frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•1y ago

Comments

steele•1y ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•1y ago
Lmao, gentrify cracked me up
neilv•1y ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•1y ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•1y ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•1y ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•1y ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•1y ago
May as well just release an executable tbh.
theamk•1y ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•1y ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•1y ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

Organic Maps

https://organicmaps.app/
364•tosh•3h ago•98 comments

The Great Blogging Collapse: What Happened to 100 Successful Blogs?

https://danielstanica.com/posts/Great-Blogging-Collapse
35•thm•3d ago•20 comments

Introduction to Compilers and Language Design

https://dthain.github.io/books/compiler/
190•AlexeyBrin•5h ago•25 comments

Run Windows 2000 on a DEC Alpha with a new es40 fork

https://raymii.org/s/blog/Run_Windows_2000_for_Dec_Alpha_on_a_new_es40_fork.html
43•jandeboevrie•3h ago•19 comments

Airplane Boneyards List and Map

https://airplaneboneyards.com/airplane-boneyards-list-and-map.htm
50•hyperific•1d ago•8 comments

Rayfish, Peer-to-peer mesh VPN with no server to trust

https://rayfish.xyz/blog/01-introducing-rayfish
53•captain_dfx•4d ago•36 comments

"These cameras are just like the Eye of Sauron"

https://arxiv.org/abs/2602.09239
3•dijksterhuis•26m ago•0 comments

It's not about physical vs. digital games, it's about ownership

https://popcar.bearblog.dev/its-about-ownership/
16•popcar2•2h ago•6 comments

Medieval-style fortifications are back in the Sahel

https://www.economist.com/middle-east-and-africa/2026/06/25/medieval-style-fortifications-are-bac...
56•andsoitis•4d ago•37 comments

If you're a button, you have one job

https://unsung.aresluna.org/if-youre-a-button-you-have-one-job/
469•nozzlegear•15h ago•231 comments

Why DMARC's new "NP" tag can fail with DNSSEC

https://dmarcwise.io/blog/dmarc-np-incompatibility-with-dnssec
12•matteocontrini•2h ago•1 comments

Shadcn/UI now defaults to Base UI instead of Radix

https://ui.shadcn.com/docs/changelog
237•dabinat•12h ago•130 comments

The Plight of the Martian Farmer

https://mceglowski.substack.com/p/the-plight-of-the-martian-farmer
23•zdw•1h ago•5 comments

Autonomous flying umbrella follows and shields users from rain and sunlight

https://www.designboom.com/technology/autonomous-flying-umbrella-follows-users-rain-sunlight-i-bu...
29•amichail•1h ago•14 comments

The GNU Emacs Architecture: Unlocking the Core [pdf]

https://www.diva-portal.org/smash/get/diva2:2052282/FULLTEXT01.pdf
146•cenazoic•4d ago•9 comments

EU Council forces Chat Control via fast-track

https://www.heise.de/en/news/Chat-Control-1-0-EU-Council-forces-messenger-scans-via-fast-track-11...
194•stavros•5h ago•89 comments

Pandoc Lua Filters

https://pandoc.org/lua-filters.html
121•ankitg12•2d ago•11 comments

Fast Software, the Best Software (2019)

https://craigmod.com/essays/fast_software/
98•ustad•10h ago•52 comments

Show HN: KiCad in the Browser

https://demo.pcbjam.com/
60•ViktorEE•5h ago•26 comments

Web-based cryptography is always snake oil

https://www.devever.net/~hl/webcrypto
61•enz•9h ago•70 comments

Phosh 0.56.0

https://phosh.mobi/releases/rel-0.56.0/
127•edward•4h ago•44 comments

Pi squared is nearly 10

https://mihai.page/pi-square-is-10/
48•freediver•6h ago•45 comments

Cannabis users face substantially higher risk of heart attack (2025)

https://www.acc.org/about-acc/press-releases/2025/03/17/15/35/cannabis-users-face-substantially-h...
117•RickJWagner•5h ago•153 comments

Megawatts by Microwave

https://computer.rip/2026-07-04-microwave-and-power.html
63•eternauta3k•11h ago•5 comments

Command and Conquer Generals natively ported to macOS, iPhone, iPad using Fable

https://github.com/ammaarreshi/Generals-Mac-iOS-iPad/tree/main
629•asronline•21h ago•265 comments

Solar rail could become common in Europe after successful trial in Switzerland

https://www.euronews.com/2026/07/05/italy-could-be-the-next-country-to-build-a-solar-railway-afte...
51•neilfrndes•2h ago•48 comments

Moby Dick Workout (2022)

https://www.hogbaysoftware.com/posts/moby-dick-workout/
89•helloplanets•13h ago•28 comments

Meta's Un-Stable Signature

https://hackerfactor.com/blog/index.php?/archives/1098-Metas-Un-Stable-Signature.html
130•ementally•4d ago•21 comments

The Log is the Agent

https://arxiv.org/abs/2605.21997
89•iacguy•14h ago•37 comments

Artful Cats: Feline-Inspired Art and Artifacts

https://www.si.edu/spotlight/art-cats
73•jruohonen•3d ago•5 comments