Nicolas Dubien
@nicolas.dubien.me
Author of @fast-check.dev (🌐 https://fast-check.dev) ∙ Lead Principal Software Engineer @GoPigment ∙ Opinions are my own #Testing #JavaScript #TypeScript #React
Reposted by Nicolas Dubien
if you've been using `provenance-action`, I'm delighted to say you can now replace it with @pnpm.io v10.21's new `trustPolicy` feature! 🎉
pnpm 10.21 | pnpm
Added support for Node.js runtime installation for dependencies and a setting for configuring trust policy.
pnpm.io
November 10, 2025 at 1:09 PM
if you've been using `provenance-action`, I'm delighted to say you can now replace it with @pnpm.io v10.21's new `trustPolicy` feature! 🎉
Activating the Copilot Business from my company on my account, dropped my access to my own Copilot Pro 😵
Surprised that @github.com did not think of these cases, I feel I miss something
Surprised that @github.com did not think of these cases, I feel I miss something
November 6, 2025 at 6:17 PM
Activating the Copilot Business from my company on my account, dropped my access to my own Copilot Pro 😵
Surprised that @github.com did not think of these cases, I feel I miss something
Surprised that @github.com did not think of these cases, I feel I miss something
Reposted by Nicolas Dubien
ECMAScript excitement 😉
Congrats to proposal champion Dan Minor @mozilla.org on shipping the TC39 Stage 3 Upsert proposal in Firefox 144 🎉
let map = new Map();
map.getOrInsert(key, defaultVal);
It lets you set a default value on a map key without overwriting an existing value 👍
Congrats to proposal champion Dan Minor @mozilla.org on shipping the TC39 Stage 3 Upsert proposal in Firefox 144 🎉
let map = new Map();
map.getOrInsert(key, defaultVal);
It lets you set a default value on a map key without overwriting an existing value 👍
October 14, 2025 at 7:06 PM
ECMAScript excitement 😉
Congrats to proposal champion Dan Minor @mozilla.org on shipping the TC39 Stage 3 Upsert proposal in Firefox 144 🎉
let map = new Map();
map.getOrInsert(key, defaultVal);
It lets you set a default value on a map key without overwriting an existing value 👍
Congrats to proposal champion Dan Minor @mozilla.org on shipping the TC39 Stage 3 Upsert proposal in Firefox 144 🎉
let map = new Map();
map.getOrInsert(key, defaultVal);
It lets you set a default value on a map key without overwriting an existing value 👍
Reposted by Nicolas Dubien
ECMAScript excitement 😉
Congrats to Evan Wallace on shipping the TC39 Stage 2.7 Import Bytes proposal in ESBuild 0.25.11 🎉
It lets you import raw bytes as a readonly Uint8Array 👍
import buf from "./a.png" with { type: "bytes" }
Also available in Deno, Bun, & webpack.
Congrats to Evan Wallace on shipping the TC39 Stage 2.7 Import Bytes proposal in ESBuild 0.25.11 🎉
It lets you import raw bytes as a readonly Uint8Array 👍
import buf from "./a.png" with { type: "bytes" }
Also available in Deno, Bun, & webpack.
October 15, 2025 at 8:38 AM
ECMAScript excitement 😉
Congrats to Evan Wallace on shipping the TC39 Stage 2.7 Import Bytes proposal in ESBuild 0.25.11 🎉
It lets you import raw bytes as a readonly Uint8Array 👍
import buf from "./a.png" with { type: "bytes" }
Also available in Deno, Bun, & webpack.
Congrats to Evan Wallace on shipping the TC39 Stage 2.7 Import Bytes proposal in ESBuild 0.25.11 🎉
It lets you import raw bytes as a readonly Uint8Array 👍
import buf from "./a.png" with { type: "bytes" }
Also available in Deno, Bun, & webpack.
Reposted by Nicolas Dubien
As for the launch of Vite+, I'm glad we now have the demo and the website.
Probably it's best to wait for the blog post (promised for Monday) to really understand it and continue the conversation.
viteplus.dev
Probably it's best to wait for the blog post (promised for Monday) to really understand it and continue the conversation.
viteplus.dev
October 11, 2025 at 7:08 PM
As for the launch of Vite+, I'm glad we now have the demo and the website.
Probably it's best to wait for the blog post (promised for Monday) to really understand it and continue the conversation.
viteplus.dev
Probably it's best to wait for the blog post (promised for Monday) to really understand it and continue the conversation.
viteplus.dev
Reposted by Nicolas Dubien
Huge positive news for the React community.
React and React Native are moving out of Meta and into Linux Foundation.
engineering.fb.com/2025/10/07/o...
React and React Native are moving out of Meta and into Linux Foundation.
engineering.fb.com/2025/10/07/o...
