Show HN: PrinceJS – 19,200 req/s Bun framework in 2.8 kB (built by a 13yo)
Hey HN,
I'm 13, from Nigeria, and I just released PrinceJS — the fastest web framework for Bun right now.
• 19,200 req/s (beats Hono/Elysia/Express)
• 2.8 kB gzipped
• Tree-shakable (cache, AI, email, cron, SSE, queue, test, static...)
• Zero deps. Zero config.
Built in < 1 week. No team. Just me and Bun.
Try it: `bun add princejs`
GitHub: https://github.com/MatthewTheCoder1218/princejs
Docs: https://princejs.vercel.app
Brutal feedback welcome. What's missing?
– @Lil_Prince_1218
Comments URL: https://news.ycombinator.com/item?id=45957402
Points: 133
# Comments: 65
Mon, 17 Nov 2025, 7:45 pm
Show HN: ESPectre – Motion detection based on Wi-Fi spectre analysis
Hi everyone, I'm the author of ESPectre.
This is an open-source (GPLv3) project that uses Wi-Fi signal analysis to detect motion using CSI data, and it has already garnered almost 2,000 stars in two weeks.
Key technical details:
- The system does NOT use Machine Learning, it relies purely on Math.
— Runs in real-time on a super affordable chip like the ESP32.
- It integrates seamlessly with Home Assistant via MQTT.
Comments URL: https://news.ycombinator.com/item?id=45953977
Points: 157
# Comments: 37
Mon, 17 Nov 2025, 2:40 pm
An exposed .git folder let us dox a phishing campaign
This past Friday afternoon, a member in our Discord server reported a phishing email pointing to a fake login page.
We took up to research it and because of clumsy decisions by the attacker we got their GitHub and their operational Telegram bot.
Screenshots: https://imgur.com/a/FTy4mrH
Sometimes the attacker incompetence can be a defender's best weapon ¯\_(ツ)_/¯
The phishing page was a standard clone of an "email", unbranded anf generic service. A bit of gobuster reconnaissance and we got the site's .git directory publicly accessible and listing its contents.
Inspecting of the requests also got us the first Telegram bot token.
This is the digital equivalent of leaving the blueprints to your entire operation, including past versions and deleted files, lying on the front lawn.
We pulled the repository, found automated deployments and multiple fake pages with different hardcoded Telegram bot tokens and Chat IDs.
With the source code, repo and the active Telegram bot token, we filed detailed abuse reports:
- GitHub: We reported the repository containing the phishing kit's source code. It was taken down for violating TOS.
- Telegram: We reported the bot using the provided token and chat ID, leading to its removal.
- Hosting Provider: The malicious site was reported and taken offline.
Lesson learned? Never deploy a .git folder to production. Even if you are a criminal.
Acknowledgement: This was a collaborative effort by members of the BeyondMachines Discord community. The crowdsourced speed and collaboration helped us take this down very fast.
Comments URL: https://news.ycombinator.com/item?id=45943802
Points: 57
# Comments: 15
Sun, 16 Nov 2025, 9:29 am