frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/
8•edent•6mo ago

Comments

steele•6mo ago
Ooh, free real estate, let's colonize and gentrify package management
aabhay•6mo ago
Lmao, gentrify cracked me up
neilv•6mo ago
Do these npx business cards run arbitrary code on your computer?
cypherpunks01•6mo ago
npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•6mo ago
Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•6mo ago
Yeah, this seems like a very smart but inherently flawed idea.
cypherpunks01•6mo ago
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Xss3•6mo ago
May as well just release an executable tbh.
theamk•6mo ago
Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•6mo ago
Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•6mo ago
This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

Launch HN: Mosaic (YC W25) – Agentic Video Editing

https://mosaic.so
47•adishj•2h ago•26 comments

Adventures in upgrading Proxmox

https://blog.vasi.li/adventures-in-upgrading-proxmox/
25•speckx•1h ago•3 comments

LLMs are bullshitters. But that doesn't mean they're not useful

https://blog.kagi.com/llms
11•speckx•31m ago•0 comments

The $1k AWS Mistake

https://www.geocod.io/code-and-coordinates/2025-11-18-the-1000-aws-mistake/
193•thecodemonkey•7h ago•170 comments

Gemini 3

https://blog.google/products/gemini/gemini-3/
1616•preek•1d ago•1001 comments

The peaceful transfer of power in open source projects

https://shkspr.mobi/blog/2025/11/the-peaceful-transfer-of-power-in-open-source-projects/
152•edent•4h ago•97 comments

I made a down detector for down detector

https://downdetectorsdowndetector.com
434•gusowen•17h ago•138 comments

Multimodal Diffusion Language Models for Thinking-Aware Editing and Generation

https://github.com/tyfeld/MMaDA-Parallel
101•lnyan•8h ago•8 comments

Thunderbird Adds Native Microsoft Exchange Email Support

https://blog.thunderbird.net/2025/11/thunderbird-adds-native-microsoft-exchange-email-support/
67•babolivier•6h ago•8 comments

Emoji evidence errors don’t undo a murder conviction

https://blog.ericgoldman.org/archives/2025/11/emoji-evidence-errors-dont-undo-a-murder-conviction...
56•hn_acker•2h ago•45 comments

How two photographers transformed RAW photo support on Mac

https://petapixel.com/2025/11/14/how-two-photographers-transformed-raw-photo-support-on-mac/
19•gbugniot•4d ago•1 comments

I just want working RCS messaging

https://wt.gd/i-just-want-my-rcs-messaging-to-work
234•joecool1029•16h ago•225 comments

Outdated Samsung handset linked to fatal emergency call failure in Australia

https://www.theregister.com/2025/11/18/samsung_emergency_call_failure/
28•doener•1h ago•19 comments

Google Antigravity

https://antigravity.google/
1009•Fysi•1d ago•994 comments

Your smartphone, their rules: App stores enable corporate-government censorship

https://www.aclu.org/news/free-speech/app-store-oligopoly
340•pabs3•4h ago•158 comments

A Chinese firm bought an insurer for CIA agents

https://www.bbc.com/news/articles/c4g311jn1m9o
12•bookofjoe•19m ago•0 comments

Programming the Commodore 64 with .NET

https://retroc64.github.io/
86•mariuz•5d ago•18 comments

The Future of Programming (2013) [video]

https://www.youtube.com/watch?v=8pTEmbeENF4
99•jackdoe•6d ago•64 comments

Build vs. Buy: What This Week's Outages Should Teach You

https://www.toddhgardner.com/blog/build-vs-buy-outages
18•toddgardner•1h ago•15 comments

Pebble, Rebble, and a path forward

https://ericmigi.com/blog/pebble-rebble-and-a-path-forward/
447•phoronixrly•1d ago•229 comments

Ultima VII Revisited

https://github.com/ViridianGames/U7Revisited
189•erickhill•1w ago•64 comments

Show HN: Browser-based interactive 3D Three-Body problem simulator

https://trisolarchaos.com/?pr=O_8(0.6)&n=3&s=5.0&so=0.00&im=rk4&dt=1.00e-4&rt=1.0e-6&at=1.0e-8&bs...
202•jgchaos•1d ago•87 comments

Learning to Boot from PXE

https://blog.imraniqbal.org/learning-to-boot-from-pxe/
40•speckx•6h ago•22 comments

How do the pros get someone to leave a cult?

https://www.theguardian.com/science/2025/nov/19/how-to-leave-a-cult-experts-intervention
101•n1b0m•5h ago•82 comments

Itiner-e: A high-resolution dataset of roads of the Roman Empire

https://www.nature.com/articles/s41597-025-06140-z
30•benbreen•1w ago•4 comments

Reproducible C++ builds by logging Git hashes

https://jgarby.uk/posts/git_repr/
3•j4cobgarby•5d ago•2 comments

Pimped Amiga 500

https://www.pimyretro.org/pimped-amiga-500/
80•onename•5h ago•37 comments

Blender 5.0

https://www.blender.org/download/releases/5-0/
955•FrostKiwi•20h ago•308 comments

How to Stay Sane in a World That Rewards Insanity

https://www.joanwestenberg.com/p/how-to-stay-sane-in-a-world-that-rewards-insanity
124•enbywithunix•3h ago•95 comments

Gemini 3 Pro Model Card [pdf]

https://storage.googleapis.com/deepmind-media/Model-Cards/Gemini-3-Pro-Model-Card.pdf
266•virgildotcodes•1d ago•330 comments