Karl Horky
LightNews LightNews
banner
karlhorky.com
Karl Horky
@karlhorky.com
2.7K followers 2.4K following 420 posts
Technical Founder, Curriculum Engineer @upleveled.io
Org Team React Amsterdam, AmsterdamJS, @reactvienna.com
Canadian, Austrian, he/him
📍Amsterdam https://github.com/karlhorky
Posts Replies Media Videos
Pinned
karlhorky.com
Karl Horky @karlhorky.com · Nov 1
Hi, I'm Karl

I design curricula to help people get into full stack programming, which often leads me to open source contributions

I also help organize React and JS meetups in Amsterdam and Vienna - maybe we'll see you there!
karlhorky.com
Security: Do not install OpenAI Atlas, Perplexity Comet, etc

At least until the security implications are more fully understood

Multiple security research firms have found vulnerabilities in AI browser architecture, not restricted to only one specific browser

brave.com/blog/unseeab...
Unseeable prompt injections in screenshots: more vulnerabilities in Comet and other AI browsers | Brave
AI browsers remain vulnerable to prompt injection attacks via screenshots and hidden content, allowing attackers to exploit users' authenticated sessions.
brave.com
October 22, 2025 at 9:13 AM
karlhorky.com
npx-safe by @rafaelgss.dev :

Use the Node.js permissions model to make running npx on untrusted packages safer 🔥

github.com/RafaelGSS/do...
alias npx-safe='function _npx_safe() { local node_opts="--permission --allow-fs-read=$(npm prefix -g) --allow-fs-read=$(npm config get cache)" local package="" local package_args=() while [[ $# -gt 0 ]]; do if [[ "$1" == --* ]]; then # Anything starting with `--` goes into node_opts node_opts+=" $1" else # The first non-`--` argument is the package; the rest are package args if [[ -z "$package" ]]; then package="$1" else package_args+=("$1") fi fi shift done echo "=============================" echo " npx-safe Log " echo "=============================" echo "Node.js options:" echo " $node_opts" echo echo "Package:" echo " $package" echo if [[ ${#package_args[@]} -gt 0 ]]; then echo "Arguments:" for arg in "${package_args[@]}"; do echo " $arg" done echo fi echo "=============================" npx --node-options="$node_opts" "$package" "${package_args[@]}" }; _npx_safe'
October 16, 2025 at 9:43 AM
Reposted by Karl Horky
rafaelgss.dev
Node.js 25 is here! We have upgraded V8 to 14.1, bringing major JSON.stringify
performance improvements and JIT pipeline optimizations.

This release introduces the permission
model --allow-net, Web Storage is enabled by default, and more!

nodejs.org/en/blog/rele...
Node.js
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
nodejs.org
October 15, 2025 at 5:22 PM
karlhorky.com
Ahh version control conflicts are a great use case for AI - conflicts can be super hairy, so any tools or context that can help with this is 🔥🔥
vscode.dev Visual Studio Code @vscode.dev · Oct 9
🔀 Resolve merge conflicts with AI assistance!

When VS Code detects merge conflicts, you can now get AI-powered resolution suggestions through an agentic Chat flow.
Screenshot of the proposed merge conflict resolution in the editor.
October 10, 2025 at 6:02 PM
Reposted by Karl Horky
francoisbest.com
A phishing attack is going on against maintainers on @npmjs.bsky.social, be aware!

- email is spoofed from npmjs.org (which doesn’t use DMARC but redirects to npmjs.com)
- login link points to npnjs(dot)com (clear giveaway)
Email coming from npmjs.org, looking like an account maintenance notification, prompting the user to log in. The link to login looks identical to the NPM login, but hosted on npnjs.com
July 18, 2025 at 8:11 PM
karlhorky.com
My request for Dependabot: Full support for @pnpm.io

(updates to transitive deps fail currently)

Voice support in the issue 🙌

github.com/dependabot/d...
pnpm transitive dependency updates support #13177 Dependabot doesn't support transitive dependency updates for pnpm, a very popular package manager (31M downloads / week as of writing).
September 25, 2025 at 1:09 PM
Reposted by Karl Horky
jensimmons.bsky.social
Safari 26 is here!!! Anchor Positioning, Scroll-driven animations, High Dynamic Range images, the new HTML element, the all-new Digital Credentials API, SVG icon support, WebGPU, WebKit in SwiftUI, every site can be a web app on iOS and iPadOS, and much more.

webkit.org/blog/17333/w...
WebKit Features in Safari 26.0
We’re happy to share with you what’s arriving in Safari 26.0!
webkit.org
September 15, 2025 at 5:07 PM
karlhorky.com
React Advanced meetup coming Toronto 🇨🇦

Any speakers interested: apply to the CFP at the link below 🙌
reactadvanced.gitnation.org React Advanced London @reactadvanced.gitnation.org · Aug 30
Hey Toronto! This September we’re bringing React Advanced Meetup to your city! 🎉

Right now we’re looking for speakers who’d love to share a project you’re passionate about, a React tip, or any industry insights.

