from Hacker News

N8n – Flexible AI workflow automation for technical teams

by XCSme on 5/3/25, 2:31 PM with 99 comments

by _pdp_ on 5/3/25, 11:14 PM
IMHO, N8n isn't great if you care about security.
It's not that the tool itself is inherently insecure - it's more about how users are encouraged to use it.
Nearly all workflows built using N8n that I've seen face some kind of prompt injection vulnerability. This is primarily because, in most cases, you configure the LLM by directly inserting external data into the system prompt. As many of you know, the system prompt has the highest execution priority, meaning instructions placed there can heavily influence how the LLM interacts with its tools.
While this isn't exploitable in every situation, it can often be exploited rather generically: by embedding prompts in your social media bio, website, or other locations from where these workflows pull data. Recently, I've managed to use this technique to prompt a random LinkedIn bot to email me back a list of their functions. That's not overly exciting in itself, but it clearly demonstrates the potential for malicious use.
This issue is not specific to N8n. Other tools do it too. But it seems to me there is little to no awareness that this is in fact a problem.
There is a better, safer way to incorporate external data into LLM prompts without jumping through hoops, but unfortunately, that's not how things are currently done with N8n, at least as of today.
by jasongill on 5/3/25, 3:14 PM
n8n has been good but not great in our organization (and we pronounce it "Nathan", to answer someone else's question). It's effectively a self-hosted version of Zapier and has quite a few built-in integrations. It's a bit more annoying to use than Zapier (but the price is right), and the AI features are currently about like the AI features of every other product: basically sufficient to tell investors "we do AI!" but not anything you're going to actually use.
The one frustration we have with n8n is trying to create custom "apps" (triggers or destinations for workflows). It's clear that the custom apps are an afterthought and have gone through multiple iterations of "here's the best way to do it", and you end up having to just keep trying until you get it to do what you want. Annoyingly, there's no way to manage custom apps in the interface itself - you have to create a Javascript module and then inject it into a .npm directory somewhere inside of the applications Docker container, which just doesn't feel very "professional".
If n8n would add some kind of admin interface for managing custom apps - especially just supporting basic use cases like specifying a REST API as a reusable custom app - it would be great, but still has a ways to go in terms of features (like better user permissions management as part of the lackluster SSO) before it's truly going to be an enterprise grade solution.
That said, we tried Windmill first and while it was cool for the devs who were able to see the vision, the non-technical users hated it and have heavily praised n8n once we created a custom app to let them integrate with our system.
Overall I would say n8n is worth trying if you need something like this, but expect to do some tinkering if you go beyond what it does out of the box.
by photon_garden on 5/3/25, 6:46 PM
We’ve been using n8n in production for the last few months at my startup and are planning on migrating to regular backend code.
Pros:
- Good observability. It’s handy that they track all executions and let you see when workflows run.
- Usable for non-technical people.
- They’ve had all the integrations we needed.
Cons:
- Implementing parallel execution for async parts of the workflow is complicated and flaky.
- Pricing is expensive for the hosted version.
- Version control is bad.
- If you have engineering capacity, it’s faster and simpler to write some more backend code if you already have a backend.
by ChrisGammell on 5/3/25, 3:10 PM
A while back I used it to glue together a bunch of APIs to make a geofence on top of a WiFi location service my company offers. Super easy to prototype external computation without something like severless/lambda (which would be the likely path for production)
https://blog.golioth.io/a-2-geofence-wi-fi-location-here-com...
by fzysingularity on 5/3/25, 7:40 PM
We (at https://vlm.run) use n8n internally for a lot of automations and it’s been great (Reddit/HN scraping), slack automations, cron jobs for sales etc.
We also made a custom node for popular document/image/video ETL jobs like document-to-markdown, audio/video transcriptions with VLMs (Vision Language Models).
https://github.com/vlm-run/n8n-nodes-vlmrun
https://www.npmjs.com/package/@vlm-run/n8n-nodes-vlmrun/v/0....
by hypefi on 5/3/25, 5:58 PM
Tried it, but in an age where AI does a lot of the work in coding, I think just using code to automate things is better than using n8n, the visual aspect though of the AI agents nodes, chains and workflows is the one thing that is interesting in n8n
by preya2k on 5/3/25, 2:53 PM
If you’re looking for an Open Source alternative, give Windmill a try.
