frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Show HN: Safe-install – safer NPM installs with trusted build dependencies

https://www.npmjs.com/package/@gkiely/safe-install
13•gkiely•6h ago
In light of the ongoing npm supply chain compromises, I built safe-install:

https://www.npmjs.com/package/@gkiely/safe-install

It brings a couple of protections I wanted from npm but are not built in.

Similar to Bun’s trusted dependencies, it lets you disable install scripts by default and define a list of dependencies that are allowed to run build/install scripts:

https://bun.com/docs/guides/install/trusted

It also supports blocking exotic sub-dependencies, similar to pnpm’s `blockExoticSubdeps` setting:

https://gajus.com/blog/3-pnpm-settings-to-protect-yourself-f...

I was hoping npm would eventually add something like this, but it does not seem to be happening soon, so I made a small package for it.

Comments

edoceo•3h ago
Yet again I'm asking folk to look at this artifact mirror that was Show HN a few months ago.

https://github.com/artifact-keeper

It's currently my favourite package gate keeper - after a few years of self-built jank

pjmlp•1h ago
The solution already exists.

Nexus, Artifactory, and many others.

Security minded organisations don't allow cowboy installs into projects, the systems are configured to use internal repos and only IT validated packages got uploaded into them.

Still it might be of value to single devs.

Show HN: A modern Music Player Daemon based on Rockbox firmware

https://github.com/tsirysndr/rockbox-zig
68•tsiry•2d ago•10 comments

Show HN: TikTok but for scientific papers

https://andreaturchet.github.io/website/index.html
108•ciwrl•15h ago•53 comments

Show HN: OpenGravity – A zero-install, BYOK vanilla JS clone of Antigravity

https://github.com/ab-613/opengravity
79•ab613•11h ago•24 comments

Show HN: E2a – Open-source email gateway for AI agents

https://github.com/Mnexa-AI/e2a
36•mnexa•11h ago•3 comments

Show HN: Doomscroll the Goverment's UFO Files as One Gigantic Microfilm

https://hypergrid.systems/war.gov-ufo-viewer/microfilm2?page=2
5•keepamovin•2h ago•3 comments

Show HN: Safe-install – safer NPM installs with trusted build dependencies

https://www.npmjs.com/package/@gkiely/safe-install
13•gkiely•6h ago•2 comments

Show HN: adamsreview – better multi-agent PR reviews for Claude Code

https://github.com/adamjgmiller/adamsreview
80•adamthegoalie•1d ago•47 comments

Show HN: An index of indie web/blog indexes

https://theindex.fyi
139•rocketpastsix•1d ago•39 comments

Show HN: I made a Clojure-like language in Go, boots in 7ms

https://github.com/nooga/let-go
269•marcingas•2d ago•82 comments

Show HN: NodeDB – High Perfomance Multi-Model Database

https://github.com/nodedb-lab/nodedb
4•fs90•8h ago•1 comments

Show HN: Countries where you can leave your MacBook at a random coffee shop

https://vouchatlas.com
70•canergl•2d ago•82 comments

Show HN: Rust but Lisp

https://github.com/ThatXliner/rust-but-lisp
204•thatxliner•2d ago•71 comments

Show HN: Building a web server in assembly to give my life (a lack of) meaning

https://github.com/imtomt/ymawky
419•imtomt•2d ago•223 comments

Show HN: It's like Fiverr but for AI agents – Platform and Open-source kit

https://streetai.org/docs/truuze.html
6•degutemesgen•10h ago•1 comments

Show HN: n8n like workflows for AI agents that control a real VM

https://github.com/aadya940/orbit-ui
6•aadyachinubhai•11h ago•1 comments

Show HN: I've implemented multi-repo workspace support in Agent of Empires

https://github.com/njbrake/agent-of-empires
6•seluj78•11h ago•0 comments

Show HN: A geocities inspired place for your vibed tools

https://www.tinytooltown.com/
6•shanselman•11h ago•0 comments

Show HN: Rapunzel – a tree-style tab terminal emulator for Codex Claude Gemini

https://github.com/salmanjavaid/rapunzel/tree/main
4•WasimBhai•12h ago•0 comments

Show HN: TRUST – Coding Rust like it's 1989

https://github.com/wojtczyk/trust
167•wojtczyk•5d ago•87 comments

Show HN: SyncBank – Self-hosted bank sync for EU banks

https://syncbank.app/
5•samdsgn•13h ago•0 comments

Show HN: Mimik – open-source local-first alternative to Scribe and Tango

https://github.com/westpoint-io/mimik
4•max-roma•13h ago•0 comments

Show HN: Mochi.js: bun-native high-fidelity browser automation library

https://mochijs.com/
47•ccheshirecat•2d ago•19 comments

Show HN: SLayer, a semantic layer maintained by your agent

https://github.com/MotleyAI/slayer
12•yannranchere•16h ago•3 comments

Show HN: I built Tokenyst to stop getting shocked by Claude Code API bills

https://github.com/jher7/tokenyst
9•herrj•17h ago•0 comments

Show HN: All 55,256 Slides of the WAR.GOV/UFO Files Searchable and Linkable

https://hypergrid.systems/war.gov-ufo-viewer/?item=095-dow-uap-pr38-unresolved-uap-report-middle-...
15•keepamovin•1d ago•2 comments

Show HN: Git for AI Agents

https://github.com/regent-vcs/re_gent
122•doshay•3d ago•67 comments

Show HN: Learn2Burp – Surgery-free solution for R-CPD

https://learn2burp.com
3•mmanthey•18h ago•0 comments

Show HN: Airbyte Agents – context for agents across multiple data sources

153•mtricot•6d ago•47 comments

Show HN: Tilde.run – Agent sandbox with a transactional, versioned filesystem

https://tilde.run/
203•ozkatz•5d ago•133 comments

Show HN: Veles – Hybrid (BM25 and semantic) local code search MCP, in Rust

https://github.com/julymetodiev/Veles
4•juliusml•19h ago•0 comments