David Sherret
@dsherret.bsky.social
Software developer at Deno. Also working on ts-morph, dprint, and more (https://github.com/dsherret)
Reposted by David Sherret
Additionally, pnpm 11 will block dependencies from exotic sources (like Git) in subdependencies.
February 5, 2026 at 1:40 PM
Additionally, pnpm 11 will block dependencies from exotic sources (like Git) in subdependencies.
How to bypass minimum dependency/release age:
1. Publish an npm package with an unpinned git dependency.
2. Get usage and wait many months.
3. Push a malicious commit to the git dependency's repo.
1. Publish an npm package with an unpinned git dependency.
2. Get usage and wait many months.
3. Push a malicious commit to the git dependency's repo.
February 4, 2026 at 4:17 PM
How to bypass minimum dependency/release age:
1. Publish an npm package with an unpinned git dependency.
2. Get usage and wait many months.
3. Push a malicious commit to the git dependency's repo.
1. Publish an npm package with an unpinned git dependency.
2. Get usage and wait many months.
3. Push a malicious commit to the git dependency's repo.
The deno and dprint vscode extensions now prompt when a custom executable path is set in the workspace configuration.
I believe this should help reduce the chance of malicious config launching an executable in a trusted workspace.
I believe this should help reduce the chance of malicious config launching an executable in a trusted workspace.
January 22, 2026 at 8:03 PM
The deno and dprint vscode extensions now prompt when a custom executable path is set in the workspace configuration.
I believe this should help reduce the chance of malicious config launching an executable in a trusted workspace.
I believe this should help reduce the chance of malicious config launching an executable in a trusted workspace.
Vibe coded a website to give a summary of our frequently failing and flaky tests on the CI.
January 21, 2026 at 9:47 PM
Vibe coded a website to give a summary of our frequently failing and flaky tests on the CI.
dprint 0.51 (code formatter) is out.
This release adds initial support for formatting with a global config file.
github.com/dprint/dprin...
This release adds initial support for formatting with a global config file.
github.com/dprint/dprin...
Release 0.51.0 · dprint/dprint
dprint is a pluggable, configurable code formatting platform written in Rust. It aims to unify all your code formatters in one tool.
Features
Global Configuration File
dprint now supports a global ...
github.com
January 5, 2026 at 7:44 PM
dprint 0.51 (code formatter) is out.
This release adds initial support for formatting with a global config file.
github.com/dprint/dprin...
This release adds initial support for formatting with a global config file.
github.com/dprint/dprin...
In the Deno repo, we have a custom Rust test runner for our tests in order to support file/directory-based tests and improve stability on the CI. I just refactored the code to have a pty reporter that surfaces some useful information. It seems better than having failures whizz by.
December 17, 2025 at 2:40 AM
In the Deno repo, we have a custom Rust test runner for our tests in order to support file/directory-based tests and improve stability on the CI. I just refactored the code to have a pty reporter that surfaces some useful information. It seems better than having failures whizz by.
Reposted by David Sherret
Did something fun; used @tinygo.org to shove @mvdan.cc's wonderful gofumpt into @dsherret.bsky.social's amazing dprint formatter via a Wasm plugin.
We previously used an "exec" plugin to do this with go tool, but it was slow to run, and worse in parallel (and... Windows 😑).
Now it's fast!
We previously used an "exec" plugin to do this with go tool, but it was slow to run, and worse in parallel (and... Windows 😑).
Now it's fast!
![Benchmark 1: dprint fmt --incremental=false (branch = main)
Time (mean ± σ): 42.703 s ± 0.412 s [User: 0.733 s, System: 0.569 s]
Range (min … max): 41.742 s … 43.399 s 10 runs
Benchmark 2: dprint fmt --incremental=false (branch = jabaile/gofumpt-plugin)
Time (mean ± σ): 633.1 ms ± 14.8 ms [User: 4887.2 ms, System: 1083.9 ms]
Range (min … max): 617.3 ms … 663.2 ms 10 runs
Summary
dprint fmt --incremental=false (branch = jabaile/gofumpt-plugin) ran
67.45 ± 1.70 times faster than dprint fmt --incremental=false (branch = main)](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:4eukmtg5kmyjmp6qw3xkpite/bafkreibm6qv6y2u6hiqtbzlrmjz6m6y4njfyx7jlsptbb3emktr6ev7hmm@jpeg)
December 13, 2025 at 7:06 AM
Did something fun; used @tinygo.org to shove @mvdan.cc's wonderful gofumpt into @dsherret.bsky.social's amazing dprint formatter via a Wasm plugin.