Introducing the React Foundation: The New Home for React & React Native
Meta open-sourced React over a decade ago to help developers build better user experiences. Since then, React has grown into one of the world’s most popular open source projects, powering over 50 m…
engineering.fb.com
October 8, 2025 at 11:56 AM
Huge positive news for the React community.
React and React Native are moving out of Meta and into Linux Foundation.
engineering.fb.com/2025/10/07/o...
React and React Native are moving out of Meta and into Linux Foundation.
engineering.fb.com/2025/10/07/o...
Reposted by Nicolas Dubien
i wrote about atproto and why it matters
Open Social — overreacted
The protocol is the API.
overreacted.io
September 26, 2025 at 3:33 PM
i wrote about atproto and why it matters
Awesome 😍 I'll definitely give it a try for the CI of @fast-check.dev
we now have an @e18e.dev github action which can diff your dependencies in PRs
things like:
- change in trust level (loss of trusted publisher)
- adding >threshold dependencies
- adding >threshold install size
- bundle size difference (vs main)
- duplicate deps
early days so please give feedback!
things like:
- change in trust level (loss of trusted publisher)
- adding >threshold dependencies
- adding >threshold install size
- bundle size difference (vs main)
- duplicate deps
early days so please give feedback!
GitHub - e18e/action-dependency-diff: A GitHub action to report dependency changes and potential problems
A GitHub action to report dependency changes and potential problems - e18e/action-dependency-diff
github.com
September 27, 2025 at 7:04 AM
Awesome 😍 I'll definitely give it a try for the CI of @fast-check.dev
Reposted by Nicolas Dubien
This is great news! GitHub will require use of passkeys for 2FA when publishing to NPM. What a huge step up in security compared to other phishable 2FA methods that were historically supported 🎉
github.blog/security/sup...
github.blog/security/sup...
Our plan for a more secure npm supply chain
GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing.
github.blog
September 23, 2025 at 3:04 PM
This is great news! GitHub will require use of passkeys for 2FA when publishing to NPM. What a huge step up in security compared to other phishable 2FA methods that were historically supported 🎉
github.blog/security/sup...
github.blog/security/sup...
Reposted by Nicolas Dubien
Rolldown v1.0.0-beta.39 has been released!
⚡ macOS Performance Boost: 10%-30% faster bundling, up to 45% in extreme cases.
🎯 Cross-Chunk Optimization: Support for __NO_SIDE_EFFECTS__ annotation, as well as
better tree-shaking across module boundaries and more efficient DCE
⚡ macOS Performance Boost: 10%-30% faster bundling, up to 45% in extreme cases.
🎯 Cross-Chunk Optimization: Support for __NO_SIDE_EFFECTS__ annotation, as well as
better tree-shaking across module boundaries and more efficient DCE
September 22, 2025 at 3:28 PM
Rolldown v1.0.0-beta.39 has been released!
⚡ macOS Performance Boost: 10%-30% faster bundling, up to 45% in extreme cases.
🎯 Cross-Chunk Optimization: Support for __NO_SIDE_EFFECTS__ annotation, as well as
better tree-shaking across module boundaries and more efficient DCE
⚡ macOS Performance Boost: 10%-30% faster bundling, up to 45% in extreme cases.
🎯 Cross-Chunk Optimization: Support for __NO_SIDE_EFFECTS__ annotation, as well as
better tree-shaking across module boundaries and more efficient DCE
Reposted by Nicolas Dubien
eslint-plugin-depend released! this ESLint plugin helps you find dependencies the @e18e.dev community has recommended replacing
thanks to @bluwy.me for adding eslint/json support too 🙏
thanks to @bluwy.me for adding eslint/json support too 🙏
Release 1.3.0 · es-tooling/eslint-plugin-depend
What's Changed
chore: bump dependencies by @43081j in #51
Maintenance, Use empathic by @beeequeue in #52
feat: support @eslint/json by @bluwy in #53
chore: enable trusted publishes by @43081j in #...
