TrapDoor pushed more than 34 malicious packages across npm, PyPI, and Crates.io after May 22. The sharpest twist is not just credential theft, but the attempt to poison .cursorrules and CLAUDE.md files read by AI coding assistants.
What caught HN was not the Dune joke. Versions 2.6.2 and 2.6.3 of the lightning package were reported to execute credential-stealing code on import, turning a routine training dependency into an exfiltration path.
A FutureSearch incident transcript moved quickly through Hacker News because it showed, minute by minute, how a poisoned LiteLLM package reached a workstation and was isolated within 72 minutes.
Hacker News amplified BerriAI's warning that malicious LiteLLM PyPI releases could execute before import, turning a package update into immediate incident response.
A LocalLLaMA alert pushed a serious LiteLLM supply-chain incident into view after compromised PyPI wheels were reported to execute a credential stealer on Python startup.
HN latched onto Answer.AI's PyPI analysis because it puts numbers behind an uncomfortable question: AI may be accelerating iteration inside AI tools, but the broad software boom many people expected is still hard to see in public package data.
A fast-moving HN thread used the LiteLLM incident to make a broader point: AI developer infrastructure now carries the same supply-chain risk as cloud infra, but often with looser dependency discipline and a larger secret surface.