Father of 2, Author of countless OS projects/libraries (Node.js, React(-Native), WebSockets, Frameworks etc) I shoot stuff online.
Joined April 2008
- Tweets 19,041
- Following 1,086
- Followers 2,343
- Likes 1,725
278 Photos and videos
13 Sep 2025
Just want to make it perfectly clear, @npmjs is 100% to blame for all the phishing attacks we package authors have to endure. Exposing the email address of authors for shits’n’giggles is 100% to blame for this.
There is no option to prevent your email from being leaked by npm
1
137
13 Sep 2025
Not only that, there is only 1 email address that is exposed, that is the same email npm uses for their communication, hence an easy phishing.
As I use a dedicated alias for npm, i can also see that this public exposure is the reason I get so much spam. At least 40% is my alias
1
90
2 Jul 2023
Does any have a spare blsky invite? Seems like its time to move while twitter is on its way to implode. 🫣
1
262
17 Oct 2022
TFW you find out the web finally has a deep clone API called `structuredClone`: 🥳
TFW you realise it doesn't work on Proxies: 😩
1
14 Oct 2022
It's very liberating to work on your own projects, as you're not hindered by the constraints and boundaries of your work environment.
You create.
You experiment.
You innovate.
You're the mad scientist.
2
5 Oct 2022
My dog has been responsible for 100% of the fires caused by our 2 @iRobot Roomba's.
Long hair dogs, rotating parts == friction. It's a recipe for disaster.
1
29 Sep 2022
Security researcher reporting bug: $100-1000
OpenSource maintainer fixing bugs: $0
🥲
28 Sep 2022
The current state of the art mono repo tooling, nx/lerna, decided that fork bombing is an acceptable pattern when executing tasks.
Is this _really_ the best we can do? Like, really?
1
22 Sep 2022
Hot take: React did more harm than good for the web.
Our apps got heavier, and we somehow accepted that is fine to ship duplicate content because yay hydration. It's extremely overkill for the majority of apps that just render basic UI elements.
2
21 Sep 2022
I'm thankful for JSDOM.
For reminding about the mistake I made for installing it, and using it in a project. What were we thinking, trying to polyfil a JS environment with non functioning polyfill API's that do not represent the real world usage of our code at all.
1
2
21 Sep 2022
Not only does it means you're not testing your code correctly and you basically cross your fingers and hope that there's no implementation difference between the real API and whatever polyfill they designed. But when you hit those API differences...
1
21 Sep 2022
It doesn't throw an Error, no, that would make too much sense right? Instead we create an Error instance, and log it to the console instead, sending you on a while goose chase figuring out where the error is coming from, why your tests are still passing.
23 Aug 2022
I have been talking with windows support for 5 hours plus trying to fix windows activation after a HW change install. Now were back at a new support team.
This is why people use linux
1
1
23 Aug 2022
I don’t understand why it has to be this hard to just activate windows. Just press the button that does the stuff. You know I have a license, stop wasting both our time.
6 Jul 2022
Going where Nodejs refuses to, making WebSockets a first class citizen. I hope this sparks some new competition, because Nodejs is stuck in the past.
5 Jul 2022
Introducing Bun - an incredibly fast all-in-one JavaScript runtime.
bun.sh/
1
1
17
3 May 2022
The new exports key in package.json files is a great new entry point for supply chain attacks. It allows you load different files depending on environment, targets and what not. Allows code to work in browser, but run malicious code in node. #nodejs
2
2
3 May 2022
Its a great option to abuse when install scrips are blocked on systems, and really easy to exploit. It can be done high conditional as well. E.g only when NODE_ENV=production making it harder to track down.
1