frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•8mo ago

Comments

steele•8mo ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•8mo ago
Lmao, gentrify cracked me up
neilv•8mo ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•8mo ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•8mo ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•8mo ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•8mo ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•8mo ago
May as well just release an executable tbh.
theamk•8mo ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•8mo ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•8mo ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

Astro Joining Cloudflare

https://astro.build/blog/joining-cloudflare/
162•todotask2•1h ago•82 comments

Michelangelo's First Painting, Created When He Was Only 12 or 13 Years Old

https://www.openculture.com/2026/01/discover-michelangelos-first-painting.html
69•bookofjoe•1h ago•57 comments

Just the Browser

https://justthebrowser.com/
258•cl3misch•3h ago•127 comments

America could have $4 lunch bowls like Japan but for zoning laws

https://abio.substack.com/p/america-could-have-4-lunch-bowls
74•627467•42m ago•41 comments

Lock-Picking Robot

https://github.com/etinaude/Lock-Picking-Robot
38•p44v9n•4d ago•8 comments

Dev-Owned Testing: Why It Fails in Practice and Succeeds in Theory

https://dl.acm.org/doi/10.1145/3780063.3780066
28•rbanffy•1h ago•31 comments

psc: The ps utility, with an eBPF twist and container context

https://github.com/loresuso/psc
21•tanelpoder•2h ago•7 comments

OpenBSD-current now runs as guest under Apple Hypervisor

https://www.undeadly.org/cgi?action=article;sid=20260115203619
335•gpi•12h ago•38 comments

List of individual trees

https://en.wikipedia.org/wiki/List_of_individual_trees
241•wilson090•15h ago•92 comments

Interactive eBPF

https://ebpf.party/
119•samuel246•7h ago•6 comments

Training my smartwatch to track intelligence

https://dmvaldman.github.io/rooklift/
57•dmvaldman•1d ago•24 comments

Read_once(), Write_once(), but Not for Rust

https://lwn.net/SubscriberLink/1053142/8ec93e58d5d3cc06/
4•todsacerdoti•34m ago•0 comments

Show HN: The Analog I – Inducing Recursive Self-Modeling in LLMs [pdf]

https://github.com/philMarcus/Birth-of-a-Mind
22•Phil_BoaM•1h ago•18 comments

The spectrum of isolation: From bare metal to WebAssembly

https://buildsoftwaresystems.com/post/guide-to-execution-environments/
68•ThierryBuilds•6h ago•22 comments

Apple is fighting for TSMC capacity as Nvidia takes center stage

https://www.culpium.com/p/exclusiveapple-is-fighting-for-tsmc
730•speckx•1d ago•442 comments

Pocket TTS: A high quality TTS that gives your CPU a voice

https://kyutai.org/blog/2026-01-13-pocket-tts
537•pain_perdu•1d ago•123 comments

Show HN: I built a text-based business simulator to replace video courses

https://www.core-mba.pro/
61•Core_Dev•13h ago•30 comments

Briar keeps Iran connected via Bluetooth and Wi-Fi when the internet goes dark

https://briarproject.org/manual/fa/
469•us321•20h ago•288 comments

Show HN: pgwire-replication - pure rust client for Postgres CDC

https://github.com/vnvo/pgwire-replication
25•sacs0ni•5d ago•7 comments

Inside The Internet Archive's Infrastructure

https://hackernoon.com/the-long-now-of-the-web-inside-the-internet-archives-fight-against-forgetting
398•dvrp•2d ago•95 comments

Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities

https://www.nytimes.com/2026/01/15/us/politics/cyberattack-venezuela-military.html
10•7402•36m ago•3 comments

Linux boxes via SSH: suspended when disconected

https://shellbox.dev/
255•messh•19h ago•138 comments

Ask HN: How can we solve the loneliness epidemic?

666•publicdebates•22h ago•1047 comments

Altaid 8800 (2024)

https://sunrise-ev.com/8080.htm
23•exvi•4d ago•3 comments

Bringing the Predators to Life in MAME

https://lysiwyg.mataroa.blog/blog/bringing-the-predators-to-life-in-mame/
45•msephton•2d ago•9 comments

pf: Make af-to less magical

https://undeadly.org/cgi?action=article;sid=20260116085115
40•defrost•6h ago•3 comments

Show HN: Hc: an agentless, multi-tenant shell history sink

https://github.com/alessandrocarminati/hc
21•acarminati•7h ago•2 comments

Claude is good at assembling blocks, but still falls apart at creating them

https://www.approachwithalacrity.com/claude-ne/
290•bblcla•1d ago•208 comments

My Gripes with Prolog

https://buttondown.com/hillelwayne/archive/my-gripes-with-prolog/
132•azhenley•15h ago•76 comments

Data is the only moat

https://frontierai.substack.com/p/data-is-your-only-moat
188•cgwu•20h ago•40 comments