We previously used an "exec" plugin to do this with go tool, but it was slow to run, and worse in parallel (and... Windows 😑).
Now it's fast!
We previously used an "exec" plugin to do this with go tool, but it was slow to run, and worse in parallel (and... Windows 😑).
Now it's fast!
The next Deno release will include Node type declarations out of the box.
December 5, 2025 at 12:40 AM
The next Deno release will include Node type declarations out of the box.
Reposted by David Sherret
In his talk at #EuroRust25, @kettmeir.dev shared how the @deno.land project improved error handling by migrating from the anyhow crate to using thiserror and concrete error types – watch it on YouTube now! 🦀
👉 youtu.be/f6eofqicw_s
#RustLang #RustConference #EuroRust
👉 youtu.be/f6eofqicw_s
#RustLang #RustConference #EuroRust
From Any to This - Leo Kettmeir | EuroRust 2025
YouTube video by EuroRust
youtu.be
November 6, 2025 at 11:23 AM
In his talk at #EuroRust25, @kettmeir.dev shared how the @deno.land project improved error handling by migrating from the anyhow crate to using thiserror and concrete error types – watch it on YouTube now! 🦀
👉 youtu.be/f6eofqicw_s
#RustLang #RustConference #EuroRust
👉 youtu.be/f6eofqicw_s
#RustLang #RustConference #EuroRust
Wrote a library this weekend for modifying JSONC files david.deno.dev/posts/jsonc-...
First-class JSONC manipulation in JavaScript
Manipulating JSONC in JavaScript using a CST via jsonc-morph
david.deno.dev
October 12, 2025 at 11:30 PM
Wrote a library this weekend for modifying JSONC files david.deno.dev/posts/jsonc-...
Reposted by David Sherret
Stuck in an elevator with @snek.dev, @littledivy.com, @bartlomieju.bsky.social, @magurotuna.bsky.social, @dsherret.bsky.social, @kettmeir.dev, and Nathan
August 7, 2025 at 6:58 PM
Stuck in an elevator with @snek.dev, @littledivy.com, @bartlomieju.bsky.social, @magurotuna.bsky.social, @dsherret.bsky.social, @kettmeir.dev, and Nathan
Reposted by David Sherret
🌟 Speaker Spotlight: David Sherret
@dsherret.bsky.social will walk us through the JSR package registry: why it exists, how it improves on previous approaches such as HTTPS specifiers, and the design decisions behind its module resolution.
Schedule, speakers & more info: squiggleconf.com
@dsherret.bsky.social will walk us through the JSR package registry: why it exists, how it improves on previous approaches such as HTTPS specifiers, and the design decisions behind its module resolution.
Schedule, speakers & more info: squiggleconf.com
July 18, 2025 at 12:00 PM
🌟 Speaker Spotlight: David Sherret
@dsherret.bsky.social will walk us through the JSR package registry: why it exists, how it improves on previous approaches such as HTTPS specifiers, and the design decisions behind its module resolution.
Schedule, speakers & more info: squiggleconf.com
@dsherret.bsky.social will walk us through the JSR package registry: why it exists, how it improves on previous approaches such as HTTPS specifiers, and the design decisions behind its module resolution.
Schedule, speakers & more info: squiggleconf.com
Reposted by David Sherret
Importing bytes and texts:
✅ adds to your module graph
✅ type checking
✅ works with deno bundle and deno compile
deno.com/blog/v2.4#im...
✅ adds to your module graph
✅ type checking
✅ works with deno bundle and deno compile
deno.com/blog/v2.4#im...
July 3, 2025 at 4:49 PM
Importing bytes and texts:
✅ adds to your module graph
✅ type checking
✅ works with deno bundle and deno compile
deno.com/blog/v2.4#im...
✅ adds to your module graph
✅ type checking
✅ works with deno bundle and deno compile
deno.com/blog/v2.4#im...
Type checking text and bytes imports is now working.
