frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•8mo ago

Comments

steele•8mo ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•8mo ago
Lmao, gentrify cracked me up
neilv•8mo ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•8mo ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•8mo ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•8mo ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•8mo ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•8mo ago
May as well just release an executable tbh.
theamk•8mo ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•8mo ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•8mo ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

Just the Browser

https://justthebrowser.com/
160•cl3misch•2h ago•54 comments

Show HN: I built a text-based business simulator to replace video courses

https://www.core-mba.pro/
32•Core_Dev•12h ago•11 comments

OpenBSD-current now runs as guest under Apple Hypervisor

https://www.undeadly.org/cgi?action=article;sid=20260115203619
319•gpi•10h ago•33 comments

Show HN: The Analog I – Inducing Recursive Self-Modeling in LLMs [pdf]

https://github.com/philMarcus/Birth-of-a-Mind
4•Phil_BoaM•25m ago•0 comments

List of individual trees

https://en.wikipedia.org/wiki/List_of_individual_trees
212•wilson090•14h ago•76 comments

The spectrum of isolation: From bare metal to WebAssembly

https://buildsoftwaresystems.com/post/guide-to-execution-environments/
55•ThierryBuilds•4h ago•19 comments

Interactive eBPF

https://ebpf.party/
80•samuel246•6h ago•5 comments

Cue Does It All, but Can It Literate?

https://xlii.space/cue/cue-does-it-all-but-can-it-literate/
38•xlii•4d ago•9 comments

Apple is fighting for TSMC capacity as Nvidia takes center stage

https://www.culpium.com/p/exclusiveapple-is-fighting-for-tsmc
719•speckx•23h ago•435 comments

Pocket TTS: A high quality TTS that gives your CPU a voice

https://kyutai.org/blog/2026-01-13-pocket-tts
507•pain_perdu•1d ago•118 comments

Briar keeps Iran connected via Bluetooth and Wi-Fi when the internet goes dark

https://briarproject.org/manual/fa/
430•us321•18h ago•252 comments

Training my smartwatch to track intelligence

https://dmvaldman.github.io/rooklift/
19•dmvaldman•1d ago•14 comments

Inside The Internet Archive's Infrastructure

https://hackernoon.com/the-long-now-of-the-web-inside-the-internet-archives-fight-against-forgetting
380•dvrp•2d ago•94 comments

Bringing the Predators to Life in MAME

https://lysiwyg.mataroa.blog/blog/bringing-the-predators-to-life-in-mame/
40•msephton•2d ago•6 comments

Show HN: pgwire-replication - pure rust client for Postgres CDC

https://github.com/vnvo/pgwire-replication
15•sacs0ni•5d ago•6 comments

pf: Make af-to less magical

https://undeadly.org/cgi?action=article;sid=20260116085115
31•defrost•4h ago•1 comments

Linux boxes via SSH: suspended when disconected

https://shellbox.dev/
242•messh•17h ago•136 comments

Signal creator Moxie Marlinspike wants to do for AI what he did for messaging

https://arstechnica.com/security/2026/01/signal-creator-moxie-marlinspike-wants-to-do-for-ai-what...
38•aarghh•2h ago•19 comments

Ask HN: How can we solve the loneliness epidemic?

637•publicdebates•21h ago•1002 comments

Claude is good at assembling blocks, but still falls apart at creating them

https://www.approachwithalacrity.com/claude-ne/
276•bblcla•1d ago•201 comments

My Gripes with Prolog

https://buttondown.com/hillelwayne/archive/my-gripes-with-prolog/
120•azhenley•13h ago•64 comments

Altaid 8800 (2024)

https://sunrise-ev.com/8080.htm
13•exvi•4d ago•2 comments

Prime chains

https://www.johndcook.com/blog/2026/01/10/prime-chains/
29•ibobev•4d ago•8 comments

Data is the only moat

https://frontierai.substack.com/p/data-is-your-only-moat
177•cgwu•19h ago•39 comments

Show HN: OpenWork – An open-source alternative to Claude Cowork

https://github.com/different-ai/openwork
202•ben_talent•2d ago•43 comments

JuiceFS is a distributed POSIX file system built on top of Redis and S3

https://github.com/juicedata/juicefs
165•tosh•19h ago•95 comments

I Built a 1 Petabyte Server from Scratch [video]

https://www.youtube.com/watch?v=vVI7atoAeoo
105•zdw•5d ago•36 comments

Show HN: Hc: an agentless, multi-tenant shell history sink

https://github.com/alessandrocarminati/hc
10•acarminati•5h ago•2 comments

Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

https://github.com/syncguy/go-legacy-winxp/tree/winxp-compat
119•Oxodao•4d ago•62 comments

First impressions of Claude Cowork

https://simonw.substack.com/p/first-impressions-of-claude-cowork
211•stosssik•2d ago•121 comments