frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•8mo ago

Comments

steele•8mo ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•8mo ago
Lmao, gentrify cracked me up
neilv•8mo ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•8mo ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•8mo ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•8mo ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•8mo ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•8mo ago
May as well just release an executable tbh.
theamk•8mo ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•8mo ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•8mo ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

Claude Cowork Exfiltrates Files

https://www.promptarmor.com/resources/claude-cowork-exfiltrates-files
229•takira•2h ago•102 comments

The Influentists: AI hype without proof

https://carette.xyz/posts/influentists/
120•LucidLynx•1h ago•57 comments

Sun Position Calculator

https://drajmarsh.bitbucket.io/earthsun.html
23•sanbor•1h ago•6 comments

Show HN: WebTiles – create a tiny 250x250 website with neighbors around you

https://webtiles.kicya.net/
55•dimden•4d ago•4 comments

Ask HN: Share your personal website

283•susam•5h ago•1017 comments

Scaling long-running autonomous coding

https://cursor.com/blog/scaling-agents
5•samwillis•11m ago•0 comments

Why some clothes shrink in the wash and how to unshrink them

https://www.swinburne.edu.au/news/2025/08/why-some-clothes-shrink-in-the-wash-and-how-to-unshrink...
382•OptionOfT•3d ago•205 comments

Roam 50GB is now Roam 100GB

https://starlink.com/support/article/58c9c8b7-474e-246f-7e3c-06db3221d34d
219•bahmboo•6h ago•227 comments

SparkFun Officially Dropping AdaFruit due to CoC Violation

https://www.sparkfun.com/official-response
325•yaleman•7h ago•323 comments

Native ZFS VDEV for Object Storage (OpenZFS Summit)

https://www.zettalane.com/blog/openzfs-summit-2025-mayanas-objbacker.html
40•suprasam•3h ago•5 comments

Show HN: Webctl – Browser automation for agents based on CLI instead of MCP

https://github.com/cosinusalpha/webctl
39•cosinusalpha•7h ago•6 comments

Find a pub that needs you

https://www.ismypubfucked.com/
154•thinkingemote•6h ago•117 comments

I hate GitHub Actions with passion

https://xlii.space/eng/i-hate-github-actions-with-passion/
364•xlii•11h ago•272 comments

Ford F-150 Lightning outsold the Cybertruck and was then canceled for poor sales

https://electrek.co/2026/01/13/ford-f150-lightning-outsold-tesla-cybertruck-canceled-not-selling-...
306•MBCook•5h ago•391 comments

So, you’ve hit an age gate. What now?

https://www.eff.org/deeplinks/2026/01/so-youve-hit-age-gate-what-now
263•hn_acker•5h ago•216 comments

Ski map artist James Niehues, the 'Monet of the mountains' (2021)

https://adventure.com/ski-map-artist-james-niehues/
89•gyomu•3d ago•7 comments

The State of OpenSSL for pyca/cryptography

https://cryptography.io/en/latest/statements/state-of-openssl/
7•SGran•25m ago•0 comments

Ask HN: How do you safely give LLMs SSH/DB access?

27•nico•3h ago•56 comments

Show HN: Digital Carrot – Block social media with programmable rules and goals

https://www.digitalcarrot.app/
24•newswangerd•7h ago•7 comments

Every country should set 16 as the minimum age for social media accounts

https://www.afterbabel.com/p/why-every-country-should-set-16
66•paulpauper•2h ago•91 comments

You Can Just Buy Far-UVC

https://www.jefftk.com/p/you-can-just-buy-far-uvc
43•surprisetalk•4d ago•59 comments

GitHub should charge everyone $1 more per month to fund open source

https://blog.greg.technology/2025/11/27/github-should-charge-1-dollar-more-per-month.html
175•evakhoury•6h ago•159 comments

Show HN: A fast CLI and MCP server for managing Lambda cloud GPU instances

https://github.com/Strand-AI/lambda-cli
15•odedfalik•2h ago•2 comments

Show HN: Harmony – AI notetaker for Discord

https://harmonynotetaker.ai/
20•SeanDorje•2h ago•7 comments

The unbearable frustration of figuring out APIs

https://blog.ar-ms.me/thoughts/translation-cli/
61•ezekg•6h ago•48 comments

Lago (Open-Source Billing) is hiring across teams and geos

1•Rafsark•10h ago

How much of my observability data is waste?

https://usetero.com/blog/the-question-your-observability-vendor-wont-answer
87•binarylogic•6h ago•45 comments

I’m leaving Redis for SolidQueue

https://www.simplethread.com/redis-solidqueue/
288•amalinovic•13h ago•118 comments

Edge of Emulation: Game Boy Sewing Machines (2020)

https://shonumi.github.io/articles/art22.html
100•mosura•7h ago•6 comments

Is Rust faster than C?

https://steveklabnik.com/writing/is-rust-faster-than-c/
183•vincentchau•4d ago•224 comments