Fyodor
@fyodor.io
Software craftsman building light and beautiful things with heavy and ugly tools. Also curating some kind of registry of these cute beasts at metaframe.works.
That’s becoming a thing that more and more often pnpm sounds like an answer to Node.js security questions
@pnpm.io added a `trustPolicy` option in 10.21.
It allows you to prevent installing potentially malicious dependency updates that are not signed like previous versions.
pnpm.io/blog/release...
Thank you for all the performance, productivity and security enhancements over the last years 💜
It allows you to prevent installing potentially malicious dependency updates that are not signed like previous versions.
pnpm.io/blog/release...
Thank you for all the performance, productivity and security enhancements over the last years 💜
November 11, 2025 at 8:22 AM
That’s becoming a thing that more and more often pnpm sounds like an answer to Node.js security questions
I love this manifesto, and it is even somewhat related to my thoughts over the last issue of the Metaframeworks Records
antirez.com/news/145
antirez.com/news/145
We are destroying software - <antirez>
antirez.com
November 9, 2025 at 9:49 AM
I love this manifesto, and it is even somewhat related to my thoughts over the last issue of the Metaframeworks Records
antirez.com/news/145
antirez.com/news/145
📀 New (34th) Issue of Metaframeworks Records 📀
Zero is something we need to gravitate towards to avoid being burnt out. And different people and tools approach that differently. Let's look at these efforts and see for ourselves. Expect to hear from #tanstack, #remix, #sveltekit, #analog, and more.
Zero is something we need to gravitate towards to avoid being burnt out. And different people and tools approach that differently. Let's look at these efforts and see for ourselves. Expect to hear from #tanstack, #remix, #sveltekit, #analog, and more.
Issue #34: Zero - Metaframeworks Records
This week we talk about finding balance, calmness, and (sometimes) boldness.
metaframe.works
November 7, 2025 at 5:44 PM
📀 New (34th) Issue of Metaframeworks Records 📀
Zero is something we need to gravitate towards to avoid being burnt out. And different people and tools approach that differently. Let's look at these efforts and see for ourselves. Expect to hear from #tanstack, #remix, #sveltekit, #analog, and more.
Zero is something we need to gravitate towards to avoid being burnt out. And different people and tools approach that differently. Let's look at these efforts and see for ourselves. Expect to hear from #tanstack, #remix, #sveltekit, #analog, and more.
Reposted by Fyodor
November 6, 2025 at 9:08 AM
Reposted by Fyodor
Whenever I wrote something clever, it comes back to bite me in the end. Dumb and simple code always wins.
November 3, 2025 at 3:54 PM
Whenever I wrote something clever, it comes back to bite me in the end. Dumb and simple code always wins.
Reposted by Fyodor
🚀 Announcing @analogjs.org 2.0!
📜 Content Resources for @angular.dev
📦 Optimized Installs and Bundling
⚡️ @vite.dev ecosystem upgrades
And more!
dev.to/analogjs/ann...
📜 Content Resources for @angular.dev
📦 Optimized Installs and Bundling
⚡️ @vite.dev ecosystem upgrades
And more!
dev.to/analogjs/ann...
Announcing AnalogJS 2.0 ⚡️
We're excited to announce the 2.0 release of AnalogJS! This release includes many features that help...
dev.to
November 3, 2025 at 3:23 PM
🚀 Announcing @analogjs.org 2.0!
📜 Content Resources for @angular.dev
📦 Optimized Installs and Bundling
⚡️ @vite.dev ecosystem upgrades
And more!
dev.to/analogjs/ann...
📜 Content Resources for @angular.dev
📦 Optimized Installs and Bundling
⚡️ @vite.dev ecosystem upgrades
And more!
dev.to/analogjs/ann...
Reposted by Fyodor
ViteConf 2025 was a blast!
If you didn't catch up on all the highlights yet, then our recap post is what you need.
◆ Vite+ 👀
◆ How Oxlint supports JS plugins
◆ A @vite.dev DevTools sneak peek
◆ State of @vitest.dev
◆ Using @rolldown.rs & Oxlint at scale
◆ ...and more
voidzero.dev/posts/whats-...
