frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•9mo ago

Comments

steele•9mo ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•9mo ago
Lmao, gentrify cracked me up
neilv•9mo ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•9mo ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•9mo ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•9mo ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•9mo ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•9mo ago
May as well just release an executable tbh.
theamk•9mo ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•9mo ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•9mo ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

I'm helping my dog vibe code games

https://www.calebleak.com/posts/dog-game/
551•cleak•7h ago•163 comments

Mac mini will be made at a new facility in Houston

https://www.apple.com/newsroom/2026/02/apple-accelerates-us-manufacturing-with-mac-mini-production/
281•haunter•3h ago•278 comments

Show HN: Moonshine Open-Weights STT models – higher accuracy than WhisperLargev3

https://github.com/moonshine-ai/moonshine
64•petewarden•2h ago•11 comments

Hacking an old Kindle to display bus arrival times

https://www.mariannefeng.com/portfolio/kindle/
145•mengchengfeng•4h ago•28 comments

Cell Service for the Fairly Paranoid

https://www.cape.co/
26•0xWTF•1h ago•15 comments

Nearby Glasses

https://github.com/yjeanrenaud/yj_nearbyglasses
204•zingerlio•6h ago•86 comments

Show HN: Emdash – Open-source agentic development environment

https://github.com/generalaction/emdash
89•onecommit•6h ago•38 comments

I pitched a roller coaster to Disneyland at age 10 in 1978

https://wordglyph.xyz/one-piece-at-a-time
380•wordglyph•11h ago•148 comments

Hugging Face Skills

https://github.com/huggingface/skills
124•armcat•6h ago•36 comments

Optophone

https://en.wikipedia.org/wiki/Optophone
23•Hooke•4d ago•4 comments

How we rebuilt Next.js with AI in one week

https://blog.cloudflare.com/vinext/
314•ghostwriternr•4h ago•94 comments

Fed's Cook says AI triggering big changes, sees possible unemployment rise

https://www.reuters.com/business/feds-cook-says-ai-triggering-big-changes-sees-possible-short-ter...
29•geox•42m ago•11 comments

Pi – a minimal terminal coding harness

https://pi.dev
102•kristianpaul•2h ago•44 comments

Build Your Own Forth Interpreter

https://codingchallenges.fyi/challenges/challenge-forth/
44•AlexeyBrin•3d ago•12 comments

IRS Tactics Against Meta Open a New Front in the Corporate Tax Fight

https://www.nytimes.com/2026/02/24/business/irs-meta-corporate-taxes.html
176•mitchbob•11h ago•190 comments

OpenAI, the US government and Persona built an identity surveillance machine

https://vmfunc.re/blog/persona/
411•rzk•5h ago•131 comments

We installed a single turnstile to feel secure

https://idiallo.com/blog/installed-single-turnstile-for-security-theater
259•firefoxd•2d ago•117 comments

The history of knocking on wood

https://resobscura.substack.com/p/neolithic-habits-machine-age-tools
7•benbreen•9h ago•0 comments

Steel Bank Common Lisp

https://www.sbcl.org/
135•tosh•5h ago•43 comments

Mercury 2: The fastest reasoning LLM, powered by diffusion

https://www.inceptionlabs.ai/blog/introducing-mercury-2
9•fittingopposite•1h ago•2 comments

Verge (YC S15) Is Hiring a Director of Computational Biology and AI Scientists/Eng

https://jobs.ashbyhq.com/verge-genomics
1•alicexzhang•7h ago

Looks like it is happening

https://www.math.columbia.edu/~woit/wordpress/?p=15500
126•jjgreen•2h ago•85 comments

Dream Recorder AI – a portal to your subconscious

https://dreamrecorder.ai/
9•level87•2h ago•9 comments

Ask HN: Programmable Watches with WiFi?

12•dakiol•3d ago•5 comments

We Are Changing Our Developer Productivity Experiment Design

https://metr.org/blog/2026-02-24-uplift-update/
28•ej88•4h ago•19 comments

Stripe reportedly makes offer to acquire PayPal

https://www.cnbc.com/2026/02/24/paypal-stock-stripe-acquisition-report.html
41•nodesocket•2h ago•25 comments

IDF killed Gaza aid workers at point blank range in 2025 massacre: Report

https://www.dropsitenews.com/p/israeli-soldiers-tel-sultan-gaza-red-crescent-civil-defense-massac...
1144•Qem•11h ago•431 comments

Show HN: Tag Promptless on any GitHub PR/Issue to get updated user-facing docs

26•prithvi2206•6h ago•5 comments

Show HN: Chaos Monkey but for Audio Video Testing (WebRTC and UDP)

https://github.com/MdSadiqMd/AV-Chaos-Monkey
30•MdSadiqMd•1d ago•2 comments

The Missing Semester of Your CS Education – Revised for 2026

https://missing.csail.mit.edu/
376•anishathalye•1d ago•114 comments