Top Stories
Axios Compromised on NPM — Malicious Versions Drop Remote Access Trojan
1,740 points · 704 comments
A massive supply chain attack hit the widely-used Axios HTTP client. Malicious versions were published to npm containing a remote access trojan, affecting potentially millions of downstream projects. This is one of the biggest npm supply chain incidents in recent memory and has the HN community in full incident-response mode.
Claude Code Source Leak via NPM Registry Map File
1,798 points · 884 comments
Anthropic’s Claude Code had its source code inadvertently exposed through a source map file left in the npm registry. The leak revealed internal tooling details, prompting a deep dive from the community. A companion post analyzes what the code reveals, including internal system prompt patterns and tool architecture.
OpenAI Closes Funding Round at $852B Valuation
177 points · 158 comments
OpenAI announced a $122B raise, pushing its valuation to a staggering $852 billion. The round is meant to “accelerate the next phase of AI.” HN commenters are debating whether the valuation is justified and what this signals for the broader AI industry.
Microsoft: Copilot Is for Entertainment Purposes Only
393 points · 152 comments
Microsoft quietly updated Copilot’s terms to include an “entertainment purposes only” disclaimer — a move that drew sharp reactions. The community is reading this as a legal hedge against liability for AI-generated advice, and the irony of marketing an enterprise productivity tool this way isn’t lost on anyone.
GitHub’s Historic Uptime
321 points · 93 comments
A detailed analysis of GitHub’s uptime track record over the years, revealing some surprising patterns. A great read for anyone interested in infrastructure reliability and what “five nines” actually looks like in practice for a platform this critical to the developer ecosystem.
OkCupid Gave 3M Dating-App Photos to Facial Recognition Firm, FTC Says
228 points · 53 comments
The FTC revealed that OkCupid shared roughly 3 million user photos with a facial recognition company — without user consent. A stark reminder of how dating app data can end up in unexpected and unsettling places.
Audio Tapes Reveal Mass Rule-Breaking in Milgram’s Obedience Experiments
181 points · 116 comments
Newly analyzed audio recordings from the famous Milgram obedience experiments show significant deviations from the published methodology. This challenges the long-accepted narrative about human obedience to authority — a fascinating story at the intersection of psychology and scientific integrity.
Open Source CAD in the Browser (Solvespace)
258 points · 81 comments
Solvespace, a parametric 3D CAD tool, is now available as a browser-based application. Having a capable, free CAD tool that runs anywhere with a browser is a big deal for the open-source hardware and maker community.
Cohere Transcribe: New Speech Recognition Model
137 points · 46 comments
Cohere launched Transcribe, their speech recognition offering. The AI/ML community is evaluating how it stacks up against Whisper and other alternatives, with early reports suggesting strong multilingual performance.
”Slop Is Not Necessarily the Future”
128 points · 235 comments
A thoughtful essay from Greptile pushing back on the doom-and-gloom narrative about AI-generated content quality. The unusually high comment-to-point ratio signals a heated and substantive debate about where AI code and content generation is actually heading.
Also Trending
- Combinators (119 points) — A deep dive into combinatory logic. rubenverg.com
- GitHub Monaspace Case Study (99 points) — Behind the design of GitHub’s monospace font family. lettermatic.com
- Postgres Extension for BM25 Full-Text Search (65 points) — Relevance-ranked search built into Postgres by Timescale.
- From 300KB to 69KB per Token (59 points) — How LLM architectures solve the KV cache problem.
- 4D Doom (40 points) — Doom, but in four spatial dimensions. Because why not.