frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•11mo ago

Comments

steele•10mo ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•10mo ago
Lmao, gentrify cracked me up
neilv•10mo ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•10mo ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•10mo ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•10mo ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•10mo ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•10mo ago
May as well just release an executable tbh.
theamk•10mo ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•10mo ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•10mo ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

JVM Options Explorer

https://chriswhocodes.com/vm-options-explorer.html
35•0x54MUR41•1h ago•15 comments

What have been the greatest intellectual achievements? (2017)

https://www.thinkingcomplete.com/2017/09/what-have-been-greatest-intellectual.html
24•o4c•1h ago•17 comments

An Interview with Pat Gelsinger

https://morethanmoore.substack.com/p/an-interview-with-pat-gelsinger-2026
56•zdw•2d ago•18 comments

Phyphox – Physical Experiments Using a Smartphone

https://phyphox.org/
41•_Microft•3h ago•10 comments

The Miller Principle (2007)

https://puredanger.github.io/tech.puredanger.com/2007/07/11/miller-principle/
40•FelipeCortez•4d ago•32 comments

Tofolli gates are all you need

https://www.johndcook.com/blog/2026/04/06/tofolli-gates/
78•ibobev•5d ago•15 comments

Apple update looks like Czech mate for locked-out iPhone user

https://www.theregister.com/2026/04/12/ios_passcode_bug/
204•OuterVale•3h ago•109 comments

How We Broke Top AI Agent Benchmarks: And What Comes Next

https://rdi.berkeley.edu/blog/trustworthy-benchmarks-cont/
408•Anon84•17h ago•99 comments

I run multiple $10K MRR companies on a $20/month tech stack

https://stevehanov.ca/blog/how-i-run-multiple-10k-mrr-companies-on-a-20month-tech-stack
322•tradertef•6h ago•220 comments

Stewart Brand on how progress happens

https://www.newyorker.com/books/book-currents/stewart-brand-on-how-progress-happens
15•bookofjoe•4d ago•4 comments

Happy Map

https://pudding.cool/2026/02/happy-map/
12•surprisetalk•4d ago•0 comments

Small models also found the vulnerabilities that Mythos found

https://aisle.com/blog/ai-cybersecurity-after-mythos-the-jagged-frontier
1133•dominicq•19h ago•302 comments

How Complex is my Code?

https://philodev.one/posts/2026-04-code-complexity/
136•speckx•5d ago•33 comments

447 TB/cm² at zero retention energy – atomic-scale memory on fluorographane

https://zenodo.org/records/19513269
226•iliatoli•16h ago•121 comments

Dark Castle

https://darkcastle.co.uk/
196•evo_9•16h ago•24 comments

The End of Eleventy

https://brennan.day/the-end-of-eleventy/
179•ValentineC•10h ago•138 comments

Pijul a FOSS distributed version control system

https://pijul.org/
165•kouosi•5d ago•25 comments

Apple Silicon and Virtual Machines: Beating the 2 VM Limit (2023)

https://khronokernel.com/macos/2023/08/08/AS-VM.html
206•krackers•15h ago•144 comments

Network Flow Algorithms

https://www.networkflowalgs.com/
29•teleforce•5d ago•0 comments

Cirrus Labs to join OpenAI

https://cirruslabs.org/
269•seekdeep•23h ago•131 comments

Show HN: Pardonned.com – A searchable database of US Pardons

440•vidluther•1d ago•245 comments

Advanced Mac Substitute is an API-level reimplementation of 1980s-era Mac OS

https://www.v68k.org/advanced-mac-substitute/
249•zdw•20h ago•62 comments

Surelock: Deadlock-Free Mutexes for Rust

https://notes.brooklynzelenka.com/Blog/Surelock
222•codetheweb•3d ago•72 comments

How to build a `Git diff` driver

https://www.jvt.me/posts/2026/04/11/how-git-diff-driver/
120•zdw•18h ago•13 comments

US appeals court declares 158-year-old home distilling ban unconstitutional

https://www.theguardian.com/law/2026/apr/11/appeals-court-ruling-home-distilling-ban-unconstituti...
187•Jimmc414•7h ago•166 comments

Software Preservation Group: C++ History Collection

https://softwarepreservation.computerhistory.org/c_plus_plus/
31•quuxplusone•10h ago•3 comments

The Soul of an Old Machine

https://skalski.dev/the-soul-of-an-old-machine/
61•mskalski•4d ago•14 comments

How a dancer with ALS used brainwaves to perform live

https://www.electronicspecifier.com/products/sensors/how-a-dancer-with-als-used-brainwaves-to-per...
49•1659447091•10h ago•9 comments

Optimal Strategy for Connect 4

https://2swap.github.io/WeakC4/explanation/
299•marvinborner•3d ago•32 comments

What is a property?

https://alperenkeles.com/posts/what-is-a-property/
84•alpaylan•5d ago•23 comments