frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

NPM Package Provenance (2023)

https://github.blog/security/supply-chain-security/introducing-npm-package-provenance/
1•behindsight•4h ago

Comments

behindsight•4h ago
Reminder, you can audit all your npm packages to see if they provide provenance attestation with:

    npm audit signatures
you can use this to also provide a gentle reminder to package authors to consider setting one up (or replacing those that can't/won't)

Additional resources:

- Trusted publishing via OIDC [1]

- Requiring 2FA for package publishing [2]

1: https://docs.npmjs.com/trusted-publishers

2: https://docs.npmjs.com/requiring-2fa-for-package-publishing-...

codedrift_•4h ago
> To achieve this, we require that packages are built on a trusted CI/CD platform

Given what happened with NX [1], I'm hoping GitHub Actions disallows certain types of commands in their YAML. Otherwise we still have a straightforward way to attach provenance to malicious code. =\

1: https://x.com/adnanthekhan/status/1958722939534417989

Yakovlevian Torque

https://en.wikipedia.org/wiki/Yakovlevian_torque
1•evertedsphere•4m ago•0 comments

Holding It Together

https://onelook.com/newsletter/issue-14/
1•dougb5•4m ago•0 comments

Flagged by the Algorithm: Klarna Thought I'm a Fraudster

https://algorithmwatch.org/en/flagged-algorithm-klarna-fraudster/
2•Improvement•8m ago•1 comments

Nano Banana AI

https://nanobananana.com
1•Maxforever•8m ago•1 comments

Prototyping an Amiga System Preferences Gallery

https://heckmeck.de/blog/prototyping-a-system-preferences-gallery/
1•arexxbifs•9m ago•0 comments

What it means to exceed the 1.5°C global warming target [video]

https://www.youtube.com/watch?v=CVY2iJU4D6Y
2•indigodaddy•11m ago•0 comments

How Google dodged a major breakup – and why OpenAI is to thank for it

https://www.theguardian.com/technology/2025/sep/08/google-antitrust-apocalypse
1•andsoitis•11m ago•0 comments

Famulor AI Call Center: Multi-Calendar Support

https://docs.famulor.io/updates/changelog
1•imankoma•13m ago•1 comments

Biggest Utility Battery [1.4GW, 3.1GWh] Secures Financing for UK Construction

https://www.bloomberg.com/news/articles/2025-09-09/world-s-biggest-battery-secures-financing-for-...
1•toomuchtodo•17m ago•1 comments

Meta put virtual-reality profit over kids' safety, whistleblowers tell Congress

https://www.reuters.com/sustainability/boards-policy-regulation/meta-put-virtual-reality-profit-o...
2•giuliomagnifico•19m ago•1 comments

ChatGPT vs. Claude Subscription – Visual

https://claude.ai/public/artifacts/d66b93a3-fb77-4c63-8538-af33a5150d03
1•hereme888•19m ago•0 comments

Show HN: Melony – React toolkit for AI chat interface

https://github.com/ddaras/melony
1•ddaras•22m ago•0 comments

Green Wave: A Plan for Cycling in New York City [pdf]

https://www.nyc.gov/html/dot/downloads/pdf/bike-safety-plan.pdf
1•i13e•24m ago•0 comments

Mazlo raises $4.6M, launches nonprofit finance platform

https://news.crunchbase.com/fintech/mazlo-emerges-stealth-nonprofit-management/
3•thatdrew•29m ago•0 comments

Show HN: Backwalk – A lightweight backtrace library written in C

https://github.com/whalbawi/backwalk
1•munifex•31m ago•0 comments

Show HN: Rift (Flexible Translator) – Build Languages in Days, Not Years

https://github.com/obinexus/rift
1•obinexus•32m ago•0 comments

A World Without Plugins

https://www.swyx.io/a-world-without-plugins-cig
1•swyx•33m ago•1 comments

Hypervisor in 1k Lines

https://1000hv.seiya.me/en
3•lioeters•34m ago•0 comments

Show HN: LibPolyCall – Zero-Trust Polyglot FFI with Perfect State Reproduction

https://github.com/obinexus/libpolycall
1•obinexus•35m ago•0 comments

Ask HN: How high is the bar for AGI? what problems are "AGI-complete"?

1•adinhitlore•37m ago•0 comments

How Tim Cook sold out Steve Jobs

https://www.anildash.com//2025/09/09/how-tim-cook-sold-out-steve-jobs/
2•latexr•39m ago•2 comments

Show HN: Open-Source Game for Kids for Learning Letters and Phonics

https://letter-learning-game.org/
1•eigenvalue•41m ago•0 comments

Show HN: HardView – Cross-Platform Hardware Info and Monitoring (Python/C++/C)

https://github.com/gafoo173/HardView
3•gafoo1•45m ago•0 comments

Ask HN: How are you using AI / LLMs for coding?

3•bryanhogan•45m ago•2 comments

Factors associated with weight loss response to GLP-1 analogues for obesity

https://pmc.ncbi.nlm.nih.gov/articles/PMC11751938/
2•paulpauper•45m ago•0 comments

Book Review: Poor Economics

https://pelorus.substack.com/p/book-review-poor-economics
1•paulpauper•46m ago•0 comments

AI Induced Psychosis: A shallow investigation

https://www.lesswrong.com/posts/iGF7YcnQkEbwvYLPA/ai-induced-psychosis-a-shallow-investigation
1•paulpauper•46m ago•0 comments

iOS 18.6.2 – System-Wide Trust Collapse via Anchor Corruption and ATS Reset

https://github.com/JGoyd/ios-trust-collapse
8•mintplant•52m ago•1 comments

Why Mark S. Zuckerberg Is Suing Facebook's Parent Company, Meta

https://www.nytimes.com/2025/09/09/technology/mark-zuckerberg-meta-lawsuit-fake-accounts.html
4•sega_sai•53m ago•1 comments

Consumption of Low- and No-Calorie Artificial Sweeteners and Cognitive Decline

https://www.neurology.org/doi/10.1212/WNL.0000000000214023
3•wjb3•57m ago•2 comments