frontpage.

Hi, everyone!

I built a TimeLock NPM Registry to prevent supply chain attack. I was inspired by minimumReleaseAge of the pnpm, but I'm using bun for my projects.

TimeLock NPM Registry is an alternative npm package registry focused on supply chain security.

Its core feature is introducing a time lock before new package versions become available for installation. This protects developers from compromised releases: while packages are “on hold,” the community and security tools have time to detect and block malicious code.

Why it matters Reduces the risk of installing malicious packages. Lets you “wait out” 24 hours or more before updating. Increases trust in dependencies and builds.

How it works

A package author publishes a new version. TimeLock NPM Registry places it into a pending state for a set duration (e.g., 24 hours). Only after the timer expires does the package become available for installation.

Tech stack — Cloudflare Workers, Honojs.

Modern Microprocessors: A 90-Minute Guide (2016)

Show HN: Mdchat – Markdown-first terminal / CLI tool for LLM collaboration

Show HN: Gh-dep – TUI to batch review/merge Dependabot/Renovate PRs across repos

Unconstitutionality of the Trump administration's student deportation efforts

The Temporal Dead Zone, why TypeScripts codebase is littered with var statements

Writing high-performance matrix multiplication kernels for Blackwell

Windows 7 marketshare jumps to nearly 10% as Windows 10 support is about to end

Apple reportedly scraps lighter Vision Pro in favor of smart glasses

Images show how antibiotics pierce bacterial armour

An Anarchic Hacktoberfest Repository

Wealth tax would be deadly for French economy, says Europe's richest man

Noble's Coding Principles – Updated for the AI Era

I Turned the Lego Game Boy into a Working Game Boy

In a Sea of Tech Talent, Companies Can't Find the Workers They Want

Autism should not be seen as single condition with one cause, say scientists

Show HN: Visual EE Builder – Build Ansible Execution Environments in One Click

LLM Security Scanners for Penetration Testers and Security Teams

The power of reusing and adapting viral posts

Airports are incredibly reliant on oil refineries

Geist Sans from Vercel

US memo to colleges proposes terms on ideology, foreign enrollment for fed funds

Waku – A Family of Robust, Censorship-Resistant Protocols to Preserve Privacy

If you delete your Sora acct you lose ChatGPT acct and banned from re-signing up

Delusions of a Protocol

Glaciers in California's Sierra Nevada disappearing for first time the Holocene

Fluid forms, vibrant colors – subtle refresh of Microsoft 365 icons

Claude Code 2.0 Is Promising but Flawed

Linus Torvalds Lashes Out at RISC-V Big Endian Plans

Show HN: I built a SOC2 policy generator after auditors hated the existing ones

America fell behind China in the lunar space race

Show HN: TimeLock NPM Registry