❤️ Maths and JavaScript
🧑💻 Maintaining @babel.dev, @tc39.es delegate, working at @igalia.com
🔗 https://nicr.dev
🌈🇪🇺
Nicolò Ribaudo
Loading...
I hate it so much when I have to book a train trip that has multiple trains, and the first one sells out before that the timetable for the last one is even available.
We spent *hours* today in total going through their reports:
- one is not classifiable as vulnerability
- the other three are just hallucinated behavior that does not actually happen
This is the user: github.com/dfzysmy2tf-c...
They are opening issues in tens of repositories, and none of those are security vulnerabilities (in most case, the behavior they are describing is not even what actually happens!)
If you see an issue from them in your project, go ahead and block.
There is a GitHub user (LLM?) that is reporting a lot of "security vulnerabilities" as open issues.
They are mostly trash reports (e.g. "if you pass Object.prototype to the setFooOnObject function, it will set Object.prototype.foo so that's prototype pollution"), but what if one is real?
Cool! Apparently the npm Dependency Links VSCode extension has a configuration to specify a custom registry.
Now ctrl clicking a dependency in package.json takes me directly to npmx.dev.
{
"npmDependencyLinks.registryUrlPattern": "https://npmx.dev/package/{{pkg}}"
}
Last week we were able to present @robpalmer.bsky.social with his physical Ecma Recognition Award! 🎉 This was followed by an extensive round of tributes and praise, which Rob endured somewhat uncomfortably, at every opportunity urging us to cease and attend to the waiting celebratory Temporal cake.
How do we get to more than just three web engines owned by three US companies?
It's a gargantuan question, with no easy or right answer.
I've put together a draft report, thinking about it through a very specific approach - please enjoy:
Servo Readiness Report
webtransitions.org/servo-readin...
Nicolò Ribaudo
Extension for Visual Studio Code - Go to npm site of your dependencies
Ecma International Excitement 🎉
Last week, two TC39 members, Rob Palmer (@robpalmer.bsky.social) and Michael Saboff, received the Ecma Recognition Award for their contributions to Ecma, including TC39.
