Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/

8•edent•1y ago

Comments

steele•1y ago

Ooh, free real estate, let's colonize and gentrify package management

aabhay•1y ago

Lmao, gentrify cracked me up

neilv•1y ago

Do these npx business cards run arbitrary code on your computer?

cypherpunks01•1y ago

npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•1y ago

Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•1y ago

Yeah, this seems like a very smart but inherently flawed idea.

cypherpunks01•1y ago

Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.

Xss3•1y ago

May as well just release an executable tbh.

theamk•1y ago

Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•1y ago

Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•1y ago

This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

Chuwi Minibook X

Malaysia enforces ban on social media accounts for children younger than 16

Cloudflare Turnstile requiring fingerprintable WebGL

A 10 year old Xeon is all you need (for 26B-A4B MTP Drafters without GPU)

Decades of Effort Restore Steelhead and Salmon Passage on Alameda Creek

Rubin Tracks Skyscraper-Size Asteroids and Failed Supernovas

ChatGPT for Google Sheets exfiltrates workbooks

1-Bit Bonsai Image 4B Image Generation for Local Devices

Surface Laptop Ultra: Made for World Makers

Dav2d

The Genius of the Barn Owl's Feathers

Two Ways to Draw Infinite Jest's Sierpinski Gasket

United Airlines 767 returns to Newark after Bluetooth name sparks alert

Meta launches Instagram, Facebook, and WhatsApp subscriptions

Sony Launches Bravia 9 II and Bravia 7 II with 'True RGB'

Finding success in industry as a chip designer

Dune's Butlerian Jihad and the Future of AI

The four programming questions from my 1994 Microsoft internship interview (2023)

Unix in East Germany (GDR) (1990)

What if remote working, not AI, is to blame for weak junior hiring?

The Speed of Prototyping in the Age of AI

Websites have a new way to spy on visitors: analyzing their SSD activity

The Website Specification

Restartable Sequences

London's Free Roof Terraces

Linux/M68k

Codex just found a "workaround" of not having sudo on my PC

New Beam Spring Keyboards

Bias Compounds, Variance Washes Out

Show HN: Streambed – Stream Postgres to Iceberg on S3, Supports Postgres Wire