If you didn't catch up on all the highlights yet, then our recap post is what you need.
◆ Vite+ 👀
◆ How Oxlint supports JS plugins
◆ A @vite.dev DevTools sneak peek
◆ State of @vitest.dev
◆ Using @rolldown.rs & Oxlint at scale
◆ ...and more
voidzero.dev/posts/whats-...
ViteConf 2025 Recap
ViteConf 2025 was a landmark event for the Vite ecosystem, featuring major announcements like Vite+, Oxlint JavaScript Plugins, Vite DevTools, Nitro v3, and more. Read all about the highlights in our…
voidzero.dev
October 27, 2025 at 12:20 PM
ViteConf 2025 was a blast!
If you didn't catch up on all the highlights yet, then our recap post is what you need.
◆ Vite+ 👀
◆ How Oxlint supports JS plugins
◆ A @vite.dev DevTools sneak peek
◆ State of @vitest.dev
◆ Using @rolldown.rs & Oxlint at scale
◆ ...and more
voidzero.dev/posts/whats-...
If you didn't catch up on all the highlights yet, then our recap post is what you need.
◆ Vite+ 👀
◆ How Oxlint supports JS plugins
◆ A @vite.dev DevTools sneak peek
◆ State of @vitest.dev
◆ Using @rolldown.rs & Oxlint at scale
◆ ...and more
voidzero.dev/posts/whats-...
Reposted by Fyodor
Waku v0.27.0 is here!
Waku is a React Server Component framework built to make React development fun again.
Now stabilizing the public API as we prepare for the v1 alpha, so it's a perfect time to try it and share your feedback before we finalize things. waku.gg/blog/more-ex...
Waku is a React Server Component framework built to make React development fun again.
Now stabilizing the public API as we prepare for the v1 alpha, so it's a perfect time to try it and share your feedback before we finalize things. waku.gg/blog/more-ex...
Waku, the minimal React framework
A lightweight alternative React framework with a fun developer experience. Loved by React developers at startups and agencies.
waku.gg
October 27, 2025 at 12:58 PM
Waku v0.27.0 is here!
Waku is a React Server Component framework built to make React development fun again.
Now stabilizing the public API as we prepare for the v1 alpha, so it's a perfect time to try it and share your feedback before we finalize things. waku.gg/blog/more-ex...
Waku is a React Server Component framework built to make React development fun again.
Now stabilizing the public API as we prepare for the v1 alpha, so it's a perfect time to try it and share your feedback before we finalize things. waku.gg/blog/more-ex...
Reposted by Fyodor
🎁 we've just released Nuxt 4.2!
🎨 better error pages in dev
🔮 opt-in Vite Environment API
🎯 abort controller for data fetching composables
⚡️ asyncData handler extraction
🔧 experimental TypeScript plugin support
happy upgrading ❤️
👉 read more at nuxt.com/blog/v4-2
🎨 better error pages in dev
🔮 opt-in Vite Environment API
🎯 abort controller for data fetching composables
⚡️ asyncData handler extraction
🔧 experimental TypeScript plugin support
happy upgrading ❤️
👉 read more at nuxt.com/blog/v4-2
Nuxt 4.2 · Nuxt Blog
Nuxt 4.2 is out - with experimental TypeScript plugin support, better error handling in development, abort control for data fetching, and more!
nuxt.com
October 25, 2025 at 6:17 AM
🎁 we've just released Nuxt 4.2!
🎨 better error pages in dev
🔮 opt-in Vite Environment API
🎯 abort controller for data fetching composables
⚡️ asyncData handler extraction
🔧 experimental TypeScript plugin support
happy upgrading ❤️
👉 read more at nuxt.com/blog/v4-2
🎨 better error pages in dev
🔮 opt-in Vite Environment API
🎯 abort controller for data fetching composables
⚡️ asyncData handler extraction
🔧 experimental TypeScript plugin support
happy upgrading ❤️
👉 read more at nuxt.com/blog/v4-2
📀 New (33rd) Issue of Metaframeworks Records 📀
A lot of mind-boggling updates of all sorts. Starting with framework-level philosophical doctrines and up to Oscar-worthy performances from JS bundler developers, with some habitual controversies, and many highly-anticipated releases.
