frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•6mo ago

Comments

steele•6mo ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•6mo ago
Lmao, gentrify cracked me up
neilv•6mo ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•6mo ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•5mo ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•6mo ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•6mo ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•6mo ago
May as well just release an executable tbh.
theamk•6mo ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•6mo ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•6mo ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

Linux on the Fujitsu Lifebook U729

https://borretti.me/article/linux-on-the-fujitsu-lifebook-u729
48•ibobev•1h ago•26 comments

Weighting an Average to Minimize Variance

https://www.johndcook.com/blog/2025/11/12/minimum-variance/
9•ibobev•1h ago•0 comments

The Nature of the Beast: Charles Le Brun's Human-Animal Hybrids (1806)

https://publicdomainreview.org/collection/le-brun-human-animal-hybrids/
23•Petiver•5d ago•3 comments

Our investigation into the suspicious pressure on Archive.today

https://adguard-dns.io/en/blog/archive-today-adguard-dns-block-demand.html
522•immibis•6h ago•169 comments

The Internet Is Cool. Thank You, TCP

https://cefboud.com/posts/tcp-deep-dive-internals/
180•signa11•10h ago•83 comments

AI World Clocks

https://clocks.brianmoore.com/
1195•waxpancake•22h ago•340 comments

Messing with Scraper Bots

https://herman.bearblog.dev/messing-with-bots/
116•HermanMartinus•8h ago•40 comments

One Handed Keyboard

https://github.com/htx-studio/One-Handed-Keyboard
77•doppp•6h ago•68 comments

So, you want to design your own language? (2017)

https://cs.lmu.edu/~ray/notes/languagedesignnotes/
125•veqq•10h ago•83 comments

Streaming AI Agent Desktops with Gaming Protocols

https://blog.helix.ml/p/technical-deep-dive-on-streaming
29•quesobob•1w ago•7 comments

Unofficial Microsoft Teams client for Linux

https://github.com/IsmaelMartinez/teams-for-linux
207•basemi•1w ago•192 comments

Activeloop (YC S18) Is Hiring MTS(Back End)and AI Search Engineer

https://careers.activeloop.ai/
1•davidbuniat•4h ago

A new Google model is nearly perfect on automated handwriting recognition

https://generativehistory.substack.com/p/has-google-quietly-solved-two-of
411•scrlk•4d ago•232 comments

Lawmakers want to ban VPNs and have no idea what they're doing

https://www.eff.org/deeplinks/2025/11/lawmakers-want-ban-vpns-and-they-have-no-idea-what-theyre-d...
409•gslin•1d ago•209 comments

Waymo Was on a Roll in San Francisco. Then One of Its Cars Killed a Cat

https://www.nytimes.com/2025/11/15/us/waymo-san-francisco-kit-kat.html
24•donohoe•2h ago•12 comments

How to Tolerate Annoying Things

https://psyche.co/guides/how-to-respond-to-annoying-things-with-greater-ease
5•zdw•1h ago•0 comments

Can text be made to sound more than just its words? (2022)

https://arxiv.org/abs/2202.10631
31•tobr•1w ago•18 comments

Löb and Möb: Loops in Haskell (2013)

https://github.com/quchen/articles/blob/master/loeb-moeb.md
73•fanf2•1w ago•12 comments

Go's Sweet 16

https://go.dev/blog/16years
196•0xedb•18h ago•130 comments

Strap Rail

https://www.construction-physics.com/p/strap-rail
5•juliangamble•1w ago•0 comments

History and use of the Estes AstroCam 110

https://www.dembrudders.com/history-and-use-of-the-estes-astrocam-110.html
22•mmmlinux•1w ago•4 comments

'No One Lives Forever' turns 25 and you still can't buy it legitimately

https://www.techdirt.com/2025/11/13/no-one-lives-forever-turns-25-you-still-cant-buy-it-legitimat...
303•speckx•1d ago•165 comments

HipKittens: Fast and furious AMD kernels

https://hazyresearch.stanford.edu/blog/2025-11-09-hk
210•dataminer•1d ago•64 comments

SSL Configuration Generator

https://ssl-config.mozilla.org/
209•smartmic•18h ago•61 comments

All praise to the lunch ladies

https://bittersoutherner.com/issue-no-12/all-praise-to-the-lunch-ladies
232•gmays•20h ago•131 comments

Blending SQL and Python with Sqlorm

https://hyperflask.dev/blog/2025/11/11/blending-sql-and-python-with-sqlorm/
35•emixam•4d ago•8 comments

Spec-Driven Development: The Waterfall Strikes Back

https://marmelab.com/blog/2025/11/12/spec-driven-development-waterfall-strikes-back.html
169•vinhnx•8h ago•146 comments

Kagi Bloopers – Search Results Gone Wrong

https://help.kagi.com/kagi/bloopers/
144•embedding-shape•4h ago•36 comments

Edward Burtynsky's Warning

https://www.theatlantic.com/magazine/2025/12/edward-burtynsky-photographs/684604/
7•pseudolus•5d ago•1 comments

Driving TFEL with RP2040: Offloading the CPU step by step (2021)

https://www.zephray.me/post/rpi_pico_driving_el/
19•starkparker•6d ago•5 comments