
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
glm-vision
Advanced tools
Pi extension that gives non-vision GLM models (z.ai) image understanding via GLM-4.6V
Pi extension that gives non-vision GLM models (z.ai) image understanding by routing images through a GLM vision model.
glm-vision intercepts Pi read tool results that include images when you are using the zai provider. It sends those images to a GLM vision model (default: glm-4.6v) and returns a combined text description to the active text-only GLM model.
Install the published npm package with Pi:
pi install npm:glm-vision
Pin a specific version when you want reproducible installs:
pi install npm:glm-vision@1.2.1
Install into the current project instead of your user Pi settings:
pi install npm:glm-vision -l
Or install from GitHub:
pi install git:github.com/eiei114/glm-vision
Try it without permanently installing:
pi -e npm:glm-vision
After installing, start a Pi session (or run locally with pi -e .) and confirm the extension loaded:
/glm-vision:status
Then ask Pi to read an image:
Read ./screenshots/checkout-error.png and explain what is wrong with this UI.
zai provider and defaults to glm-4.6v. See the full list and availability checks in docs/usage.md.Image 1, Image 2, and so on.maxImages defaults to 4. If more images are present, the first maxImages are described and the remainder are skipped.Command examples:
| Command | Description |
|---|---|
/glm-vision:status | Show status, model, prompt mode, and cache stats. |
/glm-vision:on | Enable image description. |
/glm-vision:off | Disable image description. |
/glm-vision:model | Open a TUI picker to switch vision models. |
/glm-vision:mode | Open a TUI picker to switch prompt presets. |
/glm-vision:cache-status | Show cache status. |
Legacy space forms such as /glm-vision on and /glm-vision glm-4.6v remain available for compatibility. More details, including presets, configuration, and troubleshooting, live in docs/usage.md.
| Path | Purpose |
|---|---|
src/ | Pi extension entrypoint (src/index.ts) |
docs/ | Usage, examples, release, and maintainer docs |
scripts/ | Upstream model watcher utilities |
tests/ | Vitest coverage for core behavior |
.github/workflows/ | CI, publish, auto-release, upstream watch |
npm install
npm run lint
npm run typecheck
npm test
npm run validate:package
Optional upstream model checks:
npm run check:upstream
This package uses npm Trusted Publishing (OIDC) via GitHub Actions.
npm version patch
git push origin HEAD
See docs/release.md and RELEASE.md for the full maintainer checklist.
docs/examples.md — usage examplesdocs/template-checklist.md — Pi extension template alignment checklistPi packages can execute code with your local permissions. Review extensions before installing third-party packages.
For vulnerability reporting, see SECURITY.md.
MIT
FAQs
Pi extension that gives non-vision GLM models (z.ai) image understanding via GLM-4.6V
The npm package glm-vision receives a total of 45 weekly downloads. As such, glm-vision popularity was classified as not popular.
We found that glm-vision demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.