Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

Koi security researchers found that when NPM installs a dependency from a Git repository, configuration files such as a ...
InfoWorld

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...
GitHub

Nonparametric Inference on Dose-Response Curve and its Derivative

[1] Y. Zhang, Y.-C. Chen, and A. Giessing (2024+) Nonparametric Inference on Dose-Response Curves Without the Positivity Condition arXiv:2405.09003. [2] Y. Zhang and Y.-C. Chen (2025+) Doubly Robust ...
GitHub

Python 3.12 backport for Debian 12 bookworm

The aim of this project is to provide a Python 3.12 backport to Debian bookworm. Packages are of course much better manageable than compiling the source from scratch. In my opinion it is also more ...