A lot of mind-boggling updates of all sorts. Starting with framework-level philosophical doctrines and up to Oscar-worthy performances from JS bundler developers, with some habitual controversies, and many highly-anticipated releases.
Issue #33: My Generation - Metaframeworks Records
Some say it's just tools. They show it can be larger than that.
metaframe.works
October 22, 2025 at 7:27 PM
📀 New (33rd) Issue of Metaframeworks Records 📀
A lot of mind-boggling updates of all sorts. Starting with framework-level philosophical doctrines and up to Oscar-worthy performances from JS bundler developers, with some habitual controversies, and many highly-anticipated releases.
A lot of mind-boggling updates of all sorts. Starting with framework-level philosophical doctrines and up to Oscar-worthy performances from JS bundler developers, with some habitual controversies, and many highly-anticipated releases.
Reposted by Fyodor
Next.js 16
• Cache Components
• Turbopack enabled by default
• Turbopack file system caching (beta)
• Optimized navigations and prefetching
• Improved caching APIs
• Build Adapters API (alpha)
• React 19.2
nextjs.org/blog/next-16
• Cache Components
• Turbopack enabled by default
• Turbopack file system caching (beta)
• Optimized navigations and prefetching
• Improved caching APIs
• Build Adapters API (alpha)
• React 19.2
nextjs.org/blog/next-16
October 22, 2025 at 12:37 AM
Next.js 16
• Cache Components
• Turbopack enabled by default
• Turbopack file system caching (beta)
• Optimized navigations and prefetching
• Improved caching APIs
• Build Adapters API (alpha)
• React 19.2
nextjs.org/blog/next-16
• Cache Components
• Turbopack enabled by default
• Turbopack file system caching (beta)
• Optimized navigations and prefetching
• Improved caching APIs
• Build Adapters API (alpha)
• React 19.2
nextjs.org/blog/next-16
This is probably the most comprehensive explanation of database migrations I ever saw wasp.sh/blog/2025/04...
A Gentle Introduction to Database Migrations in Prisma with Visuals | Wasp
If you are building an app that needs to store user data, you'll probably need a database (e.g., PostgreSQL). Databases use a data schema to organize their data, and database migrations evolve the dat...
wasp.sh
October 18, 2025 at 5:02 AM
This is probably the most comprehensive explanation of database migrations I ever saw wasp.sh/blog/2025/04...
Reposted by Fyodor
50 reasons to love the web from @chriscoyier.net
50 Reasons to Build a Website
Should have done 150.
frontendmasters.com
October 17, 2025 at 5:44 PM
50 reasons to love the web from @chriscoyier.net
Reposted by Fyodor
Investing in building a full Vite plugin integration for Angular keeps paying off more and more 😊
Unlocked Vite(+), Vitest, Astro, Storybook, Nitro, etc 😤
Unlocked Vite(+), Vitest, Astro, Storybook, Nitro, etc 😤
October 10, 2025 at 7:54 PM
Investing in building a full Vite plugin integration for Angular keeps paying off more and more 😊
Unlocked Vite(+), Vitest, Astro, Storybook, Nitro, etc 😤
Unlocked Vite(+), Vitest, Astro, Storybook, Nitro, etc 😤
Reposted by Fyodor
"Let's hear it for the UN of Javascript!
Vite: The Documentary is finally here.
If you missed the premiere, it's OK!!! Here's the link so you can watch it again, and again and again.
youtu.be/bmWQqAKLgT4 "
Vite: The Documentary is finally here.
If you missed the premiere, it's OK!!! Here's the link so you can watch it again, and again and again.
youtu.be/bmWQqAKLgT4 "
Vite: The Documentary
YouTube video by CultRepo
youtu.be
October 9, 2025 at 8:35 PM
"Let's hear it for the UN of Javascript!
Vite: The Documentary is finally here.
