Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/

8•edent•10mo ago

Comments

steele•10mo ago

Ooh, free real estate, let's colonize and gentrify package management

aabhay•10mo ago

Lmao, gentrify cracked me up

neilv•10mo ago

Do these npx business cards run arbitrary code on your computer?

cypherpunks01•10mo ago

npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•10mo ago

Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•10mo ago

Yeah, this seems like a very smart but inherently flawed idea.

cypherpunks01•10mo ago

Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.

Xss3•10mo ago

May as well just release an executable tbh.

theamk•10mo ago

Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•10mo ago

Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•10mo ago

This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

Show HN: A game where you build a GPU

OpenScreen is an open-source alternative to Screen Studio

Isseven

LLM Wiki – example of an "idea file"

How many products does Microsoft have named 'Copilot'?

AWS Engineer Reports PostgreSQL Perf Halved by Linux 7.0, Fix May Not Be Easy

Embarrassingly simple self-distillation improves code generation

Advice to Young People, the Lies I Tell Myself (2024)

Shooting down ideas is not a skill

Show HN: Contrapunk – Real-time counterpoint harmony from guitar input, in Rust

Show HN: I made open source, zero power PCB hackathon badges

Ruckus: Racket for iOS

Show HN: sllm – Split a GPU node with other developers, unlimited tokens

Show HN: TurboQuant-WASM – Google's vector quantization in the browser

The Indie Internet Index – submit your favorite sites

Apple approves driver that lets Nvidia eGPUs work with Arm Macs

Components of a Coding Agent

Some Unusual Trees

Emotion concepts and their function in a large language model

The CMS is dead, long live the CMS

Training mRNA Language Models Across 25 Species for $165

Breaking Enigma with Index of Coincidence on a Commodore 64

IBM 3270 Information Display System: Color and Programmed Symbols (1979) [pdf]

The Cathedral, the Bazaar, and the Winchester Mystery House

Evacuation of U.S. troops from Mideast base sends community groups scrambling

Plague Ships (2020)

German implementation of eIDAS will require an Apple/Google account to function

Show HN: M. C. Escher spiral in WebGL inspired by 3Blue1Brown

Tell HN: Anthropic no longer allowing Claude Code subscriptions to use OpenClaw

Scientists observe an immune signaling complex forming inside cells