by nico on 5/3/25, 3:03 PM
Can someone talk about their experience using n8n? I’ve seen it in passing a lot lately, but I wonder what some good successful use cases are
by kfogel on 5/3/25, 3:33 PM
Wow. This project was the cause of a very long and intense discussion about mis-use of the term "open source". See https://github.com/n8n-io/n8n/issues/40#issuecomment-5397146... for details (lands mid-thread -- you might want to scroll back to see the start, and if you read the whole thing to the end then you deserve some sort of award!).
TL;DR: The author originally tried to call n8n "open source" but while using a non-open-source license. After much discussion, he kept the license but stopped using the label "open source", to the relief of many people.
That half-decade-old thread is still what I point to when I want to explain to someone why preserving the specificity of the term "open source" matters.
by SKILNER on 5/3/25, 3:18 PM
Is the UX of the name any indication of the UX of the product?
by Jefro118 on 5/3/25, 7:25 PM
How do people integrate steps on websites/web scraping into their larger workflows? I’m looking to try and integrate my own browser RPA tool [1] into n8n but I’m not sure how useful it is.
[1] - https://browsable.app
by behnamoh on 5/3/25, 2:50 PM
How is the name pronounced? Like nate-n, which is a play on Nathan?
Aside from that, I've been thinking about no/low-code solutions for educational purposes. I'm an incoming professor of a university and most my students have little background in CS or related fields. The university insists on using tools like Alteryx but I want to see if free open-source solutions exist (because that way, students can use the tools after graduation).
So far I've seen Dify, Flowise, Langflow, n8n, Make. The last two seem to be more general while the other ones are tailored to LLMs (which is the focus of my courses—applications of LLMs in management).
by SansGuidon on 5/4/25, 7:49 AM
As a former user of N8N the tool looked interesting to me but I ended up converting most of my use cases into shell scripts, python scripts executed by cron jobs, and into ci/cd jobs. It gave me more flexibility about the tech stack I need, and a greater ease of debugging and developing robust designed tools.
I guess N8N was not intuitive for simple things and seemed too complicated for me. I'm now happier with cron jobs/GitOps to manage my automations. On the other hand I also had to replace some IFTTT workflows with my own scripts.
More work for me but I gained quality and control.
by victorbjorklund on 5/3/25, 2:48 PM
N8N is great. Been self-hosting for years.
by Tadpole9181 on 5/3/25, 11:46 PM
Can someone recommend a self-host alternative for n8n? I'd be fine paying for one of the lower tiers to get access to shared workspaces, so I can work with my small team, but if you want to self-host you have to jump up to the Enterprise version which can easily be 20x more expensive.
This makes it unusable for my purpose.
But in my (limited) research into options like Airflow or Dagster or Windmill, they weren't quite at the same level and it doesn't feel like a significant value-add over writing a simple webhook server.
by MattDaEskimo on 5/3/25, 4:58 PM
I've always found that these no-code workflow builders fail to hit the right abstraction - especially when new paradigms are added.
by Izmaki on 5/3/25, 3:19 PM
Looks like a product you'd end up with if a few years back you thought to yourself "how do I make a business combining AI and pipelines?". I don't hate AI as such, I just don't love how it has to be shoved into every product or tech imaginable these days.
by bwfan123 on 5/3/25, 3:00 PM
Isnt this just workflow automation thats been around for decades ? whats ai about it ?
by Valodim on 5/3/25, 2:51 PM
Simple to self host and use, can recommend.
Can't say I'm a fan of the €55M financing round they took though. I mean, congratulations to them, but the growth they'll need to satisfy those investors is so very likely to lead to chasing numbers and enshittifying the product down the line.
by revskill on 5/3/25, 3:15 PM
The funny things about "modern AI workflow builders" is they don't learn anything about n8n, which is universal and having a solid design.
Examples of those failure systems, is SimStudio, just a joke compared to n8n.
by m3kw9 on 5/3/25, 6:32 PM
It would be nice if these sites started off with a usable demo right away, even if it’s on rails. Reading all the technical stuff and having to figure it out that way is very inefficient.
by greatpostman on 5/3/25, 2:52 PM
I’m suspicious about n8n being able to abstract properly to allow for dynamic agentic workflows. Anyone have actual experience?
by throwaway7783 on 5/3/25, 4:49 PM
Did something new happen here? Almost feels like an ad for n8n. This product has been there for a while.
by sa-code on 5/3/25, 6:40 PM
Is this an ad? Can you buy upvotes for HN?
by EcommerceFlow on 5/3/25, 2:52 PM
I have a friend that uses them, but I took a separate route and just decided to learn programming basics, at least enough to be able to vibe code.
I'm thinking why not just use APIs?