If everyone would do it, then problem solved!
Joke aside, Idk if there is something we can do. Other tools fully built their deps within their deployed package to avoid this. But for CLIs you can't do it I think :/
Le coefficient de Gini, qui mesure les inégalités de revenus, progresse en France tandis qu'il baisse au sein de l'UE.
Voilà qui devrait faire la Une des médias : en 10 ans de hollandisme-macronisme, la France est devenue plus inégalitaire que la moyenne de l'UE
Le coefficient de Gini, qui mesure les inégalités de revenus, progresse en France tandis qu'il baisse au sein de l'UE.
To me, that's the only way to:
- solve security issues
- avoid breaking changes as not all packages respect semver (which is more a suggestion than a rule)
Always use pinned dependencies
Update: reduced @rspack/dev-server deps from 193 → 8, install size from 14.9 MB → 4.1 MB.
npm supply chain attacks keep happening and keeping deps minimal makes me feel safer.
To me it is related: `void` in JS to me means "discard anything that this FN returns as I won't be needing it". And in TS, to me it means `don’t use the returned value`. So quite similar
@npmx.dev also has a builtin diff viewer that even includes a dependency change summary:
npmx.dev/diff/axios/v...
I don't think I understand
Void is not undefined
Void = "don't use me, I could be anything" but no "is undefined"
If it were, we could do something like `fn() === undefined` or similar. But you can't trust void so this should (I didn't test it but I my mind should) throw an error
And `never` and `unknown` also don't exist in JS
But `void` does in `void <something>` (and it already means "discard the return value, I won't use it")
But if `never` means error and `unknown` means "I don't know what it is, try parsing it yourself" there is no equivalent of `void` aka "don't use it"
I think I'd more match `never` as `void` is supposed to say "don't use it"
Why so?
I love it personally
🚨 Active supply chain attack on axios@1.14.1. The latest version pulls in plain-crypto-js@4.2.1 -- a brand-new package that didn't exist before today.
We're still investigating. If you use axios, pin your version and audit your lockfile. socket.dev/blog/axios-n...
The React Compiler rust port is now up as an in-progress PR at github.com/facebook/rea... - more to come as we test and polish.
If you use GitHub (especially if you pay for it!!) consider doing this *immediately*
Settings -> Privacy -> Disallow GitHub to train their models on your code.
GitHub opted *everyone* into training. No matter if you pay for the service (like I do). WTH
github.com/settings/cop...
Astro 6.1 is now available!
More control over image optimization, more markdown configuration options, and updated hooks for working with i18n.
astro.build/blog/astro-6...
👀 React / JS / TS trick
Use symbols instead of null/undefined to represent missing values
This React provider example:
- makes it possible to provide "null"
- still checks that the user didn't forget the <Provider>
There are cases where "null" is a perfectly valid ctx value
We've been following this pattern at @datadoghq.com in DRUIDS with our colors: druids.datadoghq.com/foundations/...
It helps us for so many migrations!
TypeScript 6.0 is now available!
This release brings better type-checking for methods, new standard library features, new module features for Node.js, and more!
But most important, this release brings us one step closer to the upcoming native-speed 7.0!
devblogs.microsoft.com/typescript/a...
📚 Continuing my series about design-systems, today I wrote about why I believe data-testid is a bad practice and and how role-based selectors actually help ensure your app is accessible.
We're announcing two things:
node:vfs, a Virtual File System landing in Node.js core (PR #61478, ~14,000 lines across 66 files)
@platformatic/vfs, a userland package you can use today on Node.js 22+
blog.platformatic.dev/why-nodejs-n...
We’re pretty close to having an initial Rust port of React Compiler. My approach was to iterate on the plan document (write it manually, have the agent expand, edit, repeat). Then try to run it, see what goes wrong, revert back to the plan, tweak the plan, repeat.
Lightning CSS is now used for CSS minification by default. You can use the build.cssMinify: 'esbuild' option to switch back to esbuild. Note that you need to install esbuild as a devDependency.
Looks like Vite 8 is using Lightning CSS as the default CSS minifier! Most next-generation build tools are now using it, including Turbopack, Rspack, Tailwind, Parcel, Bun (a port), and now Vite. ⚡️
⚡️ Vite 8.0 is here!
