frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•1y ago

Comments

steele•1y ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•1y ago
Lmao, gentrify cracked me up
neilv•1y ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•1y ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•1y ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•1y ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•1y ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•1y ago
May as well just release an executable tbh.
theamk•1y ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•1y ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•1y ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

Exapunks (2018)

https://www.zachtronics.com/exapunks/
163•yu3zhou4•2h ago•56 comments

Since Linux 6.9, LUKS suspend stopped wiping disk-encryption keys from memory

https://mathstodon.xyz/@iblech/116769502749142438
341•IngoBlechschmid•6h ago•164 comments

EFF letter to FTC on X consent order (2 July 2026) [pdf]

https://cdn.arstechnica.net/wp-content/uploads/2026/07/EFF-letter-to-FTC-on-X-consent-order-7-2-2...
53•Terretta•2h ago•11 comments

Lightning Memory-Mapped Database Manager (LMDB) 1.0

http://www.lmdb.tech/doc/
31•radiator•1h ago•14 comments

Podman v6.0.0

https://blog.podman.io/2026/07/introducing-podman-v6-0-0/
254•soheilpro•7h ago•97 comments

PeerTube is a free, decentralized and federated video platform

https://github.com/Chocobozzz/PeerTube
413•doener•10h ago•176 comments

Virginia Bans Sale of Geolocation Data

https://www.hunton.com/privacy-and-cybersecurity-law-blog/virginia-bans-sale-of-geolocation-data
8•toomuchtodo•27m ago•2 comments

Vulkan is now available on NetBSD

https://github.com/segaboy/vulkan-netbsd
44•segaboy81•2h ago•12 comments

Postgres transactions are a distributed systems superpower

https://www.dbos.dev/blog/co-locating-workflow-state-with-your-data
51•KraftyOne•2h ago•18 comments

How to ask for help from people who don't know you

https://pradyuprasad.com/writings/how-to-ask-for-help/
296•FigurativeVoid•8h ago•42 comments

JEP 539: Strict Field Initialization in the JVM moved to preview

https://openjdk.org/jeps/539
36•za3faran•2h ago•12 comments

Launch HN: Manufact (YC S25) – MCP Cloud

https://manufact.com
89•pzullo•6h ago•59 comments

Spain Orders Blacklist of Palantir from Public and Private Companies

https://clashreport.com/world/articles/spain-orders-blacklist-of-us-tech-giant-palantir-from-publ...
446•mgh2•6h ago•137 comments

Claude-real-video - any LLM can watch a video

https://github.com/HUANGCHIHHUNGLeo/claude-real-video
23•cortexosmain•2h ago•2 comments

The Short Leash AI Coding Method for Beating Fable

https://blog.okturtles.org/2026/07/short-leash-ai-method/
14•Riseed•2h ago•1 comments

AI can't be listed as inventor on patent applications, Japan's top court rules

https://japannews.yomiuri.co.jp/science-nature/technology/20260306-314930/
328•mushstory•7h ago•175 comments

German button maker searched rivers of American Midwest for valuable shells

https://www.smithsonianmag.com/smithsonian-institution/how-one-german-button-maker-searched-the-r...
121•bookofjoe•4d ago•39 comments

Ask HN: Since when does Craigslist's front page have emojis?

23•argee•1d ago•27 comments

Modeling the Covid-19 Outbreak with J (2020)

https://datakinds.github.io//2020/03/15/modeling-the-coronavirus-outbreak-with-j
16•surprisetalk•2d ago•0 comments

Is One Layer Enough? A Single Transformer Layer Matches Full-Parameter RL Train

https://arxiv.org/abs/2607.01232
127•tcp_handshaker•9h ago•29 comments

Show HN: CLI tool for detecting non-exact code duplication with embedding models

https://github.com/rafal-qa/slopo
68•rkochanowski•7h ago•30 comments

Hazel (YC W24) Is Hiring for Our Largest Government Contract

https://www.ycombinator.com/companies/hazel-2/jobs/3epPWgu-full-stack-engineer-ts-sci
1•augustschen•8h ago

Android Developer Verification: Threat masquerading as protection

https://f-droid.org/2026/07/01/adv-malware.html
1528•drewfax•18h ago•638 comments

The Egg Bandits Made a Thousand Times the Fine They Just Paid for Price Fixing

https://www.thebignewsletter.com/p/crime-pays-the-egg-bandits-made-a
400•toomuchtodo•8h ago•183 comments

The fall of the theorem economy

https://davidbessis.substack.com/p/the-fall-of-the-theorem-economy
234•varjag•13h ago•101 comments

How VictoriaLogs Stores Your Logs in a Columnar Layout

https://victoriametrics.com/blog/victorialogs-internals-columnar-storage-on-disk/index.html
41•eatonphil•4d ago•6 comments

A New Catalog of Stellar Rotation Periods for over a Million Stars

https://aasnova.org/2026/07/01/a-new-catalog-of-stellar-rotation-periods-for-over-a-million-stars/
6•visha1v•2h ago•1 comments

Job seekers giving up: Labor force participation falls to lowest in 50 years

https://www.cnbc.com/2026/07/02/job-seekers-giving-up-labor-force-participation-rate-falls-to-low...
101•MilnerRoute•2h ago•91 comments

Wireless LAN SD

https://www.sdcard.org/developers/sd-standard-overview/sdio-isdio/wireless-lan-sd/
10•sharpshadow•1h ago•5 comments

The primary purpose of code review is to find code that will be hard to maintain

https://mathstodon.xyz/@mjd/115096720350507897
299•ColinWright•9h ago•156 comments