Ask HN: Anyone using non-Atlassian tools for sprint+roadmap planning?

1 points by harryosgood 3m ago 0 comments

Minimalism as Anti-Entropy (domofutu.substack.com)

1 points by domofutu 4m ago 0 comments

State Attorney General is investigating why AI chatbots don't like Trump (theverge.com)

1 points by doener 4m ago 0 comments

Guide for bootstrapped SaaS on product development – I'd love feedback (notion.so)

1 points by ste_berna 6m ago 1 comments

I spent 24 hours flirting with Elon Musk's AI girlfriend (theverge.com)

1 points by mparramon 8m ago 0 comments

Beeper is getting a big security upgrade with on-device connections (blog.beeper.com)

1 points by vincentkriek 16m ago 0 comments

Eggs: Healthy or Risky? A Review of Evidence from High Quality Studies (pmc.ncbi.nlm.nih.gov)

1 points by luu 17m ago 0 comments

Show HN: Bytesites.ai – Launch a full website in moments using AI (bytesites.ai)

4 points by nikhil-bplx 20m ago 0 comments

Wttr: Console-oriented weather forecast service (github.com)

2 points by saikatsg 21m ago 0 comments

Advancing Polish Language Models (nask.pl)

1 points by kurhan 22m ago 0 comments

Outsoci – Scrape leads (emails and data) from social media and Google Maps (outsoci.com)

1 points by costingh 23m ago 1 comments

Open-Meteo: Free Weather Forecast API for Non-Commercial Use (github.com)

3 points by saikatsg 25m ago 0 comments

Hyman Rickover and the Nuclear Navy (everything-everywhere.com)

1 points by Ozzie_osman 26m ago 0 comments

Show HN: Help you to build/generate bulk UTM URLs for free (bulkutmbuilder.com)

3 points by rodisproducing 36m ago 0 comments

Show HN: Made Wheel of Names Without Registration (nameonwheel.com)

3 points by artiomyak 36m ago 0 comments

Ask HN: How promote your project?

5 points by FerkiHN 38m ago 1 comments

The Open Source xAI Ani that's next level (github.com)

3 points by wey-gu 39m ago 1 comments

Steam removes games due to pressure from payment processors (automaton-media.com)

2 points by emsy 40m ago 0 comments

Tricking our brains to learn and remember; is all learning incidental? (news.northeastern.edu)

1 points by XzetaU8 41m ago 0 comments

Pixaras.com – Turnkey AI Image Generator SaaS (flippa.com)

2 points by medix 43m ago 0 comments

The King and AI: A humanoid robot painted a picture of Charles. How did it do? (news.sky.com)

3 points by austinallegro 43m ago 1 comments

Ask HN: Is vibe coding viable for real work or operating products/services?

2 points by haebom 44m ago 2 comments

The Case for More Ambition (blog.jxmo.io)

1 points by swyx 45m ago 0 comments

Java Criminally Underhyped? Not Back in 1997. (2021) (dylanbeattie.net)

2 points by SerCe 48m ago 1 comments

Show HN: AI‑Powered Risk Intelligence Platform (riskify.net)

1 points by kevin_7 56m ago 0 comments

Free Font Converter – No More Format Headaches (indiehackers.com)

1 points by teamcampapp 56m ago 0 comments

ASMR AI: Generate AI ASMR Videos with High Quality ASMR Voice (asmrai.net)

1 points by kaitian-dev 1h ago 0 comments

Trump administration pulls $4B in federal funding for California's bullet train (apnews.com)

3 points by petethomas 1h ago 0 comments

The Hubble BLE Finding Network (hubble.com)

1 points by adunk 1h ago 0 comments

Ask HN: How are you tracking dev productivity without feeling micromanaging?

