frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•1y ago

Comments

steele•1y ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•1y ago
Lmao, gentrify cracked me up
neilv•1y ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•1y ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•1y ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•1y ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•1y ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•1y ago
May as well just release an executable tbh.
theamk•1y ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•1y ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•1y ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

How to Build a Minimal ZFS NAS Without Synology, QNAP, TrueNAS

https://neil.computer/notes/how-to-setup-minimal-zfs-nas-without-truenas/
34•4diii•52m ago•8 comments

Is The Economist Always Wrong?

https://www.economist.com/interactive/finance-and-economics/2026/07/02/is-the-economist-always-wrong
83•nreece•2h ago•54 comments

Tenda firmware (multiple versions) contains hidden authentication backdoor

https://kb.cert.org/vuls/id/213560
90•miniBill•4h ago•22 comments

GAO: DOE Is Prematurely Excluding Less Expensive Options for Nuclear Cleanup

https://www.gao.gov/products/gao-26-108193
157•Jimmc414•6h ago•70 comments

Structure and Interpretation of Computer Programs Video Lectures (1986)

https://ocw.mit.edu/courses/6-001-structure-and-interpretation-of-computer-programs-spring-2005/v...
84•gjvc•4h ago•2 comments

Canada's only watchmaking school still ticking after 80 years

https://www.cbc.ca/news/canada/montreal/canada-s-only-watchmaking-school-9.7254211
83•throw0101a•3d ago•28 comments

Local, CPU-Friendly, High-Quality TTS (Text-to-Speech) with Kokoro

https://ariya.io/2026/03/local-cpu-friendly-high-quality-tts-text-to-speech-with-kokoro/
344•speckx•10h ago•72 comments

Chat Control 1.0 and 2.0 Explained

https://fightchatcontrol.eu/chat-control-overview
506•gasull•14h ago•169 comments

Show HN: Neil the Seal Game

https://neiltheseal.app/
14•dalemhurley•2d ago•4 comments

Show HN: Davit, a Apple Containers UI

https://davit.app
245•xinit•10h ago•51 comments

30papers.com – Ilya's 30 essential ML papers, in a beginner friendly format

https://30papers.com/
422•notmcrowley•12h ago•68 comments

Herdr: One terminal to rule them all

https://herdr.dev/
209•handfuloflight•6d ago•101 comments

Show HN: Chiptune Radio

https://chiptune-radio.alephvoid.com/
32•bootbloopers•3h ago•5 comments

LineageOS Statistics

https://stats.lineageos.org
17•pentagrama•3h ago•5 comments

Pure-Python symbolic regression that rediscovered Kepler's law from 8 data point

https://github.com/ariel95500-create/gp-elite
19•sade_95•5d ago•9 comments

l: A new runtime for k and q

https://lv1.sh/
121•skruger•10h ago•65 comments

Copy That Floppy – Cambridge guide for preserving data from fragile floppy disks

https://www.digipres.org/the-floppy-guide/
4•whiteblossom•1h ago•2 comments

Every new car sold in the European Union must include a driver monitoring camera

https://allaboutcookies.org/eu-mandatory-distracted-driver-system
500•nickslaughter02•8h ago•645 comments

We're extending access to Fable 5 on all paid plans through July 12

https://twitter.com/claudeai/status/2074548242386178258
117•minimaxir•11h ago•123 comments

Show HN: Rowboat – Open-source, local-first alternative to Claude Desktop

https://github.com/rowboatlabs/rowboat
121•segmenta•12h ago•34 comments

Scheme Is a Hoot

https://gracefulliberty.com/notes/scheme-is-a-hoot/
46•signa11•2d ago•4 comments

An interactive explorer for Benford's Law across real datasets

https://vatsalbakshi.com/blog/benfords-law/
26•dingobabies•4h ago•9 comments

Jim's TrueType QR Code Font

https://github.com/jimparis/qr-font
157•arantius•12h ago•21 comments

IEEE Rolls Out Large Language Models Training Course

https://spectrum.ieee.org/large-language-models-ieee-course
48•JeanKage•6d ago•7 comments

Notes on Software Quality

https://anthonyhobday.com/blog/20260410
106•speckx•10h ago•48 comments

Why skilled workers come to Germany and then leave again

https://www.dw.com/en/germany-migrants-skilled-workers-integration-labor-market-bureaucracy-langu...
210•theanonymousone•18h ago•527 comments

AI Meets Cryptography 1: What AI Found in Cloudflare's Circl

https://blog.zksecurity.xyz/posts/circl-bugs/
102•duha•10h ago•11 comments

First Principles of Model Routing

https://try.works/first-principles-of-model-routing
31•try-working•4d ago•15 comments

StreetComplete: Fixing OpenStreetMap, one tiny quest at a time

https://streetcomplete.app/
725•kls0e•16h ago•173 comments

Why we built yet another Postgres connection pooler

https://pgdog.dev/blog/why-yet-another-connection-pooler
157•levkk•13h ago•40 comments