frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•10mo ago

Comments

steele•10mo ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•10mo ago
Lmao, gentrify cracked me up
neilv•10mo ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•10mo ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•10mo ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•10mo ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•10mo ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•10mo ago
May as well just release an executable tbh.
theamk•10mo ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•10mo ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•10mo ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

Astral to Join OpenAI

https://astral.sh/blog/openai
778•ibraheemdev•4h ago•485 comments

Show HN: Three new Kitten TTS models – smallest less than 25MB

https://github.com/KittenML/KittenTTS
88•rohan_joshi•1h ago•21 comments

An update on Steam / GOG changes for OpenTTD

https://www.openttd.org/news/2026/03/19/steam-changes-update
7•jandeboevrie•19m ago•0 comments

OpenBSD: PF queues break the 4 Gbps barrier

https://undeadly.org/cgi?action=article;sid=20260319125859
118•defrost•4h ago•32 comments

Juggalo Makeup Blocks Facial Recognition Technology (2019)

https://consequence.net/2019/07/juggalo-makeup-facial-recognition/
166•speckx•4h ago•79 comments

Launch HN: Voltair (YC W26) – Drone and charging network for power utilities

10•wweissbluth•49m ago•0 comments

Gauntlet AI (YC S17): Fly you to Austin, train you in AI, give you $200k+ job

https://gauntletai.com/apply?utm_src=hackernews
1•austenallred•24m ago

World Happiness Report 2026

https://www.worldhappiness.report/ed/2026/
29•ChrisArchitect•1h ago•15 comments

Prompt Injecting Contributing.md

https://glama.ai/blog/2026-03-19-open-source-has-a-bot-problem
35•statements•1h ago•13 comments

The Shape of Inequalities

https://www.andreinc.net/2026/03/16/the-shape-of-inequalities/
56•nomemory•3h ago•5 comments

macOS 26 breaks custom DNS settings including .internal

https://gist.github.com/adamamyl/81b78eced40feae50eae7c4f3bec1f5a
170•adamamyl•2h ago•82 comments

Launch HN: Canary (YC W26) – AI QA that understands your code

10•Visweshyc•1h ago•9 comments

Consensus Board Game

https://matklad.github.io/2026/03/19/consensus-board-game.html
57•surprisetalk•3h ago•9 comments

US messageboard 4Chan mocks £520k fine for UK online safety breaches

https://www.bbc.com/news/articles/c624330lg1ko
32•mosura•3h ago•13 comments

What if Python was natively distributable?

https://medium.com/@bzurak/what-if-python-was-natively-distributable-3bfae485a408
23•bzurak•3d ago•8 comments

Ramtrack.eu – RAM Price Intelligence

https://ramtrack.eu
45•nu11r0ut3•5h ago•16 comments

Hyper-optimized reverse geocoding API

https://github.com/traccar/traccar-geocoder
33•tananaev•3h ago•8 comments

Afroman found not liable in defamation case

https://nypost.com/2026/03/18/us-news/afroman-found-not-liable-in-bizarre-ohio-defamation-case/
882•antonymoose•7h ago•422 comments

Pretraining Language Models via Neural Cellular Automata

https://hanseungwook.github.io/blog/nca-pre-pre-training/
81•shmublu•4d ago•15 comments

Scaling Karpathy's Autoresearch: What Happens When the Agent Gets a GPU Cluster

https://blog.skypilot.co/scaling-autoresearch/
13•hopechong•50m ago•1 comments

Conway's Game of Life, in real life

https://lcamtuf.substack.com/p/conways-game-of-life-in-real-life
283•surprisetalk•13h ago•77 comments

I turned Markdown into a protocol for generative UI

https://fabian-kuebler.com/posts/markdown-agentic-ui/
8•FabianCarbonara•4h ago•2 comments

Love of corporate bullshit is correlated with bad judgment

https://pluralistic.net/2026/03/19/jargon-watch/
18•hn_acker•1h ago•3 comments

Nvidia greenboost: transparently extend GPU VRAM using system RAM/NVMe

https://gitlab.com/IsolatedOctopi/nvidia_greenboost
448•mmastrac•4d ago•125 comments

Monuses and Heaps

https://doisinkidney.com/posts/2026-03-03-monus-heaps.html
6•aebtebeten•17h ago•0 comments

Eniac, the First General-Purpose Digital Computer, Turns 80

https://spectrum.ieee.org/eniac-80-ieee-milestone
90•baruchel•11h ago•38 comments

Gluon: Explicit Performance

https://www.lei.chat/posts/gluon-explicit-performance/
16•matt_d•3d ago•0 comments

How many branches can your CPU predict?

https://lemire.me/blog/2026/03/18/how-many-branches-can-your-cpu-predict/
96•ibobev•4h ago•23 comments

LotusNotes

https://computer.rip/2026-03-14-lotusnotes.html
163•TMWNN•4d ago•92 comments

Austin’s surge of new housing construction drove down rents

https://www.pew.org/en/research-and-analysis/articles/2026/03/18/austins-surge-of-new-housing-con...
735•matthest•17h ago•885 comments