Show HN: ΣPI – Observe the Cognitive Ability of Your AI Model https://bit.ly/45GfGkE

Show HN: ΣPI – Observe the Cognitive Ability of Your AI Model https://bit.ly/44hQkHe June 25, 2025 at 07:07AM

Show HN: VSCan - Detect Malicious VSCode Extensions https://bit.ly/4lmj4FB

Show HN: VSCan - Detect Malicious VSCode Extensions Did you know that VSCode extensions run with full access to your system—including file system, network, and credentials? Worse, dozens of malicious extensions have already made it into the marketplace, silently compromising devices. I am a security researcher and student developer who ran into this problem myself. To help tackle this, I built a 100% free tool (no login required) that scans VSCode (and Cursor/Windsurf) extensions for: - Hidden malware and obfuscated code - Dangerous permissions and API misuse - Vulnerable dependencies and suspicious network connections Users have already found hundreds of vulnerabilities in extensions. VSCan generates a clean, developer-friendly security report to help you understand what you're installing. Try it out: https://bit.ly/3TGt7cS I have also developed custom sandboxing security architecture to restrict extensions from malicious activity during runtime. There is no existing technology that does this, so if you would be interested in trying it out or learning more, please reach out! I would greatly appreciate any feedback and thanks for your help! _______________________________________________________________________________ Here are some numbers as to what I have detected from a sample of 1077 extensions that are available on the Marketplace: - 3 extensions are marked as malicious by VirusTotal - 7 extensions use malicious network connections (verified by VirusTotal) - 33 extensions have dependencies with critical vulnerabilities - 39 extensions have sensitive information (I have seen api keys, usernames, passwords, etc.) - 204 extension have poor development practices as marked by OSSF - 71 extensions have very high permissions (while not bad can be indicator of potential malicious activity) As an example here is the link to an extension analysis with malicious network endpoints: https://bit.ly/4lquQiz... https://bit.ly/4kXY9t1 June 24, 2025 at 11:32PM

Show HN: Autumn – Open-source infra over Stripe https://bit.ly/4k2Niws

Show HN: Autumn – Open-source infra over Stripe Hey HN, I’m Ayush from Autumn ( https://bit.ly/4l3Rf5y ). Autumn is an open source layer over Stripe that decouples pricing and billing logic from your application. We let you efficiently manage pricing plans, feature permissions, and payments, regardless of the pricing model being used. It’s a bit like if Supabase and Stripe had a baby. Typically, you have to write code to handle checkouts, upgrades/downgrades, failed payments, then receive webhooks to provision features, reset usage limits etc. We abstract this into one function call for all payments flows (checkouts, upgrades, downgrades etc), one function to record usage (so we can track usage limits), and a customer state React hook you can access from your frontend (to handle paywalls, display usage data etc). Here’s a demo: https://www.youtube.com/watch?v=SFARthC7JXc Stripe’s great! But there are 2 main reasons people use Autumn over a direct Stripe setup: (1) Billing infra can get complex. After payments, there’s still handling webhooks, permission management, metering, usage resets, and connecting them all to upgrade, downgrade, cancellation and failed payments states. (2) Growing companies iterate on pricing often: raising prices, experimenting with credits or charging for new features, etc. We save you from having to handle usage-based limits (super common in pricing today), rebuilding in-app flows, DB migrations, internal dashboards for custom pricing, and grandfathering users on different pricing. Ripping out billing flows etc, really sucks. With Autumn, you just make pricing changes in our UI and it all auto-updates. We have a shadcn/ui component library that helps with this. Because we support a lot of different pricing models (subscriptions, usage, credits, seat based etc), we have to handle a lot of different scenarios and cases under the hood. We try to keep setup simple while maintaining flexibility of a native integration. Here’s a little snippet of the architecture of our main endpoint: https://bit.ly/4kYUDOW Currently, the users who get the most value out of us are founders that need to move fast and keep things flexible, but also new/non-technical devs that are more AI native. You can clone the project and explore the repo, or try it out at https://bit.ly/4l3Rf5y , where it’s free for builders. Our repo is https://bit.ly/4nbBKK1 , docs are at https://bit.ly/3HTMBZ2 and demo at https://www.youtube.com/watch?v=SFARthC7JXc We’d love to hear your feedback and how we could make it better! https://bit.ly/4nbBKK1 June 24, 2025 at 01:48PM

