
Security News
Risky Biz Podcast: AI Agents Are Raising the Stakes for Software Supply Chain Security
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.
agenv is an npm package for bootstrapping a portable, reviewable AI workspace for web development repositories.
It helps a team define one canonical AI workspace manifest and turn that into tool-specific outputs for supported coding assistants and MCP-compatible tooling.
ai-workspace.jsondashboard and web-app as project typesThis repo is no longer docs-only. It now includes:
generate and diff pathStill early:
init is still shallowdoctor has structure but is not feature-complete yetSet up a portable, reviewable AI coding environment for web development in one command.
npx agenv-cli --help
npm install -g agenv-cli
agenv --help
Examples:
agenv init --yes
agenv generate
agenv diff
agenv templates-list
If you are new to the repo, read these in order:
npm install
npm test
npm run typecheck
npm run build
node dist/cli/index.js --help
src/
adapters/
cli/
detect/
doctor/
fs/
manifest/
planner/
render/
templates/
utils/
doc/
tests/
The strongest near-term path is to keep improving the first usable slice:
init --yes and preview behaviordoctorFAQs
Generate portable AI workspace configs for any web development project — one manifest for Copilot, Claude, Codex, and MCP.
We found that agenv-cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.

Research
/Security News
Malicious Chrome and Firefox extensions posed as free VPNs while stealing clipboard data through later extension updates.

Research
/Security News
Miasma Mini Shai-Hulud hits @immobiliarelabs Backstage plugins, targeting GitLab and LDAP auth packages on npm.