frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•1y ago

Comments

steele•1y ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•1y ago
Lmao, gentrify cracked me up
neilv•1y ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•1y ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•1y ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•1y ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•1y ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•1y ago
May as well just release an executable tbh.
theamk•1y ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•1y ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•1y ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

GitHub Is Becoming a Giant AI Code Dump

https://maref.cc/en/blog/vibe-coding-crisis/
13•Athena-maref•18m ago•4 comments

Vulnerability reports are not special anymore

https://words.filippo.io/vuln-reports/
244•goranmoomin•8h ago•133 comments

Raspberry Pi Pico W as USB Wi-Fi Adapter

https://gitlab.com/baiyibai/pico-usb-wifi
112•byb•5h ago•27 comments

Show HN: An ASCII 3D Rendering Engine

https://glyphcss.com
105•apresmoi•3d ago•32 comments

Jerry's Map

http://www.jerrysmap.com/the-map
457•turtleyacht•14h ago•52 comments

FUTO Swipe – A new swipe typing model

https://swipe.futo.tech/
517•futohq•14h ago•163 comments

In memory of the man who put red and green squiggles under words

https://devblogs.microsoft.com/oldnewthing/20260622-00/?p=112451
358•saikatsg•14h ago•52 comments

Qwen-AgentWorld: Language World Models for General Agents

https://arxiv.org/abs/2606.24597
88•ilreb•6h ago•24 comments

Ashby (YC W19) Is Hiring EMEA Engineers Who Can Design

https://www.ashbyhq.com/careers?ashby_jid=87b96eef-edc1-4de4-adb6-d460126d02f8&utm_source=hn
1•abhikp•1h ago

"Fix" MacBook Neo Cursor Lag: Record 1 Pixel of the Screen Every 10 Seconds

https://gist.github.com/retroplasma/ec21767d0a8380c7ea9c2fbee1c7d6bf
85•retroplasma•6h ago•32 comments

Why eval startups fail (2025)

https://thomasliao.com/eval-startups
5•jxmorris12•1d ago•0 comments

Remaking BBC test cards to teach you video processing

https://www.youtube.com/watch?v=U_6HxPkrgcg
27•unleaded•2d ago•0 comments

Printing Gaussian Splats

https://www.patreon.com/DanyBittel/posts/printing-splats-161333338
289•ilnmtlbnm•2d ago•31 comments

Rhombus Language 1.0

https://blog.racket-lang.org/2026/06/rhombus-v1.0.html
153•Decabytes•1d ago•38 comments

A man was gifted his dream car by Kevin Mitnick, who he helped put in prison

https://www.thedrive.com/news/this-man-was-gifted-his-dream-car-by-the-notorious-hacker-he-put-in...
165•mauvehaus•1d ago•95 comments

Swift Package Index joins Apple

https://swiftpackageindex.com/blog/swift-package-index-joins-apple
201•JDevlieghere•14h ago•66 comments

Usbliter8: an A12/A13 SecureROM Exploit

https://ps.tc/pages/blog-usbliter8.html
138•givinguflac•5d ago•27 comments

Show HN: TikZ Editor – WYSIWYG editor for figures in LaTeX

https://tikz.dev/editor/
384•DominikPeters•18h ago•71 comments

Show HN: Graphical SQL Builder and Debugger

https://github.com/webofmarius/SQLJoiner
7•matei88•2d ago•1 comments

The worthlessness of Vitamin D is mildly exaggerated

https://dynomight.net/vitamin-d/
289•surprisetalk•16h ago•196 comments

DiffusionBench: Towards Holistic Evaluation of Generative Diffusion Transformers

https://github.com/End2End-Diffusion/diffusion-bench
33•ilreb•6h ago•1 comments

Meta Pauses Employee-Tracking Program Following Internal Data Leak

https://www.wired.com/story/meta-pauses-employee-tracking-program-following-internal-security-bre...
230•1vuio0pswjnm7•8h ago•145 comments

Dirty Little Zine – a tool for making an 8 page printable Zine

https://dirtylittlezine.com/
117•cianmm•3d ago•15 comments

Millimeter wave technology drills 100 meters into granite

https://www.thinkgeoenergy.com/quaise-energy-achieves-100-meters-of-drilling-using-millimeter-wav...
147•Jimmc414•3d ago•46 comments

The Teensy Executable Revisited

https://www.muppetlabs.com/~breadbox/software/tiny/revisit.html
35•ankitg12•6h ago•3 comments

Lithp.py (~2008)

https://fogus.me/fun/lithp/
18•wglb•2d ago•3 comments

Fired by Google for creating the Google workspace CLI

https://twitter.com/JPoehnelt/status/2069482265953087602
501•justinwp•14h ago•296 comments

Inventing the Future, One Lisp Machine at a Time

https://www.patrickdomanico.com/bpm/2026/06/16/inventing-the-future-one-lisp-machine-at-a-time/
97•pamoroso•1d ago•13 comments

The Low-Tech AI of Elden Ring

https://nega.tv/posts/low-tech-ai-of-elden-ring.html
145•g0xA52A2A•20h ago•79 comments

Hunting Million-Digit Primes from My Loft

https://primecrunch.com/blog/2/hunting-million-digit-primes-from-my-loft
24•andyhedges•2d ago•2 comments