Show HN: Weather Watching https://bit.ly/4k1EDdB

Show HN: Weather Watching I was walking around New York last month during some light rain and noticed about half the people had umbrellas open. When the rain picked up a few minutes later, that number jumped closer to 80%. It got me thinking it'd be cool to track this somehow, so I built a website! I am taking a sidewalk livestream, feeding it into a YOLO model for people tracking, then sending a frame of each detected person to Gemini 2.0 Flash, which returns structured JSON about each person's clothing and if they're holding an umbrella. I also had fun making the site look like a TV weather channel. I showed some friends this project and someone mentioned how the legendary Tasks xkcd comic ( https://bit.ly/40l34M7 ) is out of date now. If you want to check whether a photo has birds in it (or if someone is holding an umbrella), you can just ask an inexpensive vision model for JSON. https://bit.ly/4k5E8iL June 23, 2025 at 05:25PM

Show HN: Iroshiki – Indexed Colors for Web https://bit.ly/469upEJ

Show HN: Iroshiki – Indexed Colors for Web Made this local tool for rapidly refreshing the color palette of UIs I work on. Takes a 16 element JSON (color0-color15), like the ANSI escape code spec, and fleshes them out into Tailwind color overrides and semantic aliases. Use this to make the web more weird and colorful :) https://bit.ly/3TCfawB June 23, 2025 at 09:50PM

Show HN: Comparator - I built a free, open-source app to compare job offers https://bit.ly/3TAT2CH

Show HN: Comparator - I built a free, open-source app to compare job offers https://bit.ly/3FRoiKL June 24, 2025 at 01:00AM

Show HN: REPL is the memory layer for multi-agent AI apps – Sherlog‑MCP https://bit.ly/4lbZCvX

Show HN: REPL is the memory layer for multi-agent AI apps – Sherlog‑MCP Hi all, I know the MCP fatigue is real but just wanted to share something I was working on and thought there might be some folks here that might be interested. Working on a Sherlog-MCP: Which is a MCP built around an ipython shell providing a persistent workspace for multiple ai agents to collaborate and work on tasks. One of the applications we are focusing on is bug investigations. Thanks! https://bit.ly/4lh5Wlb June 22, 2025 at 10:52PM

Show HN: Lego Island Playable in the Browser https://bit.ly/3HU3XFi

Show HN: Lego Island Playable in the Browser https://bit.ly/4efhqTV June 23, 2025 at 12:03AM

Show HN: I made beautiful screenshot generator, that's free forever https://bit.ly/3T2rXYY

Show HN: I made beautiful screenshot generator, that's free forever https://bit.ly/44a717t June 22, 2025 at 08:54AM

Show HN: Progressor – coach that breaks down big goals into actionable steps https://bit.ly/3FYm645

Show HN: Progressor – coach that breaks down big goals into actionable steps I built Progressor to help with a problem I kept running into: setting ambitious goals but getting stuck in planning, motivation, or knowing what to do next. You start by describing your goal — the more detailed, the better. Progressor then asks a series of targeted questions to understand your situation. Based on your answers, it creates a personalized step-by-step plan with small, focused daily tasks. Each task comes with relevant guidance and resources. You can adjust the plan at any point, and Progressor sends reminders to help you stay on track. This is not a habit tracker or to-do list — it’s a structured way to move forward on goals that usually feel too big or vague (e.g. launching a product and reaching €10k MRR, switching careers, finishing a personal project). Would love feedback from anyone who’s ever struggled to push a long-term goal over the finish line. https://bit.ly/44dkxav June 22, 2025 at 08:10AM

Show HN: Cutmuse – AI tool for haircut recommendations by face shape https://bit.ly/43VsEJZ

