MarketsSANDWORM_MODE npm Worm Injects Malicious MCP Servers Into AI Coding ToolsSocket.dev·high signalMulti-stage npm worm deploys rogue MCP servers into Claude Code Cursor Windsurf configs. 19 typosquatted packages harvest tokens SSH keys cloud creds. Dormant dead switch can wipe home directories.SourceSource pageSocket.dev↳ Follow the threadShared entity / Policy dependencyKastra Launches Policy Enforcement for Claude Code, Cursor, and CodexHacker NewsShared entity / Stack layerClaude Code v2.1.205 Blocks Auto-Mode Transcript Tampering and Prompts Before rm -rf on Unresolved VariablesClaude Code ChangelogShared entity / Stack layerClaude Code v2.1.206 Adds a /doctor Check That Proposes Trimming Your CLAUDE.mdClaude Code DocsShared entity / Policy dependencyponytail: A 'Laziest Senior Dev' Skill That Cuts Agent-Written Code by ~54% Is the Fastest-Rising Repo on GitHubGitHubShared entity / Stack layerClaude Code Admin Console Gains 'Value' and 'Usage' Tabs With Daily Org-Wide Command TelemetryReleasebotShared entity / Stack layerMatch isolation strength to the user's capacity for oversight — and assume approval fatigue defeats human-in-the-loopAnthropic EngineeringShared entity / Stack layerWindsurf/Devin now emits reviewable diffs for autonomous edits — turn it on and gate on itReleasebotShared entity / Stack layerTip: Run /doctor on v2.1.206 to Cut CLAUDE.md Down to What the Agent Can't InferClaude Code Docs