HN Reader

Adam (YC W25) Is Hiring to Build the Future of CAD (ycombinator.com)

1 points by HetengAaronLi 4d ago 0 comments

Piramidal (YC W24) Is Hiring Back End Engineer (ycombinator.com)

1 points by dsacellarius 4d ago 0 comments

Mux (YC W16) Is Hiring Engineering ICs and Managers (mux.com)

1 points by mmcclure 5d ago 0 comments

Bild AI (YC W25) Is Hiring (ycombinator.com)

1 points by rooppal 5d ago 0 comments

Infracost (YC W21) Is Hiring First Product Manager to Shift FinOps Left (ycombinator.com)

1 points by akh 5d ago 0 comments

Crimson (YC X25) is hiring founding engineers in London (ycombinator.com)

1 points by markfeldner 5d ago 0 comments

Weave (YC W25) is hiring a founding AI engineer (ycombinator.com)

1 points by adchurch 6d ago 0 comments

Nango (YC W23) Is Hiring a Staff Back End Engineer (Remote) (jobs.ashbyhq.com)

1 points by bastienbeurier 6d ago 0 comments

Gym Class VR (YC W22) Is Hiring – UX Design Engineer (ycombinator.com)

1 points by hackerews 10d ago 0 comments

Relace (YC W23) Is Hiring for Code LLMs (SF)

1 points by pfunctional 10d ago 0 comments

Artie (YC S23) Is Hiring Engineers, AES, and Senior PMM (ycombinator.com)

1 points by j-cheong 11d ago 0 comments

Depot (YC W23) Is Hiring a Solutions Engineer (Remote US and Canada) (ycombinator.com)

1 points by kylegalbraith 12d ago 0 comments

Svix (webhooks as a service) is hiring for a founding marketing lead (svix.com)

1 points by tasn 12d ago 0 comments

Dynamo AI (YC W22) Is Hiring for AI Product Managers (ycombinator.com)

1 points by DynamoFL 12d ago 0 comments

Kapa.ai (YC S23) is hiring research and software engineers (ycombinator.com)

1 points by emil_sorensen 13d ago 0 comments

Optery (YC W22) Is Hiring in Engineering, Legal, Sales, Marketing (U.S., Latam) (optery.com)

1 points by beyondd 14d ago 0 comments

Telli (YC F24) is hiring engineers, designers, and interns (on-site in Berlin) (hi.telli.com)

1 points by sebselassie 14d ago 0 comments

Infisical (YC W23) Is Hiring Solutions Engineers to Scale the OSS Security Stack (ycombinator.com)

1 points by vmatsiiako 15d ago 0 comments

Channel3 (YC S25) Is Hiring a Founding Engineer, NYC (channel3.notion.site)

1 points by aschiff1 15d ago 0 comments

Thunder Compute (YC S24) Is Hiring (ycombinator.com)

1 points by cpeterson42 17d ago 0 comments

Deepnote (YC S19) is hiring engineers to build a better Jupyter notebook (deepnote.com)

1 points by Equiet 17d ago 0 comments

Prosper AI (YC S23) Is Hiring Founding Account Executives (NYC) (jobs.ashbyhq.com)

1 points by XDGC 18d ago 0 comments

The Forecasting Company (YC S24) Is Hiring a Software Engineer (ycombinator.com)

1 points by jfainberg 18d ago 0 comments

Lago – Open-Source Usage Based Billing – Is Hiring in Sales, Eng, Ops (EU, US) (ycombinator.com)

1 points by AnhTho_FR 19d ago 0 comments

Ember (YC F24) Is Hiring Full Stack Engineer (ycombinator.com)

1 points by charlene-wang 19d ago 0 comments

LiteLLM (YC W23) is hiring a back end engineer (ycombinator.com)

1 points by detente18 20d ago 0 comments

SigNoz (YC W21, Open Source Datadog) Is Hiring Platform Engineers (Remote) (jobs.ashbyhq.com)

1 points by pranay01 20d ago 0 comments

Motion (YC W20) Is Hiring Principal Software Engineers (jobs.ashbyhq.com)

1 points by ethanyu94 23d ago 0 comments

Bild AI (YC W25) Is Hiring an Applied AI Engineer (workatastartup.com)

1 points by rooppal 23d ago 0 comments

Text.ai (YC X25) Is Hiring Founding Full-Stack Engineer (ycombinator.com)

1 points by RushiSushi 25d ago 0 comments

Cua (YC X25) is hiring design engineers in SF (ycombinator.com)

1 points by frabonacci 25d ago 0 comments

Active NPM supply chain attack: Tinycolor and 40 Packages Compromised

27 feross 4 9/15/2025, 11:29:40 PM socket.dev ↗

Comments (4)

efortis · 8m ago
Mitigate it with:

  echo "ignore-scripts=true" >> ~/.npmrc
https://blog.uxtly.com/getting-rid-of-npm-scripts
kevin_thibedeau · 20m ago
To avoid LeftPad 3.0 they're going to have to add some sort of signed capabilities manifest to restrict API access for these narrow domain packages. Then attackers would limited to targeting those with network privileges.
JonChesterfield · 21m ago
AI detected potential malware. Plus a bunch of words. Is this a real thing? It does look like all the other npm compromise notes. But the page has AI and potential written on it, so the whole thing may be fabricated, and there are no other comments here.

So on balance I guess I'll ignore it. What a time to be a developer.

aussieguy1234 · 12m ago
They're scanning for credentials. If they can get things like AWS credentials, I would expect to see cloud crypto mining as their next move. So it would be a good idea to keep an eye on your infra if you are affected.