Show HN: npm-daycare, an NPM proxy that filters out recent & small packages
Show HN (score: 6)Description
- are younger than 48h (it will just provide an old version instead)
- have fewer than 5,000 weekly downloads
https://github.com/stack-auth/npm-daycare
This is in response to the recent supply chain attacks that shattered the JavaScript ecosystem [1]. It's likely not a problem that will go away any time soon, so we figured we'd build something to protect against it.
Doing this on the proxy layer means it will work across the entire system, as proxies are set globally. In the future, we could also add more filters to the proxy.
To get started, just run the Docker container:
docker run -d --rm --name npm-daycare -p 4873:4873 bgodil/npm-daycare
npm set registry http://localhost:4873/
pnpm config set registry http://localhost:4873/
yarn config set registry http://localhost:4873/
bun config set registry http://localhost:4873/
npm view @types/node # has recent updates
npm view pgmock # has <5,000 weekly downloads
You probably also shouldn't rely on this as your only line of defense. Curious to hear what you think!
More from Show
Show HN: Opal Editor, free Obsidian alternative for markdown and site publishing
Show HN: Opal Editor, free Obsidian alternative for markdown and site publishing A fully featured markdown editor and publisher. Free, open-source and browser-first (no backend required). Built with modern technologies like React, TypeScript, Shadcn/UI, and Vite. (thoughtfully crafted, not vibe coded)
Show HN: Control Claude permissions using a cloud-based decision table UI
Show HN: Control Claude permissions using a cloud-based decision table UI We’ve been building visual rule engines (clear interfaces + API endpoints that help map input data to a large number of outcomes) for a while and had the fun idea lately to see what happens when we use our decision table UI with Claude’s PreToolUse hook.<p>The result is a surprisingly useful policy/gating layer– these tables let your team:<p>- Write multi-factor, exception-friendly policies (e.g. deny rm -rf / when --force; allow cleanup only in node_modules; ask on network calls like curl/wget; block kubectl delete or SQL DROP, each with a clear reason)<p>- Roll out policy changes instantly (mid-run, flip a risky operation from allow → ask; the next attempt across devs and agents is gated immediately– no git pull, agent restart, or coordination)<p>- Adopt lightweight governance that is somewhat agent agnostic and survives churn (MCP/skills/etc)- just add columns/rules as new tools and metadata show up<p>- Get a quick central utility to understand which tools are being used, which tools get blocked most often, and why
Show HN: Claude Code Scheduler
Show HN: Claude Code Scheduler I found myself frequently wanting to schedule tasks in Claude Code (both one-time and recurring) so I built a CC plugin to help with that.<p>To install: /plugin marketplace add jshchnz/claude-code-scheduler /plugin install scheduler@claude-code-scheduler<p>Then just tell Claude what you want (some examples):<p>Every Wednesday at 3am find dead code: unused functions, unreachable branches, commented-out code, and unused imports. List by file with line numbers.<p>Schedule a code review every weekday at 9am. Review commits from the last 24 hours, check for bugs, security issues, error handling gaps, and code that needs comments. Summarize with file:line references.
Show HN: Webctl – Browser automation for agents based on CLI instead of MCP
Show HN: Webctl – Browser automation for agents based on CLI instead of MCP
No other tools from this source yet.