If you missed the premiere, it's OK!!! Here's the link so you can watch it again, and again and again.
youtu.be/bmWQqAKLgT4 "
Vite: The Documentary is finally here.
If you missed the premiere, it's OK!!! Here's the link so you can watch it again, and again and again.
youtu.be/bmWQqAKLgT4 "
Reposted by Fyodor
Next.js 16 (beta)
• Turbopack enabled by default
• Turbopack file system caching (beta)
• Optimized navigations and prefetching
• Improved caching APIs
• Build Adapters API (alpha)
• React 19.2
nextjs.org/blog/next-1...
• Turbopack enabled by default
• Turbopack file system caching (beta)
• Optimized navigations and prefetching
• Improved caching APIs
• Build Adapters API (alpha)
• React 19.2
nextjs.org/blog/next-1...
Next.js 16 (beta)
Next.js 16 beta includes stable Turbopack, file system caching, React Compiler support, smarter routing, new caching APIs, and React 19.2 features.
nextjs.org
October 10, 2025 at 3:30 AM
Next.js 16 (beta)
• Turbopack enabled by default
• Turbopack file system caching (beta)
• Optimized navigations and prefetching
• Improved caching APIs
• Build Adapters API (alpha)
• React 19.2
nextjs.org/blog/next-1...
• Turbopack enabled by default
• Turbopack file system caching (beta)
• Optimized navigations and prefetching
• Improved caching APIs
• Build Adapters API (alpha)
• React 19.2
nextjs.org/blog/next-1...
📀 New (32nd) Issue of Metaframeworks Records 📀
Latest fortnight scandals and investigations from #react, #remix, #rsc, #eslint, #html, #tanstack, #nuxt, #docusaurus, #astro, #vite, #sveltekit, and more 📰 (well, probably not that dramatic, but still)
metaframe.works/archive/32/
Latest fortnight scandals and investigations from #react, #remix, #rsc, #eslint, #html, #tanstack, #nuxt, #docusaurus, #astro, #vite, #sveltekit, and more 📰 (well, probably not that dramatic, but still)
metaframe.works/archive/32/
Issue #32: Chain Reaction - Metaframeworks Records
How some actions cause some reactions and what consequences these reactions may bring and impact.
metaframe.works
October 8, 2025 at 2:57 PM
📀 New (32nd) Issue of Metaframeworks Records 📀
Latest fortnight scandals and investigations from #react, #remix, #rsc, #eslint, #html, #tanstack, #nuxt, #docusaurus, #astro, #vite, #sveltekit, and more 📰 (well, probably not that dramatic, but still)
metaframe.works/archive/32/
Latest fortnight scandals and investigations from #react, #remix, #rsc, #eslint, #html, #tanstack, #nuxt, #docusaurus, #astro, #vite, #sveltekit, and more 📰 (well, probably not that dramatic, but still)
metaframe.works/archive/32/
Reposted by Fyodor
Introducing Rendu: JavaScript Hypertext Preprocessor
Not just a template engine — Rendu bridges SPA and SSR using modern Web APIs with multi-streaming and async support.
Not just a template engine — Rendu bridges SPA and SSR using modern Web APIs with multi-streaming and async support.
October 8, 2025 at 8:59 AM
Introducing Rendu: JavaScript Hypertext Preprocessor
Not just a template engine — Rendu bridges SPA and SSR using modern Web APIs with multi-streaming and async support.
Not just a template engine — Rendu bridges SPA and SSR using modern Web APIs with multi-streaming and async support.
Reposted by Fyodor
You know when you buy the cheapest version of a product, thinking it'll save you time/money, but it turns out the cheap version sucks so hard you just throw it away and spend even more on the thing you should've just bought in the first place?
That's what starting a coding project with AI is like.
That's what starting a coding project with AI is like.
October 5, 2025 at 4:36 AM
You know when you buy the cheapest version of a product, thinking it'll save you time/money, but it turns out the cheap version sucks so hard you just throw it away and spend even more on the thing you should've just bought in the first place?
That's what starting a coding project with AI is like.
That's what starting a coding project with AI is like.
