Yeah that tracks

Cultuurstrijd gaande houden om klassenstrijd te voorkomen

Yes! This was it, thank you

No it wasn't this, but I also needed this 😄

Recently somebody showed a graph showing average pagesize (js size/amount of js loaded on pages) is increasing by a LOT recently, I thought it was @infrequentposter.bsky.social but cant find the post, does anybody know what I'm talking about?

"You dont hate ai, you hate capitalism"

Can spend billions on a war, cant have social services

Sure but axioz/axios is a lot easier to spot still than 1468732674386474/1468732574386474

God damn dude this got me so bad. Was actually really confused for like a solid 10 minutes. Nice one.

Ugh got it now. I am dumb.

Im actually confused, is this a really convincing aprils fools thing? Am I just dumb?

Not typing it is exactly the issue though. Surely a bad actor can add a vulnerability in a convincing blog post, dm, whatever, people will just blindly copy it?

Ok sure but IDs make that an even bigger problem imo

Havent heard of FAIR before, will give it a read

Couldnt this easily be abused? If a package has id 123456 and package 123356 is a vulnerability, that mistake is easily made no?

The WebAIM Million 2026 report is out, it reports on overall accessibility across the web:

1. The number of failures increased 10.1% YOY
2. The average number of page elements increased 22.5%YOY

Meaning accessibility progress is backsliding. Personally, I am quite certain this is related to AI.

Plugins can be added to specific requests, or the instance itself (and then will apply to every request)

github.com/thepassle/ap...

Will take axios vuln as opportunity to plug my own fetch wrapper that I've been getting a lot of mileage out over the years. Has a flexible plugin system for things like retry's, caching, mocking, abort-able requests, debounce, etc, or roll your own with beforeFetch/afterFetch/transform/error hooks.

Yeah like I said I dont really have a problem loading the polyfill, I use it in personal apps quite a bit.

Yeah looking into that now. Been on my radar for a while, but havent had the time to look into it. Also the router technically isn't part of my team's responsibilities, but probably does mean loading a polyfill in the app. Not the worst thing in the world though.

^ we use it in our router package for frontend

path-to-regexp is only available as cjs and doesnt ship as esm anymore

"Humans are inherently lazy"

Yeah indeed. Pretty much just: "You were the only few teams who were at risk for this vulnerability because you havent updated yet, despite our warnings and telling you to update already"

Guilty of this as well. Taking the vulnerability as a means of getting some old projects who have been stalling to finally update their shit 🙃

LOL

lol

Mooer F40i amp looks pretty nutty for a home/hobby/office setup. Works as audio interface, speaker, amp, has a bunch of (customizable) presets. For only €200. Kind of mindblown by this thing

Really though. What does it say about the JS ecosystem that so many high profile packages' maintainers let them get convinced by one weirdo to only ship CJS and add 500 transitive deps? THATs the state of our ecosystem?

Amazes me how much of high profile JS libraries let themself get harb'd