
Show HN: GitHub Repository Card for Every Web Site - nwtgck
https://github.com/nwtgck/gh-card
======
t0astbread
Why is everyone so negative again? This is cool!

~~~
Crinus
Because since it wasn't made by a big multibillion corporation, it is
inherently unsafe, like every other thing not made by big multibillion
corporations.

Only big money can be trusted.

(i'm obviously not serious here, but i do find it sad how people are fine
trusting projects by FAANG, Microsoft, IBM and others of similar scale but
once something is made by someone with a human face it suddenly is a problem
unless it is a toy)

~~~
oauea
Microsoft owns GitHub. So this was created by Microsoft.

~~~
Crinus
Is this some joke i didn't understood? The linked project doesn't look like it
was created by Microsoft or GitHub. Is the author working at Microsoft?

------
floatingatoll
Security note: Please remember that, while this is a great idea, it’s also an
excellent platform for causing havoc such as phishing if the operator’s
account is ever hacked or turns malicious. For demo purposes it’s obviously
fine but do not make this live without hosting your own, or consider the risk
of it sending users to e.g. “glthub.com” someday.

~~~
albertgoeswoof
How is this any different from hotlinking an image? I don't understand the
security risk here? If a bad actor gets control of the domain all they can do
is change the svg that you render.

I suppose you could parse that SVG in an insecure way (if for some reason you
were parsing it) but that's not a problem with using the service.

~~~
devbat8712
I agree that it's probably safe, but SVG can contain script tags.

------
davchana
It outputs an not-found image if we click the button Generate with nothing in
the text box.

Also, try to find if user pasted the complete github.com url; & strip it
before processing it.

------
philshem
The images don't work for me: _Internal error in the request_

But a question - once the SVG/PNG is generated, is it updated when the repo
stats change?

------
lioeters
I wonder, is it necessary to depend on a third-party server (gh-cards.dev)?
The SVG file could be embedded inline, or downloaded and served locally.

\---

By the way, I'm a huge fan of your work!

I'm sure others would find it enjoyable to see the creative and minimalist
software:
[https://nwtgck.github.io/portfolio/](https://nwtgck.github.io/portfolio/)

~~~
cosmic_quanta
If the SVG was embedded, you would have to periodically re-upload a file to
update the stars/fork stats no?

~~~
lioeters
Ahh, I see what you mean. You're right, so the card server does have a
purpose.

Hmm, perhaps the SVG can be regenerated on the server-side during a build step
or static site generation. That might remove the dependency at least on the
client side.

------
dotdi
This would be awesome with a dark theme.

------
pronoiac
Ah. GitHub repo cards, for embedding anywhere.

From the title, I thought this was cataloging every web site.

------
weka
This is really cool. One could easily put these into other repos to show
stats.

------
captn3m0
I was thinking of doing something similar with auto-generated SVG files for
open graph images. Does anyone know if FB/Twitter etc support SVG images for
open graph content?

------
bytematic
Should make the ability to do dark mode on that card, I would but I have no
experience with that stack

------
ecares
Seems that private repos trigger a 500 error ;)

------
chiefalchemist
Something similar for GitLab? Please??

~~~
MH15
Make it.

------
vipref
This is cool!

------
teknologist
Please, please wrap that text box and button in a <form> so that when we press
"enter" the form submits. HTML 101.

~~~
reimertz
FYI, this comment would’ve been completely fine without “HTML 101”.

