
Research
/Security News
Compromised npm Packages in the AsyncAPI Namespace Deliver Miasma Botnet Loader
3 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.
@m14i/sith
Advanced tools
Turn your context to the dark side. Standardize and share your OpenCode setup with a fully dockerized environment, designed for seamless collaboration and CI integration.
Turn your context to the dark side.
Standardize and share your OpenCode setup with a fully dockerized environment, designed for seamless collaboration and CI integration.
AI coding tools are powerful in isolation. They become fragile at scale:
opencode or claude in a pipeline requires wiring tokens, installing tools, and hoping the environment matches local.Sith solves this by packaging both tools, all config, and your team's context into a single Docker image. One pull, same environment, everywhere.
| Problem | Sith answer |
|---|---|
| Inconsistent context across team | Shared ~/.sith/ skills + CLAUDE.md, mounted at runtime |
| AI tools hard to run in CI | Prebuilt signed image + token injection via env vars |
| Claude Code vs OpenCode friction | Both available, same container, same command |
| "Works on my machine" builds | Nix-pinned dependencies inside Docker |
The recommended path. One image, works locally and in CI.
npm install -g @m14i/sith
Or without installing:
npx @m14i/sith@latest
Prebuilt (recommended) — pull a signed image from GHCR:
sith --pull
Supports linux/amd64 and linux/arm64. Images are signed with cosign and include an SBOM.
Verify the signature (optional):
cosign verify \
--certificate-identity-regexp="https://github.com/MerzoukeMansouri/sith" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/merzoukemanouri/sith:latest
Build from scratch — full control, no external trust:
sith --build
sith --pull | sith --build | |
|---|---|---|
| Speed | Fast | Slow |
| Trust | GitHub Actions + Cosign | Your machine |
| Use case | Daily use, CI/CD | Air-gapped, custom builds |
Interactive TUI — type a prompt or use slash commands:
sith
| In the TUI | What it does |
|---|---|
| Type any text + Enter | Starts OpenCode with that prompt |
/shell | Drop into Docker shell (no AI) |
/claude | Switch active tool to Claude Code |
/opencode | Switch active tool to OpenCode |
/config | Pull / build options |
/help | Show commands |
Ctrl+C / Esc | Exit |
Direct commands — skip the TUI:
sith shell # Raw Nix shell inside Docker (alias: sith --it)
sith opencode -p "fix the bug" # OpenCode starts immediately with your task
sith claude -p "fix the bug" # Claude Code starts immediately with your task
Skills:
sith skills # Install / manage skills from catalog (~/.sith/skills/)
sith --docker-cleanup # Remove sith Docker images (sith:latest + prebuilt GHCR image)
sith --uninstall # Remove ~/.sith/ (skills, config, nix files)
- name: Run sith
env:
CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
docker run --rm \
-e CLAUDE_CODE_OAUTH_TOKEN=$CLAUDE_CODE_OAUTH_TOKEN \
-e GITHUB_TOKEN=$GITHUB_TOKEN \
ghcr.io/merzoukemanouri/sith:latest "claude auth status"
See Authentication for how to generate the tokens.
No Docker. Runs the same Nix environment natively on your machine.
sith --nix-install # Install Nix package manager (once)
sith --nix # Launch Nix shell directly
Or via the nix subcommand:
sith nix --install # Install Nix
sith nix --shell # Run Nix shell
Cleanup:
sith --nix-cleanup # Remove ~/.sith/nix/ + run nix-collect-garbage -d
sith --nix-uninstall # Fully remove Nix from system (daemon, /nix/store) — needs sudo
See doc/NIX_INSTALLATION.md for full setup guide.
Two AI providers, two token setups:
pnpm install # Install dependencies
pnpm dev # Run in development mode (no build)
pnpm dev:build # Build and run CLI
pnpm dev:shell # Build and launch shell
pnpm typecheck # Type checking
pnpm clean # Clean build artifacts
Automated via semantic-release and conventional commits.
| Prefix | Effect |
|---|---|
feat: | Minor version bump |
fix: | Patch version bump |
BREAKING CHANGE: | Major version bump |
chore: docs: style: | No release |
Push to main → GitHub Action bumps version, generates CHANGELOG, publishes to npm.
Requirements: NPM_TOKEN secret in repository settings.
FAQs
Turn your context to the dark side. Standardize and share your OpenCode setup with a fully dockerized environment, designed for seamless collaboration and CI integration.
The npm package @m14i/sith receives a total of 38 weekly downloads. As such, @m14i/sith popularity was classified as not popular.
We found that @m14i/sith demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
3 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.