Pelle Wessman
@voxpelli.com
Swedish web developer, open source maintainer, creator, non-influenser, #nodejs user
🌎: https://voxpelli.com/
🐘: https://mastodon.social/@voxpelli
👨💻: https://github.com/voxpelli
🌎: https://voxpelli.com/
🐘: https://mastodon.social/@voxpelli
👨💻: https://github.com/voxpelli
Pinned
Pelle Wessman
@voxpelli.com
· Nov 20
Mastodon uses a rel-self, type-application/activity+json link to the absolute URL of the user (/users/foo)
@atproto.com / @bsky.app could have done the same and had a rel-self link to the did:plc URI (eg. did:plc:z72i7hdynmk6r22z27h6tvur)
Reference for #ATproto docs: atproto.com/specs/handle...
@atproto.com / @bsky.app could have done the same and had a rel-self link to the did:plc URI (eg. did:plc:z72i7hdynmk6r22z27h6tvur)
Reference for #ATproto docs: atproto.com/specs/handle...
Handle - AT Protocol
A specification for human-friendly account identifiers.
atproto.com
Not sure why #ATproto uses /.well-known/atproto-did to discover handles rather than using #WebFinger like #Mastodon and having a rel-self to a did:plc URI
Feels needless to have two discovery layers? And would have enabled the same handle resolution for both Mastodon and Bluesky?
Feels needless to have two discovery layers? And would have enabled the same handle resolution for both Mastodon and Bluesky?
Reposted by Pelle Wessman
Freedom, sustainability, democracy, accessibility, tolerance – in the wrong context in can all have been redefined to mean the exact opposite of what it should be – the dangerous of fluffy terms with a positive connotation
We need to continually define them or else risk a takeover
We need to continually define them or else risk a takeover
February 10, 2025 at 5:23 PM
Freedom, sustainability, democracy, accessibility, tolerance – in the wrong context in can all have been redefined to mean the exact opposite of what it should be – the dangerous of fluffy terms with a positive connotation
We need to continually define them or else risk a takeover
We need to continually define them or else risk a takeover
Reposted by Pelle Wessman
this argument is dangerous nonsense. There is no legal basis for the US' strikes on "drug boats", not under the ius ad bellum, not under US law, not under the law of armed conflict, not under human rights law. It's state-orchestrated murder, plain and simple.
www.theguardian.com/us-news/2025...
www.theguardian.com/us-news/2025...
November 5, 2025 at 1:11 PM
this argument is dangerous nonsense. There is no legal basis for the US' strikes on "drug boats", not under the ius ad bellum, not under US law, not under the law of armed conflict, not under human rights law. It's state-orchestrated murder, plain and simple.
www.theguardian.com/us-news/2025...
www.theguardian.com/us-news/2025...
Oversimplification is so pervasive in today’s world and really exemplifies well that the road to hell is indeed lined with good intentions
November 3, 2025 at 4:39 PM
Oversimplification is so pervasive in today’s world and really exemplifies well that the road to hell is indeed lined with good intentions
Reposted by Pelle Wessman
The Servo project is starting to publish releases, version 0.0.1 is out today! 🚀
You can learn more about the goals and plans behind these releases in our blog: servo.org/blog/2025/10...
You can learn more about the goals and plans behind these releases in our blog: servo.org/blog/2025/10...
Servo 0.0.1 Release - Servo aims to empower developers with a lightweight, high-performance alternative for embedding web technologies in applications.
A brief update on the goals and plans behind the new Servo releases on GitHub.
servo.org
October 20, 2025 at 1:28 PM
The Servo project is starting to publish releases, version 0.0.1 is out today! 🚀
You can learn more about the goals and plans behind these releases in our blog: servo.org/blog/2025/10...
You can learn more about the goals and plans behind these releases in our blog: servo.org/blog/2025/10...
The Gaza ceasefire and peace should really be guarded and enforced by a UN peace force, but considering how Israel (and Hizbollah) has treated the Lebanese UN peace force UNIFIL it wouldn’t make much direct impact, but it would be a good signal and put more on the line.
Israel attacking Irish UN peacekeeping soldiers in Lebanon.
As always, Israel can get fucked and may every supporter of Israel have festering bleeding haemorrhoids every day of their life.
