Show stories

fanfa.dev is a website that provides free and open-source tools and resources for web development, including a code editor, task runner, and package manager. The site aims to simplify the development workflow and empower developers with a user-friendly platform.

Hello Everyone! We built SQLFlow as a lightweight stream processing engine.

We leverage DuckDB as the stream processing engine, which gives SQLFlow the ability to process 10's of thousands of messages a second using ~250MiB of memory!

DuckDB also supports a rich ecosystem of sinks and connectors!

https://sql-flow.com/docs/category/tutorials/

https://github.com/turbolytics/sql-flow

We were tired of running JVM's for simple stream processing, and also of bespoke one off stream processors

I would love your feedback, criticisms and/or experiences!

Thank you

I'm Clive, a developer from South Africa. Four days ago, Eduardo Borges posted about getting hacked through CVE-2025-55182 (the React Server Components RCE). His server was patched, but the malware stayed, crypto miners, fake services named "nginxs" and "apaches", cron jobs for persistence. CPU at 361%. Part of a 415-server botnet.

That's when I realized: patching removes the vulnerability, but not the infection.

I built NeuroLint originally as a deterministic code transformation tool for React/Next.js (no AI, just AST-based fixes). When this CVE dropped, I added Layer 8: Security Forensics.

It scans for 80+ indicators of compromise: - Suspicious processes (high CPU, random names, fake services) - Malicious files in /tmp, modified system binaries - Persistence mechanisms (cron jobs, systemd services, SSH keys) - Network activity (mining pools, C2 servers) - Docker containers running as root with unauthorized changes - Crypto mining configs (c.json, wallet addresses)

Try it: npm install -g @neurolint/cli neurolint security:scan-breach . --deep

No signup required. Works on Linux/Mac. Takes ~5 minutes for a deep scan.

What's different from manual detection: - AST-based code analysis (detects obfuscated patterns) - 80+ behavioral signatures vs. 5-10 manual grep commands - Automated remediation (--fix flag) - Timeline reconstruction showing when breach occurred - Infrastructure-wide scanning (--cidr flag for networks)

The tool is deterministic (not AI). Same input = same output every time. Uses Babel parser for AST transformation with fail-safe validation - if a transformation fails syntax checks, it reverts.

Built it in 3 days based on Eduardo's forensics and other documented breaches. Already found dormant miners in test environments.

GitHub: https://github.com/Alcatecablee/Neurolint-CLI NPM: https://www.npmjs.com/package/@neurolint/cli

If you were running React 19 or Next.js 15-16 between Dec 3-7, run the scanner even if you already patched. Especially if you already patched.

Happy to answer questions about the detection logic, AST parsing approach, or the CVE itself.

I built a small weekend project to help track RAM prices, since DDR3/DDR4/DDR5 costs have suddenly jumped recently and I was struggling to find good deals for my NAS build.

RamScout scans eBay (UK/US) and ranks RAM listings by price per GB, with filters for type, capacity, speed, condition, etc. It’s a simple MVP — no frills, no accounts, no ads — just a fast way to spot unusually cheap listings.

Would appreciate any feedback, especially on performance, UI, and whether expanding to more regions/vendors would be useful. Thanks!

Hi!

I got tired of setting up tools I can't explain to a team in a few words like sops or git-crypt, just to store few files with environment variables or secrets, so I built lockenv as a simple alternative.

It's basically a password-protected vault file you commit to git. No gpg keys, no cloud, just lockenv init, set a password, and lock/unlock the secrets.

This tool integrates with OS keyring, so you're not typing passwords constantly. Should work on Mac/Linux/Windows, but I tested it only on linux so far.

I am not trying to replace any mature / robust solution, just making small tool for simple cases, where I want to stop sharing secrets via slack.

Feel free to try, thank you!

Diesel-Guard is a tool that helps detect and prevent diesel engine tampering, allowing fleet managers to monitor engine performance and emissions compliance through real-time data analysis and notifications.

The article discusses strategies for maintaining a high-quality codebase, including embracing refactoring, prioritizing technical debt, and fostering a culture of continuous improvement. It emphasizes the importance of balancing feature delivery with sustainable code practices to ensure the long-term health and success of a software project.

Hi HN! I've been building ReadyKit, an open-source SaaS boilerplate that handles all the hard parts: multi-tenant workspaces, Stripe billing, OAuth + MFA authentication, and a production-ready stack.

Built with Python/Flask, PostgreSQL, Redis, and Vue 3, it's designed for indie makers and teams who want to ship SaaS products fast. Clone, configure your OAuth and Stripe keys, and you're running in 5 minutes.

