HN Reader

Google Ends Support for Lynx Browser

72 points by zhenyi 16h ago 27 comments

Google Doesn't Rank My Site for My Own Brand Name

37 points by hypeaccount 17h ago 21 comments

Linter for Your Docs

8 points by gitgallery 15h ago 4 comments

Old timers, what did you read to study Unix or languages by the book?

6 points by theyknowitsxmas 12h ago 12 comments

Ask HN: Good resources for DIY-ish animatronic kits for Halloween?

29 points by xrd 3d ago 8 comments

Ask HN: Would you use a CAPTCHA that blocks browser agents?

5 points by vieews 13h ago 1 comments

Ask HN: Were programmers more surprised than general public by ChatGPT in 2022?

4 points by amichail 15h ago 5 comments

Which would you subscribe: HBR / The Economist / Farnam Street?

3 points by zrakk 17h ago 4 comments

Ask HN: How are you preparing for upcoming short-lived SSL renewals?

6 points by froil 18h ago 8 comments

Ask HN: Who wants to be hired? (September 2025)

123 points by whoishiring 9d ago 375 comments

Ask HN: Looking for headless CMS recommendation

83 points by rakshithbellare 11d ago 88 comments

Plex Update: Notice of a potential security incident

34 points by white_viel 2d ago 11 comments

Ask HN: Who is hiring? (September 2025)

265 points by whoishiring 9d ago 422 comments

Ask HN: What are the best AI video generator online? Both free and paid

9 points by jamessmithe 2d ago 2 comments

YC Demo Day: I mapped out every YC company on an interactive world map

7 points by leonagano 1d ago 3 comments

My Workflow Is 70% AI, 20% Copy-Paste, 10% Panic. What's Yours?

28 points by jamessmithe 1d ago 57 comments

Ask HN: Does anyone else pronounce CLI as "clee"?

5 points by codazoda 1d ago 15 comments

Ask HN: How high is the bar for AGI? what problems are "AGI-complete"?

2 points by adinhitlore 1d ago 3 comments

AI code is creating more Ops incidents – who should own fixing them?

3 points by royvijay 17h ago 2 comments

Google Meet Outage

9 points by thanhhaimai 2d ago 1 comments

Apple adds matmul acceleration to A19 Pro GPU

15 points by aurareturn 1d ago 5 comments

SharedVolume – a Kubernetes operator to sync Git/S3/HTTP/SSH volumes across pods

5 points by bilgehannal 1d ago 0 comments

What tools do you use to monitor for NPM and other dependency vulnerabilities?

2 tiagom87 2 9/11/2025, 7:04:55 AM
Following the npm hack, I think this is an attack vector that will get more popular in the short term. What tools beside npm audit and dependabot, do you use to monitor for dependency security vulnerabilities?

Comments (2)

patrick4urcloud · 3h ago
Hello, We add a check in npm packages in kexa.io .

see https://medium.com/@contact_52772/malicious-npm-packages-aut... .

For futur we can add a call to an open source api to list the ban packages. Thank you, Patrick

palmfacehn · 3h ago
My strategy has been to limit my exposure to the larger NPM/Node.js ecosystem. I'll use it only in limited cases where a front-end dependency is required.