The most significant architectural change since Vite 2.
⏬ Powered by @rolldown.rs bringing faster production builds and more consistency
🛤️ New features such as tsconfig paths and emitDecoratorMetadata support
vite.dev/blog/announc...
![Code example showing the usage of Temporal.ZoneddateTime
```js
// London DST starts: 2026-03-29 01:00 -> 02:00
const zdt = Temporal.ZonedDateTime.from(
"2026-03-29T00:30:00+00:00[Europe/London]",
);
console.log(zdt.toString());
// → "2026-03-29T00:30:00+00:00[Europe/London]"
const plus1h = zdt.add({ hours: 1 });
console.log(plus1h.toString());
// "2026-03-29T02:30:00+01:00[Europe/London]" (01:30 doesn't exist)
```](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:r5emt2gkdrkb2yc6y7xndxpe/bafkreicgonzisednk3qegophndqf6fnslwtvbd7gshsgtv6fpi3arh2dsi)
Code example showing the usage of Temporal.ZoneddateTime ```js // London DST starts: 2026-03-29 01:00 -> 02:00 const zdt = Temporal.ZonedDateTime.from( "2026-03-29T00:30:00+00:00[Europe/London]", ); console.log(zdt.toString()); // → "2026-03-29T00:30:00+00:00[Europe/London]" const plus1h = zdt.add({ hours: 1 }); console.log(plus1h.toString()); // "2026-03-29T02:30:00+01:00[Europe/London]" (01:30 doesn't exist) ```
Temporal is now Stage 4 at TC39 🎂🎂🎂
Thanks to all the other champions of JavaScript's new date-time API. It has been a wild ride over many years!
I wrote a blog post explaining how we got here 📜
bloomberg.github.io/js-blog/post...
![A JSON file representing a source map. The code contains:
{
"version": 3, // Always the integer 3
"file": "out.js", // Optional: name of the generated file
"sourceRoot": "", // Optional: prefix prepended to each entry in "sources"
"sources": ["foo.js", "bar.js"], // Required: list of original source URLs/paths (or null)
"sourcesContent": [null, null], // Optional: inlined source text, aligned with "sources"
"names": ["src", "maps"], // Optional: symbol names referenced by "mappings"
"mappings": "A,AAAB;;ABCDE", // Required: encoded mapping data (base64-VLQ deltas)
"ignoreList": [0] // Optional: indexes into "sources" considered "third-party"
}](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:ny4wl2lgdvgej5rzaxk45ccn/bafkreiftsj6be2ea7h64mk4nenpkybnly5vte6na3le6xb4jpxgarok62m)
A JSON file representing a source map. The code contains: { "version": 3, // Always the integer 3 "file": "out.js", // Optional: name of the generated file "sourceRoot": "", // Optional: prefix prepended to each entry in "sources" "sources": ["foo.js", "bar.js"], // Required: list of original source URLs/paths (or null) "sourcesContent": [null, null], // Optional: inlined source text, aligned with "sources" "names": ["src", "maps"], // Optional: symbol names referenced by "mappings" "mappings": "A,AAAB;;ABCDE", // Required: encoded mapping data (base64-VLQ deltas) "ignoreList": [0] // Optional: indexes into "sources" considered "third-party" }
Source maps are a vital part of modern web development, but the lack of a standard made it impossible for us to add new features or improve the debugging experience.
This is the story of how we standardized source maps and how we continue to ship features through standards 📜
🧵
Astro 6 is here! We completely rebuilt the Astro dev server and build pipeline onto a new, more powerful runtime-agnostic architecture.
Plus: New Fonts API, CSP support, an experimental new Rust compiler, and more...
astro.build/blog/astro-6...
The Release Candidate for TypeScript 6.0 is now available!
Read up on what's coming up with 6.0 & 7.0, and try it out on your codebase today!
devblogs.microsoft.com/typescript/a...
The <Suspense> is over.
Solid 2.0 Beta is now released (next tag on npm). 🎉
github.com/solidjs/soli...
Deno v2.7 is here!
🕛 Temporal API stabilized
🪟 Windows ARM native support
⚙️ npm overrides support
📦 deno compile --self-extracting
🩹 Node compat fixes
...and more!
deno.com/blog/v2.7