Show HN: Cutmuse – AI tool for haircut recommendations by face shape Hi HN, A few months ago, I started building Cutmuse after hearing the same thing over and over from friends and family: “I never know what haircut suits me.” The idea was to create a tool that uses AI and facial analysis to recommend personalized haircuts, hair colors, and even glasses based on each user’s unique features. You upload a photo (no login required or payment for the free version), and within minutes get a custom style report that includes: Haircuts that fit your face shape Hair color suggestions based on your skin tone Eyewear styles that match your proportions And optional grooming/skincare tips This isn't like Instagram filters or beauty apps that overlay random looks. What makes Cutmuse different is the depth of the analysis. It applies real visagism principles — a method used in professional image consulting — combined with facial landmark detection and color analysis to give you results that are not just aesthetic, but structured. We're currently live with users in 10+ countries and still iterating. This version includes: - A redesigned onboarding and report UX - A completely free plan (instant access, credit card required) - A more accurate styling engine Our stack mixes computer vision, handcrafted logic based on beauty design systems, and practical heuristics tuned from early user feedback. Would love your thoughts — UX, concept, practicality, or anything else. If this seems like a pointless problem to solve, I’d like to hear that too. Thanks for checking it out. With the code CM50 you get a 50% off https://bit.ly/4lbgtPv https://bit.ly/4lbgtPv June 22, 2025 at 05:56AM

Show HN: Luna Rail – treating night trains as a spatial optimization problem https://bit.ly/4kVi0cf

Show HN: Luna Rail – treating night trains as a spatial optimization problem https://bit.ly/3I8hBEz June 18, 2025 at 09:50AM

Show HN: I Built a Public Dashboard to Track My Son's Future Investments https://bit.ly/4ldUnev

Show HN: I Built a Public Dashboard to Track My Son's Future Investments I’m building a public dashboard to track all the investments I make for my newborn son. Crypto, dividends, growth, milestones. You can follow the project here: [mattiasassets.com] Feedback welcome! https://bit.ly/3T2s4Us June 21, 2025 at 12:19PM

Show HN: MMOndrian https://bit.ly/3I7v3sj

Show HN: MMOndrian Made a collaborative, persistent state Mondrian-style painting editor. Feedback welcome! https://bit.ly/3G8rEsG June 21, 2025 at 11:39AM

Show HN: We moved from AWS to Hetzner, saved 90%, kept ISO 27001 with Ansible https://bit.ly/45zB3nE

Show HN: We moved from AWS to Hetzner, saved 90%, kept ISO 27001 with Ansible Earlier this year I led our migration off AWS to European cloud (Hetzner + OVHcloud), driven by cost (we cut 90%) and data sovereignty (GDPR + CLOUD Act concerns). We rebuilt key AWS features ourselves using Terraform for VPS provisioning, and Ansible for everything from hardening (auditd, ufw, SSH policies) to rolling deployments (with Cloudflare integration). Our Prometheus + Alertmanager + Blackbox setup monitors infra, apps, and SSL expiry, with ISO 27001-aligned alerts. Loki + Grafana Agent handle logs to S3-compatible object storage. The stack includes: • Ansible roles for PostgreSQL (with automated s3cmd backups + Prometheus metrics) • Hardening tasks (auditd rules, ufw, SSH lockdown, chrony for clock sync) • Rolling web app deploys with rollback + Cloudflare draining • Full monitoring with Prometheus, Alertmanager, Grafana Agent, Loki, and exporters • TLS automation via Certbot in Docker + Ansible I wrote up the architecture, challenges, and lessons learned: https://bit.ly/4k2Q6tx... I’m happy to share insights, diagrams, or snippets if people are interested — or answer questions on pitfalls, compliance, or cost modeling. https://bit.ly/45E7cdP June 21, 2025 at 10:02AM

Show HN: Tree-hugger-JS: CSS selectors for JavaScript AST analysis and MCP https://bit.ly/4lgvmPY