👉Submit your talk via our CFP form https://forms.gle/9NpNHtyRcAixAFmR8

Know
September 4, 2025 at 1:32 PM
karlhorky.com
Codemods for Node.js 😍

Looking great, thanks to all contributors!
npx codemod search scope:nodejs Found 8 packages: ╭─────────────────────────────────────────┬──────────────┬──────────┬──────────────────╮ │ 📦 Name │ 📊 Downloads │ ⭐ Stars │ 👤 Author │ ├─────────────────────────────────────────┼──────────────┼──────────┼──────────────────┤ │ @nodejs/fs-access-mode-constants │ 8 │ 4 │ nekojanai (Jana) │ │ @nodejs/util-log-to-console-log │ 8 │ 3 │ Bruno Rodrigues │ │ @nodejs/process-main-module │ 5 │ 4 │ Bruno Rodrigues │ │ @nodejs/tmpDir-to-tmpdir │ 4 │ 4 │ nekojanai (Jana) │ │ @nodejs/rmdir │ 7 │ 6 │ Augustin Mauroy │ │ @nodejs/create-require-from-path │ 5 │ 4 │ Augustin Mauroy │ │ @nodejs/import-assertions-to-attributes │ 7 │ 5 │ Augustin Mauroy │ │ @nodejs/correct-ts-specifiers │ 0 │ 0 │ nodejs │ ╰─────────────────────────────────────────┴──────────────┴──────────┴──────────────────╯
August 30, 2025 at 4:06 PM
karlhorky.com
@netlify.com multiple users reporting Netlify edge functions being down, in case you didn't know yet

Maybe you can update the status page with the outage?

answers.netlify.com/t/the-site-s...
My site https://fincaguarumo.com (hosted by Netlify via fincaguarumo.netlify.app, a next.js app) suddenly returns a 500 error. In the logs, I can see only this: Error handling request: TypeError: functions is not a function at file:///root/src/bootstrap/server.ts:53:45 at mapped (ext:deno_http/00_serve.ts:407:24) at mapped (ext:deno_http/00_serve.ts:513:16) at ext:deno_http/00_serve.ts:729:29 at eventLoopTick (ext:core/01_core.js:178:7) at async netlify:bootstrap-stage1:4:1 I have not changed anything recently, I do not have any custom functions. I have no idea how to debug this error as it seems to stem from Netlify itself and not something on my end. Just to be sure, I triggered a manual deploy without cache, updated the @netlify/plugin-nextjs to 5.12.0, but to no avail. The app uses next.js 15. Is there anything else that can be done on my end?
August 11, 2025 at 5:59 PM
karlhorky.com
VS Code 1.103 (Jul 2025) finally has expandable hovers in JavaScript and TypeScript 😍

for when the hover info is showing the type name instead of the object / array / etc

code.visualstudio.com/updates/v1_1...
August 9, 2025 at 3:49 PM
Reposted by Karl Horky
github.com
Is more funding possible for open source maintainers in Europe? 🇪🇺 A new study commissioned by GitHub explores why creating an EU Sovereign Tech Fund could provide sustainable resources for critical OS projects.

Learn how you can help make it a reality.👇
github.blog/open-source/...
We need a European Sovereign Tech Fund
With a new feasibility study, GitHub’s developer policy team is building a coalition of policymakers and industry to close the maintenance funding gap.
github.blog
August 5, 2025 at 10:57 PM
Reposted by Karl Horky
mikkelam.bsky.social
I made an emoji picker for Mac!

Fun,but also rather frustrating experience 🙃

Swift was my third choice after 2 attempts with rust GUIs

github.com/mikkelam/Emo...
GitHub - mikkelam/Emoji-Ninja: Fast emoji picker🥷💨
Fast emoji picker🥷💨. Contribute to mikkelam/Emoji-Ninja development by creating an account on GitHub.
github.com
July 7, 2025 at 12:44 PM
karlhorky.com
@bengubler.com Welcome to Bluesky! 🎉

Thanks for your work on the new `experimental.typedRoutes` Next.js Turbopack feature!

bsky.app/profile/did:...
karlhorky.com Karl Horky @karlhorky.com · Jul 17
Looks like `experimental.typedRoutes` is coming to Next.js Turbopack, thanks to Ben Gubler 🚀 🎉

github.com/vercel/next....
Screenshot of PR, showing that `experimental.typedRoutes` is no longer marked as "unsupported"
July 18, 2025 at 9:09 AM
karlhorky.com
Looks like `experimental.typedRoutes` is coming to Next.js Turbopack, thanks to Ben Gubler 🚀 🎉

github.com/vercel/next....
Screenshot of PR, showing that `experimental.typedRoutes` is no longer marked as "unsupported"
July 17, 2025 at 9:07 AM
Reposted by Karl Horky
jhey.dev
SVG filters provide a basic lighting system you can sync with a little JavaScript and use in your web apps 💡

