frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Show HN: Safe-NPM – only install packages that are +90 days old

https://github.com/kevinslin/safe-npm
3•kevinslin•2d ago
This past quarter has been awash with sophisticated npm supply chain attacks like [Shai-Hulud](https://www.cisa.gov/news-events/alerts/2025/09/23/widesprea...() and the [Chalk/debug Compromise](https://www.wiz.io/blog/widespread-npm-supply-chain-attack-b...). This CLI helps protect users from recently compromised packages by only downloading packages that have been public for a while (default is 90 days or older).

Install: npm install -g @dendronhq/safe-npm Usage: safe-npm install react@^18 lodash

How it works: - Queries npm registry for all versions matching your semver range - Filters out anything published in the last 90 days - Installs the newest "aged" version

Limitations: - Won't protect against packages malicious from day one - Doesn't control transitive dependencies (yet - looking into overrides) - Delays access to legitimate new features

This is meant as a 80/20 measure against recently compromised NPM packages and is not a silver bullet. Please give it a try and let me know if you have feedback.

Voyager 1 is about to reach one light-day from earth

https://scienceclock.com/voyager-1-is-about-to-reach-one-light-day-from-earth/
582•ashishgupta2209•7h ago•202 comments

S&box is now an open source game engine

https://sbox.game/news/update-25-11-26
52•MaximilianEmel•1h ago•15 comments

A Fast 64-Bit Date Algorithm (30–40% faster by counting dates backwards)

https://www.benjoffe.com/fast-date-64
180•benjoffe•3d ago•35 comments

Gemini CLI Tips and Tricks for Agentic Coding

https://github.com/addyosmani/gemini-cli-tips
94•ayoisaiah•3h ago•32 comments

Why 90s Movies Feel More Alive Than Anything on Netflix

https://afranca.com.br/why-90s-movies-feel-more-alive-than-anything-on-netflix
9•jslakro•17m ago•3 comments

Crews Claim Boring Company Failed to Pay Workers and Snubbed OSHA Concerns

https://nashvillebanner.com/2025/11/25/boring-company-nashville-shane-trucking-and-excavating/
52•breve•57m ago•11 comments

A Woman on a Mission to Photograph Every Species of Hummingbird

https://www.audubon.org/magazine/meet-woman-mission-photograph-every-species-of-hummingbird-world
59•zeech•4d ago•9 comments

The most male and female reasons to end up hospital

https://leobenedictus.substack.com/p/the-most-male-and-female-reasons
47•speckx•1h ago•33 comments

A cell so minimal that it challenges definitions of life

https://www.quantamagazine.org/a-cell-so-minimal-that-it-challenges-definitions-of-life-20251124/
211•ibobev•11h ago•90 comments

An Homage to 90s –/Public_HTML Hosting

https://public.monster/
27•gpi•6d ago•14 comments

Show HN: I turned algae into a bio-altimeter and put it on a weather balloon

https://radi8.dev/blog/stratospore/
68•radeeyate•4d ago•8 comments

Statistical Process Control in Python

https://timothyfraser.com/sigma/statistical-process-control-in-python.html
175•lifeisstillgood•12h ago•54 comments

DRAM prices are spiking, but I don't trust the industry's why

https://www.xda-developers.com/dram-prices-spiking-dont-trust-industry-reasons/
116•binarycrusader•3h ago•64 comments

Optery (YC W22) Hiring CISO, Release Manager, Tech Lead (Node), Full Stack Eng

https://www.optery.com/careers/
1•beyondd•4h ago

JOPA: Java compiler in C++, Jikes modernized to Java 6 with Claude

https://github.com/7mind/jopa
41•pshirshov•3d ago•37 comments

China Has Three Reusable Rockets Ready for Their Debut Flights

https://www.china-in-space.com/p/china-has-three-reusable-rockets
47•speckx•2h ago•26 comments

Show HN: KiDoom – Running DOOM on PCB Traces

https://www.mikeayles.com/#kidoom
307•mikeayles•22h ago•43 comments

Copyparty, the FOSS file server [video]

https://www.youtube.com/watch?v=15_-hgsX2V0
217•franczesko•1w ago•53 comments

OpenAI needs to raise at least $207B by 2030

https://ft.com/content/23e54a28-6f63-4533-ab96-3756d9c88bad
489•akira_067•6h ago•445 comments

Show HN: Safe-NPM – only install packages that are +90 days old

https://github.com/kevinslin/safe-npm
3•kevinslin•2d ago•0 comments

Surprisingly, Emacs on Android is pretty good

https://kristofferbalintona.me/posts/202505291438/
220•harryday•3d ago•109 comments

From blood sugar to brain relief: GLP-1 therapy slashes migraine frequency

https://www.medlink.com/news/from-blood-sugar-to-brain-relief-glp-1-therapy-slashes-migraine-freq...
86•Anon84•5h ago•54 comments

Image Diffusion Models Exhibit Emergent Temporal Propagation in Videos

https://arxiv.org/abs/2511.19936
98•50kIters•13h ago•13 comments

Jakarta is now the biggest city in the world

https://www.axios.com/2025/11/24/jakarta-tokyo-worlds-biggest-city-population
437•skx001•1d ago•326 comments

Slop Detective – Fight the Slop Syndicate

https://slopdetective.kagi.com/
50•speckx•4h ago•23 comments

Qiskit open-source SDK for working with quantum computers

https://github.com/Qiskit/qiskit
32•thinkingemote•8h ago•2 comments

Show HN: We built an open source, zero webhooks payment processor

https://github.com/flowglad/flowglad
365•agreeahmed•1d ago•205 comments

CS234: Reinforcement Learning Winter 2025

https://web.stanford.edu/class/cs234/
180•jonbaer•20h ago•52 comments

How to repurpose your old phone into a web server

https://far.computer/how-to/
317•louismerlin•4d ago•110 comments

A new bridge links the math of infinity to computer science

https://www.quantamagazine.org/a-new-bridge-links-the-strange-math-of-infinity-to-computer-scienc...
232•digital55•1d ago•134 comments