MoreRSS

site iconSimon WillisonModify

MustRead Blog Dev Tech
Creator of Datasette and Lanyrd, co-creator of the Django Web Framework.
RSS: https://simonwillison.net/atom/everything/
Please copy the RSS to your reader, or quickly subscribe to:

Inoreader Feedly Follow Feedbin Local Reader

Rss preview of Blog of Simon Willison

datasette-extract 0.3a0

2026-04-01 11:32:16

Release: datasette-extract 0.3a0

Tags: llm, datasette

datasette-enrichments-llm 0.2a0

2026-04-01 11:28:44

Release: datasette-enrichments-llm 0.2a0

  • This plugin now uses datasette-llm to configure and manage models. This means it's possible to specify which models should be made available for enrichments, using the new enrichments purpose.

Tags: llm, datasette

datasette-llm-usage 0.2a0

2026-04-01 11:24:03

Release: datasette-llm-usage 0.2a0

  • Removed features relating to allowances and estimated pricing. These are now the domain of datasette-llm-accountant.
  • Now depends on datasette-llm for model configuration. #3
  • Full prompts and responses and tool calls can now be logged to thellm_usage_prompt_log table in the internal database if you set the new datasette-llm-usage.log_prompts plugin configuration setting.
  • Redesigned the /-/llm-usage-simple-prompt page, which now requires the llm-usage-simple-prompt permission.

Tags: llm, datasette

datasette-llm 0.1a5

2026-04-01 11:11:01

Release: datasette-llm 0.1a5

  • The llm_prompt_context() plugin hook wrapper mechanism now tracks prompts executed within a chain as well as one-off prompts, which means it can be used to track tool call loops. #5

Tags: llm, datasette

Quoting Soohoon Choi

2026-04-01 10:07:16

I want to argue that AI models will write good code because of economic incentives. Good code is cheaper to generate and maintain. Competition is high between the AI models right now, and the ones that win will help developers ship reliable features fastest, which requires simple, maintainable code. Good code will prevail, not only because we want it to (though we do!), but because economic forces demand it. Markets will not reward slop in coding, in the long-term.

Soohoon Choi, Slop Is Not Necessarily The Future

Tags: slop, ai-assisted-programming, generative-ai, agentic-engineering, ai, llms

Supply Chain Attack on Axios Pulls Malicious Dependency from npm

2026-04-01 07:28:40

Supply Chain Attack on Axios Pulls Malicious Dependency from npm

Useful writeup of today's supply chain attack against Axios, the HTTP client NPM package with 101 million weekly downloads. Versions 1.14.1 and 0.30.4 both included a new dependency called plain-crypto-js which was freshly published malware, stealing credentials and installing a remote access trojan (RAT).

It looks like the attack came from a leaked long-lived npm token. Axios have an open issue to adopt trusted publishing, which would ensure that only their GitHub Actions workflows are able to publish to npm. The malware packages were published without an accompanying GitHub release, which strikes me as a useful heuristic for spotting potentially malicious releases - the same pattern was present for LiteLLM last week as well.

Via lobste.rs

Tags: javascript, security, npm, supply-chain