
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
@mazli/pi-worktree
Advanced tools
A Pi package extension that simplifies creating and managing git worktrees.
A small Pi extension that makes Git worktrees easy to open from inside Pi.
If you already use worktrees, this removes the setup ceremony: no manual folder creation, no separate git worktree add, no reopening Pi in another directory.
Inside any Git repository, run:
/worktree Feature/Auth
Pi Worktree creates or reuses the matching worktree and switches Pi into it.
The command takes care of the repetitive setup:
.worktrees/ when needed.worktrees to an existing .gitignore when neededYou stay inside Pi. The extension handles the ceremony.
Run the command with the branch name you want:
/worktree my-feature
Pi will move you into:
.worktrees/my-feature
From there, just keep prompting or coding as usual. The command switches sessions without automatically triggering an agent response.
The name you pass is used as the Git branch name.
If the name contains path separators, the folder name is cleaned up:
/worktree Feature/Auth
Branch:
Feature/Auth
Folder:
.worktrees/Feature-Auth
Install the package with Pi:
pi install npm:@mazli/pi-worktree
Or try it for a single Pi run without installing it permanently:
pi -e npm:@mazli/pi-worktree
From this repository:
npm install
npm run check
pi -e .
The package entry point is declared in package.json and loads the extension from extensions/.
MIT
FAQs
A Pi package extension that simplifies creating and managing git worktrees.
We found that @mazli/pi-worktree demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.