Show HN: Tree-hugger-JS: CSS selectors for JavaScript AST analysis and MCP I built a library that lets you find code patterns using familiar CSS-like selectors, then connected it to Claude via MCP so AI assistants can understand and refactor codebases. The Approach // Find code patterns with intuitive selectors: const asyncFunctions = tree.findAll('function[async]'); const todoComments = tree.findAll('comment[text ="TODO"]'); const reactHooks = tree.hooks(); // Built-in React support // Chain smart transformations: tree.transform() .rename('oldFunction', 'newFunction') .removeUnusedImports() .toString(); Key Features - CSS-like selectors: function[async], class:has(method), call[text*="fetch"] - Semantic aliases: function matches declarations, expressions, arrows, and methods - Smart transformations: Rename identifiers, remove unused imports, insert code - Built-in queries: functions, classes, imports, React hooks, JSX components - TypeScript support: Full parameter extraction with types - Scope analysis: Track variable bindings and references -- MCP -- I built an MCP server that exposes these capabilities to AI assistants. You can tell Claude: "Find all functions that use console.log and show me their parameters" And Claude can: 1. Parse your codebase 2. Use find_all_pattern('function:has(call[text ="console.log"])') 3. Extract parameter information with types 4. Give you detailed analysis Technical Details - Built on tree-sitter for correctness and performance - 13 MCP tools for comprehensive code analysis - Supports JavaScript, TypeScript, JSX, TSX - Pattern parser converts CSS selectors to AST predicates - Stateful MCP server maintains analysis context Links: - Library: https://bit.ly/3ZGwa8B - MCP Server: https://bit.ly/4jYh3OU - NPM: npm install tree-hugger-js - Claude Code: claude mcp add tree-hugger-js-mcp npx tree-hugger-js-mcp Would love feedback from the community, especially on the MCP. June 21, 2025 at 12:11AM

Show HN: Tool to Automatically Create Organized Commits for PRs https://bit.ly/460AZxi

Show HN: Tool to Automatically Create Organized Commits for PRs I've found it helps PR reviewers when they can look through a set of commits with clear messages and logically organized changes. Typically reviewers prefer a larger quantity of smaller changes versus a smaller quantity of larger changes. Sometimes it gets really messy to break up a change into sufficiently small PRs, so thoughtful commits are a great way of further subdividing changes in PRs. It can be pretty time consuming to do this though, so this tool automates the process with the help of AI. The tool sends the diff of your git branch against a base branch to an LLM provider. The LLM provider responds with a set of suggested commits with sensible commit messages, change groupings, and descriptions. When you explicitly accept the proposed changes, the tool re-writes the commit history on your branch to match the LLM's suggestion. Then you can force push your branch to your remote to make it match. The default AI provider is your locally running Ollama server. Cloud providers can be explicitly configured via CLI argument or in a config file, but keeping local models as the default helps to protect against unintentional data sharing. The tool always creates a backup branch in case you need to easily revert in case of changing your mind or an error in commit re-writing. Note that re-writing commit history to a remote branch requires a force push, which is something your team/org will need to be ok with. As long as you are working on a feature branch this is usually fine, but it's always worth checking if you are not sure. https://bit.ly/4kJiqlK June 20, 2025 at 04:22AM

Show HN: ATAC, an event verification platform evidence based https://bit.ly/4naqIVi

Show HN: ATAC, an event verification platform evidence based https://bit.ly/4efIh2m June 20, 2025 at 02:27AM

Show HN: Tiny Hoare logic verifier using SMT https://bit.ly/4482N01

Show HN: Tiny Hoare logic verifier using SMT https://bit.ly/40fAoUG June 18, 2025 at 01:49AM

Show HN: I wrote a new BitTorrent tracker in Elixir https://bit.ly/4k3qEnM

Show HN: I wrote a new BitTorrent tracker in Elixir Hello everyone! I'm currently in a journey to learn and improve my Elixir and Go skills (my daily job uses C++) and looking through my backlog for projects to take on I decided Elixir is the perfect language to write a highly-parallel BitTorrent tracker. So I have spent my free time these last 3 months writing one! Now I think it has enough features to present it to the world (and a docker image to give it a quick try). I know some people see trackers as relics of the past now that DHT and PEX are common but I think they still serve a purpose in today's Internet (purely talking about public trackers). That said there is not a lot going on in terms of new developments since everyone just throws opentracker in a vps a calls it a day (honorable exceptions: aquatic and torrust). I plan to continue development for the foreseeable future and add some (optional) esoteric features along the way so if anyone currently operates a tracker please give a try and enjoy the lack of crashes. note: only swarm_printout.ex has been vibe coded, the rest has all been written by hand. https://bit.ly/4kPVTny June 19, 2025 at 11:49PM