Posted by kirushik 9 hours ago
No they can't, because developer tools run on developers' machines. You can't trust your code running in an environment you don't trust.
I would guess that's their first line of defense; they should have more techniques to identify distillation because that's a very simple way of detecting the host and can be easily spoofed.
i.e. this will allow them to literally commit fraud against paying customers
Yes, I said that. If a user is breaking your terms of service, ban them. Continuing to charge them while not providing the service they're paying for is, in fact, literal textbook fraud.
pi's "minimal" coding-agent has a total of 132 transitive dependencies spanning 153 maintainers.
While I understand JS developers in the JS/NPM ecosystem think this qualifies as minimal, it most certainly does not, from a supply chain security perspective.