frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•1y ago

Comments

steele•1y ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•1y ago
Lmao, gentrify cracked me up
neilv•1y ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•1y ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•1y ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•1y ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•1y ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•1y ago
May as well just release an executable tbh.
theamk•1y ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•1y ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•1y ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

Inkling: Our Open-Weights Model

https://thinkingmachines.ai/news/introducing-inkling/
520•vimarsh6739•4h ago•128 comments

Grok Build

https://github.com/xai-org/grok-build
158•skp1995•2h ago•178 comments

SQLite should have (Rust-style) editions

https://mort.coffee/home/sqlite-editions/
10•gnyeki•18m ago•1 comments

Show HN: Firefox in WebAssembly

https://developer.puter.com/labs/firefox-wasm/
76•coolelectronics•2h ago•35 comments

Speculative Growth and the AI "Bubble" [pdf]

https://economics.mit.edu/sites/default/files/2026-07/speculative_growth_AI_public.pdf
34•johnbarron•1h ago•25 comments

We don't use AI in any of our design or production processes

https://mass-driver.com/article/from-human-hands
54•tony_cannistra•1h ago•31 comments

Stripe and Advent have made a joint offer to acquire PayPal – sources

https://www.reuters.com/business/finance/stripe-advent-offer-buy-paypal-more-than-53-billion-sour...
299•rvz•19h ago•174 comments

Governments, companies, nonprofits should invest in free, open source AI [pdf]

https://www.siegelendowment.org/wp-content/uploads/2026/07/fortune-david-siegel-open-source-ai.pdf
32•bilsbie•1h ago•7 comments

Running Gemma 4 26B at 5 tokens/sec on a 13-year-old Xeon with no GPU

https://www.neomindlabs.com/2026/06/08/running-gemma-4-26b-at-5-tokens-sec-on-a-13-year-old-xeon-...
209•neomindryan•7h ago•133 comments

Duskers, the scary command line game, is getting a sequel

https://elbowgreasegames.substack.com/p/misfits-attic-announces-duskers-20
75•spacemarine1•3h ago•12 comments

Book prizes don't work how you think

https://rebeccamakkai.substack.com/p/book-prizes-dont-work-how-you-think
33•samclemens•1d ago•11 comments

Brainless: Shadcn components that look like Claude Code, Codex and Grok

https://brainless.swerdlow.dev
65•benswerd•3h ago•10 comments

P2P local file transfer based on WebRTC

https://pairdrop.net/
5•halb•39m ago•3 comments

Voxatron

https://www.lexaloffle.com/voxatron.php
44•lsferreira42•3h ago•15 comments

Collection of Digital Clock Designs

https://clocks.dev
155•levmiseri•6h ago•33 comments

Command Line Interface Guidelines

https://clig.dev/
31•subset•3d ago•0 comments

Mysteries of Telegram Data Centers (2022)

https://dev.moe/en/3025
228•theanonymousone•9h ago•120 comments

Artie (YC S23) Is Hiring Software Engineers

https://jobs.ashbyhq.com/artie
1•tang8330•6h ago

Show HN: misa77 - a codec that decodes 2x faster than LZ4 (at better ratios)

https://github.com/welcome-to-the-sunny-side/misa77
121•nonadhocproblem•7h ago•39 comments

Prioritize mental health, and why communication is so important

https://ramones.dev/posts/mental-health/
266•ramon156•11h ago•232 comments

Designing APIs for Agents

https://www.freestyle.sh/blog/opinion/designing-apis-for-agents
30•benswerd•2d ago•11 comments

MITS: Rockets, Calculators, and Personal Computers

https://www.abortretry.fail/p/micro-instrumentation-and-telemetry
21•BirAdam•2d ago•1 comments

Tambara Equipment

https://bartoszmilewski.com/2026/07/11/tambara-equipment/
5•ibobev•1d ago•0 comments

Towards a harness that can do anything

https://eardatasci.github.io/c/ambiance/index.html
155•evakhoury•8h ago•79 comments

Show HN: Low-latency local LLM runner via OpenJDK Panama FFM (Java 22)

https://github.com/projectargus-cc/libargus.cc
19•KingJoker•1d ago•2 comments

Open-source memory for coding agents, synced over SSH

https://github.com/vshulcz/deja-vu/
103•vshulcz•6h ago•25 comments

Today I Rescued 7,234 Old GIFs

https://danq.me/2026/07/10/rescuing-7234-gifs/
80•birdculture•3d ago•8 comments

Twain Town, USA

https://theamericanscholar.org/twain-town-u-s-a/
12•prismatic•1d ago•1 comments

Sleep regularity is a stronger predictor of mortality risk than sleep duration (2023)

https://academic.oup.com/sleep/article/47/1/zsad253/7280269
634•bilsbie•11h ago•321 comments

Show HN: Microcosm Industries – Simulation toys and software microcosms

https://microcosm.industries/
12•arbesman•5d ago•1 comments