Features include automatic query scoping for workspace isolation, audit logs, role-based access, and a modern UX kit. MIT licensed and free forever.

GitHub: https://github.com/level09/readykit

A small tool that parses C declarations and outputs a simple visual representation at each stage, as it encounters arrays, pointers or functions.

The program uses a table-driven lexer and a hand-written, shift-reduce parser. No external dependencies apart from the standard library.

Hi HN,

Edge.mq makes it very easy to ship data from the edge to S3.

EdgeMQ is a managed HTTP to S3 edge ingest layer that takes events from services, devices, and partners on the public internet and lands them durably in your S3 bucket, ready for tools like Snowflake, Databricks, ClickHouse, DuckDB, and feature pipelines.

Design focus on simplicity, performance and security.

LeetcodeWrapped is a web application that allows users to analyze their LeetCode problem-solving history, including statistics on the problems they've solved, the languages they've used, and their performance over time.

I had an issue where I would journal stuff, and then never look at what I wrote. So I thought it'll be cool to schedule something that will get sent to you at a later time (like a time capsule). Also, was inspired by futureme, where you can send yourself letters that'll arrive in the future.

The article provides strategies and techniques for effectively debugging TypeScript applications, including using the TypeScript compiler, leveraging IDE tools, and employing logging and debugging libraries to identify and resolve issues in TypeScript-based projects.

LinkedQL is a new SQL client that supports live queries over any Postgres, MySQL, and MariaDB database. You get result sets that self-update differentially as rows change in your database – via inserts, updates, deletes. Works with no extra tooling/ORM layer or GraphQL servers. You opt into live mode simply with a flag: client.query('SELECT ...', { live: true }). More at: https://linked-ql.netlify.app/capabilities/live-queries

LinkedQL is written in JavaScript and runs in both client and server environments.

GitHub + docs: https://github.com/linked-db/linked-ql

Demo examples included.

I’d love feedback: • Anything confusing? • Anything seems useful or dangerous? • Anything else that'd make you consider LinkedQL for production?

Thanks for taking a look — happy to answer any questions.

This article discusses the development of a C++ library for parallel vector-accumulation (PVAC) and Helmholtz free energy (HFE) calculations, which are important in molecular dynamics simulations. The library provides optimized, high-performance implementations of these algorithms for efficient scientific computing.

Hi HN!

I built an open source macOS app that allows you to unlock your SSH and GPG key passphrases with Touch ID. You can also store secrets and inject them into your dev environment using the CLI, and store `age` encryption keys in the Secure Enclave.

I started working on this because I was setting up a new computer, and I didn't like how janky the Mac GPG pinentry tool felt.

Secrets management came later because I also wanted an alternative to 1Password's secrets injection, which only works while online for some reason. This allows me to store `axo://...` URLs in my config files, which get dynamically populated with `ap inject`. The vault spec is inspired by SOPs.

The reason this is an app and not just a CLI tool is because it integrates directly with Apple's Security framework and needs to be codesigned and notarized - an interesting (annoying) problem I should write about

Looking to the future, I'm planning to add support for syncing secret vaults with git, SOPs-backed vaults, syncing public keys to Github, GPG key management (I keep forgetting how to renew my keys), and maybe even implement the ssh-agent protocol so I can store my SSH keys in the app. It's a long list but it will solve many paper cuts of mine.

Would love some early feedback, happy to answer any questions.

Hello HN! We're a team of three building a new kind of web-based markdown editor.

There are many editors out there, so one is spoiled for choice, but Kraa's approach is a little different. It's trying to be both a minimal and distraction-free experience while being feature-rich and allowing for tons of use cases.

What Kraa's good for:

- Distraction-free writing & reading (minimal UI, performant, styling logic completely separated from the editing experience)

- Quick sharing of any written text – compared to many other writing tools, your content can be easily shared just by posting a link and giving 'read' or 'edit' access (we also have password-protection)

- Real-time chat / communities – Kraa has some unique features around real-time editing and our Chat widget allows for a frictionless chat experience. No send button.

- Kraa works well on mobile (though dedicated apps are planned)

---

Demo examples (all live, no login needed):

Blog article: https://kraa.io/kraa/examples/echolibrary

Long-form story: https://kraa.io/kraa/examples/insidekick

Magazine: https://kraa.io/weeklyinspiration

Kraa is built on top of ProseMirror (and TipTap) and Svelte.

You don’t need an account to try Kraa. We’d really appreciate your thoughts and feedback!

`cargo install tascli`

Manages your own task and records in the terminal simply with tascli - tiny, fast and simple.