github.com
September 21, 2025 at 1:01 PM
Reposted by Nicolas Dubien
ECMAScript excitement 😉
Next week's TC39 meeting has a packed agenda:
🔼 Amount
🔼 Array.prototype.pushAll
🔶 AsyncContext
🔶 Await Dictionary
🔼 Import Bytes
🔶 Intl Era Month Code
🔼 Iterator Chunking
🔶 new Global()
🔼 Non-extensible applies to private
🔼 Promise Adoption
🔼 Promise Predicate
🔶 Temporal
Next week's TC39 meeting has a packed agenda:
🔼 Amount
🔼 Array.prototype.pushAll
🔶 AsyncContext
🔶 Await Dictionary
🔼 Import Bytes
🔶 Intl Era Month Code
🔼 Iterator Chunking
🔶 new Global()
🔼 Non-extensible applies to private
🔼 Promise Adoption
🔼 Promise Predicate
🔶 Temporal
September 20, 2025 at 11:17 AM
ECMAScript excitement 😉
Next week's TC39 meeting has a packed agenda:
🔼 Amount
🔼 Array.prototype.pushAll
🔶 AsyncContext
🔶 Await Dictionary
🔼 Import Bytes
🔶 Intl Era Month Code
🔼 Iterator Chunking
🔶 new Global()
🔼 Non-extensible applies to private
🔼 Promise Adoption
🔼 Promise Predicate
🔶 Temporal
Next week's TC39 meeting has a packed agenda:
🔼 Amount
🔼 Array.prototype.pushAll
🔶 AsyncContext
🔶 Await Dictionary
🔼 Import Bytes
🔶 Intl Era Month Code
🔼 Iterator Chunking
🔶 new Global()
🔼 Non-extensible applies to private
🔼 Promise Adoption
🔼 Promise Predicate
🔶 Temporal
Reposted by Nicolas Dubien
our two-step process for fast typescript types:
1️⃣ build a type-level benchmarking library
2️⃣ spend the prime of your life on cache optimizations
1️⃣ build a type-level benchmarking library
2️⃣ spend the prime of your life on cache optimizations
September 20, 2025 at 5:07 PM
our two-step process for fast typescript types:
1️⃣ build a type-level benchmarking library
2️⃣ spend the prime of your life on cache optimizations
1️⃣ build a type-level benchmarking library
2️⃣ spend the prime of your life on cache optimizations
Reposted by Nicolas Dubien
Hey #edusky: what have I said for years about not putting images of children on your websites or socials ?
This is why
www.theguardian.com/technology/2...
This is why
www.theguardian.com/technology/2...
Parents outraged as Meta uses photos of schoolgirls in ads targeting man
Exclusive: Instagram pictures of girls as young as 13 were posted to promote Threads site ‘as bait’, campaigner says
www.theguardian.com
September 20, 2025 at 5:45 PM
Hey #edusky: what have I said for years about not putting images of children on your websites or socials ?
This is why
www.theguardian.com/technology/2...
This is why
www.theguardian.com/technology/2...
Reposted by Nicolas Dubien
Writing tests is hard, and I'm lazy. I'd rather write a few invariants, and let fast-check fuzz test the rest.
That's why I built @traversable/valibot-test.
Here it is in action:
That's why I built @traversable/valibot-test.
Here it is in action:
September 19, 2025 at 10:09 PM
Writing tests is hard, and I'm lazy. I'd rather write a few invariants, and let fast-check fuzz test the rest.
That's why I built @traversable/valibot-test.
Here it is in action:
That's why I built @traversable/valibot-test.
Here it is in action:
Reposted by Nicolas Dubien
TIL: the "sync" in @react.dev's useSyncExternalStore isn't for "synchronise", it's for "synchronous".
As: it's not for synchronising against an external store,
It's for synchronously (ie: disabling concurrent features) updating against a store's changes.
h/t @tkdodo.eu 🤯
As: it's not for synchronising against an external store,
It's for synchronously (ie: disabling concurrent features) updating against a store's changes.
h/t @tkdodo.eu 🤯
September 19, 2025 at 2:10 PM
TIL: the "sync" in @react.dev's useSyncExternalStore isn't for "synchronise", it's for "synchronous".
As: it's not for synchronising against an external store,
It's for synchronously (ie: disabling concurrent features) updating against a store's changes.
h/t @tkdodo.eu 🤯
As: it's not for synchronising against an external store,
It's for synchronously (ie: disabling concurrent features) updating against a store's changes.
h/t @tkdodo.eu 🤯
Reposted by Nicolas Dubien
I wanna write a blogpost about Suspense, Transitions and React Query but it would mostly be "here's how I understand it, here's what I think doesn't work and here's what we might have to change internally to make it work"
September 20, 2025 at 7:40 AM
I wanna write a blogpost about Suspense, Transitions and React Query but it would mostly be "here's how I understand it, here's what I think doesn't work and here's what we might have to change internally to make it work"
Reposted by Nicolas Dubien
Why do nuqs URL updates occur client-side only by default?
Because you're guaranteed to run @react.dev on the client, but not all frameworks do SSR.
With `shallow: false`, you opt-out of this client-only behaviour, and cross the network boundary for search params you need during SSR.
Because you're guaranteed to run @react.dev on the client, but not all frameworks do SSR.
With `shallow: false`, you opt-out of this client-only behaviour, and cross the network boundary for search params you need during SSR.
September 19, 2025 at 9:45 PM
Why do nuqs URL updates occur client-side only by default?
Because you're guaranteed to run @react.dev on the client, but not all frameworks do SSR.
With `shallow: false`, you opt-out of this client-only behaviour, and cross the network boundary for search params you need during SSR.
