
Security News
/Research
Compromised Injective SDK npm Package Exfiltrates Wallet Keys and Mnemonics
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.
@feniix/pi-devtools
Advanced tools
Devtools extension for pi — branch and PR workflow, release automation, PR feedback resolution, merge commands, with GitHub and Linear tracker support
Devtools extension for pi — branch and PR workflow, release automation, and merge commands.
pi install npm:@feniix/pi-devtools
Ephemeral (one-off) use:
pi -e npm:@feniix/pi-devtools
| Tool | Description |
|---|---|
devtools_create_branch | Create and switch to a new git branch |
devtools_commit | Stage files and create a commit with conventional format |
devtools_push | Push branch to remote with upstream tracking |
devtools_create_pr | Create a GitHub pull request |
devtools_get_repo_info | Get current branch, default branch, and remote info |
| Tool | Description |
|---|---|
devtools_merge_pr | Merge a PR with optional branch deletion |
devtools_squash_merge_pr | Squash-merge a PR with optional branch deletion |
devtools_check_pr_status | Check CI status for a PR |
devtools_check_ci | Check CI status for the current branch |
| Tool | Description |
|---|---|
devtools_get_latest_tag | Get the latest version tag from git |
devtools_analyze_commits | Analyze commits since last tag to determine version bump |
devtools_bump_version | Update version in package.json |
devtools_create_release | Create a GitHub release with changelog |
The gh CLI must be installed and authenticated:
gh auth login
The extension auto-detects the default branch, but you can set it explicitly:
export DEFAULT_BRANCH=main # or 'master'
git CLIgh CLI (authenticated)jq (for JSON parsing)MIT
FAQs
Devtools extension for pi — branch and PR workflow, release automation, PR feedback resolution, merge commands, with GitHub and Linear tracker support
The npm package @feniix/pi-devtools receives a total of 40 weekly downloads. As such, @feniix/pi-devtools popularity was classified as not popular.
We found that @feniix/pi-devtools demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.

Security News
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.

Research
/Security News
Socket tracks the activity as Operation “Muck and Load”: a threat actor uses commit-farming workflows, public dead drops, and protected archives to stage Windows RAT and infostealer malware.