RTÉ news : Irish UNIFIL troops safe after IDF drops grenades nearby
www.rte.ie/news/2025/10...
As always, Israel can get fucked and may every supporter of Israel have festering bleeding haemorrhoids every day of their life.
RTÉ news : Irish UNIFIL troops safe after IDF drops grenades nearby
www.rte.ie/news/2025/10...
Irish UNIFIL troops safe after IDF drops grenades nearby
Irish troops are accounted for and well after the United Nations Interim Force in Lebanon said the Israeli Defence Forces dropped grenades near peacekeepers in Lebanon.
www.rte.ie
October 20, 2025 at 2:23 PM
The Gaza ceasefire and peace should really be guarded and enforced by a UN peace force, but considering how Israel (and Hizbollah) has treated the Lebanese UN peace force UNIFIL it wouldn’t make much direct impact, but it would be a good signal and put more on the line.
Nice with some positive political news amidst authoritarians and populists dominating the news
ICYMI Green Party membership numbers have now overtaken the Conservative Party's! 🎉
📈 125,000 members and counting.
📈 125,000 members and counting.
October 19, 2025 at 1:33 PM
Nice with some positive political news amidst authoritarians and populists dominating the news
It’s funny when people from USA makes claim like “our great Nation serves as a beacon for freedom around the world”
USA is rather making a mockery of democracy, human rights etc and making it real hard for Europe etc to push for all those things as we have to collectively take the blame for the US.
USA is rather making a mockery of democracy, human rights etc and making it real hard for Europe etc to push for all those things as we have to collectively take the blame for the US.
October 18, 2025 at 7:31 PM
It’s funny when people from USA makes claim like “our great Nation serves as a beacon for freedom around the world”
USA is rather making a mockery of democracy, human rights etc and making it real hard for Europe etc to push for all those things as we have to collectively take the blame for the US.
USA is rather making a mockery of democracy, human rights etc and making it real hard for Europe etc to push for all those things as we have to collectively take the blame for the US.
“Hope” in Swedish is “hopp” and “hopp” can also mean “jump”
So, take it from a Swede: Jump when you need hope.
So, take it from a Swede: Jump when you need hope.
October 12, 2025 at 1:15 PM
“Hope” in Swedish is “hopp” and “hopp” can also mean “jump”
So, take it from a Swede: Jump when you need hope.
So, take it from a Swede: Jump when you need hope.
Additional JS pro tip:
Use the helpers from my module pony-cause (inspired by the Error Cause precursor VError) to work more efficiently with causes: github.com/voxpelli/pon...
Use the helpers from my module pony-cause (inspired by the Error Cause precursor VError) to work more efficiently with causes: github.com/voxpelli/pon...
October 1, 2025 at 11:54 AM
Additional JS pro tip:
Use the helpers from my module pony-cause (inspired by the Error Cause precursor VError) to work more efficiently with causes: github.com/voxpelli/pon...
Use the helpers from my module pony-cause (inspired by the Error Cause precursor VError) to work more efficiently with causes: github.com/voxpelli/pon...
Tried using the GitHub Copilot Agent to fix some simple issues – it requires more baby sitting so far than any human developer I have ever interacted with, and it even mentions things like:
"I see the problem! [...] I need to actually apply the changes I described in my previous response."
"I see the problem! [...] I need to actually apply the changes I described in my previous response."
October 1, 2025 at 11:41 AM
Tried using the GitHub Copilot Agent to fix some simple issues – it requires more baby sitting so far than any human developer I have ever interacted with, and it even mentions things like:
"I see the problem! [...] I need to actually apply the changes I described in my previous response."
"I see the problem! [...] I need to actually apply the changes I described in my previous response."
@clever-cloud.com Any plans to offer official @deno.land hosting on your PaaS?
Worried about npm exploits?
Deno can run your Node apps with added protection:
🔒 opt-in permissions
🔒 user-authorized postinstall scripts
🔒 permission audit + trace logs
and much more 👇
deno.com/blog/deno-pr...
Deno can run your Node apps with added protection:
🔒 opt-in permissions
🔒 user-authorized postinstall scripts
🔒 permission audit + trace logs
and much more 👇
deno.com/blog/deno-pr...
