HN Reader

Milton Friedman – I, Pencil [video] (youtube.com)

2 points by simonebrunozzi 2m ago 0 comments

US deports immigrants from Jamaica, Cuba to African kingdom of Eswatini (apnews.com)

1 points by perihelions 4m ago 0 comments

What Do Commercials About A.I. Promise? (newyorker.com)

1 points by bryanrasmussen 6m ago 0 comments

Show HN: Hoff (github.com)

1 points by complex_city 8m ago 0 comments

Why One Geologist Thinks We Should All Pay More Attention to Rocks (atmos.earth)

1 points by homarp 9m ago 0 comments

Why Women in Tech isn't enough (whitep4nth3r.com)

1 points by synesthetic 10m ago 0 comments

Employers Pay Problem-Solvers, Not Encyclopedias (michaelbastos.com)

1 points by mbastos 11m ago 1 comments

Hyprland 0.50.0 Released (hypr.land)

1 points by clemensnk 12m ago 0 comments

Gitplay: Learn how a software project (using Git) evolved over time (github.com)

1 points by indigodaddy 15m ago 0 comments

Google will enable Gemini to harass and annoy businesses with its questions (theverge.com)

4 points by bbarnett 17m ago 1 comments

I analyzed 50k+ negative app reviews (from 5k+ mobile apps) to get app ideas (bigideasdb.com)

1 points by OmPatel5 19m ago 1 comments

Show HN: Mocksmith.dev – Instantly Generate Relational Test Data (mocksmith.dev)

1 points by mllev 21m ago 1 comments

Poker Bot (pokerbotai.com)

1 points by energy_floww 23m ago 0 comments

Double Pendulums are Chaoticn't [video] (youtube.com)

2 points by shiryel 23m ago 0 comments

Nihon Hidankyo (en.wikipedia.org)

1 points by simonebrunozzi 24m ago 0 comments

Enhancing COBOL Code Explanations: A Multi-Agents Approach Using LLMs (arxiv.org)

1 points by PaulHoule 25m ago 0 comments

Reactive Java Operator-fusion (2016) (akarnokd.blogspot.com)

1 points by mfiguiere 26m ago 0 comments

The Rules for Rulers [video] (youtube.com)

1 points by _feynon 27m ago 0 comments

Deriving Accurate Nocturnal HR, RMSSD and Frequency HRV from Oura Ring (2024) (pmc.ncbi.nlm.nih.gov)

1 points by wslh 27m ago 0 comments

The next 700 programming languages (dl.acm.org)

1 points by gnufx 29m ago 1 comments

Man has shoes tattooed onto his feet because he's 'tired of paying' for new ones (mirror.co.uk)

3 points by austinallegro 29m ago 0 comments

Typogram Studio: A New Tool for Beautiful Typography Design (typogram.co)

2 points by wentin 30m ago 0 comments

Intel's retreat is unlike anything it's done before in Oregon (oregonlive.com)

3 points by cbzbc 33m ago 0 comments

Mapping the AI economy: Which regions are ready for the next technology leap (brookings.edu)

1 points by hunglee2 33m ago 0 comments

High-Speed Rail Route Proposed Between Los Angeles and New York (newsweek.com)

1 points by geox 33m ago 1 comments

Op against Russian hackers Noname, 5 arrest warrants (ansa.it)

1 points by N19PEDL2 33m ago 0 comments

I Got into Deep Learning (vikas.sh)

2 points by skadamat 38m ago 0 comments

Steam bans games that violate the 'rules and standards' of payment processors (engadget.com)

7 points by akyuu 39m ago 1 comments

We Have Made the Decision to Not Continue Paying for BBB Accreditation (mycherrytree.com)

3 points by LorenDB 40m ago 0 comments

Biphasic liquids with shape-shifting and bistable microdomains (nature.com)

1 points by Bluestein 40m ago 0 comments

ReDB – platform for moving data between database technologies (github.com)

1 points by tommihip 41m ago 0 comments

Techniques for Limiting Manipulation of URLs (PDF, Patent) (image-ppubs.uspto.gov)

2 points by absurdistan 44m ago 1 comments

Grappling with the Existential Panic over AI (easydns.com)

1 points by StuntPope 44m ago 0 comments

Tim O'Reilly -Where Is AI on the Enshittification Curve? (oreilly.com)

3 points by rmason 45m ago 0 comments

How I got hired by AWS (2008) (simon.medium.com)

1 points by simonebrunozzi 45m ago 0 comments

Ex-OpenAI engineer pulls the curtain back on a chaotic hot mess (theregister.com)

2 points by rntn 46m ago 0 comments

React JavaScript: From Zero to Hero (reactz2h.com)

2 points by dralexturner 48m ago 2 comments

My friends made plans without me – is it weird to invite myself? (theguardian.com)

1 points by ljf 50m ago 1 comments

8.8 Zero Day CVE in Chrome Patched (bleepingcomputer.com)

2 points by RobSpectre 52m ago 0 comments

Benefits of weight loss on fat tissue (imperial.ac.uk)

2 points by gmays 53m ago 0 comments

How (and why) to do pop-up communes (supernuclear.substack.com)

1 points by simonebrunozzi 54m ago 0 comments

Space Force Accepts New GPS Control System After Years of Delays (airandspaceforces.com)

2 points by mikece 54m ago 0 comments

Trump sues Corporation for Public Broadcasting directors who refused to be fired (arstechnica.com)

5 points by duxup 54m ago 2 comments

Hit (raw.githubusercontent.com)

1 points by zayr 55m ago 1 comments

Brazilian Payment System Pix Under Investigation (ustr.gov)

3 points by owebmaster 57m ago 3 comments

Abraham Lincoln Drew Poetry and Power from His Suicidal Depression (themarginalian.org)

4 points by Bluestein 58m ago 0 comments

Signs of Autism Could Be Encoded in the Way You Walk (sciencealert.com)

24 points by amichail 58m ago 12 comments

Agricultural liming in the US is a large CO₂ sink, say researchers (phys.org)

1 points by PaulHoule 59m ago 0 comments

Attorney General Bailey Fights to Expose Big Tech Censorship of President Trump (ago.mo.gov)

1 points by croes 1h ago 0 comments

HopFront: Generate API-based dashboards instantly (hopfront.com)

1 points by sea-gold 1h ago 0 comments

North Korean XORIndex malware hidden in 67 malicious NPM packages

28 Bogdanp 4 7/16/2025, 8:23:08 AM bleepingcomputer.com ↗

Comments (4)

bn-l · 10h ago
It’s weird how an npm package can just do all this still, to this day.
Bridged7756 · 3h ago
Given the size of the JavaScript ecosystem, it is indeed baffling how behind npm is. One npm i and a typo away from getting hacked.
cyanydeez · 7h ago
North korea and others are likely going if not already, setup an uno reverso and get applicants to do screening tests that require downloading malicious packages.
owebmaster · 8h ago
I "got" hacked by a North Korean hacker. I was lucky the dumb virus was meant for Mac and Windows, not Linux. It got installed to my computer but attempted to steal credentials in places there did not exist in my computer, but it was a close call.

After that I never used npm again.