
Security News
/Research
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
github.com/dbut2/helpme
A smart command-line assistant that generates shell commands using AI. Simply describe what you want to do, and helpme
will suggest the appropriate command.
go install dbut.dev/helpme@latest
The tool can be configured using environment variables:
HELPME_TOOL
: Choose the AI provider ("CLAUDE", "CHATGPT", or "OLLAMA")HELPME_SYSTEM_PROMPT
: Custom system prompt for the AIHELPME_DEBUG
: Enable debug mode (default: false)export ANTHROPIC_API_TOKEN="your-api-key"
export OPENAI_TOKEN="your-api-key"
export OPENAI_MODEL="gpt-4" # Optional
export HELPME_MODEL="codegemma:instruct" # Optional, this is the default model
helpme <your command description>
# Find large files
helpme find files larger than 1GB in the current directory
# Process text
helpme count number of lines in all python files recursively
# System administration
helpme show me system memory usage in a human readable format
# Git operations
helpme undo my last git commit but keep the changes
git clone https://github.com/dbut2/helpme.git
cd helpme
go build
go install
Contributions are welcome! Please feel free to submit a Pull Request.
This project is licensed under the MIT License - see the LICENSE file for details.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.