frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•1y ago

Comments

steele•1y ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•1y ago
Lmao, gentrify cracked me up
neilv•1y ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•1y ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•1y ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•1y ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•1y ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•1y ago
May as well just release an executable tbh.
theamk•1y ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•1y ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•1y ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

Show HN: I replaced a $120k bowling center system with $1,600 in ESP32s

639•section33•5h ago•62 comments

Qwen 3.8

https://twitter.com/Alibaba_Qwen/status/2078759124914098291
656•nh43215rgb•11h ago•475 comments

Claude Code uses Bun written in Rust now

https://simonwillison.net/2026/Jul/19/claude-code-in-bun-in-rust/
319•tosh•10h ago•424 comments

Minecraft: Java Edition now uses SDL3

https://www.minecraft.net/en-us/article/minecraft-26-3-snapshot-4
211•ObviouslyFlamer•8h ago•144 comments

Bananas sprout in Rayleigh Garden UK after 15 years

https://www.bbc.com/news/articles/cvg8edqq5g5o
84•teleforce•6h ago•62 comments

What I learned selling 2,500 MIDI recorders: Hardware is not so hard

https://chipweinberger.com/articles/20260719-hardware-is-not-so-hard
351•chipweinberger•9h ago•163 comments

The Zen of Parallel Programming

https://smolnero.com/posts/the-zen-of-parallel-programming
24•edgar_ortega•5d ago•0 comments

Blender 5.2 LTS

https://www.blender.org/download/releases/5-2/
286•makizar•5d ago•112 comments

HomeLab #1: MikroTik as a Home Router

https://justsomebody.dev/blog/mikrotik-home-router
12•rafal_opilowski•1h ago•4 comments

OpenAI reduces Codex Model Context Size from 372k to 272k

https://github.com/openai/codex/pull/33972/files
257•AmazingTurtle•12h ago•117 comments

C64 Basic Dungeon Crawler: Goblin Attack (C64 Basic Part 8)

https://retrogamecoders.com/c64-basic-dungeon-part8/
39•ibobev•5h ago•1 comments

Cagire: Live Coding in Forth

https://cagire.raphaelforment.fr
58•surprisetalk•1w ago•9 comments

UnifiedIR for Julia

https://github.com/JuliaLang/julia/pull/62334
60•vimarsh6739•22h ago•15 comments

HMD Touch 4G

https://www.hmd.com/en_int/hmd-touch-4g
49•thisislife2•3h ago•41 comments

Transcribe.cpp

https://workshop.cjpais.com/projects/transcribe-cpp
695•sebjones•19h ago•144 comments

The Last MPEG-4 Visual Patent Has Expired

https://www.phoronix.com/news/Last-MPEG-4-Patent-Expired
86•LorenDB•3h ago•16 comments

Orion Browser by Kagi

https://orionbrowser.com/
4•sebjones•1h ago•2 comments

Moonshot AI suspends new subscriptions due to Kimi K3 demand

https://twitter.com/kimi_moonshot/status/2078855608565207130
116•serialx•4h ago•42 comments

Building an Arch Linux Aarch64 Port for Holo Core

https://www.collabora.com/news-and-blog/news-and-events/building-an-arch-linux-aarch64-port-for-h...
15•losgehts•2d ago•0 comments

Land Atlas – soil, farmability, and crop analysis for land listings

https://land-atlas-production.up.railway.app/welcome
38•L3dge•6d ago•12 comments

Infinities, impossibilities, and the man in the white linen suit

https://iain.so/infinities-impossibilities-and-the-man-in-the-white-linen-suit
49•iainharper•5d ago•36 comments

Speech Recognition and TTS in less than 500kb

https://github.com/moonshine-ai/moonshine/tree/main/micro
543•petewarden•5d ago•79 comments

I joined the IndieWeb, here's what I learned

https://en.andros.dev/blog/0b8e451e/i-joined-the-indieweb-heres-what-i-learned/
108•andros•9h ago•70 comments

The death and rebirth of my home server

https://sgt.hootr.club/blog/home-server-rebirth/
97•steinuil•9h ago•67 comments

Modder Runs GTA III Inside GTA: San Andreas on an In-Game TV

https://videocardz.com/newz/modder-runs-gta-iii-inside-gta-san-andreas-on-an-in-game-tv
13•croes•1h ago•1 comments

Codex Resets

https://codex-resets.com/
272•denysvitali•21h ago•175 comments

Natural experiments prove phytoplankton carbon removal works

https://www.onepercentbrighter.com/p/natural-experiments-prove-feeding
14•getnormality•5h ago•4 comments

Mathematicians still don't know the fastest way to multiply numbers

https://www.scientificamerican.com/article/mathematicians-still-dont-know-the-fastest-way-to-mult...
199•beardyw•6d ago•111 comments

Neither GCC nor Clang are compliant with standard C++

https://sebsite.pw/w/20260708-badstdcxx.html
28•birdculture•2h ago•23 comments

Better and Cheaper Than IPTV

https://github.com/stupside/castor
304•xonery•19h ago•96 comments