https://news.ycombinator.com/user?id=nrenganHacker News RSShttps://hnrss.org/hnrss v2.1.1Sun, 03 May 2026 17:22:38 +0000Well, people weren't checking CVEs before pip install before CC either, CC just scaled the habit to a larger audience at a faster cadence. The blast radius for day-zero compromises is what changed.

]]>Thu, 30 Apr 2026 21:04:08 +0000https://news.ycombinator.com/item?id=47968206nrenganhttps://news.ycombinator.com/item?id=47968206https://news.ycombinator.com/item?id=47968206Most of my pip installs come from Claude Code suggesting them now and me just hitting enter. Model was trained months ago, so it has no clue what got compromised this week. We built the worst possible filter for "is this package safe right now".

]]>Thu, 30 Apr 2026 19:47:38 +0000https://news.ycombinator.com/item?id=47967352nrenganhttps://news.ycombinator.com/item?id=47967352https://news.ycombinator.com/item?id=47967352