
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@feniix/pi-sequential-thinking
Advanced tools
Sequential Thinking MCP extension for pi — structured progressive thinking through defined stages
Sequential Thinking extension for pi — structured progressive thinking through defined cognitive stages.
process_thought): Record and analyze sequential thoughts with stage metadatagenerate_summary): Summarize the entire thinking processclear_history): Reset the thinking sessionexport_session): Save thinking sessions to JSON filesimport_session): Load previously exported sessionspi install npm:@feniix/pi-sequential-thinking
Ephemeral (one-off) use:
pi -e npm:@feniix/pi-sequential-thinking
Works out of the box. Sessions are stored in ~/.mcp_sequential_thinking/.
export MCP_STORAGE_DIR="~/.my-thinking-sessions"
export SEQ_THINK_MAX_BYTES=102400
export SEQ_THINK_MAX_LINES=5000
Create ~/.pi/agent/extensions/sequential-thinking.json (auto-created on first run):
{
"storageDir": null,
"maxBytes": 51200,
"maxLines": 2000
}
pi --seq-think-storage-dir=/tmp/thoughts --seq-think-max-bytes=102400
--seq-think-config flag pathSEQ_THINK_CONFIG environment variable./.pi/extensions/sequential-thinking.json (project-level)~/.pi/agent/extensions/sequential-thinking.json (global)process_thoughtRecord and analyze a sequential thought with metadata.
| Parameter | Type | Required | Description |
|---|---|---|---|
thought | string | yes | The content of your thought |
thought_number | integer | yes | Position in sequence (starting at 1) |
total_thoughts | integer | yes | Expected total thoughts |
next_thought_needed | boolean | yes | Whether more thoughts follow |
stage | string | yes | One of: "Problem Definition", "Research", "Analysis", "Synthesis", "Conclusion" |
tags | string[] | no | Keywords or categories |
axioms_used | string[] | no | Principles applied |
assumptions_challenged | string[] | no | Assumptions questioned |
generate_summaryGenerate a summary of the entire thinking process. Returns stage counts, timeline, top tags, and completion status.
clear_historyReset the thinking process by clearing all recorded thoughts.
export_sessionExport the current thinking session to a JSON file.
| Parameter | Type | Required | Description |
|---|---|---|---|
file_path | string | yes | Path to save the exported JSON file |
import_sessionImport a previously exported thinking session from a JSON file.
| Parameter | Type | Required | Description |
|---|---|---|---|
file_path | string | yes | Path to the JSON file to import |
| Flag | Env Variable | Default | Description |
|---|---|---|---|
--seq-think-storage-dir | MCP_STORAGE_DIR | — | Storage directory for sessions |
--seq-think-config | SEQ_THINK_CONFIG | — | Custom config file path |
--seq-think-max-bytes | SEQ_THINK_MAX_BYTES | 51200 | Max output bytes |
--seq-think-max-lines | SEQ_THINK_MAX_LINES | 2000 | Max output lines |
The Sequential Thinking framework organizes thoughts through five cognitive stages:
pi remove npm:@feniix/pi-sequential-thinking
MIT
FAQs
Sequential Thinking extension for pi — structured progressive thinking through defined stages, also runnable as an MCP stdio server
The npm package @feniix/pi-sequential-thinking receives a total of 97 weekly downloads. As such, @feniix/pi-sequential-thinking popularity was classified as not popular.
We found that @feniix/pi-sequential-thinking demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.