Michael Zasso
@targos.dev
Follow-up question: if I have new packages to publish, do I have to publish them all manually one by one before setting up trusted publishing?
October 17, 2025 at 1:30 PM
Follow-up question: if I have new packages to publish, do I have to publish them all manually one by one before setting up trusted publishing?
We use Vike and it works well for us!
September 30, 2025 at 7:23 AM
We use Vike and it works well for us!
The open alternative to GitHub already exists, and is hosted elsewhere!
codeberg.org/forgejo/forg...
codeberg.org/forgejo/forg...
forgejo
Beyond coding. We forge.
codeberg.org
August 12, 2025 at 5:17 AM
The open alternative to GitHub already exists, and is hosted elsewhere!
codeberg.org/forgejo/forg...
codeberg.org/forgejo/forg...
Major in theory. In practice I would probably not have thought about it.
February 14, 2025 at 6:36 AM
Major in theory. In practice I would probably not have thought about it.
Maybe we should start specifying that we want minimal code, not minimal effort.
January 11, 2025 at 9:48 PM
Maybe we should start specifying that we want minimal code, not minimal effort.
Is SHA-256 faster because CPUs have specialized instructions for it?
January 11, 2025 at 4:50 PM
Is SHA-256 faster because CPUs have specialized instructions for it?
This GitHub "feature" has been known for years and has already been abused to trick people into downloading malware. I'm not aware of any official communication about it but I may have missed it.
December 9, 2024 at 3:40 PM
This GitHub "feature" has been known for years and has already been abused to trick people into downloading malware. I'm not aware of any official communication about it but I may have missed it.
Wait, it's actually in the stack trace. The problem is in the abandoned `esm` module: github.com/standard-thi...
This internal method was changed. It now expects two parameters.
This internal method was changed. It now expects two parameters.
github.com
December 6, 2024 at 6:45 AM
Wait, it's actually in the stack trace. The problem is in the abandoned `esm` module: github.com/standard-thi...
This internal method was changed. It now expects two parameters.
This internal method was changed. It now expects two parameters.
This probably means that one of the modules is abusing Node.js internals. Try to run the tests with the `NODE_DEBUG=module` env var to find which one.
December 6, 2024 at 6:43 AM
This probably means that one of the modules is abusing Node.js internals. Try to run the tests with the `NODE_DEBUG=module` env var to find which one.
I'm talking about runtime checks. I don't know what you mean by "type checks".
December 5, 2024 at 5:40 PM
I'm talking about runtime checks. I don't know what you mean by "type checks".
I agree. My point is that correct types should force you to write the checks, or at least help you think about it.
December 5, 2024 at 5:35 PM
I agree. My point is that correct types should force you to write the checks, or at least help you think about it.
My opinion here is that if the query string parser you use has type definitions and may convert any query param to an array, the types should reflect that. Otherwise it's a typings bug that may introduce the security vulnerability.
December 5, 2024 at 5:27 PM
My opinion here is that if the query string parser you use has type definitions and may convert any query param to an array, the types should reflect that. Otherwise it's a typings bug that may introduce the security vulnerability.
I tried to find a hint in the conversation but I don't find how you can (unexpectedly) get something other than a string from a query parameter. You need to have a specific parser/transformer in the middle. It's not like untrusted JSON body.
December 5, 2024 at 4:42 PM
I tried to find a hint in the conversation but I don't find how you can (unexpectedly) get something other than a string from a query parameter. You need to have a specific parser/transformer in the middle. It's not like untrusted JSON body.
node --expose-internals -e "require('internal/test/binding').internalBinding('process_methods').causeSegfault()"
November 14, 2024 at 11:08 AM
node --expose-internals -e "require('internal/test/binding').internalBinding('process_methods').causeSegfault()"
November 12, 2024 at 7:40 AM
I only had one sponsor (codecov), and lost it today.
November 11, 2024 at 9:32 AM
I only had one sponsor (codecov), and lost it today.
I use Draw Things: drawthings.ai
Draw Things: AI-assisted Image Generation
drawthings.ai
November 10, 2024 at 8:38 PM
I use Draw Things: drawthings.ai
In case they want to use the `nodejs.org` handle and can't do it, feel free to direct them to me. Happy to help for the DNS challenge.
November 9, 2024 at 12:13 PM
In case they want to use the `nodejs.org` handle and can't do it, feel free to direct them to me. Happy to help for the DNS challenge.