frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•1y ago

Comments

steele•1y ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•1y ago
Lmao, gentrify cracked me up
neilv•1y ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•1y ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•1y ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•1y ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•1y ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•1y ago
May as well just release an executable tbh.
theamk•1y ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•1y ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•1y ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

Jerry's Map

http://www.jerrysmap.com/the-map
110•turtleyacht•1h ago•14 comments

Anthropic updates their terms to verify age or identity

https://www.anthropic.com/legal/privacy
27•arunc•18m ago•5 comments

Swift Package Index joins Apple

https://swiftpackageindex.com/blog/swift-package-index-joins-apple
86•JDevlieghere•2h ago•24 comments

F3

https://github.com/future-file-format/f3
485•tosh•3h ago•117 comments

Show HN: TikZ Editor – WYSIWYG editor for figures in LaTeX

https://tikz.dev/editor/
267•DominikPeters•5h ago•55 comments

The worthlessness of Vitamin D is mildly exaggerated

https://dynomight.net/vitamin-d/
64•surprisetalk•3h ago•31 comments

Unlimited OCR: One-shot long-horizon parsing

https://github.com/baidu/Unlimited-OCR
382•ingve•8h ago•91 comments

San Diego photologs from the 1970s

https://www.beautifulpublicdata.com/san-diego-photologs-from-the-1970s/
109•jonathanmkeegan•3h ago•25 comments

Five monitors on a Commodore 128 [video]

https://www.youtube.com/watch?v=ul5hC3PY1Yg
71•EvanAnderson•1d ago•13 comments

Lift4D: Harmonizing Single-View 3D Estimation for 4D Reconstruction In-the-Wild

https://lift4d.github.io/
86•ilreb•5h ago•7 comments

The Coming Loop

https://lucumr.pocoo.org/2026/6/23/the-coming-loop/
227•ingve•8h ago•180 comments

FUTO Swipe – A new swipe typing model

https://swipe.futo.tech/
20•futohq•2h ago•1 comments

Samsung demonstrates 3D stacked FETs with triple nanosheet channels at 42nm

https://semiconductor.samsung.com/news-events/tech-blog/from-gaa-to-3d-stacked-fet-expanding-the-...
52•its_ajseven•4d ago•20 comments

The deadly rise of giant trucks and SUVs

https://www.nytimes.com/interactive/2026/06/21/us/trucks-suv-pedestrian-crashes.html
164•xnx•1d ago•328 comments

Claude Tag

https://www.anthropic.com/news/introducing-claude-tag
153•adocomplete•2h ago•80 comments

Plotnine

https://plotnine.org/
234•tosh•4d ago•69 comments

Mistral OCR 4

https://mistral.ai/news/ocr-4/
353•meetpateltech•6h ago•90 comments

Performance Improvements in Libffi

https://atgreen.github.io/repl-yell/posts/libffi-plan-cache/
25•atgreen•2d ago•6 comments

Solving Wordle using information theory

https://www.binghamton.edu/news/story/6327/s-m-a-r-t-these-researchers-used-math-to-crack-wordle
37•hhs•2d ago•46 comments

Show HN: Bun-sqlgen – Type-safe raw SQL for Bun, no ORM

https://github.com/ilbertt/bun-sqlgen
49•ilbert•5h ago•23 comments

MSG Made Dossier on Activists Who Opposed Facial Recognition

https://www.404media.co/madison-square-garden-made-dossier-on-activists-who-opposed-facial-recogn...
246•cdrnsf•6h ago•69 comments

AI Hiring Tools Yield Racial Bias and Systemic Rejection; 26% Black & 15% Asian

https://hai.stanford.edu/news/ai-hiring-tools-can-yield-racial-bias-and-systemic-rejection
14•sizzle•1h ago•1 comments

Elevated error rate across multiple models

https://status.claude.com/incidents/jbhf20wjmzrf
183•rob•5h ago•237 comments

The Low-Tech AI of Elden Ring

https://nega.tv/posts/low-tech-ai-of-elden-ring.html
66•g0xA52A2A•8h ago•37 comments

Finding the best dog treat with statistics

https://www.wespiser.com/posts/2026-06-19-best-dog-treat.html
117•wespiser_2018•1d ago•53 comments

Will It Mythos?

https://swelljoe.com/post/will-it-mythos/
290•mindingnever•15h ago•210 comments

Modal Auto Endpoints: Optimized inference you own

https://modal.com/blog/introducing-auto-endpoints
11•handfuloflight•1h ago•1 comments

VibeThinker: 3B param model that beats Opus 4.5 on reasoning with novel SFT+GRPO

https://arxiv.org/abs/2606.16140
356•timhigins•18h ago•185 comments

Lossless GIF recompression via exhaustive search

https://blog.arusekk.pl/posts/lossless-gif-recompression/
49•ZacnyLos•7h ago•12 comments

Show HN: Treedocs: Documentation that automatically checks for staleness

https://dandylyons.github.io/treedocs/
32•DandyLyons•4h ago•17 comments