DaloyJS

Just as you wouldn't drink from a contaminated stream, you shouldn't build on a contaminated supply chain. DaloyJS is the "filtration system" for modern JS development.

Love FastAPI? Try DaloyJS. FastAPI-style DX for TypeScript, with secure-by-default routing, validation, and OpenAPI built in. daloyjs.dev

And for an ODM like @MongoDB in @daloyjs? Just register a Mongoose plugin, decorate your app state, and you're querying in minutes 🚀 Schema validation, transactions via sessions, and duplicate key errors that serialize as problem+json, it all just works. daloyjs.dev/docs/odm/mongo… #TypeScript #MongoDB #NodeJS

Do you know that @SequelizeJS + @daloyjs = a surprisingly clean combo 🔥 Register it as a plugin, get typed DB access across your routes, and wrap mutations in managed transactions, all with the ORM your team already knows. Full setup guide 👇 daloyjs.dev/docs/orm/seque… #TypeScript #NodeJS #webdev

The newly released lynx-ui is cool, but don't forget that we have fakerestapi.vercel.app/docs if you are playing around with @LynxJS_org. 😊

Hey @shehackspurple, we just listened to an episode of the Cybersecurity Today podcast where you were a guest. You have a good heart and are an inspiration to others. 💞

@TheHackersNews 70M downloads is exactly why defaults matter. If one package goes bad, your stack should still have guardrails: blocked scripts, verified lockfiles, provenance, and minimal runtime deps. That's why we built daloyjs.dev

axios had 70M weekly downloads. What's hiding in today’s open source packages? axios hit 70M weekly downloads before anyone knew it was compromised. ActiveState's free OSS Health Check maps the packages most common to your industry. You’ll know your exposure before the next axios attack hits. Get Health Check: thn.news/activestate-he…

@Prathkum CORS isn’t the problem. Bad defaults are. We do it differently at daloyjs.dev: explicit origins, no wildcard + credentials, and loud failures for unsafe config.

CORS is the biggest headache for developers.

@theo It's alright. We support everything at daloyjs.dev, which is why we are runtime-portable.😊

Claude Code is the new Node.js

@CascadiaJS @arcjet We want to present here next time ☺️ hoefully. Our TS backend framework is secured by default.

Thank you to our friends at @Arcjet for being a Gold Sponsor for CascadiaJS 2026! If you're shipping AI features fast, you've probably noticed security reviews can't keep up. And once agents can call tools & trigger real actions, the risk isn't just bad text, it's unauthorized actions, data leaks, and runaway spend. Arcjet actually enforces policies at the moment your app executes a tool or releases data, instead of just classifying prompts at the edge. If you're putting customer-facing AI in production, check them out! cascadiajs.com/2026/sponsors/…

@nezbuilds Use a backend service framework that is secured by default. ☺️ daloyjs.dev

Good morning builders 👋 It's Tuesday, time to promote your product! Drop your project + a short description below. Let's discover cool products and connect with more founders.

@ThePracticalDev performance improvements of daloyjs.dev while keeping your rest api secured by default.

What is something you're proud of this week?

Don't update unless there is a feature in the latest version that you need.

@pnpmjs We can't wait 🤤

After some more correctness fixes, pnpm in rust is even faster

@safedepio @GithubProjects We fully agree at daloyjs.dev

@GithubProjects then let's run that npm install with prevention. github.com/safedep/pmg

Developers spent years worrying about vulnerable dependencies. Now they’re worried about trusted packages turning into malware overnight. The new TrapDoor campaign is targeting npm, PyPI, and Rust crates with: • install scripts. • shell execution. • credential theft. • wallet draining. Your 'npm install' is now part of your threat model.

@GithubProjects We are aware 🫡at daloyjs.dev

@DanielSmidstrup Here daloyjs.dev 😊

Hey founders ! Looking to connect with people building in: 🍽️ SaaS 🚀 Tech 📲 Automation 🧠 AI tools 📱 Product Development 🔥 Web APP 💻 Devs Drop what you're working on 👇

@huge_icons Here it is. 👋🏻 daloyjs.dev

Drop your project URL

Supabase @supabase as a platform client, not an ORM. Auth, storage, realtime, and Postgres access — wired into DaloyJS without leaking platform specifics into your handlers. daloyjs.dev/docs/orm/supab…

Sequelize @SequelizeJS in 2026 is still everywhere. Here's the clean way to integrate it with DaloyJS — model registration, connection lifecycle, and the gotchas. daloyjs.dev/docs/orm/seque…

@encrypted We have you covered. daloyjs.dev

wait... you did what?!