开源项目
🔥 mauriceboe / TREK - A self-hosted travel/trip planner with real-time collaborati
GitHub热门项目 | A self-hosted travel/trip planner with real-time collaboration, interactive maps, PWA support, SSO, budgets, packing lists, and more. | Stars: 6,207 | 112 stars today | 语言: TypeScript
开源项目
🔥 xbtlin / ai-berkshire - AI 时代的伯克希尔:基于 Claude Code 的价值投资研究框架。巴菲特·芒格·段永平·李录四大师方法论 + 多A
GitHub热门项目 | AI 时代的伯克希尔:基于 Claude Code 的价值投资研究框架。巴菲特·芒格·段永平·李录四大师方法论 + 多Agent并行研究。| AI-era Berkshire: a value investing research framework built on Claude Code. 4 masters' methodologies + multi-agent adversarial analysis. | Stars: 1,563 | 201 stars today | 语言: Python
开源项目
Winner Announcement Delayed for the Github "Finish-Up-A-Thon" Challenge
Hey all, we have a quick update for everyone who participated in the Github "Finish-Up-A-Thon"...
AI 资讯
GitHub ships a one-click self-revoke for users whose credentials just leaked
You forwarded the phishing email to the security channel about ninety seconds too late. The laptop is already cooperating with someone else. Your personal access token, the one you minted "just for that one script", is on its way to whatever Discord pays for stolen tokens this week. Now what? For users on GitHub Enterprise, what was previously a clickthrough checklist you complete while your hands shake is now one button. On June 24 the GitHub Changelog announced a self-service credential revocation flow under Settings, Credentials. From that view a user can see counts of every credential they have generated or authorized through SSO, then revoke or delete all of them in a single action. Personal access tokens, SSH keys, OAuth tokens, SSO authorizations: gone together. What actually shipped Containment used to be a manual scavenger hunt. PATs sat under Developer Settings. SSH keys lived one tab over. OAuth apps you forgot you authorized two years ago hid behind a different submenu. SSO was its own world. In practice that meant during an incident you forgot something, and the something you forgot was the credential the attacker actually wanted. The new view collapses that surface onto one screen. Counts on one side, a revoke-or-delete-everything action on the other. Whoever wrote it had clearly pictured the 3am screenshot: a user who has just been told to "rotate everything" and has no idea where "everything" lives. GitHub frames this as a complement to an earlier enterprise-owner capability that lets admins with the "Manage enterprise credentials" permission bulk-revoke across one user or many. So there are now two pairs of hands on the kill switch: the user, and the org. (Whichever one notices first.) Why a pipeline owner should care Because users are the trust boundary you keep pretending is somebody else's problem. A leaked PAT in a CI pipeline is rarely a CI bug. It is a human who pasted the token into a script, then a laptop, then a sync folder, then a backup,
AI 资讯
Building a Real-Time World Cup 2026 Bracket Predictor with Vanilla JS and GitHub Actions
Introduction With the World Cup 2026 group stage reaching its climax, football fans worldwide are speculating about who will make it to the finals. To make this experience interactive, I built a fully dynamic World Cup 2026 Bracket Simulator. Instead of just letting users click and choose winners, this app dynamically calculates ELO win probabilities and probabilistically generates realistic match scores (including extra time and penalties) based on team ratings. It also syncs with live match data in real-time. Live URL: https://worldcup-predict2026.github.io/champion/ Tech Stack: Vanilla JS, CSS3 (3D parallax), GitHub Actions, Python, football-data.org API Core Features & Technical Implementation ELO-Based Win Probability & Score Simulation Each team in the database is assigned an ELO-based strength rating. When a user runs the AI auto-prediction, the script calculates win probability and generates a realistic scoreline. Here is the goal roll algorithm (Poisson-like simulation) implemented in Vanilla JS: javascript function generateMatchScore(team1, team2, winner) { if (team1 === "TBD" || team2 === "TBD" || !winner) return null; const s1 = teamStrengths[team1] || 70; const s2 = teamStrengths[team2] || 70; const winnerIsTeam1 = (winner === team1); const strengthDiff = Math.abs(s1 - s2); const baseGoalExpected = 1.1; const bonusGoal = Math.min(1.8, strengthDiff / 12.0); // Goal weight based on ELO difference const rollGoals = (lambda) => { let L = Math.exp(-lambda); let k = 0; let p = 1.0; do { k++; p *= Math.random(); } while (p > L && k < 10); return k - 1; }; let gWin = 0; let gLose = 0; const r = Math.random(); if (r < 0.75) { // Regular time win (90 mins) gLose = rollGoals(baseGoalExpected); gWin = gLose + 1 + rollGoals(0.7 + bonusGoal); return winnerIsTeam1 ? ${gWin} - ${gLose} : ${gLose} - ${gWin} ; } else if (r < 0.92) { // Extra time win (AET) const normalGoals = rollGoals(baseGoalExpected); gLose = normalGoals; gWin = normalGoals + 1; return winnerIsTeam1 ?