... not as powerful as MacOS implementation but pretty cool
July 8, 2025 at 8:46 PM
Reposted by Karl Horky
react.dev
React Compiler RC is now available! We've added support for swc and are working towards a stable release react.dev/blog/2025/04...
React Compiler RC – React
The library for web and native user interfaces
react.dev
April 22, 2025 at 4:31 PM
Reposted by Karl Horky
igalia.com
With the next TC39 plenary less than a week away, Igalia’s Compilers team has just dropped a thorough blog post recapping April’s session. It walks through the standout proposals and discussions that will help steer JavaScript’s evolution in the months ahead. blogs.igalia.com/compilers/20...
Summary of the April 2025 TC39 plenary
A summary of the most exciting updates from the TC39 meeting held in April 2025
blogs.igalia.com
May 22, 2025 at 5:24 AM
karlhorky.com
My work in open source, from fixing papercuts to support students to discussing standards 🚀

Thanks so much to the Open Source Initiative @opensource.org for featuring me as a maintainer for Maintainer Month 2025!

opensource.org/maintainers/...
Screenshot of Open Source Initiative blog post by Karl Horky: Karl Horky: From Papercuts to Standards Hi, I’m Karl Horky (GitHub, LinkedIn), Technical Founder at UpLeveled – tech education programs for all skill levels. In an educational landscape of AI-generated solutions, disconnected islands of knowledge and barriers to entry, I focus on helping students level up by designing accessible curricula and contributing to open source. Then and Now I’ve been in open source for over 13 years, and in tech for more than 20, through which I have used a range of languages and technologies, from QBasic and C to...
May 21, 2025 at 10:04 AM
Reposted by Karl Horky
progrium.bsky.social
What if you took the core abstractions of Plan 9 from Bell Labs and put them in a WebAssembly module?
progrium.xyz/blog/2025/sp...
The Spirit of Plan 9 on the Web
Homepage and blog of hacker/builder Jeff Lindsay, aka progrium
progrium.xyz
May 7, 2025 at 6:26 PM
karlhorky.com
AI-generated image alt text in HTML and Markdown in VS Code April 2025 (1.100) 😍

code.visualstudio.com/updates/v1_1...
Generate alt text in HTML or Markdown You can now generate or update existing alt text in HTML and Markdown files. Navigate to any line containing an embedded image and trigger the quick fix via ⌘. or by selecting the lightbulb icon. [Screenshot that shows generating alt text for an image html element.]
May 8, 2025 at 11:39 PM
Reposted by Karl Horky
nodejs.org
⚠️ Security release pre-alert: We will release new versions of v20.x, v22.x, v23.x, v24.x release lines on or shortly after May 14, 2025, in order to address:

- 1 high severity issue
- 1 moderate severity issue
- 1 low severity issue

Details: nodejs.org/en/blog/vuln...
Node.js — Wednesday, May 14, 2025 Security Releases
Node.js® is a JavaScript runtime built on Chrome's V8 JavaScript engine.
nodejs.org
May 8, 2025 at 7:19 PM
karlhorky.com
ChatGPT Deep Research receives a GitHub "connector" 🎉 (not available yet in EEA, CH, UK)

Lots of times I've seen ChatGPT unable to surface info from GitHub, so really looking forward to trying this!

www.neowin.net/news/openai-...
OpenAI launches GitHub "connector" for ChatGPT Deep Research to answer questions about code
OpenAI has updated ChatGPT's Deep Research with its first connector, a GitHub integration that pulls context from code to help answer technical questions.
www.neowin.net
May 8, 2025 at 10:39 PM
karlhorky.com
Oh nice, looks like the 2019 idea I had to "skip parameters in function parameter lists" may come to life in @chronicles.org's proposal "void Discard Bindings for ECMAScript" 😍
Parameters void discard bindings in parameter declarations help to avoid needing to give a name to parameters that might be unused by a callback or an overridden method of a subclass: ``` // project an array values into an array of indices const indices = array.map((void, i) => i); // passing a callback to `Map.prototype.forEach` that only cares about keys map.forEach((void, key) => { }); // watching a specific known file for events fs.watchFile(fileName, (void, kind) => { }); ``` Tweet from @karlhorky ECMAScript spec people 👇 Is / was there a proposal to skip parameters in function parameter lists like this? function mapper(, key) { /* use only the key */ }
May 7, 2025 at 11:44 PM
Reposted by Karl Horky
nodejs.org
Node.js 24 is here and it's looking good 😎🚀

Featuring updates to V8 v13.6, npm v11, improved Permission Model and more new features in the blog.

Check it out and let us know what you think: hubs.ly/Q03lfLDC0
Node.js — Node v24.0.0 (Current)
Node.js® is a JavaScript runtime built on Chrome's V8 JavaScript engine.
hubs.ly
May 6, 2025 at 3:26 PM