets. We've come a long way — and not necessarily in the right direction.
So here's the takeaway for today. The pattern is clear: your supply chain is your attack surface. Red Hat's compromised packages, ChatGPT add-ons exfiltrating data, SSD-based fingerprinting — the threat vectors are getting more creative and more upstream every week.
If you're building anything touching production, this is the week to add dependency scanning to CI, audit your third-party integration permissions, and seriously ask whether that AI-powered spreadsheet plugin is worth the data exposure.
And with Anthropic's S-1 signaling the end of subsidized AI pricing, start thinking about your model provider diversification strategy. Local inference is getting surprisingly accessible — maybe it's time to shop for that used Xeon.
The twenty-sixteen Xeon — official mascot of today's episode.
Ha! That's our show. Thanks for listening to Builder's Briefing. Links to everything we talked about are in the briefing notes. Stay safe out there, audit your dependencies, and we'll see you next time.
Go run npm audit. Seriously. See you tomorrow!
Over 600 HN points and 336 comments don't lie — this one hit a nerve. Malicious npm packages were detected across Red Hat's JavaScript client libraries for their cloud services. The issue, filed on the RedHatInsights/javascript-clients repo, means that if you've pulled dependencies from this ecosystem recently, you need to audit now. This isn't some random typosquatting attack on a throwaway package — it's compromised code inside an enterprise vendor's official GitHub org.
What builders should do today: run `npm audit` across any project that touches Red Hat cloud client packages. Check your lockfiles for unexpected version bumps. If you're using Insights, Vulnerability, Compliance, or any of the RedHatInsights JS clients, pin your versions and verify checksums. This is also a good forcing function to finally set up Socket.dev, Snyk, or at minimum GitHub's dependency review action on your CI pipeline.
The bigger signal: supply chain attacks are moving upstream. We're past the era where you only worried about obscure packages with funny names. When a vendor like Red Hat gets hit, the attack surface is every enterprise app that auto-updates dependencies. If you're building anything that touches production infrastructure, treat your dependency graph like an attack surface — because it is one.
ChatGPT for Google Sheets Can Exfiltrate Your Entire Workbook
PromptArmor demonstrated that ChatGPT integrations for Google Sheets can be manipulated to silently send spreadsheet data to external servers. If you've installed any LLM-powered Sheets add-ons, audit their permissions immediately — these tools often get full read access to your workbooks and can be triggered via prompt injection in cell contents.
Instagram Account Takeover via the Goofiest Exploit Yet
A researcher details a hilariously simple Meta account takeover flaw. For builders integrating with Meta's auth flows or building social login, this is a reminder to never trust that platform-side session handling is airtight — always layer your own validation.
Websites Can Now Fingerprint Visitors by Analyzing SSD Activity
A new side-channel attack uses storage I/O timing to fingerprint users through the browser. If you're building privacy-sensitive apps or anti-tracking tools, this expands the threat model beyond cookies and canvas fingerprinting into hardware-level signals that are much harder to mitigate.
A 10-Year-Old Xeon Is All You Need to Run Gemma 4
Point-Free demonstrates running Google's Gemma 4 model on a 2016 Xeon — no GPU required. If you're prototyping LLM features and balking at GPU costs, this is your excuse to grab a cheap used server off eBay and start shipping local inference today.
Stanford CS336: Language Modeling from Scratch — Now with AI Agent Guidelines
Stanford's flagship LLM course is open and includes a CLAUDE.md file giving AI coding agents explicit guidelines for completing assignments. Two stories worth tracking together: the course itself is top-tier learning material for builders wanting to understand models at the metal level, and the agent guidelines doc is a practical template for how to scope AI agent behavior in your own repos.
Babysitter: Deterministic Self-Orchestration for AI Agent Fleets
New open-source framework claims to enforce obedience on agentic workflows with hallucination-free orchestration. If you're running multi-agent systems and struggling with reliability, this is worth evaluating — the deterministic approach trades flexibility for predictability, which is exactly what production agent deployments need.
The Speed of Prototyping in the Age of AI
A practical reflection on how AI tools compress the prototype-to-feedback loop. The real takeaway for builders: the bottleneck has shifted from 'can I build this fast enough' to 'can I validate the right thing fast enough.' Prototype speed without taste is just faster waste.
Anthropic Files Confidential S-1 with the SEC
Anthropic is going public. For builders on the Claude API, this means the company is betting on long-term revenue stability over VC-subsidized pricing. Expect API pricing to rationalize (read: go up) post-IPO as public market pressure replaces growth-at-all-costs incentives. Lock in commitments or diversify your model provider strategy now.
DuckDuckGo Leans Into 'No-AI Search' as Traffic Booms
There's a growing market of users who explicitly don't want AI in their search results. If you're building a product, consider offering an AI-free mode — it's becoming a genuine differentiator, not just a niche preference.
Meta Launches Paid Subscriptions Across Instagram, Facebook, and WhatsApp
Meta is rolling out subscriptions with AI features gated behind paid tiers. If you're building on Meta's platforms or selling to creators, the subscription layer changes the economics — paying users expect more reliability, fewer ads, and better integrations. Watch for new API surfaces tied to subscriber status.
Nvidia Announces RTX Spark
Nvidia's new RTX Spark targets a compact form factor. Details are thin, but if this delivers desktop-class GPU compute in a smaller footprint, it could reshape the local inference hardware landscape for devs who want GPU power without a full tower.
Microsoft Ships Copilot Studio Skills for AI Coding Tools
Microsoft released an open-source skill set for building and editing Copilot Studio agents via YAML, explicitly designed for Claude Code and GitHub Copilot CLI. If you're building enterprise agent workflows, this gives you a schema-validated, template-driven starting point.
GoDoxy: High-Performance Reverse Proxy for Self-Hosters
A Go-based reverse proxy with container orchestration built in, trending on GitHub. If you're running self-hosted services and tired of configuring Nginx + Docker Compose separately, this collapses both into one tool with auto-discovery.
Zeroclaw: Portable AI Personal Assistant Infrastructure in Rust
A new Rust-based framework for deploying autonomous AI assistants across any OS. Early stage but worth watching if you're building personal AI products that need to run locally with swappable model backends.
Flipper Zero Gets a Zig Template
If you're doing hardware hacking with Flipper Zero and want to write apps in Zig instead of C, there's now a project template for that. Niche but useful for the embedded-curious.
Remote Work, Not AI, May Be Why Junior Hiring Is Broken
FT argues that remote work's mentorship gap is hurting junior dev pipelines more than AI displacement. If you're a technical leader, this is the real hiring problem to solve — structured onboarding and pairing programs matter more than office mandates.
Today's biggest pattern: your supply chain is your attack surface. Between Red Hat's compromised npm packages, ChatGPT add-ons exfiltrating Sheets data, and SSD-based browser fingerprinting, the threat vectors are getting more creative and more upstream. If you're building anything that touches production, this is the week to add dependency scanning to CI, audit your third-party integrations' permissions, and seriously evaluate whether that AI-powered spreadsheet plugin is worth the data exposure. Meanwhile, Anthropic's S-1 filing signals that subsidized AI pricing has an expiration date — if your margins depend on cheap API calls, start diversifying model providers or exploring local inference (that 2016 Xeon is looking pretty good right now).