HN Reader

We should have the ability to run any code we want on hardware we own (hugotunius.se)

2061 points by K0nserv 10d ago 1201 comments

Cognitive load is what matters (github.com)

1573 points by nromiun 11d ago 526 comments

NPM debug and chalk packages compromised (aikido.dev)

1340 points by universesquid 2d ago 752 comments

I ditched Docker for Podman (codesmash.dev)

1101 points by codesmash 5d ago 650 comments

30 minutes with a stranger (pudding.cool)

1082 points by MaxLeiter 7d ago 375 comments

996 (lucumr.pocoo.org)

1027 points by genericlemon24 4d ago 526 comments

Next.js is infuriating (blog.meca.sh)

1024 points by Bogdanp 9d ago 578 comments

I didn't bring my son to a museum to look at screens (sethpurcell.com)

1015 points by arch_deluxe 18h ago 336 comments

The MacBook has a sensor that knows the exact angle of the screen hinge (twitter.com)

1010 points by leephillips 3d ago 487 comments

Show HN: I recreated Windows XP as my portfolio (mitchivin.com)

1006 points by mitchivin 4d ago 316 comments

Anthropic agrees to pay $1.5B to settle lawsuit with book authors (nytimes.com)

979 points by acomjean 5d ago 736 comments

Signal Secure Backups (signal.org)

974 points by keyboardJones 2d ago 440 comments

Show HN: Term.everything – Run any GUI app in the terminal (github.com)

916 points by mmulet 1d ago 126 comments

Using Claude Code to modernize a 25-year-old kernel driver (dmitrybrant.com)

912 points by dmitrybrant 3d ago 313 comments

Charlie Kirk killed at event in Utah (nbcnews.com)

880 points by david927 16h ago 2218 comments

iPhone Air (apple.com)

877 points by excerionsforte 1d ago 1847 comments

Google can keep its Chrome browser but will be barred from exclusive contracts (cnbc.com)

861 points by colesantiago 8d ago 632 comments

I replaced Animal Crossing's dialogue with a live LLM by hacking GameCube memory (joshfonseca.com)

829 points by vuciv 1d ago 176 comments

Pontevedra, Spain declares its entire urban area a "reduced traffic zone" (greeneuropeanjournal.eu)

815 points by robtherobber 1d ago 890 comments

We all dodged a bullet (xeiaso.net)

811 points by WhyNotHugo 1d ago 470 comments

Stripe Launches L1 Blockchain: Tempo (tempo.xyz)

803 points by _nvs 6d ago 1068 comments

Mistral raises 1.7B€, partners with ASML (mistral.ai)

788 points by TechTechTech 2d ago 420 comments

“This telegram must be closely paraphrased before being communicated to anyone” (history.stackexchange.com)

774 points by azeemba 10d ago 135 comments

Chat Control Must Be Stopped (privacyguides.org)

772 points by Improvement 2d ago 252 comments

New Mexico is first state in US to offer universal child care (governor.state.nm.us)

771 points by toomuchtodo 1d ago 650 comments

Almost anything you give sustained attention to will begin to loop on itself (henrikkarlsson.xyz)

767 points by jger15 6d ago 222 comments

Where's the shovelware? Why AI coding claims don't add up (mikelovesrobots.substack.com)

754 points by dbalatero 7d ago 482 comments

Google AI Overview made up an elaborate story about me (bsky.app)

697 points by jsheard 9d ago 278 comments

Claude Code: Now in Beta in Zed (zed.dev)

680 points by meetpateltech 7d ago 406 comments

Eternal Struggle (yoavg.github.io)

678 points by yurivish 10d ago 136 comments

iPhone dumbphone (stopa.io)

672 points by joshmanders 2d ago 390 comments

ICE is using fake cell towers to spy on people's phones (forbes.com)

655 points by coloneltcb 1d ago 253 comments

Claude now has access to a server-side container environment (anthropic.com)

648 points by meetpateltech 1d ago 339 comments

I'm absolutely right (absolutelyright.lol)

648 points by yoavfr 5d ago 266 comments

LLM Visualization (bbycroft.net)

638 points by gmays 6d ago 46 comments

Notes on Managing ADHD (borretti.me)

629 points by amrrs 10d ago 329 comments

Serverless Horrors (serverlesshorrors.com)

613 points by operator-name 4d ago 481 comments

MIT Study Finds AI Use Reprograms the Brain, Leading to Cognitive Decline (publichealthpolicyjournal.com)

610 points by cainxinth 7d ago 566 comments

The maths you need to start understanding LLMs (gilesthomas.com)

609 points by gpjt 8d ago 119 comments

No adblocker detected (maurycyz.com)

608 points by LorenDB 2d ago 375 comments

AI surveillance should be banned while there is still time (gabrielweinberg.com)

599 points by mustaphah 4d ago 220 comments

Wikipedia survives while the rest of the internet breaks (theverge.com)

599 points by leotravis10 6d ago 459 comments

E-paper display reaches the realm of LCD screens (spectrum.ieee.org)

598 points by rbanffy 1d ago 195 comments

Fil's Unbelievable Garbage Collector (fil-c.org)

597 points by pizlonator 6d ago 276 comments

Anthropic raises $13B Series F (anthropic.com)

590 points by meetpateltech 8d ago 634 comments

We already live in social credit, we just don't call it that (thenexus.media)

577 points by natalie3p 8d ago 676 comments

Google: 'Your $1000 phone needs our permission to install apps now' [video] (youtube.com)

564 points by robtherobber 10d ago 570 comments

14 Killed in anti-government protests in Nepal (tribuneindia.com)

561 points by whatsupdog 2d ago 457 comments

Immich – High performance self-hosted photo and video management (github.com)

555 points by rzk 3d ago 205 comments

Bear is now source-available (herman.bearblog.dev)

549 points by neoromantique 9d ago 480 comments

What tools do you use to monitor for NPM and other dependency vulnerabilities?

2 tiagom87 2 9/11/2025, 7:04:55 AM
Following the npm hack, I think this is an attack vector that will get more popular in the short term. What tools beside npm audit and dependabot, do you use to monitor for dependency security vulnerabilities?

Comments (2)

patrick4urcloud · 3h ago
Hello, We add a check in npm packages in kexa.io .

see https://medium.com/@contact_52772/malicious-npm-packages-aut... .

For futur we can add a call to an open source api to list the ban packages. Thank you, Patrick

palmfacehn · 3h ago
My strategy has been to limit my exposure to the larger NPM/Node.js ecosystem. I'll use it only in limited cases where a front-end dependency is required.