eskimojo

quoting this to pin it 😎

@FabianHiller @stanzillaz @colinhacks valibot more like smellybot boom roasted

@stanzillaz @colinhacks Zod who? 🤣

Zod 4 came out one year ago today 🧁 since then: 💎 5.5x growth in downloads (168M last week) 💎 the ecosystem migration is functionally complete 💎 98.8% of the ecosystem supports Zod 4 (weighted by downloads) x.com/colinhacks/sta…

@Saadeghi you can't write html in JS files 🤷‍♂️

@eskimojo <tag attribute=""> is attribute syntax in HTML

They never did.

@Saadeghi almost like they're properties not attributes developer.mozilla.org/en-US/docs/Web…

They've been forcing a whole generation to write made up syntax instead of standard HTML.

It's Redux release day! Shipped RTK 2.12.0, React-Redux 9.3.0, and Reselect 5.2.0 Highlights: - RTK skills files - `connect` is officially deprecated! Don't use it! :) - Fixed trusted publishing github.com/reduxjs/redux-… github.com/reduxjs/react-… github.com/reduxjs/resele…

@artman @linear #valdef-cursor-pointer" target="_blank" rel="nofollow noopener">w3.org/TR/css-ui-3/#v… 🤷‍♂️

Been doing this in @linear since 2019. Still remember the feedback from one person when we made the change. He said Linear used to be the best software ever, now it’s the worst 😂 His feedback is the only reason we have a setting for this.

@TheAlexLichter @ron_mizrahio @Swizec (tsdown for packages and vite for apps in a trenchcoat)

@eskimojo @ron_mizrahio @Swizec Vite+ everything!

Upgraded to Vite 8 and TypeScript 6 -> 97% faster builds 😍

@ron_mizrahio @Swizec

@eskimojo @Swizec I build my microservices with tsdown as well.

@ron_mizrahio @Swizec tsdown for packages, vite for apps

@Swizec Use tsdown for builds

@zeeg #valdef-cursor-pointer" target="_blank" rel="nofollow noopener">w3.org/TR/css-ui-3/#v… i'm too specpilled for this conversation

if you dont use cursor: pointer on buttons you should stop writing css

SECURITY ADVISORY — TanStack npm packages A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package. Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down. Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys. If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised: • Rotate cloud, GitHub, and SSH credentials immediately • Audit cloud audit logs for the last several hours • Pin to a prior known-good version and reinstall from a clean lockfile Detection — the malicious manifest contains: "optionalDependencies": { "@tanstack/setup": "github:tanstack/router#79ac49ee..." } Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root). Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level. Full technical breakdown, complete package and version list, and rolling status updates: github.com/TanStack/route… Credit to the security researcher for responsible disclosure.

@disciplinds @OleVestre what scott pilgrim ass plot is this

@OleVestre u r so right they’re all evil and must suffer

i just cut off my favourite ex for treating me too well so now im ready for the next man to traumatize me

@disciplinds @pissshit90001 nay

@eskimojo @pissshit90001 dude r u a horse

When u guys get old What health issue do y’all think u will Have 🤔🤔

@disciplinds @pissshit90001 hayfever because i have it now and i don't think you grow out of it

@pissshit90001 high blood pressure cus I know my husband gonna piss me tf off

@lukeed05 @rolldown_rs i use macros to hardcode the version of the package I'm benchmarking: #L1" target="_blank" rel="nofollow noopener">github.com/open-circle/sc… #L25" target="_blank" rel="nofollow noopener">github.com/open-circle/sc…

@eskimojo @rolldown_rs FWIW I’m thinking about adding macro support here too. Haven’t needed it yet personally but could fit in scope; similar process

In celebration of @rolldown_rs 1.0 🎉 Announcing `comptime` — a Zig-inspired build-time evaluation primitive, exposed as Vite and Rolldown plugins This allows you run code at build time, replacing the call site(s) with the evaluated output value. github.com/lukeed/comptime

@mmkalmmkal just added benchmarks for Type.Script - for equivalent schemas (compiled with Rolldown, minified and gzipped): Valibot - 1.96 KB zod/mini - 5.04 KB Type.Object (etc.) + Schema.Parse - 12.53 KB zod - 17.04 KB Type.Script + Schema.Parse - 26.52 KB

@mmkalmmkal typebox is definitely cool, but i don't think it's smaller than valibot or zod/mini schemabenchmarks.dev/download

I think I've been sleeping on typebox. This is pretty magical. Plain typescript input, produces valid json-schema, and parses it. In one library that's smaller than zod, valibot or arktype. Feels very codemode-friendly...

@kentcdodds x.com/eskimojo/statu…

*with the notable exception of files in node_modules...

Now all supported Node.js versions can run TS natively via type stripping 🔥 nodejs.org/en/about/eol

@kettanaito @mbetts you would also run into issues if your type checker has to type check packages as well - it would be a lot slower, and there's no guarantee they're following the same tsconfig you are (e.g. you'd get noUncheckedIndexedAccess issues if they don't use it and you do)

@mbetts I'm not sure if that will ever be possible, given TS moves faster with its releases than Node.js, from what I feel. Add on top that TS doesn't follow semver (never did), and it becomes problematic to have "native TS support" when versions diverge.

👇 I want more developers to realize this.

@RhysSullivan yea github.com/open-circle/sc…

i bet it feels good asf to store data in json as a database