
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
pi-model-fallback
Advanced tools
Pi extension that switches to a fallback model after provider failures such as 429 rate limits.
One-line pitch for this TypeScript-first Pi package.
Briefly explain what this TypeScript-first package adds to Pi and who should use it.
Install the published npm package with Pi:
pi install npm:PACKAGE_NAME
Replace PACKAGE_NAME with the exact name from package.json.
For a scoped npm package, keep the npm: prefix:
pi install npm:@your-scope/your-pi-package
Pin a specific version when you want reproducible installs:
pi install npm:PACKAGE_NAME@0.1.0
Install into the current project instead of your user Pi settings:
pi install npm:PACKAGE_NAME -l
Or install from GitHub:
pi install git:github.com/OWNER/REPO
Try it without permanently installing:
pi -e npm:PACKAGE_NAME
Try this package locally:
pi -e .
Then run:
/your-command
| Path | Purpose |
|---|---|
extensions/ | Pi TypeScript extension entrypoints (*.ts and index.ts) |
lib/ | Shared TypeScript helpers |
skills/ | Agent Skills |
prompts/ | Prompt templates |
themes/ | Pi themes |
docs/ | Optional supporting docs (usage, examples, release, ADRs) |
npm install
npm run ci
Use this default flow when building a new Pi extension OSS project from this template:
4_Project/<ProjectName>/.CONTEXT.md, README.md, ROADMAP.md, Docs/, Issues/, and Progress/.4_Project/<ProjectName>/Docs/.4_Project/<ProjectName>/Issues/.npm run ci, npm test, and npm pack --dry-run.Short version:
Vault notes -> PRD -> Issues -> implement -> ci/check -> release -> save learnings
This package is set up for npm Trusted Publishing, so no NPM_TOKEN is required.
npm version patch
git push
See docs/release.md for setup details.
docs/ is optional supporting documentation, not a fixed six-file set. README stays the GitHub/npm entrypoint; add docs/*.md only when they help users or maintainers.
After creating a repository from this template:
docs/template-checklist.md for setup.Useful docs to keep when they add value:
docs/examples.md — examples for extensions, skills, prompts, and themesdocs/release.md — Trusted Publishing details (README Release summarizes the flow)docs/usage.md — create when usage does not fit in READMEOptional maintainer guidance (not a public-user navigation target in mature repos):
Template bootstrap docs to delete or merge after setup unless they still teach something project-specific:
docs/github-template.mddocs/repository-settings.mddocs/typescript.mdPi packages can execute code with your local permissions. Review extensions before installing third-party packages.
For vulnerability reporting, see SECURITY.md.
MIT
FAQs
Pi extension that switches to a fallback model after provider failures such as 429 rate limits.
The npm package pi-model-fallback receives a total of 28 weekly downloads. As such, pi-model-fallback popularity was classified as not popular.
We found that pi-model-fallback demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.