How Deno protects against npm exploits | Deno
Recent supply chain attacks on npm is a reminder that Node and npm grants unfettered access to your systems. Here's how Deno, with an opt-in security model, protects against these vulnerabilities.
deno.com
October 1, 2025 at 11:18 AM
@clever-cloud.com Any plans to offer official @deno.land hosting on your PaaS?
Reposted by Pelle Wessman
Worried about npm exploits?
Deno can run your Node apps with added protection:
🔒 opt-in permissions
🔒 user-authorized postinstall scripts
🔒 permission audit + trace logs
and much more 👇
deno.com/blog/deno-pr...
Deno can run your Node apps with added protection:
🔒 opt-in permissions
🔒 user-authorized postinstall scripts
🔒 permission audit + trace logs
and much more 👇
deno.com/blog/deno-pr...
How Deno protects against npm exploits | Deno
Recent supply chain attacks on npm is a reminder that Node and npm grants unfettered access to your systems. Here's how Deno, with an opt-in security model, protects against these vulnerabilities.
deno.com
September 30, 2025 at 5:29 PM
Worried about npm exploits?
Deno can run your Node apps with added protection:
🔒 opt-in permissions
🔒 user-authorized postinstall scripts
🔒 permission audit + trace logs
and much more 👇
deno.com/blog/deno-pr...
Deno can run your Node apps with added protection:
🔒 opt-in permissions
🔒 user-authorized postinstall scripts
🔒 permission audit + trace logs
and much more 👇
deno.com/blog/deno-pr...
This is excellent! And I see @ap.brid.gy is bridging Bluesky quotes into Mastodon already 🥳
In case you missed it, Quote Posts are live on mastodon.social and mastodon.online — let us know what you think!
This feature has been a long time coming because we wanted to take the time to do it right. Part of that process was sharing our work and getting feedback along the way […]
This feature has been a long time coming because we wanted to take the time to do it right. Part of that process was sharing our work and getting feedback along the way […]
Original post on mastodon.social
mastodon.social
September 30, 2025 at 6:35 PM
This is excellent! And I see @ap.brid.gy is bridging Bluesky quotes into Mastodon already 🥳
Reposted by Pelle Wessman
Iconfactory Tapestry 1.3 arrives on iOS 26 with stunning support for Liquid Glass, timeline treats like displaying Mastodon quoted posts and nicer polls, the ability to adjust font size within Tapestry and a native macOS app.
Your personal timeline app just got a whole lot better.
#TapestryApp
Your personal timeline app just got a whole lot better.
#TapestryApp
Glass Tapestry and More! • The Breakroom
We’re pleased to announce the arrival of Iconfactory Tapestry on iOS 26 with stunning support for Liquid Glass, visual improvements up and down the timeline, and a new native app for macOS. Tapestry ...
blog.iconfactory.com
September 30, 2025 at 5:00 PM
Iconfactory Tapestry 1.3 arrives on iOS 26 with stunning support for Liquid Glass, timeline treats like displaying Mastodon quoted posts and nicer polls, the ability to adjust font size within Tapestry and a native macOS app.
Your personal timeline app just got a whole lot better.
#TapestryApp
Your personal timeline app just got a whole lot better.
#TapestryApp
@tangled.org FYI, I mentioned you here in @openssf.org regarding documenting the process and considerations for onboarding new CI platforms to the "Trusted Publishing" model of package registries like @pypi.org, npm etc: github.com/ossf/wg-secu...
Relevant if you want to support it in your CI
Relevant if you want to support it in your CI
Document / standardize a common process for onboarding Trusted Publishing platforms · Issue #90 · ossf/wg-securing-software-repos
Following on the npm security announcements and its discussions there is a common concern (see eg. this comment) that the number of platforms supported for Trusted Publishing by npm is limited to j...
github.com
September 30, 2025 at 1:49 PM
@tangled.org FYI, I mentioned you here in @openssf.org regarding documenting the process and considerations for onboarding new CI platforms to the "Trusted Publishing" model of package registries like @pypi.org, npm etc: github.com/ossf/wg-secu...
Relevant if you want to support it in your CI
Relevant if you want to support it in your CI
Reposted by Pelle Wessman
If you're into new browser engines free from corporate control – maybe skip the latest 'benevolent dictator', and check out @servo.org
They have nightly snapshots you can install, and they're rolling out new features regularly:
servo.org
They have nightly snapshots you can install, and they're rolling out new features regularly:
servo.org
Servo aims to empower developers with a lightweight, high-performance alternative for embedding web technologies in applications.
