Show HN: Safe-NPM – only install packages that are +90 days old
Hacker News (score: 35)Description
Install: npm install -g @dendronhq/safe-npm Usage: safe-npm install react@^18 lodash
How it works: - Queries npm registry for all versions matching your semver range - Filters out anything published in the last 90 days - Installs the newest "aged" version
Limitations: - Won't protect against packages malicious from day one - Doesn't control transitive dependencies (yet - looking into overrides) - Delays access to legitimate new features
This is meant as a 80/20 measure against recently compromised NPM packages and is not a silver bullet. Please give it a try and let me know if you have feedback.
More from Hacker
Show HN: Build the habit of writing meaningful commit messages
Show HN: Build the habit of writing meaningful commit messages Too often I find myself being lazy with commit messages. But I don't want AI to write them for me... only i truly know why i wrote the code i did.<p>So why don't i get AI to help me get that into words from my head?<p>That's what i built: smartcommit asks you questions about your changes, then helps you articulate what you already know into a proper commit message. Captures the what, how, and why.<p>Built this after repeatedly being confused 6 months in a project as to why i made the change i had made...<p>Would love feedback!
Show HN: An A2A-compatible, open-source framework for multi-agent networks
Show HN: An A2A-compatible, open-source framework for multi-agent networks
Use DuckDB-WASM to query TB of data in browser
Use DuckDB-WASM to query TB of data in browser
x86-64 Playground – An online assembly editor and GDB-like debugger
x86-64 Playground – An online assembly editor and GDB-like debugger
No other tools from this source yet.