今日已更新 213 条资讯 | 累计 20683 条内容
关于我们

标签:#github

找到 1034 篇相关文章

开源项目

🔥 NomaDamas / k-skill - 한국인을 위한 스킬 모음집 - SRT, KTX, 카카오톡, 한글과컴퓨터, 날씨, 미세먼지, 법령, 주식정보,

GitHub热门项目 | 한국인을 위한 스킬 모음집 - SRT, KTX, 카카오톡, 한글과컴퓨터, 날씨, 미세먼지, 법령, 주식정보, 조선왕조실록, KBO, K-리그, LCK, 특허 검색, 토스 증권, 맞춤법 검사, 중고차 가격, 쿠팡, 네이버 블로그, 다이소, 올리브영, 택배 송장 조회 등등... | Stars: 5,411 | 19 stars today | 语言: JavaScript

2026-06-07 原文 →
AI 资讯

What a policy gate catches in AI-generated code, and what slips through

I maintain an open-source GitHub Action called vorsken. It does one thing: scan the diff on a pull request with Semgrep, apply a fixed policy, and return BLOCK, FLAG, or PASS. No dashboard, no model that drifts over time. Rules at ERROR/HIGH/CRITICAL severity block the merge, WARNING/MEDIUM flag it, the rest pass. Same diff, same verdict. The usual pitch for a tool like this is that it catches the SQL injection your AI assistant wrote. I wanted to see what it actually catches against real assistant output, so I generated 28 functions and ran them through. The test Seven backend tasks: a FastAPI upload endpoint, a URL-fetch helper, JWT auth, a SQL filter, an ImageMagick subprocess call, a LangChain file agent, and a LangChain RAG pipeline. I generated each one four times, with ChatGPT (GPT-5.5 Instant), Claude Code (Opus 4.8), Claude Code plus the security-guidance plugin, and Cursor (Composer 2.5). Single-shot, neutral prompt, no security hints. Then I scanned all 28 with the same ruleset. I'm reporting which rule fired on which file, not whether some model thinks the code is safe. That part you can reproduce. Task ChatGPT Claude Code + plugin Cursor Verdict file upload — — — — PASS url fetch (SSRF) ssrf ssrf ssrf — FLAG / Cursor PASS jwt auth api8 api8 — — BLOCK / 2 PASS sql filter — — — — PASS imagemagick — — — — PASS fs agent — overperm — — 1 BLOCK / 3 PASS rag dangerous dangerous dangerous dangerous BLOCK 7 BLOCK, 3 FLAG, 18 PASS across 28 functions. The basics were fine SQL filter, ImageMagick, file upload: clean on every tool. The SQL was parameterized, the subprocess calls passed argument lists instead of shell strings, the uploads weren't doing anything reckless. If you still expect current models to spray SQL injection across a straightforward CRUD task, they don't. On conventional work they get it right. Two of the flags are soft. The JWT api8 hits landed on a SECRET_KEY = "CHANGE_ME" placeholder, which you can read as a false positive or as a gate doing i

2026-06-07 原文 →
AI 资讯

Spent hours trying to auto-post from Hashnode to Dev.to. RSS? Blocked. GraphQL API? Now paid. Proxy services? Also blocked. I documented every dead end + the fix that actually works by building a GitHub Actions workflow that syncs Hashnode to Dev.to

How to Auto-Sync Your Hashnode Blog to Dev.to Using GitHub Actions (2026 Guide) FOLASAYO SAMUEL OLAYEMI FOLASAYO SAMUEL OLAYEMI FOLASAYO SAMUEL OLAYEMI Follow Jun 7 How to Auto-Sync Your Hashnode Blog to Dev.to Using GitHub Actions (2026 Guide) # discuss # automation # tutorial # devops 5 reactions Comments Add Comment 5 min read

2026-06-07 原文 →
AI 资讯

I abandoned my campus app 3 years ago. The Finish-Up-A-Thon made me fix it

This is a submission for the GitHub Finish-Up-A-Thon Challenge What I Built CampusBeat 2.0 — a React Native campus super-app for students across 17 colleges in Odisha, India. It started in 2023 as a simple notice board aggregator: scrape college websites so students didn't have to visit them. It worked. Students used it. Then life happened, and it sat untouched on GitHub for three years. This challenge gave me the push to finally open that repo again. What I found was equal parts embarrassing and educational. What it is now: 📰 Real-time notices for 17 colleges — ITER, KIIT, NIT Rourkela, IIT, and more 🎨 Complete UI overhaul — warm cream × charcoal × coral editorial design 🃏 3D tiltable campus identity card you can share with friends 🔖 Bookmarks — save any notice, grouped by college 💬 Real-time campus chat rooms powered by Socket.io 🛒 Campus marketplace — buy/sell within your college 🔔 Push notifications via Firebase Demo The original app from July 2023: LinkedIn post CampusBeat 2.0 — running on device: Onboarding screen - with beautiful animation Onboarding.mp4 - Google Drive drive.google.com Login screen — editorial serif heading, Lottie animation, warm ink hero Register screen — custom college picker bottom sheet with live search Home screen — quote card, college notice feed, floating tab bar Profile screen — 3D tiltable campus card with holographic shimmer Share modal — drag to rotate the card, share natively News Explorer — college chips, notice type tabs, live banner Marketplace — buy and sell within your college Bookmark - your persistent news bookmark.mp4 - Google Drive drive.google.com Chat screen - live interaction within colleges chat.mp4 - Google Drive drive.google.com The Comeback Story What I found after 3 years Opening an old repo is humbling. Here is what I walked into. The dead API. The home screen showed a daily quote — except quotable.io had shut down. Every user was silently seeing the hardcoded fallback for three years: "Villains are not bad, the

2026-06-07 原文 →
AI 资讯

The Paradox of Vibe Coding - In the Age of LLM-Written Code, Who Protects the LLM?

