@atomrc profile picture
Thomas Belin @atomrc
Joined March 2012
  • Tweets 7,594
  • Following 381
  • Followers 858
534 Photos and videos
Thomas Belin retweeted
TANSTACK
@tan_stack
May 11
SECURITY ADVISORY — TanStack npm packages A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package. Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down. Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys. If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised: • Rotate cloud, GitHub, and SSH credentials immediately • Audit cloud audit logs for the last several hours • Pin to a prior known-good version and reinstall from a clean lockfile Detection — the malicious manifest contains: "optionalDependencies": { "@tanstack/setup": "github:tanstack/router#79ac49ee..." } Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root). Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level. Full technical breakdown, complete package and version list, and rolling status updates: github.com/TanStack/router/i… Credit to the security researcher for responsible disclosure.

Several npm latest releases were compromised · Issue #7383 · TanStack/router

We are actively investigating this security incident and sharing our findings here: www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem

github.com
138
979
3,853
3,905,347
Thomas Belin retweeted
Three.js
@threejs
Apr 1
The future of Three.js is WebAssembly
152
428
5,362
649,256
Thomas Belin retweeted
Anthony Fu 🦋 @antfu.me@antfu7
5 Feb 2025
New blog post! Let's move to ESM! 😈 antfu.me/posts/move-on-to-es…

18
90
669
64,233
Thomas Belin retweeted
Hiroki Osame@privatenumbr
16 Dec 2024
Are you using tsx to import source files across workspace packages? You may be making expensive trade-offs without realizing it Here's a breakdown of the risks and better alternatives: 👉 hirok.io/posts/importing-sou…

Think twice before importing package source files

Importing source files from packages during development can cost you more than it saves

hirok.io
2
6
19
2,616
Thomas Belin@atomrc
22 Oct 2024
It just occurred to me that I am, regularly, reading the most rust-themed children's book ever to my 1.5y-o son: "don't `panic!` little crab" He got an early kick start into rust 😎 #rust
3
209
Thomas Belin retweeted
rniwa.dev@rniwa_dev
7 Sep 2024
Hot take: singleton is an anti-pattern.
21
3
30
10,755
Thomas Belin@atomrc
3 Sep 2024
After 2 weeks using only @zeddotdev (switching from vscode), I can say that I really like it. It feels so snappy and responsive!! I can only recommend giving it a try ✨
1
1
154
Thomas Belin retweeted
Matt Pocock
@mattpocockuk
26 Aug 2024
I just wrote a massive guide to creating and publishing a package on npm. It goes from an empty directory to a production-ready setup. It's over 4,000 words, and has a 14-minute walkthrough video. Want the juicy bits? Time for a thread 👇 🧵
41
203
2,034
118,704
Thomas Belin retweeted
🚀 Catalin Ciubotaru 🚀@c5n_c8u
20 Aug 2024
Thank you @JoshWComeau for explaining the `useDeferredValue` hook so well. Nice and clear 🤩. joshwcomeau.com/react/use-de…

Snappy UI Optimization with useDeferredValue • Josh W. Comeau

useDeferredValue is one of the most underrated React hooks. It allows us to dramatically improve the performance of our applications in certain contexts. I recently used it to solve a gnarly perfor...

joshwcomeau.com
1
7
35
5,413
Thomas Belin retweeted
Dominik 🔮@TkDodo
1 Aug 2024
📚 I like xstate/store so much that I will probably use it over zustand the next chance I get. I wrote about the reasons in this blog post: tkdodo.eu/blog/introducing-x…

Introducing XState Store

There's a new state manager in the game, and it ticks all my boxes ...

tkdodo.eu
34
43
433
88,441
Thomas Belin retweeted
Jake Archibald@jaffathecake
30 Jul 2024
📝 JavaScript garbage collection doesn't work how I expected when it comes to closures. TIL! jakearchibald.com/2024/garba…

Garbage collection and closures

GC within a function doesn't work how I expected

jakearchibald.com
40
144
815
75,303
Thomas Belin retweeted
Matt Pocock
@mattpocockuk
29 Jul 2024
Useful thing to remember when climbing the ladder: The people above you are not as good as you think they are. No one is supernatural.
9
15
167
11,924
Thomas Belin retweeted
Liran Tal@liran_tal
27 Jul 2024
Replying to @passle_
Folks you probably want to actually get the update from my personal blog which INCLUDES UPDATES: lirantal.com/blog/zero-depen… Sadly, the hashnode syndication is unhelpful because it doesn't pick up on edits I push on my own blog

Zero Dependency JavaScript is the Future?

