Hacker News: bodash

New comment by bodash in "TanStack Start Now Support React Server Components"

bodash — Thu, 16 Apr 2026 12:24:31 +0000

Astro might be the closest option here. JSX can be used as a templating language for it, and devs can still opt-in for full clientful islands.

New comment by bodash in "AstroNvim"

bodash — Tue, 31 Mar 2026 22:55:21 +0000

AstroNvim v6 just released after neovim 0.12, and it's my favourite out-of-box setup

AstroNvim

bodash — Tue, 31 Mar 2026 22:55:21 +0000

Article URL: https://astronvim.com/

Comments URL: https://news.ycombinator.com/item?id=47594560

Points: 2

# Comments: 1

New comment by bodash in "Axios compromised on NPM – Malicious versions drop remote access trojan"

bodash — Tue, 31 Mar 2026 09:08:00 +0000

Some great tips in this thread and I've been collecting them all at https://github.com/bodadotsh/npm-security-best-practices

China bans Manus founders from leaving country

bodash — Fri, 27 Mar 2026 15:24:17 +0000

Article URL: https://www.euronews.com/next/2026/03/26/china-bans-manus-founders-from-leaving-country-after-meta-acquires-ai-startup-and-reviews-

Comments URL: https://news.ycombinator.com/item?id=47543823

Points: 3

# Comments: 0

New comment by bodash in "Thoughts on slowing the fuck down"

bodash — Wed, 25 Mar 2026 23:11:16 +0000

Exactly! I’ve noticed a resounding amount of people are writing the same pieces recently, it’s almost like everyone’s sounding their alarm for the upcoming tsunami. Who’s listening? Here’s my piece: https://humantodo.dev

New comment by bodash in "Ask HN: What tech stack would you pick to rebuild HN today?"

bodash — Mon, 16 Mar 2026 18:43:53 +0000

Got a link?

New comment by bodash in "Ask HN: What tech stack would you pick to rebuild HN today?"

bodash — Mon, 16 Mar 2026 18:12:36 +0000

Personally, I think Go + HTMX + PostgreSQL + Redis can go a long mile, but I could be missing hindsights

Ask HN: What tech stack would you pick to rebuild HN today?

bodash — Mon, 16 Mar 2026 18:04:47 +0000

Hacker News is famously built with Arc[^1] and I know that users don't care about your tech stack[^2]. BUT, I'm really interested to know, if you had to rebuild HN today, what tech stack would you choose? (the answer is very unlikely to be Arc, right?)

This is to consider all the existing features of HN (auth, comments, updates, text-heavy, etc) but also the "hidden" features like content moderation, filtering bots, shadowbaning, high availability, API, and etc.

[^1]: https://news.ycombinator.com/item?id=28155134 [^2]: https://news.ycombinator.com/item?id=43125981

Comments URL: https://news.ycombinator.com/item?id=47402527

Points: 4

# Comments: 5

New comment by bodash in "Show HN: HUMANTODO"

bodash — Mon, 16 Mar 2026 14:52:30 +0000

I can see how some high-paced teams might see HUMANTODO as speed bumpers in their environments. To that, I say this will be a conscious choice, and a trade-off teams are willing to experiement to see if the intentional slow-down will improve quality over time.

But yeah, give HUMANTODO a go, and I might add examples (blog/videos/etc) of how this actually works and integrates within real life projects.

New comment by bodash in "Show HN: HUMANTODO"

bodash — Sun, 15 Mar 2026 21:08:54 +0000

Hi HN!

Amidst this turbulent time in our industry, I had this idea: what if we applied the "IKEA effect" instead of relying on the "Coding is dead" extremes.

So I spent the weekend working on this concept, and built this site to demonstrate why I think it could be useful in navigating the confusions and anxiety around the usage of AI.

Interested to know your thoughts!

Show HN: HUMANTODO

bodash — Sun, 15 Mar 2026 21:05:53 +0000

Article URL: https://humantodo.dev/

Comments URL: https://news.ycombinator.com/item?id=47391914

Points: 8

# Comments: 3

New comment by bodash in "Replacing JavaScript with Just HTML"

bodash — Sun, 28 Dec 2025 11:41:01 +0000

Just been through several frontend interviews in the last few months, where it's clear that they still judge a developer's JS skills (especially React) than being semantically correct on HTML elements.

Every question/exercise is centred around how well you know React hooks, effect, memoization, modern css-in-js etc. Given I've been working with Astro recently, in one interview I talked about DOM APIs and I can see the interviewer raise an eyebrow. In later stage, even I that passed the exercises, still didn't get the job.

New comment by bodash in "Microsoft denies rewriting Windows 11 in Rust using AI"

bodash — Thu, 25 Dec 2025 10:46:26 +0000

Windows’ downfall will finally give rise to the Linux desktops, already seeing trends in how popular Omarchy is and well received

New comment by bodash in "Ask HN: What are the best engineering blogs with real-world depth?"

bodash — Wed, 24 Dec 2025 01:13:19 +0000

Sure.

Problem I had with the other newsfeeds is that I get distracted by the constant updates, always refresh the front-page, skipping the actual content and just skimming through headlines and comments.

So I built this one, set it as my homepage, and because it doesn't update often, I will actually read the content of the links. When I'm done, I move on to other things in life.

It's curated by matching keywords (focusing on web development) on HN, mostly automated but with few manual adjustments now and then.

New comment by bodash in "Ask HN: What are the best engineering blogs with real-world depth?"

bodash — Tue, 23 Dec 2025 18:25:35 +0000

> https://lessnews.dev

A while ago I felt this "information fatigue" due to the overwhelming updates from the typical news sources (reddit, twitter, even hn).

So I built a _slow_ webdev newsfeed aggregator that doesn't overwhelm you of constant updates, so you focus on reading the actual blog contents and enjoy other things.

New comment by bodash in "Shai-Hulud Returns: Over 300 NPM Packages Infected"

bodash — Mon, 24 Nov 2025 13:15:54 +0000

Most of the best practices can be translated to python ecosystem. It’s not exact 1:1 mapping but change few key terms and tools, the underlying practices should be the same.

Or copy that repo’s markdown into an llm and ask it to map to the pip ecosystem

New comment by bodash in "Shai-Hulud Returns: Over 300 NPM Packages Infected"

bodash — Mon, 24 Nov 2025 12:50:13 +0000

I compiled a list of NPM best practices one can adopt to reduce supply chain attack risks (even if there's no perfect security preventions, _always_): https://github.com/bodadotsh/npm-security-best-practices

Discussion on HN last time: https://news.ycombinator.com/item?id=45326754

New comment by bodash in "NPM flooded with malicious packages downloaded more than 86k times"

bodash — Fri, 31 Oct 2025 10:19:59 +0000

shamless plug but here's a list of things you could follow to mitigate risks from npm: https://github.com/bodadotsh/npm-security-best-practices

New comment by bodash in "Show HN: Tips to stay safe from NPM supply chain attacks"

bodash — Mon, 22 Sep 2025 09:19:17 +0000

The lockfile is updated _after_ any new malicious version is downloaded and installed. If we pinned the exact version, `npm install` will _not_ download and execute any new published versions.

That's why we use `npm ci` or `--frozen-lockfile` to install the exactly versions as lockfiles. But, by default, the `^` operator and just `install` command will check registry for any new releases and download them.

The primary arguments against pinning versions are missing security updates and increased maintenance overhead. But given the patterns we've seen, the attackers really _hope_ we automatically install new releases