Below is a capture from my terminal, using the verify and extract scripts on this Nostr profile that you used. To answer your questions, pb.txt is a text file with my public key. It is the hex version of my Nostr npub ( ea91ee2eff0942115b5515bbdbee1259bcf899f8dc79b33d58524d104e3d5eb5). pb.txt is stored on all of my websites in the root. The huge, scary site.txt is appended to a web page inline, which I show below. I've done some performance tests, and besides making the PNG a standalone artifact with code and data and visual instructions, it performs surprisingly well vs. more traditional methods. It is scary, as it is code and data, which makes verification particularly important... but, really... not much scarier than visiting a website (but if you are running the scripts locally from a CLI, it is even more important to verify). As for the error with verify, unfortunately we live in a constantly changing world, so the imports change over time, but if you use package.json and pin the version, it works, or your patches work great, too for newer versions. These are the same versions of noble curves/hashes I have in my repo package.json, but, of course, there is a catch-22 if you are extracting the repo itself (on floppypng.com). Note that I verify the floppy PNG as part of the web app. I verify against the original extract of the PNG in the application, but with the simplified version below, I don't capture these variables, so you need to remove the verify() at the end to view the site. Or, just use the same HTML from floppypng.com as a bootloader, and that works too. (curl https://floppypng.com).

```
divine@l1g3r-srv-01:~/tmp$ curl > f.png
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1256k 100 1256k 0 0 7287k 0 --:--:-- --:--:-- --:--:-- 7304k
divine@l1g3r-srv-01:~/tmp$ vi ext.js
divine@l1g3r-srv-01:~/tmp$ deno run -A ext.js
divine@l1g3r-srv-01:~/tmp$ ls -l
total 14780
-rw-rw-r-- 1 divine divine 593 Apr 14 06:14 ext.js
-rw-rw-r-- 1 divine divine 6580049 Apr 14 06:15 f
-rw-rw-r-- 1 divine divine 1286599 Apr 14 06:12 f.png
-rw-rw-r-- 1 divine divine 1286542 Apr 14 06:15 f.z
-rw-rw-r-- 1 divine divine 5964092 Apr 14 06:15 site.txt
divine@l1g3r-srv-01:~/tmp$ vi package.json
divine@l1g3r-srv-01:~/tmp$ cat package.json
{
"name": "anything",
"version": "1.0.0",
"dependencies": {
"@noble/curves": "^1.9.2",
"@noble/hashes": "^1.8.0",
"pako": "^2.1.0"
}
}
divine@l1g3r-srv-01:~/tmp$ vi ver.js
divine@l1g3r-srv-01:~/tmp$ npm i
npm warn Unknown builtin config "globalignorefile". This will stop working in the next major version of npm.

added 3 packages, and audited 4 packages in 720ms

2 packages are looking for funding
run `npm fund` for details

found 0 vulnerabilities
divine@l1g3r-srv-01:~/tmp$ deno run -A ver.js
Usage: lverify [Floppy PNG] [144MB Hex Public Key]

divine@l1g3r-srv-01:~/tmp$ ls
ext.js f f.png f.z node_modules package.json package-lock.json pb.txt site.txt ver.js
divine@l1g3r-srv-01:~/tmp$ cat pb.txt
ea91ee2eff0942115b5515bbdbee1259bcf899f8dc79b33d58524d104e3d5eb5
divine@l1g3r-srv-01:~/tmp$ deno run -A ver.js f.png pb.txt
true
divine@l1g3r-srv-01:~/tmp$ cat page.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Floppy PNG</title>
<meta name="viewport" content="width=device-width,initial-scale=1">
</head>
<body>
<div id="l"></div>
<script>
fetch('site.txt').then((resp) => {
resp.text().then((t)=>{
s = document.createElement("script");
s.appendChild(document.createTextNode(t));
document.body.appendChild(s);
})})
</script>
<div id="main"></div>
</body>
</html>

divine@l1g3r-srv-01:~/tmp$ tail -n 3 site.txt
document.getElementById('main').innerHTML = site.rp['index-html'].replace('R0lGODdhAQABAIAAAP///////ywAAAAAAQABAAACAkQBADs=',site.logo);
refresh();
verify();
divine@l1g3r-srv-01:~/tmp$ vi site.txt
divine@l1g3r-srv-01:~/tmp$ npx http-server
Starting up http-server, serving ./

http-server version: 14.1.1

http-server settings:
CORS: disabled
Cache: 3600 seconds
Connection Timeout: 120 seconds
Directory Listings: visible
AutoIndex: visible
Serve GZIP Files: false
Serve Brotli Files: false
Default File Extension: none

Available on:
http://127.0.0.1:8080
http://192.168.52.51:8080
http://192.168.96.1:8080
http://192.168.149.1:8080
Hit CTRL-C to stop the server

[Tue Apr 14 2026 06:24:41 GMT-0700 (Pacific Daylight Time)] "GET /page.html" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:149.0) Gecko/20100101 Firefox/149.0"
(node:2678322) [DEP0066] DeprecationWarning: OutgoingMessage.prototype._headers is deprecated
(Use `node --trace-deprecation ...` to show where the warning was created)

```



Yeah... pretty weird, true, but you have to admit that being able to store your software repo and app to view it as your banner image is pretty cool, and shows the benefit of standalone artifacts. (Setting aside the fact that the current culture of software is an ever-changing, ever-more complex, ever-larger sea.) I don't think people appreciate how much you can do with 1.44MB. We have these huge corporate-sponsored ecosystems with millions of people running it. Layers on frameworks on layers on frameworks... for what? Burning up the biosphere for vertebrates even faster? We seem to love creating our own hell within hell within hell, hiding behind screens.