frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•5mo ago

Comments

steele•5mo ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•5mo ago
Lmao, gentrify cracked me up
neilv•5mo ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•5mo ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•5mo ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•5mo ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•5mo ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•5mo ago
May as well just release an executable tbh.
theamk•5mo ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•5mo ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•5mo ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

The Shadows Lurking in the Equations

https://gods.art/articles/equation_shadows.html
24•calebm•44m ago•2 comments

An eBPF Loophole: Using XDP for Egress Traffic

https://loopholelabs.io/blog/xdp-for-egress-traffic
63•loopholelabs•22h ago•11 comments

Removing XSLT for a more secure browser

https://developer.chrome.com/docs/web-platform/deprecating-xslt
15•justin-reeves•51m ago•10 comments

A P2P Vision for QUIC (2024)

https://seemann.io/posts/2024-10-26---p2p-quic/
10•mooreds•59m ago•1 comments

iOS 26.2 to allow third-party app stores in Japan ahead of regulatory deadline

https://www.macrumors.com/2025/11/05/ios-26-2-third-party-app-stores-japan/
123•tosh•2h ago•62 comments

Mr TIFF

https://inventingthefuture.ghost.io/mr-tiff/
813•speckx•16h ago•114 comments

Radiant Computer

https://radiant.computer
15•beardicus•1h ago•1 comments

The grim truth behind the Pied Piper (2020)

https://www.bbc.com/travel/article/20200902-the-grim-truth-behind-the-pied-piper
36•Anon84•2h ago•25 comments

Carice TC2 – An fully analog electric car

https://www.caricecars.com/
5•RubenvanE•40m ago•2 comments

SPy: An interpreter and compiler for a fast statically typed variant of Python

https://antocuni.eu/2025/10/29/inside-spy-part-1-motivations-and-goals/
138•og_kalu•5d ago•54 comments

Founder in Residence at Woz (San Francisco)

1•bcollins34•3h ago

Parsing Chemistry

https://re.factorcode.org/2025/10/parsing-chemistry.html
19•kencausey•1w ago•5 comments

RISC-V takes first step toward international ISO/IEC standardization

https://riscv.org/blog/risc-v-jtc1-pas-submitter/
200•jrepinc•6d ago•76 comments

Hypothesis: Property-Based Testing for Python

https://hypothesis.readthedocs.io/en/latest/
168•lwhsiao•11h ago•95 comments

UPS plane crashes near Louisville airport

https://avherald.com/h?article=52f5748f&opt=0
222•jnsaff2•15h ago•180 comments

Asus Announces October Availability of ProArt Display 8K PA32KCX

https://press.asus.com/news/press-releases/asus-proart-display-8k-pa32kcx-availability/
124•Roachma•1w ago•180 comments

Bluetui – A TUI for managing Bluetooth on Linux

https://github.com/pythops/bluetui
210•birdculture•15h ago•70 comments

Intervaltree with Rust Back End

https://github.com/Athe-kunal/intervaltree_rs
35•athekunal•3d ago•11 comments

Optimism Associated with Exceptional Longevity

https://www.pnas.org/doi/10.1073/pnas.1900712116
28•RickJWagner•1h ago•16 comments

NY Smartphone Ban Has Made Lunch Loud Again

https://gothamist.com/news/ny-smartphone-ban-has-made-lunch-loud-again
39•hrldcpr•1h ago•14 comments

Blue Prince (1989)

https://novalis.org/blog/2025-10-27-blue-prince-1989.html
11•luu•1w ago•12 comments

Apple’s Persona technology uses Gaussian splatting to create 3D facial scans

https://www.cnet.com/tech/computing/apple-talks-to-me-about-vision-pro-personas-where-is-our-virt...
172•dmarcos•5d ago•82 comments

The Microsoft SoftCard for the Apple II: Getting two processors to share memory

https://devblogs.microsoft.com/oldnewthing/20251104-00/?p=111758
74•zdw•12h ago•28 comments

Grayskull: A tiny computer vision library in C for embedded systems, etc.

https://github.com/zserge/grayskull
139•gurjeet•16h ago•11 comments

Pg_lake: Postgres with Iceberg and data lake access

https://github.com/Snowflake-Labs/pg_lake
351•plaur782•22h ago•107 comments

Moving tables across PostgreSQL instances

https://ananthakumaran.in/2025/11/02/moving-tables-across-postgres-instances.html
42•ananthakumaran•3d ago•0 comments

Kosmos: An AI Scientist for Autonomous Discovery

https://arxiv.org/abs/2511.02824
4•belter•22m ago•0 comments

I’m worried that they put co-pilot in Excel

https://simonwillison.net/2025/Nov/5/brenda/
199•isaacfrond•6h ago•140 comments

By the Power of Grayscale

https://zserge.com/posts/grayskull/
242•surprisetalk•5d ago•46 comments

Michael Burry is back with two bets against Nvidia and Palantir

https://www.cnn.com/2025/11/05/business/nvidia-palantir-michael-burry-stock
8•jb1991•27m ago•1 comments