
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
pi-producthunt
Advanced tools
Product Hunt research and digest workflows inside Pi.
Pi Product Hunt is a read-only Pi extension package for Product Hunt market research. It calls the Product Hunt GraphQL API directly, adds interactive /producthunt:* commands for humans, and exposes structured tools for agents to gather launches, post details, comments, and digest-ready research notes.
Install the published npm package with Pi:
pi install npm:pi-producthunt
Pin a specific version when you want reproducible installs:
pi install npm:pi-producthunt@0.1.4
Install into the current project instead of your user Pi settings:
pi install npm:pi-producthunt -l
Or install from GitHub:
pi install git:github.com/eiei114/pi-producthunt
Try without installing permanently:
pi -e npm:pi-producthunt
For local development from a checkout:
pi -e .
pi install npm:pi-producthunt
/producthunt:login
/producthunt:today
Or search for a topic:
/producthunt:search
Agents can fetch Product Hunt data directly with typed tools:
producthunt_get_posts({ limit: 5 })
producthunt_search_posts({ query: "AI coding agent", limit: 10 })
Product Hunt access comes from one of two sources:
PRODUCTHUNT_ACCESS_TOKEN/producthunt:login to ~/.pi/agent/pi-producthunt-auth.jsonPrecedence: when both are set, the environment variable wins. The stored login file is ignored until you unset the environment variable or start Pi without it.
Use the interactive login command:
/producthunt:login
Remove the stored token with:
/producthunt:logout
/producthunt:logout only clears the stored login file. It does not change PRODUCTHUNT_ACCESS_TOKEN in your shell.
Set a token through the environment when you prefer shell-based configuration:
export PRODUCTHUNT_ACCESS_TOKEN=...
Check auth without exposing secrets:
/producthunt:status
/producthunt:status reports the active token source (environment vs stored login), validates the token against the Product Hunt API when possible, and prints concise recovery steps for common failures:
Token values are always redacted from status output, logs, and error messages.
Commands are human-facing and require no fixed inline arguments. If input is needed, Pi asks interactively.
/producthunt:status
/producthunt:login
/producthunt:logout
/producthunt:today
/producthunt:search
/producthunt:post
/producthunt:comments
/producthunt:digest
/producthunt:research
/producthunt:watchlist
/producthunt:cards
Example flows:
/producthunt:today # today's launch list
/producthunt:search # asks for a search query
/producthunt:post # asks for slug, ID, or URL
/producthunt:comments # asks for slug, ID, or URL
/producthunt:digest # asks for today / yesterday / custom date
/producthunt:research # asks for a research topic
/producthunt:watchlist # asks for a topic and returns a compact revisit list
/producthunt:cards # asks for a topic and returns paste-ready product cards
Agents can call these typed tools directly:
producthunt_status
producthunt_get_posts
producthunt_search_posts
producthunt_get_post
producthunt_get_post_comments
producthunt_research_topic
producthunt_topic_watchlist
producthunt_research_product_cards
producthunt_digest
Examples:
producthunt_search_posts({ query: "AI coding agent", limit: 10 })
producthunt_get_post({ ref: "example-product-slug" })
producthunt_get_post_comments({ ref: "example-product-slug", limit: 10 })
producthunt_digest({ date: "2026-06-01", limit: 10 })
producthunt_topic_watchlist({ query: "AI coding agent", limit: 5 })
producthunt_research_product_cards({ query: "AI coding agent", limit: 5 })
See docs/watchlist.md for when to use a watchlist vs a full digest or research pack.
See docs/research-pack.md for when to prefer product cards over raw tool output.
| Path | Purpose |
|---|---|
extensions/ | Pi extension entrypoint and command/tool registration |
lib/ | Product Hunt API client, auth store, formatters, schemas, helpers |
docs/ | Release notes, usage examples, and watchlist guidance |
npm install
npm run ci
npm run ci runs:
npm pack --dry-runThis package is set up for npm Trusted Publishing, so no NPM_TOKEN is required.
npm version patch
git push
See docs/release.md for setup details.
Pi packages execute with your local permissions. Review source before installing third-party packages.
Product Hunt tokens are never committed by this package. /producthunt:login stores the token locally in ~/.pi/agent/pi-producthunt-auth.json; /producthunt:logout deletes that stored file. PRODUCTHUNT_ACCESS_TOKEN is never modified by logout.
For vulnerability reporting, see SECURITY.md.
MIT
FAQs
Pi extension package for Product Hunt research and digest workflows.
We found that pi-producthunt demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.