Pooya Parsa
@pi0.io
Building opensource stuff ◦ @unjs.io ◦ @nitro.build ◦ @nuxt.com
🌱 github.com/pi0 ❌ x.com/_pi0_
🌱 github.com/pi0 ❌ x.com/_pi0_
Reposted by Pooya Parsa
Universal cache adapter (based on @unjs.io) for @drizzle.team just hit the shelves: drizzle-uncache
github.com/dschewchenko...
github.com/dschewchenko...
GitHub - dschewchenko/drizzle-uncache
Contribute to dschewchenko/drizzle-uncache development by creating an account on GitHub.
github.com
December 15, 2025 at 12:04 PM
Universal cache adapter (based on @unjs.io) for @drizzle.team just hit the shelves: drizzle-uncache
github.com/dschewchenko...
github.com/dschewchenko...
Hold tight! Nitro v3 βeta is coming 👀
December 12, 2025 at 1:10 PM
Hold tight! Nitro v3 βeta is coming 👀
Phew, it was a tough year. Nice⭐ stars, though!
Thanks, ❤️ @jangholi.bsky.social, for being patient and supportive through busy days and nights.
I tried to keep two lines free. I’ll do better next year, hopefully finally learn to speak 🇳🇱 Nederlands!
Thanks, ❤️ @jangholi.bsky.social, for being patient and supportive through busy days and nights.
I tried to keep two lines free. I’ll do better next year, hopefully finally learn to speak 🇳🇱 Nederlands!
December 12, 2025 at 12:57 PM
Phew, it was a tough year. Nice⭐ stars, though!
Thanks, ❤️ @jangholi.bsky.social, for being patient and supportive through busy days and nights.
I tried to keep two lines free. I’ll do better next year, hopefully finally learn to speak 🇳🇱 Nederlands!
Thanks, ❤️ @jangholi.bsky.social, for being patient and supportive through busy days and nights.
I tried to keep two lines free. I’ll do better next year, hopefully finally learn to speak 🇳🇱 Nederlands!
In the next Nitro v3 release, you can easily unit-test code that depends on the Nitro runtime.
github.com/nitrojs/nitr...
github.com/nitrojs/nitr...
feat: mock runtime virtual imports by pi0 · Pull Request #3861 · nitrojs/nitro
Nitro runtime depends on generated virtual modules that only work during the build phase.
This makes unit testing and writing shared code difficult when project code imports nitro/runtime, nitro/st...
github.com
December 11, 2025 at 5:28 PM
In the next Nitro v3 release, you can easily unit-test code that depends on the Nitro runtime.
github.com/nitrojs/nitr...
github.com/nitrojs/nitr...
Open libraries in @unjs.io and H3.dev power millions.
Maintenance is tough and largely unmanned compared to the projects built on top of them.
Huge thanks to the silent, selfless heroes who fix issues before I even notice them. You’re the reason I still keep doing open source. ❤️
Maintenance is tough and largely unmanned compared to the projects built on top of them.
Huge thanks to the silent, selfless heroes who fix issues before I even notice them. You’re the reason I still keep doing open source. ❤️
December 10, 2025 at 9:47 AM
Reposted by Pooya Parsa
After a few months of targeted attacks on our ecosystem, followed by a confusing and rapidly changing response from @github.com, we wanted to put together some guidance for maintainers on how to help us all secure our supply chain together.
Here is that guidance 👇
Here is that guidance 👇
With npm supply chain attacks on the rise, secure publishing practices are becoming a pressing concern for anyone maintaining npm packages. ⚠️
We've released updated guidance to help maintainers reduce exposure, strengthen release processes, and protect the ecosystem: openjsf.org/blog/publish...
We've released updated guidance to help maintainers reduce exposure, strengthen release processes, and protect the ecosystem: openjsf.org/blog/publish...
Publishing More Securely on npm: Guidance from the OpenJS Security Collaboration Space | OpenJS Foundation
The OpenJS Security Collaboration Space has been working closely with GitHub’s npm team to understand how new security features affect projects and maintainers, especially as threats and tools keep ev...
openjsf.org
November 14, 2025 at 4:21 PM
After a few months of targeted attacks on our ecosystem, followed by a confusing and rapidly changing response from @github.com, we wanted to put together some guidance for maintainers on how to help us all secure our supply chain together.
Here is that guidance 👇
Here is that guidance 👇
Reposted by Pooya Parsa
🧨 “Gaps in design and implementation with the new OIDC Trusted Publisher workflows leave maintainers open to novel and increasingly difficult to detect gaps in their publishing setups. We do not recommend critical projects move to this new workflow..." - @notwes.bsky.social
npm has revoked classic tokens for publishing, pushing maintainers toward OIDC trusted publishing or granular tokens. But @openjsf.org warns trusted publishing still has risky gaps for critical projects. What maintainers should do next:
socket.dev/blog/npm-rev... #NodeJS #JavaScript
socket.dev/blog/npm-rev... #NodeJS #JavaScript
npm Revokes Classic Tokens, as OpenJS Warns Maintainers Abou...
