Wes
@notwes.bsky.social
ATX - he/him - 🥂Humans are more important than code - I work at an entertainment company and volunteer my time making art on github
https://github.com/wesleytodd
https://github.com/wesleytodd
Reposted by Wes
Reporting spam on @github.com should take less effort than posting spam
November 14, 2025 at 5:39 PM
Reporting spam on @github.com should take less effort than posting spam
After a few months of targeted attacks on our ecosystem, followed by a confusing and rapidly changing response from @github.com, we wanted to put together some guidance for maintainers on how to help us all secure our supply chain together.
Here is that guidance 👇
Here is that guidance 👇
With npm supply chain attacks on the rise, secure publishing practices are becoming a pressing concern for anyone maintaining npm packages. ⚠️
We've released updated guidance to help maintainers reduce exposure, strengthen release processes, and protect the ecosystem: openjsf.org/blog/publish...
We've released updated guidance to help maintainers reduce exposure, strengthen release processes, and protect the ecosystem: openjsf.org/blog/publish...
Publishing More Securely on npm: Guidance from the OpenJS Security Collaboration Space | OpenJS Foundation
The OpenJS Security Collaboration Space has been working closely with GitHub’s npm team to understand how new security features affect projects and maintainers, especially as threats and tools keep ev...
openjsf.org
November 14, 2025 at 4:21 PM
After a few months of targeted attacks on our ecosystem, followed by a confusing and rapidly changing response from @github.com, we wanted to put together some guidance for maintainers on how to help us all secure our supply chain together.
Here is that guidance 👇
Here is that guidance 👇
Reposted by Wes
🎉 @bjohansebas.bsky.social is our new Triage Captain for #ExpressJS! Grateful for your dedication, leadership, and continued impact on the community 👏👏👏
github.com/expressjs/di...
github.com/expressjs/di...
fix(docs): Add @bjohansebas as Triage Team captain by wesleytodd · Pull Request #448 · expressjs/discussions
Nominating @bjohansebas as a captain of the Triage Team. We have seen lots of great contributions from @bjohansebas this year and he is interested in helping run this effort. Thanks for the continu...
github.com
November 12, 2025 at 10:05 AM
🎉 @bjohansebas.bsky.social is our new Triage Captain for #ExpressJS! Grateful for your dedication, leadership, and continued impact on the community 👏👏👏
github.com/expressjs/di...
github.com/expressjs/di...
Have you even lived if you have never opened a kiln that looks like this? That crushing feeling of loss to really brings perspective to normal levels of sad and how to let it go. 😭
Sorry for your loss Eva.
Sorry for your loss Eva.
Guess who has two thumbs, and set their bisque kiln to preheat for 12 minutes instead of 12 hours!
That’s me!!
That’s me!!
November 13, 2025 at 10:48 PM
Have you even lived if you have never opened a kiln that looks like this? That crushing feeling of loss to really brings perspective to normal levels of sad and how to let it go. 😭
Sorry for your loss Eva.
Sorry for your loss Eva.
Reposted by Wes
October’s security check‑in is here! 🚨
📌 Highlights: stronger threat modelling, npm Trusted Publishing risks tackled, new runtime features for secure‑by‑default apps.
hubs.la/Q03T5j8j0
📌 Highlights: stronger threat modelling, npm Trusted Publishing risks tackled, new runtime features for secure‑by‑default apps.
hubs.la/Q03T5j8j0
OpenJS Security Update: October 2025 | OpenJS Foundation
From new threat modeling practices to ecosystem-wide coordination, npm security discussions, and major Node.js security enhancements, this update recaps the key progress made in October 2025.
hubs.la
November 13, 2025 at 7:18 PM
October’s security check‑in is here! 🚨
📌 Highlights: stronger threat modelling, npm Trusted Publishing risks tackled, new runtime features for secure‑by‑default apps.
hubs.la/Q03T5j8j0
📌 Highlights: stronger threat modelling, npm Trusted Publishing risks tackled, new runtime features for secure‑by‑default apps.
hubs.la/Q03T5j8j0
Nerds (derogatory) are really out there propping up the entire global market so they can have conversations with computers instead of humans. They are doing billions of dollars worth of work to achieve the goal of living a life mostly bereft of human connection. I am watching it happen live. 😭
November 13, 2025 at 5:59 PM
Nerds (derogatory) are really out there propping up the entire global market so they can have conversations with computers instead of humans. They are doing billions of dollars worth of work to achieve the goal of living a life mostly bereft of human connection. I am watching it happen live. 😭
I had the pleasure of being on-call for a lot of what Elizabeth talked about on this (love is blind & the Tyson fight). It's fun to hear such a polished, clear, and positive message about the absolute *madness* (aka fun) it was to be involved as an engineer on the ground.
