frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•11mo ago

Comments

steele•11mo ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•11mo ago
Lmao, gentrify cracked me up
neilv•11mo ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•11mo ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•11mo ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•11mo ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•11mo ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•11mo ago
May as well just release an executable tbh.
theamk•11mo ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•11mo ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•11mo ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

iOS 27 is adding a 'Create a Pass' button to Apple Wallet

https://walletwallet.alen.ro/blog/ios-27-wallet-create-pass/
106•alentodorov•1h ago•77 comments

AI Product Graveyard

https://tooldirectory.ai/ai-graveyard
73•StriverGuy•54m ago•34 comments

Async Rust never left the MVP state

https://tweedegolf.nl/en/blog/237/async-rust-never-left-the-mvp-state
287•pjmlp•6h ago•144 comments

Should I Run Plain Docker Compose in Production in 2026?

https://distr.sh/blog/running-docker-in-production/
153•pmig•5d ago•127 comments

Bun is being ported from Zig to Rust

https://github.com/oven-sh/bun/commit/46d3bc29f270fa881dd5730ef1549e88407701a5
618•SergeAx•12h ago•437 comments

Empty Screenings – Finds AMC movie screenings with few or no tickets sold

https://walzr.com/empty-screenings
209•MrBuddyCasino•9h ago•172 comments

Lessons for Agentic Coding: What should we do when code is cheap?

https://www.dbreunig.com/2026/05/04/10-lessons-for-agentic-coding.html
129•ingve•6h ago•119 comments

When everyone has AI and the company still learns nothing

https://www.robert-glaser.de/when-everyone-has-ai-and-the-company-still-learns-nothing/
107•youngbrioche•4h ago•68 comments

Hand Drawn QR Codes (2025)

https://sethmlarson.dev/hand-drawn-qr-codes
153•jollyjerry•9h ago•29 comments

Docker 29 has changed its default image store for new installs

https://docs.docker.com/engine/storage/containerd
7•neitsab•3d ago•6 comments

Google Chrome silently installs a 4 GB AI model on your device without consent

https://www.thatprivacyguy.com/blog/chrome-silent-nano-install/
505•john-doe•6h ago•460 comments

Show HN: I built a new word game, Wordtrak

https://wordtrak.com/blog/2026-05-05-I-built-a-new-word-game
18•qrush•1h ago•4 comments

sRGB profile comparison

https://ninedegreesbelow.com/photography/srgb-profile-comparison.html
20•Retr0id•2d ago•2 comments

How OpenAI delivers low-latency voice AI at scale

https://openai.com/index/delivering-low-latency-voice-ai-at-scale/
439•Sean-Der•18h ago•135 comments

Richard Dawkins and the Claude Delusion

https://flux.community/matthew-sheffield/2026/05/richard-dawkins-and-the-claude-delusion/
17•coloneltcb•28m ago•0 comments

CVE-2026-31431: Copy Fail vs. rootless containers

https://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/
136•averi•10h ago•71 comments

Farewell to a Giant of Botany

https://nautil.us/farewell-to-a-giant-of-botany-1280409
57•Brajeshwar•2d ago•4 comments

Train Your Own LLM from Scratch

https://github.com/angelos-p/llm-from-scratch
329•kristianpaul•9h ago•39 comments

Agent Skills

https://addyosmani.com/blog/agent-skills/
302•BOOSTERHIDROGEN•16h ago•151 comments

Mouse Pointer as a Mere Mortal

https://unsung.aresluna.org/mouse-pointer-as-a-mere-mortal/
50•zdw•2d ago•19 comments

Why I Created phpc.tv

https://afilina.com/why-phpc-tv
39•luu•1d ago•9 comments

The Frog for Whom the Bell Tolls

https://sethmlarson.dev/the-frog-for-whom-the-bell-tolls
27•anujbans•6h ago•7 comments

Does Employment Slow Cognitive Decline? Evidence from Labor Market Shocks

https://www.nber.org/papers/w35117
320•littlexsparkee•22h ago•318 comments

Securing a DoD contractor: Finding a multi-tenant authorization vulnerability

https://www.strix.ai/blog/how-strix-found-zero-auth-vulnerability-dod-backed-startup
204•bearsyankees•20h ago•95 comments

Biscuit

https://github.com/yattsu/biscuit
79•unixfg•10h ago•9 comments

2-D Mathematical Curves

https://www.2dcurves.com/
58•the-mitr•9h ago•5 comments

Redis array: short story of a long development process

https://antirez.com/news/164
297•antirez•23h ago•107 comments

Kids bypass age verification with fake moustaches

https://www.theregister.com/2026/05/04/uk_online_safety_act_age_checks_subvert/
177•dreadsword•9h ago•129 comments

Setting up server monitoring for a Rails app on Hatchbox

https://blog.appsignal.com/2026/04/30/setting-up-server-monitoring-for-a-rails-app-on-hatchbox.html
12•andreigaspar•1d ago•2 comments

Talking to strangers at the gym

https://thienantran.com/talking-to-35-strangers-at-the-gym/
1419•thitran•1d ago•694 comments