frontpage.

Stop using `^` in `package.json` if you care about supply-chain safety.

If the lockfile is missing (fresh clone, CI misconfig) or you rely on automated updates like Renovate or Dependabot, semver ranges allow unreviewed code to enter your dependency graph. A compromised minor or patch release becomes eligible and can be pulled in automatically.

After last year’s wave of npm supply-chain attacks, we audited all our projects and locked dependencies down. Every upgrade is now an explicit, manual decision.

The Art of Persuasion in Cartography: Why Design Makes Maps Powerful

Desmos Graph Calculator animation [video]

Netflix is rolling out a live voting feature

Show HN: Sharpie – Self-hostable AI prompt playground

Show HN: Describe hardware, get a buildable prototype

How to Make Your Vision Survive Translation

Local Agent Safety Framework

Static Pricing Theory

Visualizing Delaunay Triangulation

Tech workers ask their bosses to pressure Trump over ICE crackdowns

Show HN: Stitch-MCP, a universal MCP server for Google Stitch

Claude Code Browser Automation on Bazzite

LLVM Adopts "Human in the Loop" Policy for AI/Tool-Assisted Contributions

Georges Bataille: The Solar Anus (1927)

Show HN: Phaze – A Remote Desktop for Workstations

Brutalist Web Design

Quango – A C89 CLI pathfinding puzzle game

Intro to Genomics for Engineers

NBomber v6.2.0 Is Out

What does it take to ship Rust in safety-critical?

Created a Free Resume Builder

OpenAI is rolling out age prediction

The secret medieval tunnels that we still don't understand

Where I'm at with AI

The origami wheel that could explore lunar caves

Show HN: Sast+LLM Security Scanner that filters false positives and fixes issues

With democracy in free fall, the media must (finally) wake up

Trump administration concedes DOGE team may have misused Social Security data

Things I Learned at the Claude Code NYC Meetup

Intrinsically stretchable 2D MoS2 transistors

Can we stop using `^` in `package.json`