GitHub has revoked npm classic tokens for publishing; maintainers must migrate, but OpenJS warns OIDC trusted publishing still has risky gaps for crit...
socket.dev
December 10, 2025 at 6:03 AM
🧨 “Gaps in design and implementation with the new OIDC Trusted Publisher workflows leave maintainers open to novel and increasingly difficult to detect gaps in their publishing setups. We do not recommend critical projects move to this new workflow..." - @notwes.bsky.social
Reposted by Pooya Parsa
Amsterdam (NL in general) has the best dev community!
Change my mind!
(With @thealexlichter.com @pi0.io @yannbf.bsky.social)
Change my mind!
(With @thealexlichter.com @pi0.io @yannbf.bsky.social)
December 8, 2025 at 9:39 AM
Amsterdam (NL in general) has the best dev community!
Change my mind!
(With @thealexlichter.com @pi0.io @yannbf.bsky.social)
Change my mind!
(With @thealexlichter.com @pi0.io @yannbf.bsky.social)
Reposted by Pooya Parsa
IPX is super cool tool for self-hosting websites with optimized images. Webstudio is using it for docker export.
This means docker images will get even smaller and cold start can be faster.
This means docker images will get even smaller and cold start can be faster.
Was debugging a nasty ESM issue and ended up optimizing unjs/🖼️IPX from 99 dependencies down to 6 (26 MB → 2 MB).
Available in the v4 nightly builds with the same features as before!
Available in the v4 nightly builds with the same features as before!
December 4, 2025 at 8:42 PM
IPX is super cool tool for self-hosting websites with optimized images. Webstudio is using it for docker export.
This means docker images will get even smaller and cold start can be faster.
This means docker images will get even smaller and cold start can be faster.
Was debugging a nasty ESM issue and ended up optimizing unjs/🖼️IPX from 99 dependencies down to 6 (26 MB → 2 MB).
Available in the v4 nightly builds with the same features as before!
Available in the v4 nightly builds with the same features as before!
December 4, 2025 at 7:38 PM
Was debugging a nasty ESM issue and ended up optimizing unjs/🖼️IPX from 99 dependencies down to 6 (26 MB → 2 MB).
Available in the v4 nightly builds with the same features as before!
Available in the v4 nightly builds with the same features as before!
Nitro’s split between SSR and server concepts was already a strong design choice, and I’m glad we stayed committed to it.
With everything going on, zero-trust is the only security model that makes sense.
Everything is exploitable 💣 — accept it. All we can do is reduce the damage surface through separation and isolation.
Everything is exploitable 💣 — accept it. All we can do is reduce the damage surface through separation and isolation.
December 4, 2025 at 12:33 PM
Nitro’s split between SSR and server concepts was already a strong design choice, and I’m glad we stayed committed to it.
With everything going on, zero-trust is the only security model that makes sense.
Everything is exploitable 💣 — accept it. All we can do is reduce the damage surface through separation and isolation.
Everything is exploitable 💣 — accept it. All we can do is reduce the damage surface through separation and isolation.
December 4, 2025 at 12:21 PM
With everything going on, zero-trust is the only security model that makes sense.
Everything is exploitable 💣 — accept it. All we can do is reduce the damage surface through separation and isolation.
Everything is exploitable 💣 — accept it. All we can do is reduce the damage surface through separation and isolation.
Over a week into rewriting the Nitro external resolver/tracer plugin. Only ~100 LOC, but tiny details have a big impact on performance and build stability. In large projects, resolver hooks may be called thousands of times, doing less really matters.
November 26, 2025 at 4:59 PM
Over a week into rewriting the Nitro external resolver/tracer plugin. Only ~100 LOC, but tiny details have a big impact on performance and build stability. In large projects, resolver hooks may be called thousands of times, doing less really matters.
November 24, 2025 at 11:37 AM
“one” added dep and node_modules turns into a pile of extra crap.
Try: npmgraph.js.org
WARNING: Once you see it, you can’t unsee it.
Try: npmgraph.js.org
WARNING: Once you see it, you can’t unsee it.
npmgraph - NPM Dependency Diagrams
Graph / visualize of npm dependencies
npmgraph.js.org
November 5, 2025 at 2:34 PM
“one” added dep and node_modules turns into a pile of extra crap.
Try: npmgraph.js.org
WARNING: Once you see it, you can’t unsee it.
Try: npmgraph.js.org
WARNING: Once you see it, you can’t unsee it.
Nitro v3’s filesystem routing is now optional by default ✨
Choose what fits your setup best:
📂 Filesystem routing (serverDir: "server")
⚙️ routes: {} config
🧩 server.ts (bring your own router)
All core routing features remain available.
Choose what fits your setup best:
📂 Filesystem routing (serverDir: "server")
⚙️ routes: {} config
🧩 server.ts (bring your own router)
All core routing features remain available.
