llm-all-models-async 0.1
<p><strong>Release:</strong> <a href="https://github.com/simonw/llm-all-models-async/releases/tag/0.1">llm-all-models-async 0.1</a></p> <p>LLM plugins can define new models in both <a href="https://llm.datasette.io/en/stable/plugins/tutorial-model-plugin.html">sync</a> and <a href="https://llm.datasette.io/en/stable/plugins/advanced-model-plugins.html#async-models">async</a> varieties. The async variants are most common for API-backed models - sync variants tend to be things that run the model directly within the plugin.</p> <p>My <a href="https://simonwillison.net/2026/Mar/30/mr-chatterbox/#running-it-locally-with-llm">llm-mrchatterbox</a> plugin is sync only. I wanted to try it out with various Datasette LLM features (specifically <a href="https://github.com/datasette/datasette-enrichmen
Release
llm-all-models-async 0.1 — Register async versions of models from LLM plugins that only provide a sync version
LLM plugins can define new models in both sync and async varieties. The async variants are most common for API-backed models - sync variants tend to be things that run the model directly within the plugin.
My llm-mrchatterbox plugin is sync only. I wanted to try it out with various Datasette LLM features (specifically datasette-enrichments-llm) but Datasette can only use async models.
So... I had Claude spin up this plugin that turns sync models into async models using a thread pool. This ended up needing an extra plugin hook mechanism in LLM itself, which I shipped just now in LLM 0.30.
Simon Willison Blog
https://simonwillison.net/2026/Mar/31/llm-all-models-async/#atom-everythingSign in to highlight and annotate this article
Conversation starters
Daily AI Digest
Get the top 5 AI stories delivered to your inbox every morning.
More about
claudemodelrelease
datasette-llm 0.1a2
<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-llm/releases/tag/0.1a2">datasette-llm 0.1a2</a></p> <blockquote> <ul> <li><code>actor</code> is now available to the <code>llm_prompt_context</code> plugin hook. <a href="https://github.com/datasette/datasette-llm/pull/2">#2</a></li> </ul> </blockquote> <p>Tags: <a href="https://simonwillison.net/tags/llm">llm</a>, <a href="https://simonwillison.net/tags/datasette">datasette</a></p>
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
<p><strong><a href="https://socket.dev/blog/axios-npm-package-compromised">Supply Chain Attack on Axios Pulls Malicious Dependency from npm</a></strong></p> Useful writeup of today's supply chain attack against Axios, the HTTP client NPM package with <a href="https://www.npmjs.com/package/axios">101 million weekly downloads</a>. Versions <code>1.14.1</code> and <code>0.30.4</code> both included a new dependency called <code>plain-crypto-js</code> which was freshly published malware, stealing credentials and installing a remote access trojan (RAT).</p> <p>It looks like the attack came from a leaked long-lived npm token. Axios have <a href="https://github.com/axios/axios/issues/7055">an open issue to adopt trusted publishing</a>, which would ensure that only their GitHub Actions workflows ar
Blind `npm install` Execution Risks Security Vulnerabilities: Review Lockfiles to Mitigate Threats
<p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk3labo0gsfmuphb69nbt.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk3labo0gsfmuphb69nbt.png" alt="cover" width="800" height="420"></a></p> <h2> Introduction: The Silent Threat in npm Install </h2> <p>The recent attack on the npm ecosystem didn’t target security engineers meticulously reviewing lockfiles. It targeted the rest of us—developers who type <code>npm install</code> and move on, trusting the process implicitly. This blind executi
Knowledge Map
Connected Articles — Knowledge Graph
This article is connected to other articles through shared AI topics and tags.
More in Models
I Created a SQL Injection Challenge… And AI Failed to Catch the Biggest Security Flaw 💥
<p>I recently designed a simple SQL challenge.</p> <p>Nothing fancy. Just a login system:</p> <p>Username<br> Password<br> Basic query validation</p> <p>Seemed straightforward, right?</p> <p>So I decided to test it with AI.</p> <p>I gave the same problem to multiple models.</p> <p>Each one confidently generated a solution.<br> Each one looked clean.<br> Each one worked.</p> <p>But there was one problem.</p> <p>🚨 Every single solution was vulnerable to SQL Injection.</p> <p>Here’s what happened:</p> <p>Most models generated queries like:</p> <p>SELECT * FROM users <br> WHERE username = 'input' AND password = 'input';</p> <p>Looks fine at first glance.</p> <p>But no parameterization.<br> No input sanitization.<br> No prepared statements.</p> <p>Which means…</p> <p>A simple input like:</p> <
From one model to seven — what it took to make TurboQuant model-portable
<p>A KV cache compression plugin that only works on one model is a demo, not a tool. turboquant-vllm v1.0.0 shipped four days ago with one validated architecture: Molmo2. v1.3.0 validates seven — Llama 3.1, Mistral 7B, Qwen2.5, Phi-3-mini, Phi-4, Gemma-2, and Gemma-3. The path between those two points was more interesting than the destination.</p> <h2> What Changed </h2> <p><strong>Fused paged kernels (v1.2.0).</strong> The original architecture decompressed KV cache from TQ4 to FP16 in HBM, then ran standard attention on the result. The new fused kernel reads compressed blocks directly from vLLM's page table, decompresses in SRAM, and computes attention in a single pass. HBM traffic: 1,160 → 136 bytes per token.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight pyth
8 Gemini AI Prompts That Turn Ordinary Photos Into Professional Portraits
These eight Google Gemini AI prompts transform ordinary photos into polished portraits for LinkedIn, personal branding, family photos, and more. The post 8 Gemini AI Prompts That Turn Ordinary Photos Into Professional Portraits appeared first on TechRepublic .
Anthropic teams with Australian government to review AI model safety - NewsBytes
<a href="https://news.google.com/rss/articles/CBMitgFBVV95cUxNeEJMNFVqS09nX290b1pLb0t6bHRydkFxZkYzRHpabEtPTGpJdm50RGdBVUtnSnpoYW1VdjlBMERTQnMyZURUeEZTcmhKSmdNWjBOd0NYU1ZBY1ZjU1piSElxNEt0MDdYbzhGNWVNckdEek1jeW1oNTAyT1Zhd0pEbE1HU3BMZWFicnpLekFJVFFOUXQwQThsRWFsaDRpYmdmR1dRN3lqOG9ld0pIZzJuamlUZTNNUQ?oc=5" target="_blank">Anthropic teams with Australian government to review AI model safety</a> <font color="#6f6f6f">NewsBytes</font>
Discussion
Sign in to join the discussion
No comments yet — be the first to share your thoughts!