Servo is a web rendering engine written in Rust, with WebGL and WebGPU support, and adaptable to desktop, mobile, and embedded applications.
servo.org
September 29, 2025 at 4:18 PM
If you're into new browser engines free from corporate control – maybe skip the latest 'benevolent dictator', and check out @servo.org
They have nightly snapshots you can install, and they're rolling out new features regularly:
servo.org
They have nightly snapshots you can install, and they're rolling out new features regularly:
servo.org
Reposted by Pelle Wessman
Pssst. It's also not mandatory to use a framework if your site doesn't need one.
Shopping around for a place to host your Next.js, Svelte, Nuxt, or any other type of site?
It's easy to try out Deno Deploy for free.
deno.com/deploy
It's easy to try out Deno Deploy for free.
deno.com/deploy
Deno Deploy
One simple platform for anything that runs with JavaScript or Typescript.
deno.com
September 30, 2025 at 11:24 AM
Pssst. It's also not mandatory to use a framework if your site doesn't need one.
In defense of “needless” npm modules:
Sometimes the pure act of discoverability / documentation as code is the main reason for a module.
Eg: Most of the functionality in github.com/voxpelli/typ... could be copied into projects just as well.
But having it collected makes the solutions discoverable
Sometimes the pure act of discoverability / documentation as code is the main reason for a module.
Eg: Most of the functionality in github.com/voxpelli/typ... could be copied into projects just as well.
But having it collected makes the solutions discoverable
GitHub - voxpelli/typed-utils: My personal (type-enabled) utils / helpers
My personal (type-enabled) utils / helpers. Contribute to voxpelli/typed-utils development by creating an account on GitHub.
github.com
September 29, 2025 at 6:11 PM
In defense of “needless” npm modules:
Sometimes the pure act of discoverability / documentation as code is the main reason for a module.
Eg: Most of the functionality in github.com/voxpelli/typ... could be copied into projects just as well.
But having it collected makes the solutions discoverable
Sometimes the pure act of discoverability / documentation as code is the main reason for a module.
Eg: Most of the functionality in github.com/voxpelli/typ... could be copied into projects just as well.
But having it collected makes the solutions discoverable
What's up with major companies / startups having blogs that has neither RSS-feeds nor newsletters?
With eg. Feedbin and Readwise Reader I can subscribe to a newsletter as if it was an RSS-feed, but when they have neither? Do they expect me to keep up to date through LinkedIn / Twitter (🤢)?
With eg. Feedbin and Readwise Reader I can subscribe to a newsletter as if it was an RSS-feed, but when they have neither? Do they expect me to keep up to date through LinkedIn / Twitter (🤢)?
September 18, 2025 at 7:54 AM
What's up with major companies / startups having blogs that has neither RSS-feeds nor newsletters?
With eg. Feedbin and Readwise Reader I can subscribe to a newsletter as if it was an RSS-feed, but when they have neither? Do they expect me to keep up to date through LinkedIn / Twitter (🤢)?
With eg. Feedbin and Readwise Reader I can subscribe to a newsletter as if it was an RSS-feed, but when they have neither? Do they expect me to keep up to date through LinkedIn / Twitter (🤢)?
