Show HN: Octofriend, a cute coding agent that can swap between GPT-5 and Claude
Hacker News (score: 35)Description
More from Hacker
Swapping two blocks of memory inside a larger block, in constant memory
Swapping two blocks of memory inside a larger block, in constant memory
Ed25519-CLI – command-line interface for the Ed25519 signature system
Ed25519-CLI – command-line interface for the Ed25519 signature system
Microsoft kills IntelliCode in favor of the paid Copilot
Microsoft kills IntelliCode in favor of the paid Copilot
Show HN: Safe-NPM – only install packages that are +90 days old
Show HN: Safe-NPM – only install packages that are +90 days old This past quarter has been awash with sophisticated npm supply chain attacks like [Shai-Hulud](<a href="https://www.cisa.gov/news-events/alerts/2025/09/23/widespread-supply-chain-compromise-impacting-npm-ecosystem" rel="nofollow">https://www.cisa.gov/news-events/alerts/2025/09/23/widesprea...</a>() and the [Chalk/debug Compromise](<a href="https://www.wiz.io/blog/widespread-npm-supply-chain-attack-breaking-down-impact-scope-across-debug-chalk" rel="nofollow">https://www.wiz.io/blog/widespread-npm-supply-chain-attack-b...</a>). This CLI helps protect users from recently compromised packages by only downloading packages that have been public for a while (default is 90 days or older).<p>Install: npm install -g @dendronhq/safe-npm Usage: safe-npm install react@^18 lodash<p>How it works: - Queries npm registry for all versions matching your semver range - Filters out anything published in the last 90 days - Installs the newest "aged" version<p>Limitations: - Won't protect against packages malicious from day one - Doesn't control transitive dependencies (yet - looking into overrides) - Delays access to legitimate new features<p>This is meant as a 80/20 measure against recently compromised NPM packages and is not a silver bullet. Please give it a try and let me know if you have feedback.
No other tools from this source yet.