news newest ask show jobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/

8•edent•6mo ago

Comments

steele•6mo ago

Ooh, free real estate, let's colonize and gentrify package management

aabhay•6mo ago

Lmao, gentrify cracked me up

neilv•6mo ago

Do these npx business cards run arbitrary code on your computer?

cypherpunks01•6mo ago

npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•6mo ago

Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•6mo ago

Yeah, this seems like a very smart but inherently flawed idea.

cypherpunks01•6mo ago

Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.

Xss3•6mo ago

May as well just release an executable tbh.

theamk•6mo ago

Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•6mo ago

Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•6mo ago

This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

WorldGen – Text to Immersive 3D Worlds

https://www.meta.com/en-gb/blog/worldgen-3d-world-generation-reality-labs-generative-ai-research/

115•smusamashah•3h ago•45 comments

The privacy nightmare of browser fingerprinting

https://kevinboone.me/fingerprinting.html

415•ingve•8h ago•250 comments

We Induced Smells With Ultrasound

https://writetobrain.com/olfactory

183•exr0n•1d ago•48 comments

Show HN: Forty.News – Daily news, but on a 40-year delay

https://forty.news

163•foxbarrington•6h ago•69 comments

The Mozilla Cycle, Part III: Mozilla Dies in Ignominy

https://taggart-tech.com/mozilla-cycle-pt3/

132•holysoles•4h ago•78 comments

Show HN: Build the habit of writing meaningful commit messages

https://github.com/arpxspace/smartcommit

50•Aplikethewatch•4h ago•37 comments

TIL: `satisfies` is my favorite TypeScript keyword

https://sjer.red/blog/2024-12-21/

90•surprisetalk•4d ago•54 comments

How to Spot a Counterfeit Lithium-Ion Battery

https://spectrum.ieee.org/counterfeit-lithium-ion-batteries

16•jnord•2h ago•6 comments

$1900 Bug Bounty to Fix the Lenovo Legion Pro 7 16IAX10H's Speakers on Linux

https://github.com/nadimkobeissi/16iax10h-linux-sound-saga

186•rany_•1w ago•83 comments

A Reverse Engineer's Anatomy of the macOS Boot Chain and Security Architecture

https://stack.int.mov/a-reverse-engineers-anatomy-of-the-macos-boot-chain-security-architecture/

45•19h•4h ago•9 comments

Pixel Art Tips for Programmers

https://jslegenddev.substack.com/p/5-pixel-art-tips-for-programmers-3d6

23•ibobev•1d ago•4 comments

Windows ARM64 Internals: Deconstructing Pointer Authentication

https://www.preludesecurity.com/blog/windows-arm64-internals-deconstructing-pointer-authentication

22•todsacerdoti•3h ago•0 comments

Tektronix equipment has been used in many movies and shows

https://vintagetek.org/tektronix-in-movies-shows/

61•stmw•5d ago•17 comments

China reaches energy milestone by "breeding" uranium from thorium

https://www.scmp.com/news/china/science/article/3331312/china-reaches-energy-independence-milesto...

195•surprisetalk•7h ago•137 comments

The realities of being a pop star

https://itscharlibb.substack.com/p/the-realities-of-being-a-pop-star

115•lovestory•7h ago•40 comments

Kids who own smartphones before age 13 have worse mental health outcomes: Study

https://abcnews.go.com/GMA/Family/kids-smartphones-age-13-worse-mental-health-outcomes/story?id=1...

82•donsupreme•4h ago•34 comments

Personal blogs are back, should niche blogs be next?

https://disassociated.com/personal-blogs-back-niche-blogs-next/

587•gnabgib•1d ago•353 comments

Depot (YC W23) Is Hiring a Staff Infrastructure Engineer

https://www.ycombinator.com/companies/depot/jobs/O2iB56E-staff-infrastructure-engineer

1•jacobwg•7h ago

Agent design is still hard

https://lucumr.pocoo.org/2025/11/21/agents-are-hard/

337•the_mitsuhiko•13h ago•195 comments

Gwern's "Stem Humor" Directory

https://gwern.net/doc/math/humor/index

34•surprisetalk•7h ago•5 comments

Helping Valve to power up Steam devices

https://www.igalia.com/2025/11/helpingvalve.html

803•TingPing•1d ago•290 comments

Digital echoes: open bus behavior on the compact Macintosh

https://thomasw.dev/post/compact-mac-openbus/

41•zdw•5d ago•1 comments

Germany to classify date rape drugs as weapons to ensure justice for survivors

https://www.theguardian.com/society/2025/nov/21/germany-to-classify-date-drugs-as-weapons-in-atte...

5•binning•12m ago•0 comments

Samsung's 60% DRAM price hike signals a new phase of global memory tightening

https://www.buysellram.com/blog/samsungs-memory-price-surge-sends-shockwaves-through-the-global-d...

437•redohmy•1w ago•388 comments

Show HN: I built a wizard to turn ideas into AI coding agent-ready specs

https://vibescaffold.dev/

22•straydusk•4h ago•8 comments

Show HN: A tool to safely migrate GitHub Actions workflows to Ubuntu-slim runner

https://github.com/fchimpan/gh-slimify

4•r4mimu•1w ago•0 comments

Anukari on the CPU (part 2: CPU optimization)

https://anukari.com/blog/devlog/anukari-on-the-cpu-part-2-cpu-optimization

13•Archit3ch•1w ago•0 comments

How to see the dead

https://www.asimov.press/p/see-the-dead

76•mailyk•5d ago•11 comments

TiDAR: Think in Diffusion, Talk in Autoregression

https://arxiv.org/abs/2511.08923

106•internetguy•1w ago•17 comments

The Connectivity Standards Alliance Announces Zigbee 4.0 and Suzi

https://csa-iot.org/newsroom/the-connectivity-standards-alliance-announces-zigbee-4-0-and-suzi-em...

117•paulatreides•4d ago•75 comments