Hi everyone, I built FuseCells, a minimalistic logic puzzle game where every level is handcrafted (no procedural generation). It started as a personal challenge to design a clean rule-set and scale it to thousands of puzzles without losing difficulty balance.

What’s unique: • 2,500 handcrafted levels across multiple grid sizes • Deterministic logic — no guessing required • A rule system inspired by constraint-solving and path-finding concepts • Daily challenges and global progress tracking • Fully built as a solo dev project

Technical notes for those curious: • Level generation tools I wrote validate solvability using a custom constraint solver • Difficulty is estimated via step-count of the solver • The game is optimized to run smoothly on low-end devices • Designed first for iOS, now fully adapted for iPad as well

I’d love feedback from puzzle lovers, game designers, and anyone interested in handcrafted logic design. Here’s the App Store link: [inserați linkul]

Thanks for reading — happy to answer any technical questions!

This article presents a traditional Turkish pasta recipe that combines fresh vegetables, spices, and a unique cooking technique to create a flavorful and satisfying dish. The recipe highlights the versatility of pasta in Turkish cuisine and provides an easy-to-follow guide for home cooks to recreate this authentic cultural dish.

The article discusses the Walrus programming language, which is a statically-typed, object-oriented language that aims to provide a powerful and expressive alternative to languages like Python and Rust. Walrus is designed to be efficient, scalable, and easy to use, with a focus on simplicity and developer productivity.

I’ve been working on a VS Code extension called Nogic that indexes your project and turns it into an interactive graph of files, symbols, imports, calls, and references. The goal is simple: make it much easier for developers to understand how a codebase fits together, especially now that AI is generating more code than ever.

The article introduces mtxt, an open-source, cross-platform text editor designed for technical and programming-related tasks. It highlights mtxt's features, such as support for multiple programming languages, syntax highlighting, and built-in terminal emulator, making it a versatile tool for developers and writers.

Crier is an open-source command-line tool that allows users to easily create and manage virtual environments for their Python projects. It supports multiple Python versions and provides a simple interface for managing dependencies and running commands within isolated environments.

I'm sure folks here have seen pastebins a thousand times. There's no innovation left in this space – and that's kind of the point.

When I wanted to self-host a pastebin, every option I found was too much. Git-based version control, OAuth, elaborate admin panels. I just wanted something I could deploy in under a minute with a CLI that actually works.

So I built pbnj (yes, like the sandwich).

What it is:

- A minimal, beautiful pastebin with syntax highlighting for 100+ languages

- One-click deploy to Cloudflare (free tier gives you ~100,000 pastes)

- CLI-first: pbnj file.py → get a URL, copied to clipboard

- Memorable URLs: crunchy-peanut-butter-sandwich instead of x7f9a2

- Private pastes with optional secret keys

- Web UI for when you're not in a terminal

What it isn't:

- No accounts, no OAuth, no git integration

- No multi-user support (fork it and run your own)

- No expiring pastes, no folders, no comments

- Not trying to replace Gist or be a "platform"

Why not just use Gist? Maybe you want to own your data. Maybe you enjoy self-hosting things. Or maybe you're a little autistic like me and just like having your own stuff.

Live demo: https://pbnj.sh GitHub: https://github.com/bhavnicksm/pbnj CLI: npm install -g @pbnjs/cli

If this scratches an itch for you, I'd appreciate a star on GitHub. Happy to answer any questions!

Hey everyone! I just built a mobile app using Expo (React Native) for a platform that moves $6M/month. It’s a neobank used by 6,500+ nonprofit organizations across the world.

One of my biggest challenges, while juggling being a full-time student, was getting permission from Apple/Google to use advanced native features such as Tap to Pay (for in-person donations) and Push Provisioning (for adding your card to your digital wallet). It was months of back-and-forth emails, test case recordings, and also compliance checks.

Even after securing Apple/Google’s permission, any minor fix required publishing a new build, which was time-consuming. After dealing with this for a while, I adopted the idea of “over the air updates” using Expo’s EAS update service. This allowed me to remotely trigger updates without needing a new app build.

The 250 hours I spent building this app were an INSANE learning experience, but it was also a whole lot of fun. Give the app a try, and I’d love any feedback you have on it!

btw, back in March, we open-sourced this nonprofit neobank on GitHub. https://news.ycombinator.com/item?id=43519802

The article recounts the author's reintroduction to computers through the Raspberry Pi, a small, affordable, and versatile single-board computer. It highlights the author's enthusiasm for exploring the capabilities of the Raspberry Pi and its potential for various applications.