November 3, 2025 at 3:05 PM
Nitro v3’s filesystem routing is now optional by default ✨
Choose what fits your setup best:
📂 Filesystem routing (serverDir: "server")
⚙️ routes: {} config
🧩 server.ts (bring your own router)
All core routing features remain available.
Choose what fits your setup best:
📂 Filesystem routing (serverDir: "server")
⚙️ routes: {} config
🧩 server.ts (bring your own router)
All core routing features remain available.
Reposted by Pooya Parsa
Are we getting PHP in JS? And how is this related to @vite.dev and SSR?
I've taken a look at Rendu, the hypertext preprocessor also used by the upcoming @nitro.build v3
youtu.be/Qk2oNBRw2Y8
I've taken a look at Rendu, the hypertext preprocessor also used by the upcoming @nitro.build v3
youtu.be/Qk2oNBRw2Y8
November 3, 2025 at 2:35 PM
Are we getting PHP in JS? And how is this related to @vite.dev and SSR?
I've taken a look at Rendu, the hypertext preprocessor also used by the upcoming @nitro.build v3
youtu.be/Qk2oNBRw2Y8
I've taken a look at Rendu, the hypertext preprocessor also used by the upcoming @nitro.build v3
youtu.be/Qk2oNBRw2Y8
Build → Refine → Clean up → Repeat ↻
November 2, 2025 at 12:15 PM
Build → Refine → Clean up → Repeat ↻
🇨🇭 Nitro Modules → Vite Plugins
Working on a POC to make Vite plugins interoperable as Nitro modules.
This could help create a more unified ecosystem of universal plugins.
Working on a POC to make Vite plugins interoperable as Nitro modules.
This could help create a more unified ecosystem of universal plugins.
November 1, 2025 at 10:08 AM
🇨🇭 Nitro Modules → Vite Plugins
Working on a POC to make Vite plugins interoperable as Nitro modules.
This could help create a more unified ecosystem of universal plugins.
Working on a POC to make Vite plugins interoperable as Nitro modules.
This could help create a more unified ecosystem of universal plugins.
POV: We add a bunch of polyfills and fixes in libraries only because developers make mistakes. This costs end users! EVERY RUN, EVERY CALL, EVERY REQUEST... probably billions of times!
November 1, 2025 at 8:44 AM
POV: We add a bunch of polyfills and fixes in libraries only because developers make mistakes. This costs end users! EVERY RUN, EVERY CALL, EVERY REQUEST... probably billions of times!
Looking for a reliable way to detect AI agents executing CLI scripts with @danielroe.dev, so we can adjust verbosity and capture spans. Ideas welcome!
github.com/unjs/std-env...
github.com/unjs/std-env...
Add `isAgent` flag · Issue #172 · unjs/std-env
Describe the feature (from discussion with @danielroe) We can export a flag to indicate if CLI is running within an agent. I suggest introducing verbosity or span more info. We might also have some...
github.com
October 31, 2025 at 11:11 AM
Looking for a reliable way to detect AI agents executing CLI scripts with @danielroe.dev, so we can adjust verbosity and capture spans. Ideas welcome!
github.com/unjs/std-env...
github.com/unjs/std-env...
Migrating Nitro (dist) from Rollup to @rolldown.rs : CI time dropped from 36s → 7 s ++ few issues got fixed 😎
October 30, 2025 at 12:11 PM
Migrating Nitro (dist) from Rollup to @rolldown.rs : CI time dropped from 36s → 7 s ++ few issues got fixed 😎
🧹 Time to clean up!
unjs/ofetch ($fetch) v2 (alpha)
- 🌐 ESM-only + Native Web APIs
- 📦 Zero deps (3 → 0)
- 📉 Install: 900 KB → 28 KB
- ⚡️Bundle: 17.4 KB (6.5 KB gz) → 6.3 KB (2.4 KB gz)
More optimizations to come 🤞
unjs/ofetch ($fetch) v2 (alpha)
- 🌐 ESM-only + Native Web APIs
- 📦 Zero deps (3 → 0)
- 📉 Install: 900 KB → 28 KB
- ⚡️Bundle: 17.4 KB (6.5 KB gz) → 6.3 KB (2.4 KB gz)
More optimizations to come 🤞
October 28, 2025 at 11:43 AM
🧹 Time to clean up!
unjs/ofetch ($fetch) v2 (alpha)
- 🌐 ESM-only + Native Web APIs
- 📦 Zero deps (3 → 0)
- 📉 Install: 900 KB → 28 KB
- ⚡️Bundle: 17.4 KB (6.5 KB gz) → 6.3 KB (2.4 KB gz)
More optimizations to come 🤞
unjs/ofetch ($fetch) v2 (alpha)
- 🌐 ESM-only + Native Web APIs
- 📦 Zero deps (3 → 0)
- 📉 Install: 900 KB → 28 KB
- ⚡️Bundle: 17.4 KB (6.5 KB gz) → 6.3 KB (2.4 KB gz)
More optimizations to come 🤞