frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•8mo ago

Comments

steele•8mo ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•8mo ago
Lmao, gentrify cracked me up
neilv•8mo ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•8mo ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•8mo ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•8mo ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•8mo ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•8mo ago
May as well just release an executable tbh.
theamk•8mo ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•8mo ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•8mo ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

Don't rent the cloud, own instead

https://blog.comma.ai/datacenter/
616•Torq_boi•9h ago•251 comments

Company as Code

https://blog.42futures.com/p/company-as-code
48•ahamez•2h ago•20 comments

When internal hostnames are leaked to the clown

https://rachelbythebay.com/w/2026/02/03/badnas/
291•zdw•9h ago•148 comments

CIA to Sunset the World Factbook

https://www.abc.net.au/news/2026-02-05/cia-closes-world-factbook-online-resource/106307724
124•kshahkshah•2h ago•59 comments

Simply Scheme: Introducing Computer Science (1999)

https://people.eecs.berkeley.edu/~bh/ss-toc2.html
37•AlexeyBrin•4d ago•3 comments

A Broken Heart

https://allenpike.com/2026/a-broken-heart/
57•memalign•4d ago•11 comments

The Missing Layer

https://yagmin.com/blog/the-missing-layer/
39•lubujackson•4h ago•35 comments

Making Ferrite Core Inductors at Home

https://danielmangum.com/posts/making-ferrite-core-inductors-home/
55•hasheddan•3d ago•9 comments

Show HN: Micropolis/SimCity Clone in Emacs Lisp

https://github.com/vkazanov/elcity
75•vkazanov•6h ago•18 comments

Programming Patterns: The Story of the Jacquard Loom

https://www.scienceandindustrymuseum.org.uk/objects-and-stories/jacquard-loom
10•andsoitis•3d ago•1 comments

Freshpaint (YC S19) Is Hiring a Senior SWE, Data

https://www.freshpaint.io/about?ashby_jid=3a7926ba-cf51-4084-9196-4361a7e97761
1•malisper•2h ago

Top downloaded skill in ClawHub contains malware

https://1password.com/blog/from-magic-to-malware-how-openclaws-agent-skills-become-an-attack-surface
86•pelario•3h ago•42 comments

Wirth's Revenge

https://jmoiron.net/blog/wirths-revenge/
114•signa11•11h ago•39 comments

Sqldef: Idempotent schema management tool for MySQL, PostgreSQL, SQLite

https://sqldef.github.io/
215•Palmik•4d ago•42 comments

Claude Code: connect to a local model when your quota runs out

https://boxc.net/blog/2026/claude-code-connecting-to-local-models-when-your-quota-runs-out/
327•fugu2•4d ago•164 comments

Nanobot: Ultra-Lightweight Alternative to OpenClaw

https://github.com/HKUDS/nanobot
83•ms7892•5h ago•59 comments

Improving Unnesting of Complex Queries [pdf]

https://15799.courses.cs.cmu.edu/spring2025/papers/11-unnesting/neumann-btw2025.pdf
13•todsacerdoti•4d ago•0 comments

A case study in PDF forensics: The Epstein PDFs

https://pdfa.org/a-case-study-in-pdf-forensics-the-epstein-pdfs/
358•DuffJohnson•1d ago•200 comments

AI is killing B2B SaaS

https://nmn.gl/blog/ai-killing-b2b-saas
406•namanyayg•21h ago•633 comments

Battle-Testing Lynx at Allegro

https://blog.allegro.tech/2026/02/battle-testing-lynx-js-at-allegro.html
25•tgebarowski•5h ago•17 comments

OpenAI Frontier

https://openai.com/index/introducing-openai-frontier/
67•nycdatasci•51m ago•68 comments

GB Renewables Map

https://renewables-map.robinhawkes.com/
4•RobinL•2h ago•0 comments

Microsoft's Copilot chatbot is running into problems

https://www.wsj.com/tech/ai/microsofts-pivotal-ai-product-is-running-into-big-problems-ce235b28
257•fortran77•22h ago•303 comments

A few CPU hardware bugs

https://www.taricorp.net/2026/a-few-cpu-bugs/
85•signa11•11h ago•28 comments

OpenClaw is what Apple intelligence should have been

https://www.jakequist.com/thoughts/openclaw-is-what-apple-intelligence-should-have-been
406•jakequist•14h ago•335 comments

Postgres Postmaster does not scale

https://www.recall.ai/blog/postgres-postmaster-does-not-scale
114•davidgu•22h ago•58 comments

Building a 24-bit arcade CRT display adapter from scratch

https://www.scd31.com/posts/building-an-arcade-display-adapter
172•evakhoury•21h ago•48 comments

Claude Code for Infrastructure

https://www.fluid.sh/
237•aspectrr•20h ago•159 comments

Voxtral Transcribe 2

https://mistral.ai/news/voxtral-transcribe-2
931•meetpateltech•23h ago•229 comments

Remarkable Pro Colors

https://www.thregr.org/wavexx/rnd/20260201-remarkable_pro_colors/
118•ffaser5gxlsll•4d ago•47 comments