news newest ask show jobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/

8•edent•9mo ago

Comments

steele•9mo ago

Ooh, free real estate, let's colonize and gentrify package management

aabhay•9mo ago

Lmao, gentrify cracked me up

neilv•9mo ago

Do these npx business cards run arbitrary code on your computer?

cypherpunks01•9mo ago

npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•9mo ago

Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•9mo ago

Yeah, this seems like a very smart but inherently flawed idea.

cypherpunks01•9mo ago

Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.

Xss3•9mo ago

May as well just release an executable tbh.

theamk•9mo ago

Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•9mo ago

Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•9mo ago

This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

Anthropic Cowork feature creates 10GB VM bundle on macOS without warning

https://github.com/anthropics/claude-code/issues/22543

84•mystcb•1h ago•31 comments

Motorola announces a partnership with GrapheneOS Foundation

https://motorolanews.com/motorola-three-new-b2b-solutions-at-mwc-2026/

1253•km•8h ago•427 comments

OpenClaw Surpasses React to Become the Most-Starred Software Project on GitHub

https://www.star-history.com/blog/openclaw-surpasses-react-most-starred-software

97•whit537•2h ago•68 comments

/e/OS is a complete "deGoogled", mobile ecosystem

https://e.foundation/e-os/

416•doener•6h ago•242 comments

An Interesting Find: STM32 RDP1 Decryptor

https://carlossless.io/stm32-rdp1-decryptor/

35•carlossless•1h ago•1 comments

AMD Am386 released March 2, 1991

https://dfarq.homeip.net/amd-am386-released-march-2-1991/

42•jnord•2h ago•5 comments

Inside the M4 Apple Neural Engine, Part 1: Reverse Engineering

https://maderix.substack.com/p/inside-the-m4-apple-neural-engine

69•zdw•22h ago•18 comments

First-ever in-utero stem cell therapy for fetal spina bifida repair is safe

https://health.ucdavis.edu/news/headlines/first-ever-in-utero-stem-cell-therapy-for-fetal-spina-b...

9•gmays•44m ago•0 comments

How to talk to anyone and why you should

https://www.theguardian.com/lifeandstyle/2026/feb/24/stranger-secret-how-to-talk-to-anyone-why-yo...

286•Looky1173•8h ago•406 comments

Apple introduces the new iPad Air, powered by M4

https://www.apple.com/newsroom/2026/03/apple-introduces-the-new-ipad-air-powered-by-m4/

70•Garbage•1h ago•59 comments

Judge finalizes order for Greenpeace to pay $345M in ND oil pipeline case

https://northdakotamonitor.com/2026/02/27/judge-finalizes-order-for-greenpeace-to-pay-345-million...

14•gmays•1h ago•0 comments

Microsoft bans the word "Microslop" on its Discord, then locks the server

https://www.windowslatest.com/2026/03/02/microsoft-gets-tired-of-microslop-bans-the-word-on-its-d...

532•robtherobber•5h ago•201 comments

Making Video Games in 2025 (without an engine)

https://www.noelberry.ca/posts/making_games_in_2025/

279•alvivar•3d ago•129 comments

Use the Mikado Method to do safe changes in a complex codebase

https://understandlegacycode.com/blog/a-process-to-do-safe-changes-in-a-complex-codebase/

18•foenix•4d ago•9 comments

Show HN: Omni – Open-source workplace search and chat, built on Postgres

https://github.com/getomnico/omni

101•prvnsmpth•6h ago•26 comments

If AI writes code, should the session be part of the commit?

https://github.com/mandel-macaque/memento

384•mandel_x•15h ago•327 comments

Jolla phone – a full-stack European alternative

https://commerce.jolla.com/products/jolla-phone-sept-26

309•spinningslate•5h ago•129 comments

U.S. science agency moves to restrict foreign scientists from its labs

https://www.science.org/content/article/nist-moves-restrict-foreign-scientists-its-labs

239•JeanKage•6h ago•185 comments

Mondrian Entered the Public Domain. The Estate Disagrees

https://copyrightlately.com/mondrian-public-domain-controversy/

109•Tomte•3d ago•43 comments

Show HN: Web Audio Studio – A Visual Debugger for Web Audio API Graphs

https://webaudio.studio/

24•alexgriss•3h ago•2 comments

Neocaml – Rubocop Creator's New OCaml Mode for Emacs

https://github.com/bbatsov/neocaml

60•TheWiggles•2d ago•8 comments

Libxml2 Enterprise Edition (AGPL, from the previous maintainer)

https://codeberg.org/nwellnhof/libxml2-ee

26•todsacerdoti•4h ago•9 comments

Plastic is made from milk and it vanishes in 13 weeks

https://www.sciencedaily.com/releases/2026/02/260227071922.htm

19•JeanKage•1h ago•5 comments

Computer-generated dream world: Virtual reality for a 286 processor

https://deadlime.hu/en/2026/02/22/computer-generated-dream-world/

131•MBCook•11h ago•23 comments

Go-Native Durable Execution

https://www.dbos.dev/blog/how-we-built-golang-native-durable-execution

35•hmaxdml•4d ago•7 comments

How to record and retrieve anything you've ever had to look up twice

https://ellanew.com/2026/03/02/ptpl-197-record-retrieve-from-a-personal-knowledgebase

117•Curiositry•11h ago•39 comments

WebMCP is available for early preview

https://developer.chrome.com/blog/webmcp-epp

337•andsoitis•17h ago•185 comments

An interactive intro to Elliptic Curve Cryptography

https://growingswe.com/blog/elliptic-curve-cryptography

87•vismit2000•9h ago•14 comments

Right-sizes LLM models to your system's RAM, CPU, and GPU

https://github.com/AlexsJones/llmfit

218•bilsbie•16h ago•51 comments

Show HN: Timber – Ollama for classical ML models, 336x faster than Python

https://github.com/kossisoroyce/timber

164•kossisoroyce•14h ago•29 comments