2 points by kimzhang 1h ago 2 comments

Animal Trainers Breland-Bailey and Bailey's "Patient Like the Chipmunks" [video] (youtube.com)

1 points by sandspar 1h ago 1 comments

Free Burndown Chart Generator – Ship Your Projects Faster (teamcamp.app)

1 points by teamcampapp 1h ago 0 comments

Show HN: Linux CLI tool to provide mutex locks for long running bash ops (github.com)

11 points by bigattichouse 1h ago 4 comments

Open Sesame: Poems with Entropy (benwr.net)

2 points by todsacerdoti 1h ago 0 comments

Kiro vs. Cursor – AI IDE comparison breakdown (aicodingtools.blog)

1 points by zhangchengzc 1h ago 0 comments

Claude Code Just Stops (old.reddit.com)

6 points by schappim 1h ago 0 comments

Ask HN: What are your favorite one-liner shell commands you use?

7 points by rajkumarsekar 1h ago 6 comments

Perplexity partners with India's #2 carrier for free 12 months Pro to 360M users (twitter.com)

2 points by jmsflknr 1h ago 0 comments

Check out 9k expired Chrome extensions with traffic and rating data (nichetools.net)

1 points by mattmerrick 1h ago 0 comments

Numbers from my recent job hunt (shanebarry.com)

2 points by Shane325 1h ago 4 comments

Betting against YouTube Financial Influencers beat the S&P 500 (risky though)? (papers.ssrn.com)

4 points by Corgipower12 2h ago 8 comments

Iris-WebP: Fast, efficient WebP encoder (halide.cx)

2 points by Bogdanp 2h ago 1 comments

OpenAI to take cut of ChatGPT shopping sales in hunt for revenues (ft.com)

7 points by mmarian 2h ago 4 comments

MacPlusDancer: Microsoft Plus! Dancers for macOS (github.com)

3 points by archagon 2h ago 1 comments

Show HN: GST Calculator (gstcalculator.app)

1 points by hapJam 2h ago 0 comments

1990 Networking: LAN Manager 2.0 (os2museum.com)

4 points by ingve 2h ago 0 comments

Original Xbox Hacks: The A20 CPU Gate (2021) (connortumbleson.com)

40 points by mattweinberg 3h ago 2 comments

Michael "The Grinder" Mizrachi Wins 2025 World Series of Poker Main Event (pokernews.com)

2 points by indigodaddy 3h ago 0 comments

Watch videos in your preferred language (support.google.com)

1 points by thunderbong 3h ago 1 comments

Show HN: ChainTok – Immortalize your love on Bitcoin's eternal ledger (app.chaintok.com)

1 points by zzhan 3h ago 0 comments

North Korean XORIndex malware hidden in 67 malicious NPM packages

30 Bogdanp 8 7/16/2025, 8:23:08 AM bleepingcomputer.com ↗

Comments (8)

bn-l · 21h ago

It’s weird how an npm package can just do all this still, to this day.

Bridged7756 · 14h ago

Given the size of the JavaScript ecosystem, it is indeed baffling how behind npm is. One npm i and a typo away from getting hacked.

cyanydeez · 17h ago

North korea and others are likely going if not already, setup an uno reverso and get applicants to do screening tests that require downloading malicious packages.

owebmaster · 19h ago

I "got" hacked by a North Korean hacker. I was lucky the dumb virus was meant for Mac and Windows, not Linux. It got installed to my computer but attempted to steal credentials in places there did not exist in my computer, but it was a close call.

After that I never used npm again.

hollerith · 10h ago

Do you use apps built on Electron? The npm packages chosen for inclusion in the app are not sandboxed in any way IIUC (at least on Linux that is the case).

Some security people are warning against Electron (at least on Linux):

https://github.com/secureblue/secureblue/issues/193#issuecom...

owebmaster · 10h ago

Yeah. Only Codium (VSCode fork) tho and now that I thought about it, time to stop using it.

braebo · 10h ago

How did you know? Now I’m worried I’ve been hacked a billion times testing npm packages just today.

owebmaster · 10h ago

> How did you know?

A recruiter profile disappeared from my inbox in linkedin after I sent a PR to a github project for a an interview so I got suspicious and checked if there was any unrecognized open connection usng `lsof -nPi | grep ESTABLISHED` and there was one, found the script, read it to see what it did - tried to steal crypto and browser credentials.

To be sure it did not install other stuff I could not find I did a full reinstall of the OS. Now I don't use npm ever again.