frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•1y ago

Comments

steele•1y ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•1y ago
Lmao, gentrify cracked me up
neilv•1y ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•1y ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•1y ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•1y ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•1y ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•1y ago
May as well just release an executable tbh.
theamk•1y ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•1y ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•1y ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

Android Developer Verification: Threat masquerading as Protection

https://f-droid.org/2026/07/01/adv-malware.html
1119•drewfax•11h ago•461 comments

Show HN: ZeroFS – A log-structured filesystem for S3

https://www.zerofs.net/
42•Eikon•1h ago•25 comments

AI Can't Be Listed as Inventor on Patent Applications, Japan's Top Court Rules

https://japannews.yomiuri.co.jp/science-nature/technology/20260306-314930/
17•mushstory•1h ago•4 comments

German Button Maker Searched Rivers of American Midwest for Valuable Shells

https://www.smithsonianmag.com/smithsonian-institution/how-one-german-button-maker-searched-the-r...
30•bookofjoe•4d ago•6 comments

Is One Layer Enough? A Single Transformer Layer Matches Full-Parameter RL Train

https://arxiv.org/abs/2607.01232
44•tcp_handshaker•2h ago•12 comments

Many people misunderstand the purpose of code review

https://mathstodon.xyz/@mjd/115096720350507897
103•ColinWright•3h ago•72 comments

Kimi K2.7 Code is generally available in GitHub Copilot

https://github.blog/changelog/2026-07-01-kimi-k2-7-is-now-available-in-github-copilot/
282•unliftedq•10h ago•116 comments

The fall of the theorem economy

https://davidbessis.substack.com/p/the-fall-of-the-theorem-economy
138•varjag•6h ago•57 comments

Hazel (YC W24) Is Hiring for Our Largest Government Contract

https://www.ycombinator.com/companies/hazel-2/jobs/3epPWgu-full-stack-engineer-ts-sci
1•augustschen•1h ago

Vite+ Beta

https://voidzero.dev/posts/announcing-vite-plus-beta
139•Erenay09•3h ago•80 comments

Show HN: Claudoro, Pomodoro timer embedded in the Claude Code statusline

https://github.com/emson/claudoro
17•emson•1d ago•3 comments

How to ask for help from people who don't know you

https://pradyuprasad.com/writings/how-to-ask-for-help/
15•FigurativeVoid•1h ago•0 comments

Oomwoo, an open-source robot vacuum you build yourself

https://makerspet.com/blog/building-an-open-source-robot-vacuum-meet-oomwoo/
399•devicelimit•14h ago•77 comments

ZCode – Harness for GLM-5.2

https://zcode.z.ai/en
463•chvid•16h ago•313 comments

WinPE as a stateless harness for Windows driver testing and fuzzing

https://bednars.me/blog/winpe-harness
35•piotrbednarsalt•3d ago•1 comments

Show HN: CLI tool for detecting non-exact code duplication with embedding models

https://github.com/rafal-qa/slopo
5•rkochanowski•36m ago•2 comments

Why I'm Forced to Say Farewell: Google Management Has Lost Its Moral Compass

https://docs.google.com/document/d/1SH9QRTAlL02THgAN2AGmWe9El0_2ZJF6hhgDBx8k97c/edit?tab=t.0
254•vrganj•4h ago•162 comments

Show HN: Mail Memories – A desktop app to rescue photos from Gmail

https://mailmemories.com
9•ltiger•39m ago•2 comments

Show HN: Cyclearchive.com – search vintage cycling magazines

https://cyclearchive.com/search/
12•alastairr•5d ago•2 comments

AI fake news complaining about how AI fake news is the death of real news

https://www.niemanlab.org/2026/07/now-were-getting-ai-fake-news-complaining-about-how-ai-fake-new...
110•thm•2h ago•33 comments

Asymmetric Quantization: Near-Lossless Retrieval with 97% Storage Reduction

https://www.mixedbread.com/blog/asymmetric-quant
72•breadislove•2d ago•21 comments

Google loses fight over record $4.7B EU antitrust fine

https://www.cnbc.com/2026/07/02/alphabet-google-android-eu-antitrust-fine-4-1-billion-euro-appeal...
233•boshomi•6h ago•179 comments

Bring back crappy forums

https://tedium.co/2026/07/01/online-web-forums-retrospective/
420•pentagrama•12h ago•264 comments

Winamp Skin Museum

https://skins.webamp.org
36•sarah-robiin•1h ago•11 comments

What to learn to be a graphics programmer

https://blog.demofox.org/2026/07/01/what-to-learn-to-be-a-graphics-programmer/
395•atan2•21h ago•218 comments

FFmpeg 9.1's new AAC encoder

https://hydrogenaudio.org/index.php/topic,129691.0.html
420•ledoge•1d ago•135 comments

Germany’s Infineon opens major chip plant as EU seeks tech autonomy

https://www.rfi.fr/en/international-news/20260702-germany-s-infineon-opens-major-chip-plant-as-eu...
43•giuliomagnifico•2h ago•12 comments

Show HN: A graph paper generator that renders vector PDFs in the browser

https://freegraphpaper.net/
4•lam_hg94•1h ago•0 comments

This blog is written in en-GB

https://shkspr.mobi/blog/2026/07/this-blog-is-written-in-en-gb/
283•mritzmann•2h ago•274 comments

Comparing Fable and 10 other LLMs on refactoring a LangGraph god node

https://wtf.korridzy.com/twilight-of-the-gods/
3•Korridzy•1h ago•0 comments