What’s it like to work as a software engineer at Netflix? In this special episode recorded at Netflix’s headquarters in Los Gatos, I sat down with Elizabeth Stone, CTO at the company - in the signature Netflix director chairs (and with a pro Netflix camera crew!)
(cont'd)
(cont'd)
November 12, 2025 at 10:39 PM
I had the pleasure of being on-call for a lot of what Elizabeth talked about on this (love is blind & the Tyson fight). It's fun to hear such a polished, clear, and positive message about the absolute *madness* (aka fun) it was to be involved as an engineer on the ground.
Oh cool, thanks Thanks.dev for the support on @github.com.
thanks.dev – open source funding platform
We're passionate about making open source sustainable. Scan your dependancy tree to better understand which open source projects need funding the most. Maintainers can also register their projects to ...
Thanks.dev
November 12, 2025 at 1:29 PM
Oh cool, thanks Thanks.dev for the support on @github.com.
Reposted by Wes
Type stripping is now stable.
Enjoy 🌞
Enjoy 🌞
November 12, 2025 at 5:07 AM
Type stripping is now stable.
Enjoy 🌞
Enjoy 🌞
Reposted by Wes
Or to find out what is key for the general community, instead of for a specific funding source, there needs to be people proactively trying to find out what general users want, which is also work that doesn’t get done by itself and largely depends on volunteers github.com/nodejs/next-10
GitHub - nodejs/next-10: Repository for discussion on strategic directions for next 10 years of Node.js
Repository for discussion on strategic directions for next 10 years of Node.js - nodejs/next-10
github.com
November 12, 2025 at 12:33 PM
Or to find out what is key for the general community, instead of for a specific funding source, there needs to be people proactively trying to find out what general users want, which is also work that doesn’t get done by itself and largely depends on volunteers github.com/nodejs/next-10
Reposted by Wes
Ha, this is pretty much how I work and I didn't realise it was a cultural thing, but that's why you see me popping up everywhere:
(From: protocol.ecologies.info/interviews/n... )
(From: protocol.ecologies.info/interviews/n... )
November 11, 2025 at 6:18 PM
Ha, this is pretty much how I work and I didn't realise it was a cultural thing, but that's why you see me popping up everywhere:
(From: protocol.ecologies.info/interviews/n... )
(From: protocol.ecologies.info/interviews/n... )
I am not a supplier.
I was reading through the two SBOM specifications today (as you do), and noticed that both have fields that impose a "supplier" field on packages.
Couldn't help but think of @https://hachyderm.io/@Di4na's blog post https://www.softwaremaxims.com/blog/not-a-supplier and how it's literally in the […]
Couldn't help but think of @https://hachyderm.io/@Di4na's blog post https://www.softwaremaxims.com/blog/not-a-supplier and how it's literally in the […]
Original post on mastodon.social
mastodon.social
November 11, 2025 at 10:10 PM
I am not a supplier.
Reposted by Wes
Preparing my talk for JSConf JP and I finally drew my mental venn diagram about how Node.js development works 🤪
November 11, 2025 at 7:20 PM
Preparing my talk for JSConf JP and I finally drew my mental venn diagram about how Node.js development works 🤪
And if so, what value are you finding in the data available via provenance?
November 11, 2025 at 8:06 PM
And if so, what value are you finding in the data available via provenance?
Reposted by Wes
Big thanks to our partners Alpha Omega and @nodesource.bsky.social 💚
November 11, 2025 at 3:28 PM
Big thanks to our partners Alpha Omega and @nodesource.bsky.social 💚
Reposted by Wes
Ever wonder why @nodejs.org drops new versions like clockwork? Here’s the scoop. ⏱️
@rafaelgss.dev shares all the details about the Node.js release schedule in our new series, JavaScript Security Snapshot.
