Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/

8•edent•1y ago

Comments

steele•1y ago

Ooh, free real estate, let's colonize and gentrify package management

aabhay•1y ago

Lmao, gentrify cracked me up

neilv•1y ago

Do these npx business cards run arbitrary code on your computer?

cypherpunks01•1y ago

npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•1y ago

Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•1y ago

Yeah, this seems like a very smart but inherently flawed idea.

cypherpunks01•1y ago

Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.

Xss3•1y ago

May as well just release an executable tbh.

theamk•1y ago

Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•1y ago

Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•1y ago

This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

Apple reveals new AI architecture built around Google Gemini models

Siri AI

Hermes Agent – Open-source AI agent with persistent memory

Show HN: Performative-UI – A react component library of design tropes

MiMo-v2.5-Pro-UltraSpeed: 1T model with 1000 tokens per second

Looking Forward to Postgres 19: Query Hints

Anti-social: It's fads, not friends, which now dominate social media feeds

EU-banned pesticides found in rice, tea and spices

Apple Core AI Framework

Show HN: Gitdot – a better GitHub. Open-source, written in Rust

xAI is looking more like a datacentre REIT than a frontier lab

Surveillance is not safety: A statement on the UK's latest threat to privacy [pdf]

Why are cells small?

We Think the SpaceX IPO Is Overvalued

FrontierCode

Confidential submission of draft S-1 to the SEC

Ask HN: What are tools you have made for yourself since the advent of AI?

Launch HN: Intuned (YC S22) – Build and run reliable browser automations as code

AI is slowing down

Doing something that’s never been done before (2025)

1worldflag: A blue dot on a transparent background

Asus GB300 NVL72 Test Lab Tour

Games Between Programs: The Ruliology of Competition

Show HN: Mach – A compiled systems language looking for contributions

The Grate Cheese Robbery

Apple bets cheaper AI will woo small developers

OCaml Onboarding: Introduction to the Dune build system

Massachusetts bans sale of precise location data in new privacy rights bill

Switzerland wil have a referendum to cap population at 10M

Show HN: Command Center, the AI coding env for people who care about quality