🐦 Twitter Post Details

Viewing enriched Twitter post

@bytedunks

Five major supply chain attacks in two weeks, including LiteLLM and axios. We install most of these packages without thinking twice. @kstonekuan and I built YOINK, an AI agent that removes complex dependencies you only use for a handful of functions, by reimplementing only what you need, so you don't need to worry about supply chain attacks anymore. @karpathy recently called for re-evaluating the belief that "dependencies are good". OpenAI's @_lopopolo echoed this in his harness engineering article: agents reason better from reimplemented functionality they have full visibility into, over opaque third-party libraries. YOINK makes this capability accessible to anyone.

View on Twitter

📊 Media Metadata

{
  "media": [
    {
      "url": "https://crmoxkoizveukayfjuyo.supabase.co/storage/v1/object/public/media/posts/2040612747256516823/media_0.mp4",
      "media_url": "https://crmoxkoizveukayfjuyo.supabase.co/storage/v1/object/public/media/posts/2040612747256516823/media_0.mp4",
      "type": "video",
      "filename": "media_0.mp4"
    }
  ],
  "processed_at": "2026-04-05T03:34:48.078077",
  "pipeline_version": "2.0"
}

🔧 Raw API Response

{
  "type": "tweet",
  "id": "2040612747256516823",
  "url": "https://x.com/bytedunks/status/2040612747256516823",
  "twitterUrl": "https://twitter.com/bytedunks/status/2040612747256516823",
  "text": "Five major supply chain attacks in two weeks, including LiteLLM and axios. We install most of these packages without thinking twice.\n\n@kstonekuan and I built YOINK, an AI agent that removes complex dependencies you only use for a handful of functions, by reimplementing only what you need, so you don't need to worry about supply chain attacks anymore.\n\n@karpathy recently called for re-evaluating the belief that \"dependencies are good\". OpenAI's @_lopopolo echoed this in his harness engineering article: agents reason better from reimplemented functionality they have full visibility into, over opaque third-party libraries.\n\nYOINK makes this capability accessible to anyone.",
  "source": "Twitter for iPhone",
  "retweetCount": 2,
  "replyCount": 4,
  "likeCount": 7,
  "quoteCount": 1,
  "viewCount": 185,
  "createdAt": "Sun Apr 05 02:09:26 +0000 2026",
  "lang": "en",
  "bookmarkCount": 1,
  "isReply": false,
  "inReplyToId": null,
  "conversationId": "2040612747256516823",
  "displayTextRange": [
    0,
    279
  ],
  "inReplyToUserId": null,
  "inReplyToUsername": null,
  "author": {
    "type": "user",
    "userName": "bytedunks",
    "url": "https://x.com/bytedunks",
    "twitterUrl": "https://twitter.com/bytedunks",
    "id": "993931267744841729",
    "name": "Brandon Ong",
    "isVerified": false,
    "isBlueVerified": true,
    "verifiedType": null,
    "profilePicture": "https://pbs.twimg.com/profile_images/1924820134822379520/VS9gr799_normal.jpg",
    "coverPicture": "https://pbs.twimg.com/profile_banners/993931267744841729/1692608929",
    "description": "",
    "location": "SG",
    "followers": 412,
    "following": 268,
    "status": "",
    "canDm": false,
    "canMediaTag": true,
    "createdAt": "Tue May 08 19:10:55 +0000 2018",
    "entities": {
      "description": {
        "urls": []
      },
      "url": {}
    },
    "fastFollowersCount": 0,
    "favouritesCount": 173,
    "hasCustomTimelines": true,
    "isTranslator": false,
    "mediaCount": 21,
    "statusesCount": 300,
    "withheldInCountries": [],
    "affiliatesHighlightedLabel": {},
    "possiblySensitive": false,
    "pinnedTweetIds": [
      "2026950810102616571"
    ],
    "profile_bio": {
      "description": "exploring;\nprev Joint PhD in Robotics (on leave) @Columbia @NTUsg; @join_ef",
      "entities": {
        "description": {
          "hashtags": [],
          "symbols": [],
          "urls": [],
          "user_mentions": [
            {
              "id_str": "0",
              "indices": [
                49,
                58
              ],
              "name": "",
              "screen_name": "Columbia"
            },
            {