开源项目
🔥 googleworkspace / cli - Google Workspace CLI — one command-line tool for Drive, Gmai
GitHub热门项目 | Google Workspace CLI — one command-line tool for Drive, Gmail, Calendar, Sheets, Docs, Chat, Admin, and more. Dynamically built from Google Discovery Service. Includes AI agent skills. | Stars: 28,023 | 678 stars today | 语言: Rust
开源项目
🔥 ArnasDon / wacrm
GitHub热门项目 | | Stars: 1,068 | 28 stars today | 语言: TypeScript
开源项目
🔥 nocodb / nocodb - 🔥 🔥 🔥 A Free & Self-hostable Airtable Alternative
GitHub热门项目 | 🔥 🔥 🔥 A Free & Self-hostable Airtable Alternative | Stars: 63,576 | 43 stars today | 语言: TypeScript
开源项目
🔥 microsoft / power-platform-skills - A plugin marketplace for Claude Code/GitHub Copilot that pro
GitHub热门项目 | A plugin marketplace for Claude Code/GitHub Copilot that provides Power Platform development plugins, including reusable skills, agents, and commands for building and deploying solutions. | Stars: 388 | 7 stars today | 语言: JavaScript
开源项目
🔥 arunbhardwaj / LeetHub-2.0 - Automatically sync your leetcode solutions to your github ac
GitHub热门项目 | Automatically sync your leetcode solutions to your github account - with some updates to keep it working | Stars: 559 | 12 stars today | 语言: JavaScript
开源项目
🔥 pshenok / server-survival - Tower defense game that teaches cloud architecture. Build in
GitHub热门项目 | Tower defense game that teaches cloud architecture. Build infrastructure, survive traffic, learn scaling. | Stars: 6,038 | 35 stars today | 语言: JavaScript
开源项目
🔥 vercel-labs / agent-skills - Vercel's official collection of agent skills
GitHub热门项目 | Vercel's official collection of agent skills | Stars: 28,276 | 32 stars today | 语言: JavaScript
开源项目
🔥 swagger-api / swagger-ui - Swagger UI is a collection of HTML, JavaScript, and CSS asse
GitHub热门项目 | Swagger UI is a collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API. | Stars: 28,855 | 6 stars today | 语言: JavaScript
开源项目
🔥 ariadng / metatrader-mcp-server - Model Context Protocol (MCP) to enable AI LLMs to trade usin
GitHub热门项目 | Model Context Protocol (MCP) to enable AI LLMs to trade using MetaTrader platform | Stars: 561 | 8 stars today | 语言: Python
开源项目
🔥 wshobson / agents - Multi-harness agentic plugin marketplace for Claude Code, Co
GitHub热门项目 | Multi-harness agentic plugin marketplace for Claude Code, Codex CLI, Cursor, OpenCode, GitHub Copilot, and Gemini CLI | Stars: 37,124 | 43 stars today | 语言: Python
开源项目
🔥 BerriAI / litellm - Python SDK, Proxy Server (AI Gateway) to call 100+ LLM APIs
GitHub热门项目 | Python SDK, Proxy Server (AI Gateway) to call 100+ LLM APIs in OpenAI (or native) format, with cost tracking, guardrails, loadbalancing and logging. [Bedrock, Azure, OpenAI, VertexAI, Cohere, Anthropic, Sagemaker, HuggingFace, VLLM, NVIDIA NIM] | Stars: 51,382 | 152 stars today | 语言: Python
开源项目
🔥 google-labs-code / design.md - A format specification for describing a visual identity to c
GitHub热门项目 | A format specification for describing a visual identity to coding agents. DESIGN.md gives agents a persistent, structured understanding of a design system. | Stars: 16,759 | 504 stars today | 语言: TypeScript
开源项目
🔥 andreknieriem / headunit-revived - Headunit App for displaying Android Auto
GitHub热门项目 | Headunit App for displaying Android Auto | Stars: 1,359 | 79 stars today | 语言: Kotlin
开源项目
🔥 flutter / flutter - Flutter makes it easy and fast to build beautiful apps for m
GitHub热门项目 | Flutter makes it easy and fast to build beautiful apps for mobile and beyond | Stars: 177,123 | 44 stars today | 语言: Dart
AI 资讯
Dependabot can finally pull from private GitHub Packages without a PAT
The first time I wired Dependabot up to a private package registry, it took three meetings and a calendar reminder set six months ahead. The reminder was for the personal access token I had to mint to do it, the one I would have to rotate by hand before it expired, living in a config that drifted somewhere between repo settings, a .github file, and an internal wiki page nobody had touched in a year. On June 23 GitHub posted a small changelog item that quietly retires that whole ritual: Dependabot can now read your private GitHub Packages and GHCR registries through its own GITHUB_TOKEN , no PAT required. If you have ever had to explain to a security review why your bot account holds a token your team owns but a person minted, you already know why this lands. The PAT we all had and nobody loved Until this week, Dependabot's path to a private GitHub-hosted package was the same path it took years ago. A human minted a personal access token, scoped wide enough to read the registry, stored it as a repo or org secret, and plugged it into Dependabot so the bot could authenticate when it tried to resolve dependencies. That token expired on a human schedule. It belonged to whoever happened to set Dependabot up, which is rarely the person who still owns the repo a year later. You can feel how that ends. Tokens that quietly expire and break a Dependabot PR the day someone needs the patch. Tokens that follow an offboarded engineer out the door. Tokens with scopes wider than the job actually requires, because nobody wanted to mint a fine-grained one per registry path. None of those failures are catastrophic on their own. All of them are the kind of papercut a platform team ends up owning. What the GITHUB_TOKEN does here The new behavior is straightforward. Dependabot's job-scoped GITHUB_TOKEN can now request a packages: read permission. When the bot pulls from a hostname under *.pkg.github.com or ghcr.io , it sends that token instead of asking for a PAT. The same token that alre