I’m really impressed by what I see from @buttondown.com – it feels like one of those web projects that are doing everything the way it should be – I kind of want to start a newsletter simply to be able to make use of it
When folks ask me what newsletter platform I use, I'm always SO stoked to refer them to @buttondown.com so when they reached out to me for this interview, it was an immediate, hands-down yes 🖤
📖Read it here
buttondown.com/stories/destiny-toro
💌Sign up for my newsletter here
destinytoro.com
📖Read it here
buttondown.com/stories/destiny-toro
💌Sign up for my newsletter here
destinytoro.com
September 9, 2025 at 8:16 PM
I’m really impressed by what I see from @buttondown.com – it feels like one of those web projects that are doing everything the way it should be – I kind of want to start a newsletter simply to be able to make use of it
iPhone 4S: 140g, 9.3mm thick
iPhone 5: 112g, 7.6mm thick
iPhone 12 Mini: 133g, 7.4mm thick
iPhone 13 Mini: 141g, 7.65mm thick
iPhone Air: 165g, 5.64mm thick
iPhone 16: 170g, 7.8mm thick
iPhone 16 Pro: 199g, 8.35mm thick
iPhone 17 Pro: 206g, 8.75mm thick
iPhone 5: 112g, 7.6mm thick
iPhone 12 Mini: 133g, 7.4mm thick
iPhone 13 Mini: 141g, 7.65mm thick
iPhone Air: 165g, 5.64mm thick
iPhone 16: 170g, 7.8mm thick
iPhone 16 Pro: 199g, 8.35mm thick
iPhone 17 Pro: 206g, 8.75mm thick
September 9, 2025 at 7:40 PM
iPhone 4S: 140g, 9.3mm thick
iPhone 5: 112g, 7.6mm thick
iPhone 12 Mini: 133g, 7.4mm thick
iPhone 13 Mini: 141g, 7.65mm thick
iPhone Air: 165g, 5.64mm thick
iPhone 16: 170g, 7.8mm thick
iPhone 16 Pro: 199g, 8.35mm thick
iPhone 17 Pro: 206g, 8.75mm thick
iPhone 5: 112g, 7.6mm thick
iPhone 12 Mini: 133g, 7.4mm thick
iPhone 13 Mini: 141g, 7.65mm thick
iPhone Air: 165g, 5.64mm thick
iPhone 16: 170g, 7.8mm thick
iPhone 16 Pro: 199g, 8.35mm thick
iPhone 17 Pro: 206g, 8.75mm thick
I’m torn on new iPhones.
Investing that much money again for a closed ecosystem that adapts to the MAGA wishes and whose profits supports a country run by a bully.
It feels wrong.
Investing that much money again for a closed ecosystem that adapts to the MAGA wishes and whose profits supports a country run by a bully.
It feels wrong.
September 9, 2025 at 7:06 PM
I’m torn on new iPhones.
Investing that much money again for a closed ecosystem that adapts to the MAGA wishes and whose profits supports a country run by a bully.
It feels wrong.
Investing that much money again for a closed ecosystem that adapts to the MAGA wishes and whose profits supports a country run by a bully.
It feels wrong.
Reposted by Pelle Wessman
Message from NPM:
"All impacted package versions have been taken down. I'll be in touch when we have more information regarding account recovery."
I've requested further information about which packages were published, their versions, and all account actions NPM took.
"All impacted package versions have been taken down. I'll be in touch when we have more information regarding account recovery."
I've requested further information about which packages were published, their versions, and all account actions NPM took.
September 8, 2025 at 7:58 PM
Message from NPM:
"All impacted package versions have been taken down. I'll be in touch when we have more information regarding account recovery."
I've requested further information about which packages were published, their versions, and all account actions NPM took.
"All impacted package versions have been taken down. I'll be in touch when we have more information regarding account recovery."
I've requested further information about which packages were published, their versions, and all account actions NPM took.
I run this on Renovate for many of my projects. Good stuff and helps your lockfiles stay clear of sudden attacks like today’s one
Dependabot copied this and also allows for setting a cooldown.
github.blog/changelog/20...
github.blog/changelog/20...
Dependabot supports configuration of a minimum package age - GitHub Changelog
The cooldown feature is now generally available for Dependabot version updates! This feature gives you control over when version update pull requests are created to bump your dependencies. What’s new…
github.blog
September 8, 2025 at 7:52 PM
I run this on Renovate for many of my projects. Good stuff and helps your lockfiles stay clear of sudden attacks like today’s one
I wonder if there’s a way in a post-GitHub world to let the pendulum swing back somewhat.
Keep all the good stuff from social coding but return some collective ownership and wikification aspects.
Keep all the good stuff from social coding but return some collective ownership and wikification aspects.
I miss when filing issues was more like a collective wikification – you helped uncover and track issues at large just like you can help uncover and improve knowledge within a wiki.
I think this may have been the one place where GitHub’s ”social coding” approach did more harm than good
I think this may have been the one place where GitHub’s ”social coding” approach did more harm than good
September 8, 2025 at 7:50 PM
I wonder if there’s a way in a post-GitHub world to let the pendulum swing back somewhat.
Keep all the good stuff from social coding but return some collective ownership and wikification aspects.
Keep all the good stuff from social coding but return some collective ownership and wikification aspects.