Because you're guaranteed to run @react.dev on the client, but not all frameworks do SSR.
With `shallow: false`, you opt-out of this client-only behaviour, and cross the network boundary for search params you need during SSR.
Got exactly the same issues: one package at a time and rate limited 😅 Not the best UX/DX
I'm enabling OICD trusted publishing in all my npm packages. What a terrible DX 🫠 Not only I needed to click through the options manually in THIRTY NINE packages, but also got rate-limited and had to wait a full hour before I was able to continue 🤣 It's like they *didn't want* people to enable OICD!
September 19, 2025 at 1:16 PM
Got exactly the same issues: one package at a time and rate limited 😅 Not the best UX/DX
Reposted by Nicolas Dubien
✨ We’re thrilled to welcome our new Gold Sponsor: LambdaTest! 🎉
Your support helps us keep improving fast-check for the whole community 💛
More about them at www.lambdatest.com
Your support helps us keep improving fast-check for the whole community 💛
More about them at www.lambdatest.com
September 18, 2025 at 7:49 AM
✨ We’re thrilled to welcome our new Gold Sponsor: LambdaTest! 🎉
Your support helps us keep improving fast-check for the whole community 💛
More about them at www.lambdatest.com
Your support helps us keep improving fast-check for the whole community 💛
More about them at www.lambdatest.com
Reposted by Nicolas Dubien
The thesis of this post is that React isn't innovating and other UI libraries are. But the real issue is that React's innovations are overshadowed by it's own success.
www.lorenstew.art/blog/react-w...
www.lorenstew.art/blog/react-w...
React Won by Default – And It's Killing Frontend Innovation | Loren Stewart
Exploring how React's dominance by default stifles frontend innovation, and why deliberate framework choices lead to better tools for performance, developer experience, and ecosystem diversity.
www.lorenstew.art
September 16, 2025 at 2:24 PM
The thesis of this post is that React isn't innovating and other UI libraries are. But the real issue is that React's innovations are overshadowed by it's own success.
www.lorenstew.art/blog/react-w...
www.lorenstew.art/blog/react-w...
Reposted by Nicolas Dubien
🚨 Major active supply chain attack just hit npm.
Popular package @ctrl/tinycolor was trojanized — and it didn’t stop there. Over 40 packages were silently modified to steal secrets from dev machines & CI pipelines.
Our team at Socket caught it. Full report coming soon. Stay safe out there.
Popular package @ctrl/tinycolor was trojanized — and it didn’t stop there. Over 40 packages were silently modified to steal secrets from dev machines & CI pipelines.
Our team at Socket caught it. Full report coming soon. Stay safe out there.
September 16, 2025 at 3:10 AM
🚨 Major active supply chain attack just hit npm.
Popular package @ctrl/tinycolor was trojanized — and it didn’t stop there. Over 40 packages were silently modified to steal secrets from dev machines & CI pipelines.
Our team at Socket caught it. Full report coming soon. Stay safe out there.
Popular package @ctrl/tinycolor was trojanized — and it didn’t stop there. Over 40 packages were silently modified to steal secrets from dev machines & CI pipelines.
Our team at Socket caught it. Full report coming soon. Stay safe out there.
Reposted by Nicolas Dubien
🚊 On my way to Prague for @react-prague.bsky.social. I will be talking about how we use knip @sentry.io to remove unused code 🙌
September 16, 2025 at 6:28 AM
🚊 On my way to Prague for @react-prague.bsky.social. I will be talking about how we use knip @sentry.io to remove unused code 🙌
Reposted by Nicolas Dubien
styled-components maintenance mode doesn't have to mean panic mode.
Our engineer @codey.bsky.social made performant community forks. Linear's already seeing 40% faster renders with zero code changes.
Not a permanent fix, but it buys you time to migrate properly.
www.sanity.io/blog/cut-sty...
Our engineer @codey.bsky.social made performant community forks. Linear's already seeing 40% faster renders with zero code changes.
Not a permanent fix, but it buys you time to migrate properly.
www.sanity.io/blog/cut-sty...
styled-components maintenance mode: A 40% faster fork | Sanity
After styled-components entered maintenance mode, we forked it with React 18's useInsertionEffect. Result: 40% faster renders for Linear. Open source solution.
www.sanity.io
September 11, 2025 at 4:55 PM
styled-components maintenance mode doesn't have to mean panic mode.
Our engineer @codey.bsky.social made performant community forks. Linear's already seeing 40% faster renders with zero code changes.
Not a permanent fix, but it buys you time to migrate properly.
www.sanity.io/blog/cut-sty...
Our engineer @codey.bsky.social made performant community forks. Linear's already seeing 40% faster renders with zero code changes.
Not a permanent fix, but it buys you time to migrate properly.
www.sanity.io/blog/cut-sty...