news newest ask show jobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/

8•edent•10mo ago

Comments

steele•10mo ago

Ooh, free real estate, let's colonize and gentrify package management

aabhay•10mo ago

Lmao, gentrify cracked me up

neilv•10mo ago

Do these npx business cards run arbitrary code on your computer?

cypherpunks01•10mo ago

npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•10mo ago

Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•10mo ago

Yeah, this seems like a very smart but inherently flawed idea.

cypherpunks01•10mo ago

Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.

Xss3•10mo ago

May as well just release an executable tbh.

theamk•10mo ago

Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•10mo ago

Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•10mo ago

This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

Show HN: I built a tiny LLM to demystify how language models work

https://github.com/arman-bd/guppylm

142•armanified•3h ago•10 comments

Gemma 4 on iPhone

https://apps.apple.com/nl/app/google-ai-edge-gallery/id6749645337

478•janandonly•9h ago•128 comments

Media scraper Gallery-dl is moving to Codeberg after receiving a DMCA notice

https://github.com/mikf/gallery-dl/discussions/9304

11•MoltenMonster•26m ago•2 comments

Show HN: YouTube search barely works, I made a search form with advanced filters

https://playlists.at/youtube/search/

110•nevernothing•3h ago•75 comments

Copilot is 'for entertainment purposes only', per Microsoft's terms of use

https://techcrunch.com/2026/04/05/copilot-is-for-entertainment-purposes-only-according-to-microso...

52•airstrike•3h ago•13 comments

LÖVE: 2D Game Framework for Lua

https://github.com/love2d/love

234•cl3misch•1d ago•92 comments

Microsoft hasn't had a coherent GUI strategy since Petzold

https://www.jsnover.com/blog/2026/03/13/microsoft-hasnt-had-a-coherent-gui-strategy-since-petzold/

269•naves•10h ago•145 comments

Artemis II crew see first glimpse of far side of Moon [video]

https://www.bbc.com/news/videos/ce3d5gkd2geo

441•mooreds•13h ago•335 comments

Eight years of wanting, three months of building with AI

https://lalitm.com/post/building-syntaqlite-ai/

678•brilee•15h ago•211 comments

Endian wars and anti-portability: this again?

https://dalmatian.life/2026/04/03/endian-wars-and-anti-portability-this-again/

30•awilfox•1d ago•22 comments

Show HN: Gemma Gem – AI model embedded in a browser – no API keys, no cloud

https://github.com/kessler/gemma-gem

28•ikessler•3h ago•1 comments

Running Gemma 4 locally with LM Studio's new headless CLI and Claude Code

https://ai.georgeliu.com/p/running-google-gemma-4-locally-with

216•vbtechguy•10h ago•55 comments

Employers use your personal data to figure out the lowest salary you'll accept

https://www.marketwatch.com/story/employers-are-using-your-personal-data-to-figure-out-the-lowest...

119•thisislife2•3h ago•48 comments

In Japan, the robot isn't coming for your job; it's filling the one nobody wants

https://techcrunch.com/2026/04/05/japan-is-proving-experimental-physical-ai-is-ready-for-the-real...

139•rbanffy•5h ago•152 comments

Show HN: Modo – I built an open-source alternative to Kiro, Cursor, and Windsurf

https://github.com/mohshomis/modo

21•mohshomis•3h ago•2 comments

Sheets Spreadsheets in Your Terminal

https://github.com/maaslalani/sheets

19•_____k•1d ago•4 comments

Scientists mapped all the nerves of the clitoris for the first time

https://www.livescience.com/health/anatomy/scientists-mapped-all-the-nerves-of-the-clitoris-for-t...

23•01-_-•1d ago•3 comments

Why Switzerland has 25 Gbit internet and America doesn't

https://sschueller.github.io/posts/the-free-market-lie/

291•sschueller•9h ago•234 comments

Stamp It All Programs Must Report Their Version – Michael Stapelberg

https://michael.stapelberg.ch/posts/2026-04-05-stamp-it-all-programs-must-report-their-version/

6•gurjeet•2h ago•1 comments

Music for Programming

https://musicforprogramming.net

123•merusame•9h ago•52 comments

OpenAI's fall from grace as investors race to Anthropic

https://www.latimes.com/business/story/2026-04-01/openais-shocking-fall-from-grace-as-investors-r...

119•1vuio0pswjnm7•4h ago•70 comments

The Mechanics of Steins Gate (2023) [pdf]

https://github.com/Votuko/steins-gate-mechanics/blob/main/The%20Mechanics%20of%20Steins%20Gate%20...

58•Ariarule•6h ago•9 comments

Recall – local multimodal semantic search for your files

https://github.com/aayu22809/Recall

14•patel_aayushya•3h ago•8 comments

Computational Physics (2nd Edition) (2025)

https://websites.umich.edu/~mejn/cp2/

114•teleforce•12h ago•17 comments

A tail-call interpreter in (nightly) Rust

https://www.mattkeeter.com/blog/2026-04-05-tailcall/

135•g0xA52A2A•12h ago•23 comments

Wavelets on Graphs via Spectral Graph Theory (2009)

https://arxiv.org/abs/0912.3848

30•dedalus•5d ago•2 comments

Nanocode: The best Claude Code that $200 can buy in pure JAX on TPUs

https://github.com/salmanmohammadi/nanocode/discussions/1

174•desideratum•13h ago•24 comments

Caveman: Why use many token when few token do trick

https://github.com/JuliusBrussee/caveman

721•tosh•18h ago•313 comments

We replaced Node.js with Bun for 5x throughput

https://trigger.dev/blog/firebun

6•pier25•1h ago•0 comments

LLMs can't justify their answers–this CLI forces them to

https://wheat.grainulation.com/

8•volatilityfund•2h ago•5 comments