frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•1y ago

Comments

steele•1y ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•1y ago
Lmao, gentrify cracked me up
neilv•1y ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•1y ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•1y ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•1y ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•1y ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•1y ago
May as well just release an executable tbh.
theamk•1y ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•1y ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•1y ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

MiMo Code is now released and open-source

https://mimo.xiaomi.com/mimocode
201•apeters•2h ago•101 comments

Anthropic apologizes for invisible Claude Fable guardrails

https://www.theverge.com/ai-artificial-intelligence/948280/anthropic-claude-fable-invisible-disti...
57•rarisma•4h ago•37 comments

Lines of code got a better publicist

https://curlewis.co.nz/posts/lines-of-code-got-a-better-publicist/
260•RyeCombinator•4h ago•169 comments

The RCE that AMD wouldn't fix

https://mrbruh.com/amd2/
33•MrBruh•1h ago•19 comments

Nextcloud Hub 26 Spring: Built together, designed for the future

https://nextcloud.com/blog/nextcloud-hub26-spring/
83•doener•2h ago•45 comments

Petition to Withdraw Canada's Bill C-22

https://www.ourcommons.ca/petitions/en/Petition/Sign/e-7416
37•hmokiguess•1h ago•9 comments

Open Reproduction of DeepSeek-R1

https://github.com/huggingface/open-r1
101•yogthos•3h ago•12 comments

Pokémon Go Scans Trained the Navigation Tech for Military Drones

https://dronexl.co/2026/06/09/pokemon-go-scans-niantic-vantor-military-drone-navigation/
587•vrganj•10h ago•267 comments

FPS.cob: A first person shooter in COBOL

https://github.com/icitry/FPS.cob
46•MBCook•1h ago•11 comments

Solar generates more energy in US than coal for first time

https://www.theguardian.com/us-news/2026/jun/11/solar-energy-us-coal
83•neilfrndes•54m ago•21 comments

Introducing Waymo Premier, an elevated rider experience

https://waymo.com/blog/2026/06/waymo-premier/
13•boulos•54m ago•5 comments

MapComplete: Maps about various topics which you can contribute to

https://mapcomplete.org/
135•GTP•3h ago•25 comments

Emacs appearances in pop culture

https://ianyepan.github.io/posts/emacs-in-pop-culture/
34•ggcr•1d ago•0 comments

Queues Don't Fix Overload (2014)

https://ferd.ca/queues-don-t-fix-overload.html
32•locknitpicker•2d ago•14 comments

macOS 27 Beta breaks the ability to boot Asahi Linux

https://www.phoronix.com/news/macOS-27-Beta-Breaks-Asahi
34•josephcsible•2d ago•10 comments

How Terry Tao became an evangelist for AI in math

https://www.quantamagazine.org/how-terry-tao-became-an-evangelist-for-ai-in-math-20260608/
33•Tomte•3d ago•8 comments

SVG-Line: Better Status Bars for Emacs – Charlie Holland's Blog

https://www.chiply.dev/post-svg-line
45•rbanffy•2d ago•2 comments

Software Is Made Between Commits

https://zed.dev/blog/introducing-deltadb
10•jeremy_k•36m ago•1 comments

Show HN: Homebrew 6.0.0

https://brew.sh/2026/06/11/homebrew-6.0.0/
41•mikemcquaid•3h ago•1 comments

Autonomous drones have killed human soldiers for the first time

https://www.newscientist.com/article/2529849-fully-autonomous-drones-have-killed-human-soldiers-f...
32•deadgopher•1d ago•14 comments

Show HN: AI pair programmer for Emacs

https://github.com/jaketothepast/codetutor
35•jakewindle47•2d ago•0 comments

Global population movements from 1990 to 2023

https://www.nature.com/articles/d41586-026-01796-y
58•tzury•5h ago•57 comments

A new era for software testing

https://antirez.com/news/168
39•Chrisszz•4d ago•7 comments

Web Browsers on Video Game Consoles

https://vale.rocks/posts/game-console-browsers
139•robin_reala•8h ago•65 comments

Fable 5 lies 96% of the time

https://twitter.com/kradleai/status/2064907897373642912
18•TheMrZZ•30m ago•2 comments

Cybersecurity researchers aren't happy about the guardrails on Anthropic's Fable

https://techcrunch.com/2026/06/10/cybersecurity-researchers-arent-happy-about-the-guardrails-on-a...
563•speckx•1d ago•489 comments

Spoiling Linux Kernel with "sanctioned" code

https://printserver.ink/blog/spoiling-the-kernel/
53•ValdikSS•1d ago•14 comments

Doing nothing at work

https://www.seangoedecke.com/doing-nothing-at-work/
137•Sukram21•3d ago•29 comments

Thermodynamics rules future orbital data centers

https://spectrum.ieee.org/orbital-data-centers-heat
41•rbanffy•3h ago•60 comments

Ask HN: Favorite text heavy blogs that are a joy to read?

39•joshmarinacci•1d ago•16 comments