              "id_str": "0",
              "indices": [
                59,
                65
              ],
              "name": "",
              "screen_name": "NTUsg"
            },
            {
              "id_str": "0",
              "indices": [
                67,
                75
              ],
              "name": "",
              "screen_name": "join_ef"
            }
          ]
        },
        "url": {
          "urls": [
            {
              "display_url": "ob1.info",
              "expanded_url": "https://ob1.info",
              "indices": [
                0,
                23
              ],
              "url": "https://t.co/tPv3PGYVeM"
            }
          ]
        }
      }
    },
    "isAutomated": false,
    "automatedBy": null
  },
  "extendedEntities": {
    "media": [
      {
        "additional_media_info": {
          "monetizable": true
        },
        "display_url": "pic.twitter.com/zxqW8DhAYI",
        "expanded_url": "https://twitter.com/bytedunks/status/2040612747256516823/video/1",
        "ext_media_availability": {
          "status": "Available"
        },
        "id_str": "2040612370230448128",
        "indices": [
          280,
          303
        ],
        "media_key": "13_2040612370230448128",
        "media_results": {
          "id": "QXBpTWVkaWFSZXN1bHRzOgwABAoAARxRtiOb2pAAAAA=",
          "result": {
            "__typename": "ApiMedia",
            "id": "QXBpTWVkaWE6DAAECgABHFG2I5vakAAAAA==",
            "media_key": "13_2040612370230448128"
          }
        },
        "media_url_https": "https://pbs.twimg.com/amplify_video_thumb/2040612370230448128/img/a0DvcBr76PDwO9nM.jpg",
        "original_info": {
          "focus_rects": [],
          "height": 1080,
          "width": 1920
        },
        "sizes": {
          "large": {
            "h": 1080,
            "w": 1920
          }
        },
        "type": "video",
        "url": "https://t.co/zxqW8DhAYI",
        "video_info": {
          "aspect_ratio": [
            16,
            9
          ],
          "duration_millis": 35050,
          "variants": [
            {
              "content_type": "application/x-mpegURL",
              "url": "https://video.twimg.com/amplify_video/2040612370230448128/pl/x3uzpNUIS1O6wMKB.m3u8?tag=21"
            },
            {
              "bitrate": 256000,
              "content_type": "video/mp4",
              "url": "https://video.twimg.com/amplify_video/2040612370230448128/vid/avc1/480x270/8Fu8UUmTDHMOw2dh.mp4?tag=21"
            },
            {
              "bitrate": 832000,
              "content_type": "video/mp4",
              "url": "https://video.twimg.com/amplify_video/2040612370230448128/vid/avc1/640x360/T0Ezs7bKwLRWoRDT.mp4?tag=21"
            },
            {
              "bitrate": 2176000,
              "content_type": "video/mp4",
              "url": "https://video.twimg.com/amplify_video/2040612370230448128/vid/avc1/1280x720/lp4DokgJCZHmdg8i.mp4?tag=21"
            },
            {
              "bitrate": 10368000,
              "content_type": "video/mp4",
              "url": "https://video.twimg.com/amplify_video/2040612370230448128/vid/avc1/1920x1080/gGqULms6pkUHpajV.mp4?tag=21"
            }
          ]
        }
      }
    ]
  },
  "card": null,
  "place": {},
  "entities": {
    "hashtags": [],
    "symbols": [],
    "timestamps": [],
    "urls": [],
    "user_mentions": [
      {
        "id_str": "766014300",
        "indices": [
          134,
          145
        ],
        "name": "kingston kuan",
        "screen_name": "kstonekuan"
      },
      {
        "id_str": "33836629",
        "indices": [
          354,
          363
        ],
        "name": "Andrej Karpathy",
        "screen_name": "karpathy"
      },
      {
        "id_str": "1485634548238983169",
        "indices": [
          448,
          458
        ],
        "name": "lopopolo",
        "screen_name": "_lopopolo"
      }
    ]
  },
  "quoted_tweet": {
    "type": "tweet",
    "id": "2036487306585268612",
    "url": "https://x.com/karpathy/status/2036487306585268612",
