
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@feniix/pi-devtools
Advanced tools
Devtools extension for pi — branch and PR workflow, release automation, PR feedback resolution, merge commands, with GitHub and Linear tracker support
Devtools extension for pi — branch and PR workflow, release automation, and merge commands.
pi install npm:@feniix/pi-devtools
Ephemeral (one-off) use:
pi -e npm:@feniix/pi-devtools
| Tool | Description |
|---|---|
devtools_create_branch | Create and switch to a new git branch |
devtools_commit | Stage files and create a commit with conventional format |
devtools_push | Push branch to remote with upstream tracking |
devtools_create_pr | Create a GitHub pull request |
devtools_get_repo_info | Get current branch, default branch, and remote info |
| Tool | Description |
|---|---|
devtools_merge_pr | Merge a PR with optional branch deletion |
devtools_squash_merge_pr | Squash-merge a PR with optional branch deletion |
devtools_check_pr_status | Check CI status for a PR |
devtools_check_ci | Check CI status for the current branch |
| Tool | Description |
|---|---|
devtools_get_latest_tag | Get the latest version tag from git |
devtools_analyze_commits | Analyze commits since last tag to determine version bump |
devtools_bump_version | Update version in package.json |
devtools_create_release | Create a GitHub release with changelog |
The gh CLI must be installed and authenticated:
gh auth login
The extension auto-detects the default branch, but you can set it explicitly:
export DEFAULT_BRANCH=main # or 'master'
git CLIgh CLI (authenticated)jq (for JSON parsing)MIT
FAQs
Devtools extension for pi — branch and PR workflow, release automation, PR feedback resolution, merge commands, with GitHub and Linear tracker support
The npm package @feniix/pi-devtools receives a total of 52 weekly downloads. As such, @feniix/pi-devtools popularity was classified as not popular.
We found that @feniix/pi-devtools demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.