Photos of Daniel and Matias's cat (their respective avatars) on a title card which says the same text. Soundwaves are visualized eminating from them in the background
ποΈ New Episode of Igalia Chats -
npmx: The People Powered Package Index
@bkardell.com and @ryzokuken.dev chat with @danielroe.dev and @patak.cat of npmx about the project, the community and Open Source
www.igalia.com/chats/npmxyz
Hello welcome to Amsterdam!
I just saw a full article on Fortune about the percentages of likelihood that LLMs think LLMs have of causing inflation or deflation, and then comparing LLMs based on the fake numbers they came up with about themselves???
Maybe you should use Linux rather than Windows to go to the moon?
If you work on tools that deal with source maps, TC39-TG4 (the source maps working group) has a hackathon in Amsterdam on 18th May 2026 at the JetBrains office.
@nicr.dev is the organizer who can be reached via BSky DMs or Matrix if you wish to register.
Santa only brought two trains and only got June 1st π
Waiting for midnight hoping that in April Renfe will release their full June timetable.
I feel like a child waiting for Santa π
Thanks to @wooorm.com I learned that I can change the text selection color in MacOS and now I can make everything pink.
They actually do have a "repro" that does not do what the description says.
I ended up blocking the user. I really wish we had a "labeler" shared between trusted maintainers so that we can avoid wasting time to even detect that report is spam.
I wish people were like him π
They opened issues
They didn't even open a PR, which would be impossible to do because there is nothing to fix!
I ended up just blocking them
I hate it so much when I have to book a train trip that has multiple trains, and the first one sells out before that the timetable for the last one is even available.
We spent *hours* today in total going through their reports:
- one is not classifiable as vulnerability
- the other three are just hallucinated behavior that does not actually happen
This is the user: github.com/dfzysmy2tf-c...
They are opening issues in tens of repositories, and none of those are security vulnerabilities (in most case, the behavior they are describing is not even what actually happens!)
If you see an issue from them in your project, go ahead and block.
But what if one is an actual vulnerability and I don't notice?
No. Three of them I just closed/commented that they are not vulnerabilities based on the description, but the fourth one I actually had to spend time playing with it (to then reach the conclusion that it was also not a vulnerability).
There is a GitHub user (LLM?) that is reporting a lot of "security vulnerabilities" as open issues.
They are mostly trash reports (e.g. "if you pass Object.prototype to the setFooOnObject function, it will set Object.prototype.foo so that's prototype pollution"), but what if one is real?
This is SO funny
It's a parody of the Italian government websites, and it feels exactly like the originals
pucs.it
Cool! Apparently the npm Dependency Links VSCode extension has a configuration to specify a custom registry.
Now ctrl clicking a dependency in package.json takes me directly to npmx.dev.
{
"npmDependencyLinks.registryUrlPattern": "https://npmx.dev/package/{{pkg}}"
}
We have more than 80 people registered to participate onsite in the Web Engines Hackfest 2026: webengineshackfest.org#attendees
If you want to join us, please fill the form at: forms.gle/7gSwfFebFW7s...
No, Vite shows the same downward curve
Webpack downloads stats from npmx. It shows consistent weekly downloads between 30M/week and 35M/week. In the past 3 weeks, it suddenly dropped to 20M/week.
I'm seeing this sudden drop in download counts in most popular npm packages, happening in the last 3 weeks.
Does anybody know what's going on?
This sounds incredibly fun, I'd love to participate as a "regular traveler" if you'll need it :)
Thanks for organizing!
screenshot of the one-pager version of the servo readiness report
How do we get to more than just three web engines owned by three US companies?
It's a gargantuan question, with no easy or right answer.
I've put together a draft report, thinking about it through a very specific approach - please enjoy:
Servo Readiness Report
webtransitions.org/servo-readin...
Last week we were able to present @robpalmer.bsky.social with his physical Ecma Recognition Award! π This was followed by an extensive round of tributes and praise, which Rob endured somewhat uncomfortably, at every opportunity urging us to cease and attend to the waiting celebratory Temporal cake.
Or too few batteries π
Did somebody create some controversy around Yarn?
I wonder whether this would make it easier to implement type-directed linting in tools like oxlint. Yes Flow is different from TypeScript, but in the past years their syntax aligned and the semantics might be similar enough for linting rules.