frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•1y ago

Comments

steele•1y ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•1y ago
Lmao, gentrify cracked me up
neilv•1y ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•1y ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•1y ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•1y ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•1y ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•1y ago
May as well just release an executable tbh.
theamk•1y ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•1y ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•1y ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

Google Hits 50% IPv6

https://blog.apnic.net/2026/04/28/google-hits-50-ipv6/
55•barqawiz•1h ago•29 comments

A 3D voxel game engine written in APL

https://github.com/namgyaaal/avoxelgame
28•sph•1h ago•6 comments

Developers don't understand CORS (2019)

https://fosterelli.co/developers-dont-understand-cors
191•toilet•7h ago•99 comments

Zigzag Decoding with AVX-512

https://zeux.io/2026/06/17/zigzag-decoding-avx512/
73•luu•3d ago•9 comments

Loupe – A iOS app that raises awareness about what native apps can see

https://github.com/mysk-research/loupe
277•Cider9986•21h ago•103 comments

Renting a sewing machine from the library

https://www.bbc.com/future/article/20260618-the-weird-and-wonderful-libraries-of-finland
226•sohkamyung•10h ago•119 comments

Epoll vs. io_uring in Linux

https://sibexi.co/posts/epoll-vs-io_uring/
159•Sibexico•10h ago•37 comments

Slow breathing modulates brain function and risk behavior

https://www.cell.com/neuron/fulltext/S0896-6273(26)00339-9
201•croes•11h ago•44 comments

Show HN: TownSquare, a tiny presence layer for websites

https://townsquare.cauenapier.com/
173•cauenapier•21h ago•85 comments

15-minute at-home Lyme disease tick test

https://www.bostonglobe.com/2026/06/17/business/lyme-disease-tick-test/
111•bookofjoe•2d ago•57 comments

Building reliable agentic AI systems

https://martinfowler.com/articles/reliable-llm-bayer.html
99•sarangk90•5h ago•19 comments

Your brain was never designed for this much bad news

https://www.sciencedaily.com/releases/2026/06/260614012006.htm
188•colinprince•5h ago•119 comments

Running MicroVMs in Proxmox VE, the Easy Way

https://taoofmac.com/space/blog/2026/06/18/1845
31•zdw•1d ago•1 comments

Excessive nil pointer checks in Go

https://konradreiche.com/blog/excessive-nil-pointer-checks-in-go/
31•ingve•2d ago•22 comments

SMPTE Makes Its Standards Freely Accessible

https://www.smpte.org/blog/smpte-makes-its-standards-freely-accessible-openingstandards-library-t...
261•zdw•16h ago•79 comments

UHF X11: X11 Built for VisionOS and Apple Vision Pro

https://www.lispm.net/apps/uhf-x11/
203•zdw•16h ago•39 comments

Guide to the TD4 4-bit DIY CPU

https://www.philipzucker.com/td4-4bit-cpu/
32•andrewstuart•2d ago•3 comments

DOS Game "F-15 Strike Eagle II" reversing project needs DOS test pilots

https://neuviemeporte.github.io/f15-se2/2026/06/20/needyou.html
252•LowLevelMahn•18h ago•65 comments

Unauthorized alert sent to cell phones across Brazil

https://www.cnn.com/2026/06/20/americas/brazil-hackers-unauthorized-alert-latam
132•zdw•13h ago•93 comments

Proportional-Integral-Derivative Controllers

https://en.wikipedia.org/wiki/PID_controller
27•dhorthy•1d ago•10 comments

The 100k Whys of AI

https://lcamtuf.substack.com/p/the-100000-whys-of-ai
105•surprisetalk•3h ago•54 comments

When I reject AI code even if it works

https://vinibrasil.com/when-i-reject-ai-code-even-if-it-works/
173•vnbrs•8h ago•99 comments

Whole cross-sectional human ultrasound tomography

https://www.nature.com/articles/s41551-026-01660-4
73•lnyan•3d ago•13 comments

Linux eliminates the strncpy API after six years of work, 360 patches

https://www.phoronix.com/news/Linux-7.2-Drops-strncpy
201•simonpure•12h ago•175 comments

Carlo Ginzburg, Who Told the History of the Obscure, Dies at 87

https://www.nytimes.com/2026/06/17/books/carlo-ginzburg-dead.html
5•benbreen•3d ago•1 comments

The Lost Story of Alan Turing's "Delilah" Project

https://spectrum.ieee.org/alan-turings-delilah
20•asdefghyk•4h ago•1 comments

Alice is impatient

https://brooker.co.za/blog/2026/06/19/waiting.html
95•birdculture•12h ago•28 comments

Temporary Cloudflare accounts for AI agents

https://blog.cloudflare.com/temporary-accounts/
206•farhadhf•22h ago•110 comments

Project Fetch: Phase Two

https://www.anthropic.com/research/project-fetch-phase-two
58•stopachka•9h ago•21 comments

Armstrong Effect

https://en.wikipedia.org/wiki/Armstrong_effect
28•userbinator•5h ago•2 comments