
Security News
Suno Breached via Shai-Hulud Worm, Leaked Code Exposes AI Music Scraping
A Shai-Hulud infection exposed Suno's source code, which shows the AI music startup stream-ripped tracks to train its models.
@yevai/pulumi
Advanced tools
Hi everyone, we're giving open source a shot! This package will be slowly populated. For now, it's being published for some of my substack guide blog posts.
To keep the package light, we've steered away from hard dependencies. See /examples/ for more. You will need:
JQ from their Official Page or "brew install jq". We also recommend:
# Set JQ for AWS CLI by adding the following to ~/.aws/config:
cli_pager = jq
output = json
A logged in AWS CLI or "brew install awscli"
A logged in Pulumi CLI or "brew install pulumi"
An initialized Pulumi Stack, or use "./examples"
You will need Bun
Create a *.env file in root and set the repository where you'd like this package used in it, like so:
# Single Path Where "/home/YOUR_USERNAME/YOUR_PROJECT/package.json" exists
DEV_TARGET=/home/YOUR_USERNAME/YOUR_PROJECT
# Multiple Paths
DEV_TARGET=/home/YOUR_USERNAME/YOUR_PROJECT,/home/YOUR_USERNAME/YOUR_SECOND_PROJECT
Run "npm run dev" to start the watcher. This will copy the package to the target directory on every change and clean up after.
You may find the nodemon setup along with ./.devmode.sh + ./devmode.ts a useful pattern.
You may also find ./.vscode/settings.json + ./.github/copilot-instructions.md useful.
FAQs
Yevai Inc. open source Pulumi Typescript library
We found that @yevai/pulumi demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
A Shai-Hulud infection exposed Suno's source code, which shows the AI music startup stream-ripped tracks to train its models.

Security News
Vercel is formalizing a monthly release program for Next.js. The change follows React2Shell and a sharp rise in AI-assisted vulnerability discovery.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.