
Security News
Suno Breached via Shai-Hulud Worm, Leaked Code Exposes AI Music Scraping
A Shai-Hulud infection exposed Suno's source code, which shows the AI music startup stream-ripped tracks to train its models.
A pi coding agent extension that detects decorative fence/divider comments in code written by the model and warns, blocks, or removes them automatically.
Comments whose inner text (after stripping //, #, /* */ markers) contains a sequence of 3 or more separator characters:
// ---- helpers ---- ← caught
// ===== Auth Module ===== ← caught
# ################ ← caught
/* ~~~ utilities ~~~ */ ← caught
// ──────────────── ← caught (Unicode box-drawing)
// TODO: fix this ← NOT caught
// Copyright (c) 2024 ← NOT caught
| Extension(s) | Language |
|---|---|
.ts, .tsx, .cts, .mts | TypeScript |
.js, .jsx, .mjs, .cjs | JavaScript |
.py | Python |
.go | Go |
.rs | Rust |
.rb | Ruby |
.java | Java |
.sh, .bash | Shell / Bash |
.c, .h | C |
.css | CSS |
Files with other extensions are passed through without inspection.
pi install npm:pi-fence
Control via the --pi-fence-mode CLI flag (takes precedence) or the PI_FENCE_MODE environment variable:
pi --pi-fence-mode warn # default: write proceeds, warning shown to model
pi --pi-fence-mode block # write is blocked; model must remove fences and retry
pi --pi-fence-mode remove # fence comments are stripped silently before writing
PI_FENCE_MODE=block pi # same, via env variable
write and edit tool call, parses the new content with tree-sitter to extract comment nodes.Do not insert decorative fence comments like // ---- section ----. Code-smell, if needed, extract to function or file instead.
pnpm install
pnpm test
pnpm typecheck
pnpm check
To test changes manually, pass the source entry point directly to pi with the -e flag:
pi -ne -e src/index.ts
pi -ne -e src/index.ts --pi-fence-mode block
pi -ne -e src/index.ts --pi-fence-mode remove
FAQs
Pi Agent extension: block or warn on fence/divider comments in written code
The npm package pi-fence receives a total of 23 weekly downloads. As such, pi-fence popularity was classified as not popular.
We found that pi-fence demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
A Shai-Hulud infection exposed Suno's source code, which shows the AI music startup stream-ripped tracks to train its models.

Security News
Vercel is formalizing a monthly release program for Next.js. The change follows React2Shell and a sharp rise in AI-assisted vulnerability discovery.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.