frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•8mo ago

Comments

steele•8mo ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•8mo ago
Lmao, gentrify cracked me up
neilv•8mo ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•8mo ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•8mo ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•8mo ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•8mo ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•8mo ago
May as well just release an executable tbh.
theamk•8mo ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•8mo ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•8mo ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

MapLibre Tile: a modern and efficient vector tile format

https://maplibre.org/news/2026-01-23-mlt-release/
185•todsacerdoti•4h ago•37 comments

Vibe Coding Kills Open Source

https://arxiv.org/abs/2601.15494
139•kgwgk•1h ago•105 comments

After two years of vibecoding, I'm back to writing by hand

https://atmoio.substack.com/p/after-two-years-of-vibecoding-im
80•mobitar•1h ago•34 comments

Porting 100k lines from TypeScript to Rust using Claude Code in a month

https://blog.vjeux.com/2026/analysis/porting-100k-lines-from-typescript-to-rust-using-claude-code...
16•ibobev•39m ago•8 comments

Transfering Files with gRPC

https://kreya.app/blog/transfering-files-with-grpc/
25•CommonGuy•1h ago•3 comments

The Holy Grail of Linux Binary Compatibility: Musl and Dlopen

https://github.com/quaadgras/graphics.gd/discussions/242
115•Splizard•6h ago•91 comments

Things I've learned in my 10 years as an engineering manager

https://www.jampa.dev/p/lessons-learned-after-10-years-as
296•jampa•4d ago•60 comments

The browser is the sandbox

https://simonwillison.net/2026/Jan/25/the-browser-is-the-sandbox/
235•enos_feedler•9h ago•136 comments

First, make me care

https://gwern.net/blog/2026/make-me-care
672•andsoitis•19h ago•205 comments

Show HN: Only 1 LLM can fly a drone

https://github.com/kxzk/snapbench
27•beigebrucewayne•3h ago•12 comments

Water 'Bankruptcy' Era Has Begun for Billions, Scientists Say

https://www.bloomberg.com/news/articles/2026-01-20/water-bankruptcy-era-has-begun-for-billions-sc...
34•ciconia•1h ago•30 comments

Text Is King

https://www.experimental-history.com/p/text-is-king
57•zdw•5d ago•28 comments

Scientists identify brain waves that define the limits of 'you'

https://www.sciencealert.com/scientists-identify-brain-waves-that-define-the-limits-of-you
240•mikhael•14h ago•64 comments

A macOS app that blurs your screen when you slouch

https://github.com/tldev/posturr
637•dnw•23h ago•206 comments

Wind Chime Length Calculator (2022)

https://www.snyderfamily.com/chimecalcs/
18•hyperific•5d ago•6 comments

TSMC Risk

https://stratechery.com/2026/tsmc-risk/
9•swolpers•3h ago•4 comments

The future of software engineering is SRE

https://swizec.com/blog/the-future-of-software-engineering-is-sre/
182•Swizec•16h ago•85 comments

LED lighting undermines visual performance unless supplemented by wider spectra

https://www.nature.com/articles/s41598-026-35389-6
135•bookofjoe•16h ago•119 comments

Being a Canadian in America (Eric Migicovsky)

https://ericmigi.com/blog/on-being-a-canadian-in-america-in-2026/
11•smig0•4h ago•0 comments

Blade Runner Costume Design (2020)

https://costumedesignarchive.blogspot.com/2020/12/blade-runner-1982.html
4•exvi•5d ago•0 comments

Clinic-in-the-Loop

https://www.asimov.press/p/clinic-loop
8•surprisetalk•4d ago•1 comments

A static site generator written in POSIX shell

https://aashvik.com/posts/shell-ssg/
54•todsacerdoti•6d ago•28 comments

Emissary, a fast open-source Java messaging library

https://github.com/joel-jeremy/emissary
21•jeyjeyemem•3d ago•10 comments

Running the Stupid Cricut Software on Linux

https://arthur.pizza/2025/12/running-stupid-cricut-software-under-linux/
38•starkparker•10h ago•7 comments

Using PostgreSQL as a Dead Letter Queue for Event-Driven Systems

https://www.diljitpr.net/blog-post-postgresql-dlq
234•tanelpoder•22h ago•72 comments

Video Games as Art

https://gwern.net/video-game-art
85•andsoitis•12h ago•53 comments

Guix for Development

https://dthompson.us/posts/guix-for-development.html
113•clircle•6d ago•45 comments

Case study: Creative math – How AI fakes proofs

https://tomaszmachnik.pl/case-study-math-en.html
112•musculus•15h ago•74 comments

I was right about ATProto key management

https://notes.nora.codes/atproto-again/
163•todsacerdoti•19h ago•160 comments

Clawdbot - open source personal AI assistant

https://github.com/clawdbot/clawdbot
312•KuzeyAbi•14h ago•191 comments