@rafaelgss.dev shares all the details about the Node.js release schedule in our new series, JavaScript Security Snapshot.
November 11, 2025 at 3:28 PM
Ever wonder why @nodejs.org drops new versions like clockwork? Here’s the scoop. ⏱️
@rafaelgss.dev shares all the details about the Node.js release schedule in our new series, JavaScript Security Snapshot.
@rafaelgss.dev shares all the details about the Node.js release schedule in our new series, JavaScript Security Snapshot.
Reposted by Wes
It's not you, it's slack.
November 10, 2025 at 6:17 PM
It's not you, it's slack.
Reposted by Wes
My first advice to junior contributors is to STOP using vibe coding for PRs. OSS is always about people more than about code. We don't need more code generated by LLM, we need more people who care.
November 10, 2025 at 11:47 AM
My first advice to junior contributors is to STOP using vibe coding for PRs. OSS is always about people more than about code. We don't need more code generated by LLM, we need more people who care.
Mine took down all iOS streaming on Netflix. A year later my former team had rolled out a whole new system in place of the thing that allowed my missed where clause to cause the outage.
Good engineering is not about mistakes happening, it is about how you respond after.
Good engineering is not about mistakes happening, it is about how you respond after.
November 7, 2025 at 2:34 PM
Mine took down all iOS streaming on Netflix. A year later my former team had rolled out a whole new system in place of the thing that allowed my missed where clause to cause the outage.
Good engineering is not about mistakes happening, it is about how you respond after.
Good engineering is not about mistakes happening, it is about how you respond after.
"We’re sending a quick reminder to complete our survey about your Technology Help Center (THC) usage."
Well....**takes a big puff**...lets do this survey.
Well....**takes a big puff**...lets do this survey.
November 6, 2025 at 5:53 PM
"We’re sending a quick reminder to complete our survey about your Technology Help Center (THC) usage."
Well....**takes a big puff**...lets do this survey.
Well....**takes a big puff**...lets do this survey.
Someone at PayPal needs to learn about the importance of alt text. Hope they like immediate delete on their emails.
November 4, 2025 at 7:02 PM
Someone at PayPal needs to learn about the importance of alt text. Hope they like immediate delete on their emails.
Reposted by Wes
40 million users on halloween [takes a long drag on a cigarette] no way one of them isn’t a dracula
October 31, 2025 at 1:57 PM
40 million users on halloween [takes a long drag on a cigarette] no way one of them isn’t a dracula
Reposted by Wes
New collab space alert 👀🚨
We've launched the Bundler Collaboration Space to bring projects like Vite, Webpack, Rspack, and others together on shared goals for the JavaScript bundler ecosystem.
Join in: github.com/openjs-found...
We've launched the Bundler Collaboration Space to bring projects like Vite, Webpack, Rspack, and others together on shared goals for the JavaScript bundler ecosystem.
Join in: github.com/openjs-found...
GitHub - openjs-foundation/bundler-collab-space: TBD
TBD. Contribute to openjs-foundation/bundler-collab-space development by creating an account on GitHub.
github.com
October 30, 2025 at 4:24 PM
New collab space alert 👀🚨
We've launched the Bundler Collaboration Space to bring projects like Vite, Webpack, Rspack, and others together on shared goals for the JavaScript bundler ecosystem.
Join in: github.com/openjs-found...
We've launched the Bundler Collaboration Space to bring projects like Vite, Webpack, Rspack, and others together on shared goals for the JavaScript bundler ecosystem.
Join in: github.com/openjs-found...
I am so happy! Getting back home to Austin and it’s actually chilly. All I wanted to do was go curl up in bed and sleep for a month, and I got the type of weather that makes that feel nice.
October 30, 2025 at 3:19 PM
I am so happy! Getting back home to Austin and it’s actually chilly. All I wanted to do was go curl up in bed and sleep for a month, and I got the type of weather that makes that feel nice.
Reposted by Wes
I will personally give a free ticket to the next GitHub Universe to the first person to share a UF2 with a playable version of Doom for the GitHub Universe 2025 badge
October 30, 2025 at 2:40 PM
I will personally give a free ticket to the next GitHub Universe to the first person to share a UF2 with a playable version of Doom for the GitHub Universe 2025 badge