June 7, 2026. Dennis Kim, ex-CEO of Cyworld, CEO of BetaLabs https://github.com/gameworkerkim/vibe-investing https://github.com/gameworkerkim/CYBER-THREAT-INTELLIGENCE-REPORT Prologue: Two Incidents That Shook South Korea in 2026 In early June 2026, a data breach exposed the personal information of 5 million users of TVING, the largest OTT service in South Korea. The leaked data was extensive: IDs, names, birth dates, gender, CI (connection information), DI (duplicate registration verification information), mobile phone numbers, emails, refund account numbers, passwords, and more. The parent company, CJ ENM, saw its stock price plummet 3.44% in a single day, and investigations by the Personal Information Protection Commission and KISA were launched. But behind this incident hid another shocking fact. TVING's GitHub repository had an AWS access token hardcoded and publicly exposed. It was a stark reminder that a single cloud private key accidentally committed by a developer can jeopardize an entire company's infrastructure. These two events seem like different stories on the surface. Yet here I want to ask one common question: Who protects our generative AI, our LLM systems? Part 1. The Age of Vibe Coding: Security Takes a Backseat Recently, natural language-based programming using LLMs, the so-called "Vibe Coding" trend, has exploded. Generative AI coding assistants dramatically accelerate development speed. But behind this speed lies serious security risks. According to Veracode's 2025 GenAI Code Security report, 45% of code generated by LLMs contained security vulnerabilities. More concerning, developers place excessive trust in AI outputs and show behavior patterns prioritizing speed over vulnerability verification. Kaspersky's 2025 report revealed even more shocking findings. A vulnerability in the popular AI development tool Cursor (CVE-2025-54135) allowed attackers to execute arbitrary commands on a developer's machine, and a vulnerability in the Claude Code a

2026-06-07 原文 →
AI 资讯

Visual Cue Tracker: Mapping My Values, One Week at a Time

This is a submission for the GitHub Finish-Up-A-Thon Challenge What I Built I built the Visual Cue Tracker, a tiny, personal sanctuary for reflection. It’s a tool designed to help us map our daily actions against our core values, specifically Empathy, Growth, and Balance. I started this project because I found myself moving so fast in my software engineering studies and internships that I often forgot why I was doing what I was doing. This tracker lets me see my week at a glance, reflect on my progress, and hold space for the things that truly matter to me. Demo Deployed site: hopebestworld.github.io github repo: https://github.com/HopeBestWorld/VisualCueTracker/tree/main demo: https://youtu.be/EqVfj289e-Q The Comeback Story When I first started this project, it was just a repo with no pushed code. In 2025, I simply set up the repo and put in a description, but never put the time or effort into bringing the idea to life. To finish it up for the challenge, I added a few things that made it feel truly alive. I built a custom, zero-key AI engine that runs entirely inside your browser. It scans your weekly reflections and gives you immediate, gentle feedback on how well your written thoughts match the values you logged. It suggests! If I’m missing the mark, it gives me specific prompts to help me get back to my goals. I added quick-export features so I can turn my weekly reflections into a clean text log, making it easy to keep a personal journal outside of the app. I set up a fully automated deployment pipeline using GitHub Actions, so my site updates instantly whenever I push my code. My Experience with GitHub Copilot GitHub Copilot felt like a supportive coding partner throughout this journey. When I was stuck on complex pathing issues for my GitHub Pages deployment, it helped me iterate through solutions quickly. It was especially great at explaining why certain parts of my code (like my custom Regex AI engine) were behaving the way they were, allowing me to stay in

2026-06-07 原文 →
AI 资讯

Finishing What I Started: A Code Snippet Manager Built on GitHub Gists

This is a submission for the GitHub Finish-Up-A-Thon Challenge What I Built ASTronaut is a personal code snippet manager that uses GitHub Gists as its storage backend. The name is a dumb pun: it literally builds an AST (Abstract Syntax Tree) of your Java snippets using JavaParser, pulling out class and method names so you can search by structure, not just by file name. The idea is simple: stop losing useful snippets to random notes apps or Gist pages you'll never find again. ASTronaut gives you a proper UI to create, search, edit, diff, and organize your snippets, while keeping everything synced to GitHub Gists so nothing is stuck on one machine. Frontend Repository: https://github.com/kusoroadeolu/astronaut-ui Backend Repository: https://github.com/kusoroadeolu/ASTronaut The Comeback Story The original ASTronaut had PostgreSQL, Redis, Spring Security, JWT auth, a full login/register flow, user management, admin roles, rate limiting... for a tool that only I was ever going to use. It never shipped. Not because it didn't work, but because every time I sat down to actually use it, I had to spin up a database, a Redis instance, deal with tokens. It just killed any motivation I had. The whole point was to save me time. It wasn't doing that. So it sat there. For a while. When I heard about the Finish-Up-A-Thon, this was the first project that came to mind. What Actually Changed The revamp had one goal: make it feel like a tool, not a project. Here's what got cut: The entire auth system: Spring Security, JWT, login/register, user management, all of it PostgreSQL and JPA, replaced by a lightweight local JSON index file Redis and rate limiting, pointless for a solo local tool Deep metadata extraction that was never actually used in search Here's what replaced it: GitHub PAT in an application.props file. One line of config, no OAuth flow, no callback URLs. PAT is the right call here: OAuth is for when other people are logging in with their GitHub accounts. This is just me. G

2026-06-07 原文 →