    "twitterUrl": "https://twitter.com/karpathy/status/2036487306585268612",
    "text": "Software horror: litellm PyPI supply chain attack. \n\nSimple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords.\n\nLiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm.\n\nAfaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks.\n\nSupply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages.\n\nClassical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to \"yoink\" functionality when it's simple enough and possible.",
    "source": "Twitter for iPhone",
    "retweetCount": 5397,
    "replyCount": 1356,
    "likeCount": 28122,
    "quoteCount": 1304,
    "viewCount": 66264918,
    "createdAt": "Tue Mar 24 16:56:24 +0000 2026",
    "lang": "en",
    "bookmarkCount": 13785,
    "isReply": false,
    "inReplyToId": null,
    "conversationId": "2036487306585268612",
    "displayTextRange": [
      0,
      277
    ],
    "inReplyToUserId": null,
    "inReplyToUsername": null,
    "author": {
      "type": "user",
      "userName": "karpathy",
      "url": "https://x.com/karpathy",
      "twitterUrl": "https://twitter.com/karpathy",
      "id": "33836629",
      "name": "Andrej Karpathy",
      "isVerified": false,
      "isBlueVerified": true,
      "verifiedType": null,
      "profilePicture": "https://pbs.twimg.com/profile_images/1296667294148382721/9Pr6XrPB_normal.jpg",
      "coverPicture": "https://pbs.twimg.com/profile_banners/33836629/1407117611",
      "description": "",
      "location": "Stanford",
      "followers": 2122172,
      "following": 1079,
      "status": "",
      "canDm": true,
      "canMediaTag": true,
      "createdAt": "Tue Apr 21 06:49:15 +0000 2009",
      "entities": {
        "description": {
          "urls": []
        },
        "url": {}
      },
      "fastFollowersCount": 0,
      "favouritesCount": 23094,
      "hasCustomTimelines": true,
      "isTranslator": false,
      "mediaCount": 863,
      "statusesCount": 10088,
      "withheldInCountries": [],
      "affiliatesHighlightedLabel": {},
      "possiblySensitive": false,
      "pinnedTweetIds": [
        "1617979122625712128"
      ],
      "profile_bio": {
        "description": "I like to train large deep neural nets. Previously Director of AI @ Tesla, founding team @ OpenAI, PhD @ Stanford.",
        "entities": {
          "description": {
            "hashtags": [],
            "symbols": [],
            "urls": [],
            "user_mentions": []
          },
          "url": {
            "urls": [
              {
                "display_url": "karpathy.ai",
                "expanded_url": "https://karpathy.ai",
                "indices": [
                  0,
                  23
                ],
                "url": "https://t.co/0EcFthjJXM"
              }
            ]
          }
        }
      },
      "isAutomated": false,
      "automatedBy": null
    },
    "extendedEntities": {},
    "card": null,
    "place": {},
    "entities": {
      "hashtags": [],
      "symbols": [],
      "urls": [],
      "user_mentions": []
    },
    "quoted_tweet": {
      "type": "tweet",
      "id": "2036414330267193815",
      "url": "",
      "twitterUrl": "",
      "text": "",
      "source": "Twitter for iPhone",
      "retweetCount": 0,
      "replyCount": 0,
      "likeCount": 0,
      "quoteCount": 0,
      "viewCount": 0,
      "createdAt": "",
      "lang": "",
      "bookmarkCount": 0,
      "isReply": false,
      "inReplyToId": null,
      "conversationId": "",
      "displayTextRange": [],
      "inReplyToUserId": null,
      "inReplyToUsername": null,
      "author": {},
      "extendedEntities": {},
      "card": null,
      "place": {},
      "entities": {},
      "quoted_tweet": null,
      "retweeted_tweet": null,
      "isLimitedReply": false,
      "communityInfo": null,
      "article": null
    },
    "retweeted_tweet": null,
    "isLimitedReply": false,
    "communityInfo": null,
    "article": null
  },
  "retweeted_tweet": null,
  "isLimitedReply": false,
  "communityInfo": null,
  "article": null
}