If I didn't already know you were a dad, this would've done it

Generalize it to just your “at” which folls understand as their @ but sneakily also means Atmosphere and the account bit is implied

Don't Kill the Goose That Lays the Golden Eggs - Socket Open source is under attack because of how much value it creates. It has been the foundation of every major software innovation for the last three dec...

🪿 There are some wild takes out there right now about open source being “dead” after recent supply chain attacks and rapid advances in AI-driven security.

Let’s talk goosenomics for a minute. → socket.dev/blog/dont-ki...

feat: add CORS-aware ETag modes and configurable query parser options by opnsrcntrbtrian · Pull Request #6908 · expressjs/express Overview This PR introduces two independent enhancements to Express.js that address long-standing issues with CDN caching and query string handling. Changes Included 1. CORS-Aware ETag Generation (...

I close with something like:

> Before a PR is reviewable please ensure that at least:
>
> the PR is focused and has a single set of related changes, no combo PRs that add multiple features
> ... (show me that you looked at the code at all)

github.com/expressjs/ex...

Also, are you certain you didnt get it? I had no idea until iust earlier when I searched for slack invites in my email. Had two of the above, march 16 and march 17

Yeah its a sus email to get. Coming via slack’s normal infra lends it enough credibility to look innocuous I bet. I got this and wouldnt click on it for a lot of reasons, one being that I dont think valuable things come from cold emails. The truth is that I just ignored it

bsky.app/profile/jonc...

jokes on them, ignoring my inbox has long been part of my security posture

We released a lodash patch today, everything went well so havent really thought about it since. A non event.

Released a minor yesterday, and it broke stuff and immediately heard about it. Couldnt stop thinking about it until we fixed it EoD today

🫠

(Specifically using @rman.dev’s e18e tools fork, which uses @devminer.xyz’s registry couchdb to do the dependents lookup. So tyvm both of you and h/t to @bjohansebas.me for sharing it with me to prevent a repeat of bsky.app/profile/jonc... )

All that said, Ill join the discord and try to engage. Im confident that the bad vibes I have gotten in the past are not representative ❤️

The tools yall have built (like the dependents lookup) are incredibly useful to me. So Im sure theres other benefits if I just look

What I dont like is that it often feels (to me) like a crusade against incumbents.

Maybe thats just social media discourse, hot take-ification, that leaks into my sphere.

I know thats silly, but when I check folks’ github activity it often looks to me like solutions looking for problems

To be clear, I have deep admiration for the community yall have built

e18e looks like a thriving and exciting place to hang out as a dev. Exactly the kind of hot bed of innovation that open source represents. If anything Im envious of it!

We were stuck on an older node, an older react, and packages going full ESM only gave us so much headache in our build tooling, despite dropping IE support.

When I see folks pushing for bleeding edge everywhere, I just think we have lived under different constraints

The fix was needed, tests were being packaged by mistake. So all good there. But it was seeing “I saved the internet petabytes yearly” that gave me the dopamine.

Now I dont measure my impact that way. Especially after being @ Microsoft and working in one of the largest J/TS monorepos at the company

I recall once being extremely proud to calculate the bandwidth savings globally for reducing the package size of path-to-regexp (when it was still in react router)

It felt like I made an impact on the world, with a measurable big number attached to it.

But now it just feels like a shallow number

And I think most of it is from values misalignment, and contributors to e18e being unable to consider that there are other values held by other maintainers.

Hence when folks show up to “help”, they often are inflexible in seeing that their values are not shared and come off as arrogant and hostile

Id appreciate a post outlining what the target is in your mind for “get to a good place”

I never feel aligned with the goals of e18e because I dont think I have the same values as the project around what “a good place” is

My interactions with e18e contributors have felt hostile (aside from you)…

Youre the guy in this scenario arent you

In express v5, we actually had some minor changes listed in our beta logs that got reversed later. So it wasnt as simple as concatting (which I realized after we did that and the log contradicted itself lol)

I assume 8 had breaks, the betas listed some breaks, but its unclear if those breaks made it out of beta and into the major

Id recommend making the 8.0 changelog entry roll up all the relevant beta changes. Looking at the log, is it true that 8.0.0 had no breaking changes?

This bit us at first with express v5, after years of changes in beta changelogs, nobody looked beyond the 5.0.0 entry

Im not falling for this again, that’s a painting ma’am

Thanks! I was hoping someone else had replicated the registry so I didnt have to

Yeah I see how the downloads dont seem to add up if you just walk the reported dependents

packages.ecosyste.ms/registries/n...

I got replies before from folks suggesting how they have or would do this, I pinged @andrewnez.bsky.social from ecosyste.ms who might know more!

@andrewnez.bsky.social can you help point to the correct way to do with? can ecosyste.ms do it?

ooph yeah idk, my query reports it would scan 48 TB, so almost $300 to run it once

lemme see if I am still set up to pull this info easily without spending money lol

I spent like 3k by accident doing some queries which were similar to these, but not the same.

What’s the package btw?