📀 New (31st) Issue of Metaframeworks Records 📀
Latest news from #remix, #fresh, #sveltekit, #solidstart, #analog, #redwoodjs, and #umijs, scary supply chain security issues and ways to mitigate them (you'd never guess the third one!) 📰
(I found this stupid clickbait trick on the Internet recently)
Latest news from #remix, #fresh, #sveltekit, #solidstart, #analog, #redwoodjs, and #umijs, scary supply chain security issues and ways to mitigate them (you'd never guess the third one!) 📰
(I found this stupid clickbait trick on the Internet recently)
Issue #31: The Road To Mandalay - Metaframeworks Records
New shiny features of React Router and other metaframeworks slightly clouded by the sinister security context of the ecosystem.
metaframe.works
September 22, 2025 at 4:35 PM
📀 New (31st) Issue of Metaframeworks Records 📀
Latest news from #remix, #fresh, #sveltekit, #solidstart, #analog, #redwoodjs, and #umijs, scary supply chain security issues and ways to mitigate them (you'd never guess the third one!) 📰
(I found this stupid clickbait trick on the Internet recently)
Latest news from #remix, #fresh, #sveltekit, #solidstart, #analog, #redwoodjs, and #umijs, scary supply chain security issues and ways to mitigate them (you'd never guess the third one!) 📰
(I found this stupid clickbait trick on the Internet recently)
Reposted by Fyodor
Super excited to announce the experimental release of asynchronous SSR in Svelte! github.com/sveltejs/sve...
`await` expressions in your Svelte components can now be rendered on the server, meaning you don't need to render them inside boundaries with a `pending` snippet. Next up, streaming SSR!
`await` expressions in your Svelte components can now be rendered on the server, meaning you don't need to render them inside boundaries with a `pending` snippet. Next up, streaming SSR!
Async SSR · sveltejs svelte · Discussion #16784
The Svelte team has been hard at work on asynchronous rendering, with client-side support and remote functions as our first two efforts. It’s time for the third: SSR. Background There are three cor...
github.com
September 17, 2025 at 11:22 PM
Super excited to announce the experimental release of asynchronous SSR in Svelte! github.com/sveltejs/sve...
`await` expressions in your Svelte components can now be rendered on the server, meaning you don't need to render them inside boundaries with a `pending` snippet. Next up, streaming SSR!
`await` expressions in your Svelte components can now be rendered on the server, meaning you don't need to render them inside boundaries with a `pending` snippet. Next up, streaming SSR!
🫴❤️
There has been another serious npm supply-chain attack. Astro is NOT AFFECTED as it does not depend on any of the packages, either directly or indirectly. You should still check your package lock files to ensure you do not have them installed.
socket.dev/blog/tinycol...
socket.dev/blog/tinycol...
Popular Tinycolor npm Package Compromised in Supply Chain At...
Malicious update to @ctrl/tinycolor on npm is part of a supply-chain attack hitting 40+ packages across maintainers
socket.dev
September 18, 2025 at 6:06 AM
🫴❤️
It makes total sense until the new OS version is stabilized 🚀
Did you know that on macOS, you can update just to Safari 26, while remaining on macOS 15 Sequoia or even macOS 14 Sonoma?
Go to > System Settings > General > Software Update. Under “Also Available” you’ll find Safari listed. Click “Update Now”.
Go to > System Settings > General > Software Update. Under “Also Available” you’ll find Safari listed. Click “Update Now”.
September 18, 2025 at 5:52 AM
It makes total sense until the new OS version is stabilized 🚀
This is highly underrated and under-appreciated fact, fwiw
Parcel solved all of those issues 5+ years ago 😉
September 18, 2025 at 5:50 AM
This is highly underrated and under-appreciated fact, fwiw
Reposted by Fyodor
wrote about how i manage npm dependencies, and used it as an excuse to make some watercolors https://blog.val.town/gardening-dependencies
September 11, 2025 at 5:03 PM
wrote about how i manage npm dependencies, and used it as an excuse to make some watercolors https://blog.val.town/gardening-dependencies