The rise of zero dependency JavaScript with packages like `neotraverse` and the controversy around the `axobject-query` package demonstrate the different perspectives and trade-offs that developers...

lirantal.com
2
5
2,682
Thomas Belin retweeted
Matt Pocock
@mattpocockuk
26 Jul 2024
TypeScript 5.6 beta brings a sweet new feature - the ability to spot faulty logic in your if statements. SO many subtle will be prevented by this. Really nice stuff.
19
46
580
33,937
Thomas Belin retweeted
Seb ⚛️ ThisWeekInReact.com
@sebastienlorber
24 Jul 2024
📜 DRY – the common source of bad abstractions - @Swizec Greatly illustrates how React devs could end up creating the wrong abstraction Popular React UI libraries learned over the year to not over-abstract, giving you more flexibility swizec.com/blog/dry-the-comm…
2
4
37
4,937
Thomas Belin retweeted
David K 🎹
@DavidKPiano
24 Jul 2024
Okay, listen. If you're going to fetch in useEffect(...), you should at least make sure that you're handling: - Loading states - Error handling (rejections & HTTP error codes) - Race conditions & cancellation This isn't over-engineering. It's the minimum code to prevent bugs.
function Component({ id }) { // Or const [status, setStatus] = useState('loading'); const [isLoading, setIsLoading] = useState(true); const [user, setUser] = useState(); const [error, setError] = useState(); useEffect(() => { let ignore = false; setIsLoading(true); fetch(`/api/users/${id}`) .then((res) => { if (!res.ok) { throw new Error('Failed to fetch'); } return res.json(); }) .then((jsonData) => { if (!ignore) { setUser(jsonData); setError(undefined); } }) .catch((err) => { if (!ignore) { setError(err); setUser(undefined); } }) .finally(() => { if (!ignore) { setIsLoading(false); } }); return () => { ignore = true; }; }, [id]); // ... }

ALT function Component({ id }) { // Or const [status, setStatus] = useState('loading'); const [isLoading, setIsLoading] = useState(true); const [user, setUser] = useState(); const [error, setError] = useState(); useEffect(() => { let ignore = false; setIsLoading(true); fetch(`/api/users/${id}`) .then((res) => { if (!res.ok) { throw new Error('Failed to fetch'); } return res.json(); }) .then((jsonData) => { if (!ignore) { setUser(jsonData); setError(undefined); } }) .catch((err) => { if (!ignore) { setError(err); setUser(undefined); } }) .finally(() => { if (!ignore) { setIsLoading(false); } }); return () => { ignore = true; }; }, [id]); // ... }

75
159
1,532
140,634
Thomas Belin retweeted
Maxime Chevalier
@Love2Code
20 Jul 2024
Playing guitar tablatures in Rust agourlay.github.io/ruxguitar…
3
17
2,571
Thomas Belin retweeted
Ahmad Shadeed
@shadeed9
20 Jul 2024
✍️ New Guide: CSS Grid Areas I wrote a new ✨ interactive ✨ guide that explores CSS grid areas, line numbers, line names, and includes many interactive examples to experiment with. Happy learning! 🔗 ishadeed.com/article/css-gri…
0:08
17
227
1,510
118,399
Thomas Belin retweeted
Cory House
@housecor
18 Jun 2024
A Zod misuse I've noticed: Validating function args. Zod is for validating runtime input: - URL params - HTTP Responses - localStorage - Cookies - Reading from files Avoid using Zod to validate function args. The args are already strongly typed by TypeScript itself.
48
46
751
185,535
Thomas Belin retweeted
Matt Pocock
@mattpocockuk
14 Jun 2024
Here's a beautiful piece of TS code to get the indexes of any 'as const' array.
https://twitter.com/TheRealP_YAN/status/1670005437372981249 ```ts twoslash // CODE /** * Coerces a string, number or symbol into a number */ type ToNumber<T extends PropertyKey> = T extends `${infer U extends number}` ? U : never; /** * Returns the indexes of an array */ type IndexesOfArray<T extends readonly any[]> = ToNumber< keyof T >; ``` ```ts twoslash type IndexesOfArray<T extends readonly any[]> = ToNumber< keyof T >; type ToNumber<T extends PropertyKey> = T extends `${infer U extends number}` ? U : never; // ---cut--- // USAGE const names = ["matt", "percy", "david"] as const; type NameIndexes = IndexesOfArray<typeof names>; // ^? ```

ALT https://twitter.com/TheRealP_YAN/status/1670005437372981249 ```ts twoslash // CODE /** * Coerces a string, number or symbol into a number */ type ToNumber<T extends PropertyKey> = T extends `${infer U extends number}` ? U : never; /** * Returns the indexes of an array */ type IndexesOfArray<T extends readonly any[]> = ToNumber< keyof T >; ``` ```ts twoslash type IndexesOfArray<T extends readonly any[]> = ToNumber< keyof T >; type ToNumber<T extends PropertyKey> = T extends `${infer U extends number}` ? U : never; // ---cut--- // USAGE const names = ["matt", "percy", "david"] as const; type NameIndexes = IndexesOfArray<typeof names>; // ^? ```

13
38
617
79,834
Load more