Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
An extensible desktop app for large language models like ChatGPT and New Bing. It works on macOS, Linux and Windows, and uses native UI on each platform.
Please be aware that this project is still in the early stages of development. As a result, there is a possibility of data loss within the app, and frequent API changes will occur if you plan to use extensions.
Due to my limited time and energy allocated to this project, large pull requests are discouraged. In the meanwhile if you have great ideas and don't want to wait for my slow review, feel free to fork this project and I'll be happy to link your fork here.
Chie is currently licensed under the GPLv3, it will be relicensed to the MIT license on March 20th, 2028 (5 years after the first commit). I take this approach to discourage closed-source software from taking advantage of my work before it gets enough impacts.
Due to the future relicense, contributors will be asked to sign an agreement.
By sending a pull request, you hereby grant to owners and users of Chie project a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute your contributions and such derivative works.
The owners of the Chie project will also be granted the right to relicense the contributed source code and its derivative works.
FAQs
An extensible desktop app for large language models like ChatGPT and New Bing
The npm package chieapp receives a total of 0 weekly downloads. As such, chieapp popularity was classified as not popular.
We found that chieapp demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.