frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•11mo ago

Comments

steele•10mo ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•10mo ago
Lmao, gentrify cracked me up
neilv•10mo ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•10mo ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•10mo ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•10mo ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•10mo ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•10mo ago
May as well just release an executable tbh.
theamk•10mo ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•10mo ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•10mo ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

Taking on CUDA with ROCm: 'One Step After Another'

https://www.eetimes.com/taking-on-cuda-with-rocm-one-step-after-another/
82•mindcrime•4h ago•67 comments

All elementary functions from a single binary operator

https://arxiv.org/abs/2603.21852
24•pizza•1h ago•11 comments

Optimization of 32-bit Unsigned Division by Constants on 64-bit Targets

https://arxiv.org/abs/2604.07902
19•mpweiher•18h ago•0 comments

Show HN: boringBar – a taskbar-style dock replacement for macOS

https://boringbar.app/
264•a-ve•10h ago•160 comments

Bring Back Idiomatic Design (2023)

https://essays.johnloeber.com/p/4-bring-back-idiomatic-design
488•phil294•15h ago•251 comments

DIY Soft Drinks

https://blinry.org/diy-soft-drinks/
291•_Microft•10h ago•78 comments

Ask HN: What Are You Working On? (April 2026)

150•david927•11h ago•440 comments

Most people can't juggle one ball

https://www.lesswrong.com/posts/jTGbKKGqs5EdyYoRc/most-people-can-t-juggle-one-ball
275•surprisetalk•3d ago•86 comments

A Perfectable Programming Language

https://alok.github.io/lean-pages/perfectable-lean/
71•yuppiemephisto•6h ago•21 comments

I gave every train in New York an instrument

https://www.trainjazz.com/
229•joshuawolk•2d ago•43 comments

Show HN: Oberon System 3 runs natively on Raspberry Pi 3 (with ready SD card)

https://github.com/rochus-keller/OberonSystem3Native/releases
173•Rochus•14h ago•36 comments

Apple's accidental moat: How the "AI Loser" may end up winning

https://adlrocha.substack.com/p/adlrocha-how-the-ai-loser-may-end
9•walterbell•40m ago•2 comments

Google removes "Doki Doki Literature Club" from Google Play

https://bsky.app/profile/serenityforge.com/post/3mj3r4nbiws2t
337•super256•7h ago•165 comments

Uncharted island soon to appear on nautical charts

https://www.awi.de/en/about-us/service/press/single-view/unkartierte-insel-demnaechst-auf-seekart...
55•tannhaeuser•7h ago•22 comments

Tell HN: Docker pull fails in Spain due to football Cloudflare block

704•littlecranky67•15h ago•271 comments

The peril of laziness lost

https://bcantrill.dtrace.org/2026/04/12/the-peril-of-laziness-lost/
334•gpm•7h ago•114 comments

State of Homelab 2026

https://mrlokans.work/posts/state-of-homelab-2026/
6•swq115•1h ago•0 comments

Investigating How Long-Distance Couples Use Digital Games to Facilitate Intimacy

https://arxiv.org/abs/2505.09509
74•radeeyate•11h ago•21 comments

We have a 99% email reputation, but Gmail disagrees

https://blogfontawesome.wpcomstaging.com/we-have-a-99-email-reputation-gmail-disagrees/
189•em-bee•14h ago•181 comments

Seven countries now generate 100% of their electricity from renewable energy

https://www.the-independent.com/tech/renewable-energy-solar-nepal-bhutan-iceland-b2533699.html
526•mpweiher•14h ago•270 comments

Is Math Big or Small?

https://chessapig.github.io/talks/Big-Small
18•robinhouston•19h ago•2 comments

JVM Options Explorer

https://chriswhocodes.com/vm-options-explorer.html
175•0x54MUR41•17h ago•77 comments

Happy Map

https://pudding.cool/2026/02/happy-map/
226•surprisetalk•5d ago•41 comments

The End of Eleventy

https://brennan.day/the-end-of-eleventy/
207•ValentineC•1d ago•175 comments

Pro Max 5x quota exhausted in 1.5 hours despite moderate usage

https://github.com/anthropics/claude-code/issues/45756
548•cmaster11•14h ago•497 comments

EasyPost (YC S13) Is Hiring

https://www.easypost.com/careers
1•jstreebin•10h ago

Exploiting the most prominent AI agent benchmarks

https://rdi.berkeley.edu/blog/trustworthy-benchmarks-cont/
497•Anon84•1d ago•129 comments

Phyphox – Physical Experiments Using a Smartphone

https://phyphox.org/
196•_Microft•18h ago•32 comments

Show HN: Claudraband – Claude Code for the Power User

https://github.com/halfwhey/claudraband
97•halfwhey•10h ago•32 comments

Mark's Magic Multiply

https://wren.wtf/shower-thoughts/marks-magic-multiply/
43•luu•1d ago•2 comments