Does any have a spare blsky invite? Seems like its time to move while twitter is on its way to implode. 🫣.

TFW you find out the web finally has a deep clone API called `structuredClone`: 🥳. TFW you realise it doesn't work on Proxies: 😩.

Join millions who have switched to Grok.

I really hate that this keeps happening.

TFW, you accidentally create another framework.

It's very liberating to work on your own projects, as you're not hindered by the constraints and boundaries of your work environment. You create. You experiment. You innovate. You're the mad scientist.

My dog has been responsible for 100% of the fires caused by our 2 @iRobot Roomba's. Long hair dogs, rotating parts == friction. It's a recipe for disaster.

Security researcher reporting bug: $100-1000.OpenSource maintainer fixing bugs: $0. 🥲.

The current state of the art mono repo tooling, nx/lerna, decided that fork bombing is an acceptable pattern when executing tasks. Is this _really_ the best we can do? Like, really?.

Hot take: React did more harm than good for the web. Our apps got heavier, and we somehow accepted that is fine to ship duplicate content because yay hydration. It's extremely overkill for the majority of apps that just render basic UI elements.

It doesn't throw an Error, no, that would make too much sense right? Instead we create an Error instance, and log it to the console instead, sending you on a while goose chase figuring out where the error is coming from, why your tests are still passing.

Not only does it means you're not testing your code correctly and you basically cross your fingers and hope that there's no implementation difference between the real API and whatever polyfill they designed. But when you hit those API differences. .

I'm thankful for JSDOM. For reminding about the mistake I made for installing it, and using it in a project. What were we thinking, trying to polyfil a JS environment with non functioning polyfill API's that do not represent the real world usage of our code at all.

I don’t understand why it has to be this hard to just activate windows. Just press the button that does the stuff. You know I have a license, stop wasting both our time.

I have been talking with windows support for 5 hours plus trying to fix windows activation after a HW change + install. Now were back at a new support team. This is why people use linux.

Going where Nodejs refuses to, making WebSockets a first class citizen. I hope this sparks some new competition, because Nodejs is stuck in the past.

Its a great option to abuse when install scrips are blocked on systems, and really easy to exploit. It can be done high conditional as well. E.g only when NODE_ENV=production making it harder to track down.

The new exports key in package.json files is a great new entry point for supply chain attacks. It allows you load different files depending on environment, targets and what not. Allows code to work in browser, but run malicious code in node. #nodejs.

Is there a way to just update all your @npmjs packages to require 2FA for **publishing**? As far as I can see it’s a manual process, and 1 package at the time. There has to be some automation for this right? Right??! Manually updating ~300 packages sounds like a lot of pain.

We as package maintainers/authors can protect our users with this little change, we already have tools like dependabot/greenkeeper to manage our updates. The additional publishes for dependency updates would be a small price to pay for better security.

Semver was a mistake for dependency management as is evident by the recent #npmjs supply chain attacks. Its time package managers active start alerting maintainers when they specify ranges in their dependencies and suggest to go with fixed/pinned versions instead.