I will never get sick of react rants. Vue does everything react does but cleaner and better.

If AI is writing software from now on, to any meaningful degree, React should be absolutely dead.

The *only* benefit of React was that most human engineers already knew it. It's the worst choice in literally every other way.

If humans aren't writing your code, your code shouldn't be in React.

I agree. Most if not all dependency updates i ever did were not because of actual exploitable issues but because of new features, as a regular upgrade or to be safe just in case. If it works and does what you want you usually don't need the upgrade. Even if you want it.

That was a great read. Thank you :)

Last review I did boiled down to
"Replace this div soup with semantic HTML and remove the bad ARIA"

I think it would help a lot if developers (me included) looked more at the final html and not only at the rendered output

I've seen the post in my for you feed and thought "I don't use Cypress, this post isn't for me. MSW is cool tho"

My favorite ai influencer

I knew zip was build in and is even nicely integrated into the explorer but 7z? Crazy

If you run those commands in CI you might not even know you have been compromised. If you let dependabot bump dependencies for you the vulnerable version might even be locked so everybody else pulls it too.

Even if you have a lock file and all versions pinned, your transitive dependencies aren't pinned and can be resolved to vulnerable versions. That won't happen with npm ci but it will absolutely happen when running something with npx or when doing anything that triggers a resolution like npm i

The Hidden Blast Radius of the Axios Compromise - Socket The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.

socket.dev/blog/hidden-...

That's English being weird tho. Many non-english speaking languages use the long scale (and British English did too until they got infected by the US)
en.wikipedia.org/wiki/Long_an...

No that's a bad argument.
1. Even if everybody used min age not everybody would use the same value for it resulting in less people being affected even if a package isn't noticed early.
2. Automatic and manual checks would still happen and get the packages taken down.

Yeah we use a comma for the decimal point and the thousand separator is adjusted accordingly.
"4 comma 3" instead of "4 point 3"
Makes it very inconvenient to use Excel cross locale bc numbers can change

🧵 Democracy feels like it's in a rough state at the moment across the globe, and we hear various explanations, like polarisation, extremism, disinformation, and loss of trust. But what if those explanations are mainly symptoms and we've been trying to treat them rather than the underlying causes?

The Hidden Blast Radius of the Axios Compromise - Socket The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.

Lockfiles are part of the automatic dependency management and even when using a lockfile you are not safe against every supply chain attack
socket.dev/blog/hidden-...
With vendoring you have no pre and postinstall scripts, no chains of transitive deps and more friction means less deps in use overall

My favorite accessibility test in code reviews is this:
Take the final html from the browser and remove all classes, empty divs, styles and other stuff that a screen reader would not see or care about. Then see if you can still understand what you are looking at.

There have been a lot of supply chain attacks recently and automatic dependency management makes it much easier to be affected. Vendoring dependencies is the "correct" way to deal with it but also tedious.

That argument sounds a lot like "i have nothing to hide so I don't need privacy"
Maybe the registries themselves are secure but if someone uploads a bad version the registry will happily serve it to you until it's blocked. If it's a transitive dep not even a lock file will save you

Isn't automatic dependency management just downloading whatever the registry tells you is new?

Works well on Android too 👍
(Pixel 6 Firefox)

cssDOOM DOOM rendered entirely in CSS. Every wall, floor, barrel, and imp is a div, positioned in 3D space using CSS transforms.

CSS is DOOMed!

I've build DOOM in CSS and every wall, floor, barrel, and imp is a div, positioned in 3D space using CSS transforms.

cssdoom.wtf

Try it out! But... not every browser can handle it. This is taking the browser to its limit. Chrome has some issues. Safari too. Bugs will be filed.

slop is something that takes more human effort to consume than it took to produce. When my coworker sends me raw Gemini output he’s not expressing his freedom to create, he’s disrespecting the value of my time

I need a T-shirt with "This is JavaScript and there are no rules"

There are very few reasons why a regular web dev needs inert. Just open your modals with <dialog> and `.showModal()` (or in future the command API) and let the browser figure out good accessibility and usability

<dialog>: The Dialog element - HTML | MDN The <dialog> HTML element represents a modal or non-modal dialog box or other interactive component, such as a dismissible alert, inspector, or subwindow.

If you open a dialog in a non-modal fashion (`.show()` or the `open` attribute)
You might need to set inert yourself. Using `showModal()` is probably the easiest option bc. you need more than just inert to turn a non-modal Dialog into a modal one. See also:
developer.mozilla.org/en-US/docs/W...

If you open a <dialog> with `.showModal()` it will apply `inert` for you. Clicking outside of a dialog to close it is not a default behavior so it depends on how that is implemented. The tipp to set `inert` yourself mostly applies to custom dialogs.

I tried this myself for a simple 2d grid editor thingie and it's amazing how easy it is to implement. Panning the view is laterally just moving the container around. Inserting a cell is just a div.
For the stuff I want to do this is so much simpler than writing a canvas render

I wonder if I need to use a canvas for my current project or if I can just use divs and let css figure out the rendering for me ^^

This is impressive!
How performant is that though? Can you render the full level at once or do you need culling or some other optimization to make it playable?