frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•9mo ago

Comments

steele•9mo ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•9mo ago
Lmao, gentrify cracked me up
neilv•9mo ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•9mo ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•9mo ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•9mo ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•9mo ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•9mo ago
May as well just release an executable tbh.
theamk•9mo ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•9mo ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•9mo ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

Jimi Hendrix was a systems engineer

https://spectrum.ieee.org/jimi-hendrix-systems-engineer
52•tintinnabula•46m ago•11 comments

om

https://www.om-language.com/
158•tosh•3h ago•29 comments

Bus stop balancing is fast, cheap, and effective

https://worksinprogress.co/issue/the-united-states-needs-fewer-bus-stops/
226•surprisetalk•4h ago•367 comments

Show HN: I ported Tree-sitter to Go

https://github.com/odvcencio/gotreesitter
126•odvcencio•2h ago•45 comments

Windows 11 Notepad to support Markdown

https://blogs.windows.com/windows-insider/2026/01/21/notepad-and-paint-updates-begin-rolling-out-...
69•andreynering•3h ago•148 comments

I made MCP cheaper in one command

https://kanyilmaz.me/2026/02/23/cli-vs-mcp.html
8•thellimist•33m ago•2 comments

Large-Scale Online Deanonymization with LLMs

https://simonlermen.substack.com/p/large-scale-online-deanonymization
120•DalasNoin•1d ago•123 comments

AIs can't stop recommending nuclear strikes in war game simulations

https://www.newscientist.com/article/2516885-ais-cant-stop-recommending-nuclear-strikes-in-war-ga...
141•ceejayoz•7h ago•182 comments

Following 35% growth, solar has passed hydro on US grid

https://arstechnica.com/science/2026/02/final-2025-data-is-in-us-energy-use-is-up-as-solar-passes...
270•rbanffy•4h ago•177 comments

The Misuses of the University

https://www.publicbooks.org/the-misuses-of-the-university/
86•ubasu•4h ago•62 comments

How to fold the Blade Runner origami unicorn (1996)

https://web.archive.org/web/20011104015933/www.linkclub.or.jp/~null/index_br.html
217•exvi•2d ago•30 comments

Never buy a .online domain

https://www.0xsid.com/blog/online-tld-is-pain
588•ssiddharth•7h ago•346 comments

GNU Texmacs

https://www.texmacs.org/tmweb/home/welcome.en.html
76•remywang•5h ago•30 comments

Trellis AI (YC W24) is hiring deployment lead to accelerate medication access

https://www.ycombinator.com/companies/trellis-ai/jobs/7ZlvQkN-lead-deployment-strategist
1•macklinkachorn•4h ago

Show HN: Respectify – a comment moderator that teaches people to argue better

https://respectify.org/
4•vintagedave•6h ago•0 comments

Claude Code Remote Control

https://code.claude.com/docs/en/remote-control
425•empressplay•13h ago•238 comments

Learnings from 4 months of Image-Video VAE experiments

https://www.linum.ai/field-notes/vae-reconstruction-vs-generation
6•schopra909•1d ago•1 comments

New accounts on HN more likely to use em-dashes

https://www.marginalia.nu/weird-ai-crap/hn/
473•todsacerdoti•6h ago•392 comments

Devirtualization and Static Polymorphism

https://david.alvarezrosa.com/posts/devirtualization-and-static-polymorphism/
10•dalvrosa•2h ago•0 comments

Text-Based Google Directions

https://gdir.telae.net/
34•TigerUniversity•4d ago•11 comments

Access to a Shared Unix Computer

http://tilde.club/
4•TigerUniversity•3d ago•0 comments

Show HN: Django Control Room – All Your Tools Inside the Django Admin

https://github.com/yassi/dj-control-room
88•yassi_dev•6h ago•44 comments

US orders diplomats to fight data sovereignty initiatives

https://www.reuters.com/sustainability/boards-policy-regulation/us-orders-diplomats-fight-data-so...
345•colinhb•6h ago•289 comments

Racket v9.1

https://blog.racket-lang.org/2026/02/racket-v9-1.html
107•azhenley•4h ago•12 comments

Reverse engineering the KakaoTalk app so I can build a Beeper Bridge

https://jusung.dev/posts/kakao-talk-is-making-me-local/
9•badeeya•53m ago•2 comments

Show HN: Django-xbench – slow endpoint aggregation for Django

https://github.com/yeongbin05/django-xbench
8•yeongbin05•3d ago•3 comments

Danish government agency to ditch Microsoft software (2025)

https://therecord.media/denmark-digital-agency-microsoft-digital-independence
661•robtherobber•10h ago•334 comments

Scipy.stats. Chatterjeexi

https://docs.scipy.org/doc/scipy/reference/generated/scipy.stats.chatterjeexi.html
17•kamaraju•3d ago•2 comments

PL/0

https://en.wikipedia.org/wiki/PL/0
46•tosh•3d ago•13 comments

Topological Naming Problem

https://wiki.freecad.org/Topological_naming_problem
50•tripdout•4d ago•21 comments