frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Show HN: npm-daycare, an NPM proxy that filters out recent & small packages

https://github.com/stack-auth/npm-daycare
6•n2d4•4h ago
Hey all! npm-daycare is a simple NPM proxy built on Verdaccio which filters all packages that:

- are younger than 48h (it will just provide an old version instead)

- have fewer than 5,000 weekly downloads

https://github.com/stack-auth/npm-daycare

This is in response to the recent supply chain attacks that shattered the JavaScript ecosystem [1]. It's likely not a problem that will go away any time soon, so we figured we'd build something to protect against it.

Doing this on the proxy layer means it will work across the entire system, as proxies are set globally. In the future, we could also add more filters to the proxy.

To get started, just run the Docker container:

    docker run -d --rm --name npm-daycare -p 4873:4873 bgodil/npm-daycare

    npm set registry http://localhost:4873/
    pnpm config set registry http://localhost:4873/
    yarn config set registry http://localhost:4873/
    bun config set registry http://localhost:4873/

    npm view @types/node  # has recent updates
    npm view pgmock  # has <5,000 weekly downloads
Downside: npm-daycare won't show packages that are younger than 48h on its default config, so be aware of that when you try to update your packages to patch a zero-day exploit.

You probably also shouldn't rely on this as your only line of defense. Curious to hear what you think!

[1] https://news.ycombinator.com/item?id=45260741

Comments

bdangubic•3h ago
Day is September 16, 2026. Top story on HN, “wildly popular npm-daycare with 7 billion daily downloads hacked” :-)
n2d4•2h ago
Well, least it's in a Docker container and not an auto-updating binary on your computer :]

Show HN: A PSX/DOS style 3D game written in Rust with a custom software renderer

https://totenarctanz.itch.io/a-scavenging-trip
32•mvx64•3h ago•2 comments

Show HN: I built a platform for long-form media recs (books, articles, etc.)

https://rhomeapp.com/Guest
12•rohannih•5h ago•0 comments

Show HN: HuMo AI – Create Realistic Videos with Text, Image, and Audio Inputs

https://www.humoai.co
2•Viaya•3h ago•0 comments

Show HN: npm-daycare, an NPM proxy that filters out recent & small packages

https://github.com/stack-auth/npm-daycare
6•n2d4•4h ago•2 comments

Show HN: A store that generates products from anything you type in search

https://anycrap.shop/
1143•kafked•3d ago•326 comments

Show HN: Pyproc – Call Python from Go Without CGO or Microservices

https://github.com/YuminosukeSato/pyproc
39•acc_10000•1d ago•9 comments

Show HN: Scientific Calculator for Android

https://play.google.com/store/apps/details?id=scientific.codegres.calculator&hl=en_US
2•Codegres•6h ago•0 comments

Show HN: AI Code Detector – detect AI-generated code with 95% accuracy

https://code-detector.ai/
70•henryl•12h ago•60 comments

Show HN: I wrote a from-scratch OS to serve my blog

https://github.com/thass0/tatix
8•thasso•15h ago•0 comments

Show HN: I reverse engineered macOS to allow custom Lock Screen wallpapers

https://cindori.com/backdrop
77•cindori•1d ago•56 comments

Show HN: Daffodil – Open-Source Ecommerce Framework to connect to any platform

https://github.com/graycoreio/daffodil
64•damienwebdev•1d ago•8 comments

Show HN: I built a decentralized protocol for predicting interest rate movement

https://kairosswap.com/
3•vinniejames•8h ago•0 comments

Show HN: Ghostpipe – Connect files in your codebase to user interfaces

https://github.com/inputlogic/ghostpipe
4•adriaanmulder•8h ago•1 comments

Show HN: AI-powered web service combining FastAPI, Pydantic-AI, and MCP servers

https://github.com/Aherontas/Pycon_Greece_2025_Presentation_Agents
42•Aherontas•2d ago•22 comments

Show HN: I built a tool to visually manage my LLM prompt templates and save them

https://promptcanvas.ml4den.com/
3•ml4den•8h ago•2 comments

Show HN: Omarchy on CachyOS

https://github.com/mroboff/omarchy-on-cachyos
63•theYipster•2d ago•62 comments

Show HN: Semlib – Semantic Data Processing

https://github.com/anishathalye/semlib
58•anishathalye•1d ago•12 comments

Show HN: Dagger.js – A buildless, runtime-only JavaScript micro-framework

https://daggerjs.org
76•TonyPeakman•2d ago•73 comments

Show HN: I Collected Every Emoticon I Could Find – All Mood and Generator

https://emoticonhub.com/
2•AdityaGavit•10h ago•1 comments

Show HN: Small Transfers – charge from 0.000001 USD per request for your SaaS

https://smalltransfers.com/
192•strnisa•6d ago•74 comments

Show HN: Quizquestions.org – A free library for quiz questions

https://www.quizquestions.org/
2•Salim99•11h ago•0 comments

Show HN: Drop-in Redis replacement in Rust with 5M+ GET/s

https://github.com/mehrantsi/feox-server
23•mehrant•20h ago•3 comments

Show HN: MCP Server Installation Instructions Generator

https://hyprmcp.com/mcp-install-instructions-generator/
22•pmig•1d ago•6 comments

Show HN: Datadef.io – Canvas for data lineage and metadata management

https://datadef.io/
12•theolouvart•2d ago•6 comments

Show HN: Clean Clode – Clean Messy Terminal Pastes from Claude Code and Codex

https://cleanclode.com
5•thewojo•13h ago•2 comments

Show HN: Alyx, a caffeine tracker with no accountability

https://alyxcaffeinetracker.com/
3•jordanmorgan10•14h ago•1 comments

Show HN: Universal single-letter project commands to speed up your CLI workflow

https://github.com/paldepind/projectdo
2•paldepind2•14h ago•0 comments

Show HN: I built an app store for open-source financial plans (on spreadsheets)

https://finfam.app/explore/views
46•mhashemi•1d ago•14 comments

Show HN: Ruminate – AI reading tool for understanding hard things

https://tryruminate.com/
17•rshanreddy•1d ago•3 comments

Show HN: Vicinae – A native, Raycast-compatible launcher for Linux

https://github.com/vicinaehq/vicinae
178•aurellius•1w ago•34 comments