
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
The free coding agent. No subscription. No configuration. Start in seconds.
An AI coding agent that runs in your terminal — describe what you want, and Freebuff edits your code.
npm install -g freebuff
cd ~/my-project
freebuff
Best open-source models — Powered by the strongest open-source models available, like DeepSeek, Kimi, and MiniMax — no proprietary lock-in.
Fast — 5–10× speed up. 3–5× tokens per second compared to Claude, plus context gathering in seconds.
Loaded — Built-in web research, browser use, and more.
How can it be free? Freebuff is supported by text ads.
What models do you use? The best open-source models available. In full mode you can choose from DeepSeek V4 Pro, MiMo 2.5 Pro, Kimi K2.6, DeepSeek V4 Flash, MiMo 2.5, and MiniMax M3. Limited mode uses DeepSeek V4 Flash and MiMo 2.5. Gemini 3.1 Flash Lite handles file finding and research.
Which countries is Freebuff available in? All countries. Freebuff runs in "full" mode in the US, Canada, UK, EU, and other select countries, and in "limited" mode everywhere else (or while using a VPN). See freebuff.com for the full list.
What is limited mode? Limited mode lets you use Freebuff outside the full-access countries, or while using a VPN. It includes DeepSeek V4 Flash and MiMo 2.5, with 5 one-hour sessions per day.
Are you training on my data? No. We don't share your data with third parties that would train on it or use it for another purpose, unless you choose a model clearly labeled as "Collects data for training."
What data do you store? We don't store your codebase. We only collect minimal logs for debugging purposes.
Built on the Codebuff platform.
FAQs
The world's strongest free coding agent
The npm package freebuff receives a total of 12,457 weekly downloads. As such, freebuff popularity was classified as popular.
We found that freebuff demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.