June 25, 2025 at 5:56 PM
Type checking text and bytes imports is now working.
Should have importing files as text and bytes ready for Deno 2.4 -- will be unstable because it hasn't been standardized.
June 20, 2025 at 8:23 PM
Should have importing files as text and bytes ready for Deno 2.4 -- will be unstable because it hasn't been standardized.
This is now published to JSR as a rolldown plugin: jsr.io/@deno/rolldo...
Got bundling JSR/Deno code with Rolldown working.
This is using Rolldown's and Deno's crates respecting Deno's lockfile, config discovery, and resolution. Finally Deno's crates have been refactored enough for this to be feasible (~500 LOC). I'll update with more details later.
This is using Rolldown's and Deno's crates respecting Deno's lockfile, config discovery, and resolution. Finally Deno's crates have been refactored enough for this to be feasible (~500 LOC). I'll update with more details later.
June 4, 2025 at 9:34 PM
This is now published to JSR as a rolldown plugin: jsr.io/@deno/rolldo...
Got bundling JSR/Deno code with Rolldown working.
This is using Rolldown's and Deno's crates respecting Deno's lockfile, config discovery, and resolution. Finally Deno's crates have been refactored enough for this to be feasible (~500 LOC). I'll update with more details later.
This is using Rolldown's and Deno's crates respecting Deno's lockfile, config discovery, and resolution. Finally Deno's crates have been refactored enough for this to be feasible (~500 LOC). I'll update with more details later.
May 31, 2025 at 2:19 AM
Got bundling JSR/Deno code with Rolldown working.
This is using Rolldown's and Deno's crates respecting Deno's lockfile, config discovery, and resolution. Finally Deno's crates have been refactored enough for this to be feasible (~500 LOC). I'll update with more details later.
This is using Rolldown's and Deno's crates respecting Deno's lockfile, config discovery, and resolution. Finally Deno's crates have been refactored enough for this to be feasible (~500 LOC). I'll update with more details later.
I've come across so many bugs caused by using wildcard matches in Rust. Even though it can be verbose, I think it's better to avoid them in most cases so that adding a new enum variant causes compiler errors, forcing you to re-evaluate each match.
March 27, 2025 at 9:50 PM
I've come across so many bugs caused by using wildcard matches in Rust. Even though it can be verbose, I think it's better to avoid them in most cases so that adding a new enum variant causes compiler errors, forcing you to re-evaluate each match.
It was getting difficult to debug Deno's npm resolution so I wrote a tool to help visualize each step it makes.
March 20, 2025 at 7:35 PM
It was getting difficult to debug Deno's npm resolution so I wrote a tool to help visualize each step it makes.
Reposted by David Sherret
My closing keynote from Rust Nation UK last week is now online: "Microsoft is Getting Rusty: A Review of Successes and Challenges"
Microsoft is Getting Rusty: A Review of Successes and Challenges - Mark Russinovich
YouTube video by Rust Nation UK
www.youtube.com
February 26, 2025 at 10:18 PM
My closing keynote from Rust Nation UK last week is now online: "Microsoft is Getting Rusty: A Review of Successes and Challenges"
Neat to see software I used to work on and features I helped implement in Severance.
February 25, 2025 at 1:37 AM
Neat to see software I used to work on and features I helped implement in Severance.
Reposted by David Sherret
Lint plugins are now available 🎉
February 19, 2025 at 4:18 PM
Lint plugins are now available 🎉
Beware: npm doesn't show non-npm dependencies in the dependencies tab. Check out this package—npm lists it as having zero dependencies, but if you look at the package.json, it definitely has dependencies.
February 7, 2025 at 9:58 PM
Beware: npm doesn't show non-npm dependencies in the dependencies tab. Check out this package—npm lists it as having zero dependencies, but if you look at the package.json, it definitely has dependencies.
Did some work on the url Rust crate the past two days and got it parsing a 400 character URL more than twice as fast (still have a few PRs not merged).
February 7, 2025 at 9:34 PM
Did some work on the url Rust crate the past two days and got it parsing a 400 character URL more than twice as fast (still have a few PRs not merged).
I feel like making node resolution "just work" leaves the JS ecosystem in a worse place.
February 5, 2025 at 1:28 AM
I feel like making node resolution "just work" leaves the JS ecosystem in a worse place.