news newest ask show jobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Building my npx business card

https://ashley.dev/posts/turning-feedback-into-features/

8•edent•7mo ago

Comments

steele•7mo ago

Ooh, free real estate, let's colonize and gentrify package management

aabhay•7mo ago

Lmao, gentrify cracked me up

neilv•7mo ago

Do these npx business cards run arbitrary code on your computer?

cypherpunks01•7mo ago

npx

Run a command from a local or remote npm package

Description

This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

neilv•7mo ago

Yes, then is a "command from an npm package" arbitrary code?

And what is this "similar context as running it via npm run"?

Would it be better to answer the question directly?

joshka•7mo ago

Yeah, this seems like a very smart but inherently flawed idea.

cypherpunks01•7mo ago

Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.

Xss3•7mo ago

May as well just release an executable tbh.

theamk•7mo ago

Reminds me of JAPH [0] - a tiny Perl program that was used in email/newsgroup signature to give it personal touch.

[0] https://www.perlmonks.org/?node_id=412464

watusername•7mo ago

Terminal business cards are a nice idea, but RCE business cards are just asking for trouble. Instead of npx, what happened to good'ol curl? Something like

$ curl ashley.dev

Some decades ago, we had finger (https://en.wikipedia.org/wiki/Finger_%28protocol%29) which is designed for this very use case. Sadly it's no longer installed by default with most distros:

$ finger @ashley.dev

queezey•7mo ago

This would be a great advertisement for security consulting.

"I was just able to run arbitrary code on your computer. Here is a sample of your recent browser history. Let me tell you help you mitigate your security vulnerabilities."

Surveillance Watch – a map that shows connections between surveillance companies

https://www.surveillancewatch.io

36•kekqqq•1h ago•3 comments

Mathematics for Computer Science (2018) [pdf]

https://courses.csail.mit.edu/6.042/spring18/mcs.pdf

98•vismit2000•3h ago•10 comments

How to Code Claude Code in 200 Lines of Code

https://www.mihaileric.com/The-Emperor-Has-No-Clothes/

520•nutellalover•14h ago•179 comments

What Happened to WebAssembly

https://emnudge.dev/blog/what-happened-to-webassembly/

112•enz•2h ago•97 comments

European Commission issues call for evidence on open source

https://lwn.net/Articles/1053107/

110•pabs3•3h ago•47 comments

Why I left iNaturalist

https://kueda.net/blog/2026/01/06/why-i-left-inat/

189•erutuon•9h ago•96 comments

Sopro TTS: A 169M model with zero-shot voice cloning that runs on the CPU

https://github.com/samuel-vitorino/sopro

242•sammyyyyyyy•13h ago•88 comments

Embassy: Modern embedded framework, using Rust and async

https://github.com/embassy-rs/embassy

211•birdculture•11h ago•86 comments

Hacking a Casio F-91W digital watch (2023)

https://medium.com/infosec-watchtower/how-i-hacked-casio-f-91w-digital-watch-892bd519bd15

93•jollyjerry•4d ago•26 comments

Bose has released API docs and opened the API for its EoL SoundTouch speakers

https://arstechnica.com/gadgets/2026/01/bose-open-sources-its-soundtouch-home-theater-smart-speak...

2323•rayrey•19h ago•348 comments

Richard D. James aka Aphex Twin speaks to Tatsuya Takahashi (2017)

https://web.archive.org/web/20180719052026/http://item.warp.net/interview/aphex-twin-speaks-to-ta...

174•lelandfe•13h ago•56 comments

The Jeff Dean Facts

https://github.com/LRitzdorf/TheJeffDeanFacts

467•ravenical•21h ago•166 comments

The Unreasonable Effectiveness of the Fourier Transform

https://joshuawise.com/resources/ofdm/

232•voxadam•15h ago•95 comments

Why Is There a Tiny Hole in the Airplane Window? (2023)

https://www.afar.com/magazine/why-airplane-windows-have-tiny-holes

32•quan•4d ago•6 comments

Samba Was Written (2003)

https://download.samba.org/pub/tridge/misc/french_cafe.txt

26•tosh•5d ago•16 comments

Anthropic blocks third-party use of Claude Code subscriptions

https://github.com/anomalyco/opencode/issues/7410

349•sergiotapia•6h ago•279 comments

1M for Non-Specialists: Introduction

https://pithlessly.github.io/1ml-intro

6•birdculture•6d ago•2 comments

Do not mistake a resilient global economy for populist success

https://www.economist.com/leaders/2026/01/08/do-not-mistake-a-resilient-global-economy-for-populi...

155•andsoitis•3h ago•163 comments

Photographing the hidden world of slime mould

https://www.bbc.com/news/articles/c9d9409p76qo

27•1659447091•1w ago•5 comments

Mysterious Victorian-era shoes are washing up on a beach in wales

https://www.smithsonianmag.com/smart-news/hundreds-of-mysterious-victorian-era-shoes-are-washing-...

32•Brajeshwar•3d ago•13 comments

AI coding assistants are getting worse?

https://spectrum.ieee.org/ai-coding-degrades

316•voxadam•19h ago•503 comments

He was called a 'terrorist sympathizer.' Now his AI company is valued at $3B

https://sfstandard.com/2026/01/07/called-terrorist-sympathizer-now-ai-company-valued-3b/

180•newusertoday•16h ago•225 comments

The No Fakes Act has a “fingerprinting” trap that kills open source?

https://old.reddit.com/r/LocalLLaMA/comments/1q7qcux/the_no_fakes_act_has_a_fingerprinting_trap_t...

128•guerrilla•5h ago•55 comments

Google AI Studio is now sponsoring Tailwind CSS

https://twitter.com/OfficialLoganK/status/2009339263251566902

647•qwertyforce•15h ago•212 comments

Logistics Is Dying; Or – Dude, Where's My Mail?

https://lagomor.ph/2026/01/logistics-is-dying-or-dude-wheres-my-mail/

52•ChilledTonic•8h ago•37 comments

Ushikuvirus: Newly discovered virus may offer clues to the origin of eukaryotes

https://www.tus.ac.jp/en/mediarelations/archive/20251219_9539.html

99•rustoo•1d ago•22 comments

Fixing a Buffer Overflow in Unix v4 Like It's 1973

https://sigma-star.at/blog/2025/12/unix-v4-buffer-overflow/

124•vzaliva•16h ago•33 comments

Show HN: macOS menu bar app to track Claude usage in real time

https://github.com/richhickson/claudecodeusage

125•RichHickson•16h ago•45 comments

Systematically Improving Espresso: Mathematical Modeling and Experiment (2020)

https://www.cell.com/matter/fulltext/S2590-2385(19)30410-2

31•austinallegro•6d ago•8 comments

Pole of Inaccessibility

https://en.wikipedia.org/wiki/Pole_of_inaccessibility

54•benbreen•5d ago•11 comments