HackerTrans
TopNewTrendsCommentsPastAskShowJobs

damienwebdev

no profile record

Submissions

Show HN: One-click open-source ecommerce starter (Magento), drive it with Claude

ecommerce-ai-starter.graycore.io
3 points·by damienwebdev·الشهر الماضي·0 comments

CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss

github.com
3 points·by damienwebdev·قبل شهرين·1 comments

LogLeak: Composer GitHub Actions token disclosure in error messages, patched

blog.packagist.com
2 points·by damienwebdev·قبل شهرين·0 comments

Composer leaks contents of tokens configured as GitHub OAuth tokens

github.com
70 points·by damienwebdev·قبل شهرين·27 comments

[untitled]

1 points·by damienwebdev·قبل 5 أشهر·0 comments

Show HN: Open-Source AI CMS Editor for Magento/Adobe Commerce

github.com
1 points·by damienwebdev·قبل 8 أشهر·0 comments

[untitled]

1 points·by damienwebdev·قبل 9 أشهر·0 comments

Show HN: Daffodil – Open-Source Ecommerce Front End, Now with Shopify

demo.daff.io
7 points·by damienwebdev·قبل 9 أشهر·1 comments

Show HN: Daffodil – Open-Source Ecommerce Framework to connect to any platform

github.com
66 points·by damienwebdev·قبل 10 أشهر·8 comments

comments

damienwebdev
·قبل شهرين·discuss
I don't have an exact count, but during my analysis, I found that ~40 of the top 100 starred repos in the PHP ecosystem were impacted. Primarily by jobs that run `on: schedule` or by a maintainer with an `on: push`
damienwebdev
·قبل شهرين·discuss
After yesterday's composer situation, I felt the need to write down my perspective on how this came to be as the vulnerability reporter.
damienwebdev
·قبل شهرين·discuss
It's a mix of responsibility between both systems. A new format combined with an old "bug".
damienwebdev
·قبل شهرين·discuss
I was the reporter on this one. If you have Github Actions in your organization, disable them immediately if you're unsure which version of composer your Github Actions run.
damienwebdev
·قبل 10 أشهر·discuss
From a brief review, it looks like the underlying platform they use is https://www.scayle.com/ (though I'm not sure its the one that was attacked) its just the one I found while looking at their site.
damienwebdev
·قبل 10 أشهر·discuss
I'd like to think that I'm a somewhat "odd" person, but I'm not exactly sure how that reflects in my code. This code hasn't been taken over, it's just been something I've been working on a long time.
damienwebdev
·قبل 10 أشهر·discuss
Just following up that I've fixed this!
damienwebdev
·قبل 10 أشهر·discuss
I noticed this too. I was actually working on this yesterday, https://github.com/graycoreio/daffodil/pull/3946

I got a little side-tracked over the weekend and didn't get a new build of the demo in with the new image loader. I'll have this fixed shortly!
damienwebdev
·قبل 3 سنوات·discuss
There are many tech startup companies that pay for:

1. HN Upvotes 2. Product Hunt Upvotes 3. Github Stars

Why? Because it's all part of their marketing con. For some software companies, they rely on the hivemind to drive the purchase of their vaporware.
damienwebdev
·قبل 3 سنوات·discuss
I'm one of the maintainers of Faker, so hopefully I can help remedy any situation we inadvertently created.

https://fakerjs.dev/api/helpers.html#arrayelement

I believe is what you're looking for. The issue, as I recall, is that all of Faker is random, so what does it mean to have a `random` module namespace. We moved it out of a hope for improved clarity.
damienwebdev
·قبل 4 سنوات·discuss
Businesses will always have commerce problems, so you're pretty stable in terms of consistent income.

If you can make a name for yourself, you can do very well. Especially for Magento, I love the fact that I can make small change, deliver it as a composer package, and then (if the code is good enough) see the results on many brands within a few months.

It's hard to get that close-to-customer visibility anywhere else as most "cool" large scale FOSS projects are dev focused, which means your impact on the lay user is less obvious.
damienwebdev
·قبل 4 سنوات·discuss
Fully agree. The problems are hard, the interested talent is limited (who would want to work on line of business software when academia actively pushes people towards other things), and the problem space (all possible online business configurations) is immense.

Re:frontend, you're absolutely correct. Magento's frontend is a sad state. MageOS is actively looking for ways to move Luma/Blank into a separate installable package so that devs are not forced to see it at every turn.

In terms of Headless, there are a bunch of different heads at this point, but none have yet solved what I call the "upgrade-safe theme" problem.

I like what we've done with Daffodil since it doesn't impose any of those limitations that come with themes, while still handling a lot of the complexity that devs face when building ecommerce stores.
damienwebdev
·قبل 4 سنوات·discuss
MageOS is not a maintenance mode, unfortunately we don't do a good job expressing that.

The goal is to migrate management of the codebase out of Adobe's hands back into the community's. Community PRs, triage, etc.

We're currently working on getting the entire CI pipeline setup in Github Actions (if you're interested in contributing, we could really use friendly faces, it's quite an undertaking). Once we're past that, we have goals that are in progress:

DevX:

1. Correct the dep graph of MageOS to be a legitimate DAG and then use nx/bazel/make, etc to compute the build graph. 2. Create codespaces/gitpods/devcontainers for easier day 1 devs. 3. Rip GraphQl out into a separate package space. 4. Create smaller more use-case specific metapackages so that you're not forced into all of Magento or nothing. 5. Maintain backwards compatibility with existing Magento packages.

UX: 1. Significantly improve overall performance.

MerchX: 1. Improve Merch documentation and make Merch docs easier to consume.

Generally to your question, we're not interested in maintenance, we're interested in taking on the burden of being a better development effort alongside a better merchant experience.

That said, this is not a sales pitch. The problem is hard, but we'd like to prove that we're harder.
damienwebdev
·قبل 4 سنوات·discuss
So, I happen to know this niche extremely well!

I'm one of the maintainers of MageOS (a fork of Magento) as well as a maintainer of Daffodil (a monolithic Angular PWA framework - not Microfrontends yet).

APIS are definitely the way to go but, while that's a great next step, what we're really facing is a standards issues.

Some have tried.

Schema.org as a standard is overly complex and each platform has their own API definition.

Microfrontends can be great as well, but ecommerce has a particularly special problem of requiring extremely performant SSR, so that's always a critical and complex piece to get correct.

However, this article is clearly an ad.
damienwebdev
·قبل 4 سنوات·discuss
I actively hire this way.
damienwebdev
·قبل 4 سنوات·discuss
> Python Django specific sub dependency, that broke the admin interface, which obviously, we don't explicitly test.

There's your problem.
damienwebdev
·قبل 5 سنوات·discuss
My org has forked this to https://github.com/graycoreio/faker.js from a fairly recent verified commit from Marak, even if its only temporary for some semblance of stability.