frontpage.

Hi, everyone!

I built a TimeLock NPM Registry to prevent supply chain attack. I was inspired by minimumReleaseAge of the pnpm, but I'm using bun for my projects.

TimeLock NPM Registry is an alternative npm package registry focused on supply chain security.

Its core feature is introducing a time lock before new package versions become available for installation. This protects developers from compromised releases: while packages are “on hold,” the community and security tools have time to detect and block malicious code.

Why it matters Reduces the risk of installing malicious packages. Lets you “wait out” 24 hours or more before updating. Increases trust in dependencies and builds.

How it works

A package author publishes a new version. TimeLock NPM Registry places it into a pending state for a set duration (e.g., 24 hours). Only after the timer expires does the package become available for installation.

Tech stack — Cloudflare Workers, Honojs.

AppSecMaster – Learn Application Security with hands on challenges

Fibonacci Number Certificates

AI Overviews are killing the web search, and there's nothing we can do about it

City skylines need an upgrade in the face of climate stress

1979: The Model World of Robert Symes [video]

Satellites Have a Lot of Room

1980s Farm Crisis

Show HN: FSID - Identifier for files and directories (like ISBN for Books)

Show HN: Holy Grail: Open-Source Autonomous Development Agent

Show HN: Minecraft Creeper meets 90s Tamagotchi

Show HN: Termiteam – Control center for multiple AI agent terminals

The only U.S. particle collider shuts down

Ask HN: Why do purchased B2B email lists still have such poor deliverability?

Show HN: Remotion directory (videos and prompts)

Portable C Compiler

Show HN: Kokki – A "Dual-Core" System Prompt to Reduce LLM Hallucinations

Software Engineering Transformation 2026

Microsoft purges Win11 printer drivers, devices on borrowed time

Lunch with the FT: Tarek Mansour

Old Mexico and her lost provinces (1883)

'AI' is a dick move, redux

The source code was the moat. But not anymore

Does anyone else feel like their inbox has become their job?

An AI model that can read and diagnose a brain MRI in seconds

Dev with 5 of experience switched to Rails, what should I be careful about?

AlphaFace: High Fidelity and Real-Time Face Swapper Robust to Facial Pose

Scientists discover “levitating” time crystals that you can hold in your hand

Rammstein – Deutschland (C64 Cover, Real SID, 8-bit – 2019) [video]

Tell HN: Yet Another Round of Zendesk Spam

Postgres Message Queue (PGMQ)