@daloyjs profile picture
DaloyJS @daloyjs

The runtime-portable TypeScript framework with supply-chain-aware defaults.

Joined May 2026
  • Tweets 116
  • Following 279
  • Followers 16
7 Photos and videos
Pinned Tweet
DaloyJS
@daloyjs
May 21
Just as you wouldn't drink from a contaminated stream, you shouldn't build on a contaminated supply chain. DaloyJS is the "filtration system" for modern JS development.
2
2
264
The default in-memory `rateLimit()` is a one-instance lie behind a load balancer. `@daloyjs/core/rate-limit-redis` fixes it with an atomic Lua INCR PEXPIRE. Plus the three levers that matter in prod: fail-open, Retry-After, store location. daloyjs.dev/blog/rate-limiti…

Rate Limiting That Survives Multiple Instances · DaloyJS

Why the default in-memory rateLimit() is a one-instance lie behind a load balancer, how @daloyjs/core/rate-limit-redis fixes it with an atomic Lua INCR PEXPIRE script, and the three operational...

daloyjs.dev
5
DaloyJS
@daloyjs
Jun 13
`onPluginInstalled()` and `onShutdown()` are first-class events in DaloyJS. Platform teams use them to ship observability, service registration, graceful drain, and policy plugins — with zero imports in the route files. daloyjs.dev/blog/plugin-life…

Plugin Lifecycle Events for Large-Team Framework Code · DaloyJS

Why DaloyJS exposes onPluginInstalled() and onShutdown() as first-class events, and how a platform team uses them to ship observability, service registration, graceful drain, metrics flushing, and...

daloyjs.dev
3
DaloyJS
@daloyjs
Jun 12
`daloy inspect` is the API-surface review tool platform teams keep wishing they had. Full route table, schema presence, contract issues, live OpenAPI 3.1 — loaded from your TS entry via tsx, zero build step. Point it at a PR. daloyjs.dev/blog/daloy-cli-i…

The DaloyJS CLI: Inspecting Routes, Schemas, OpenAPI, and Contract Health · DaloyJS

daloy inspect is the CLI you point at your App before a PR merges. It prints the full route table, schema presence, contract issues, and the live OpenAPI 3.1 document — loaded straight from your...

daloyjs.dev
1
16
DaloyJS
@daloyjs
Jun 11
Every `create-daloy` project ships an AGENTS.md and a focused SKILL.md. Small on purpose. Copilot, Claude Code, Cursor, and Codex make safer edits from the first prompt because the rules are written down where they look. daloyjs.dev/blog/designing-f…

Designing for Coding Agents: Why DaloyJS Scaffolds AGENTS.md and Skills · DaloyJS

Every project created by create-daloy ships with a short AGENTS.md and a focused .agents/skills/daloyjs-best-practices/SKILL.md. Here's why those two files matter, why they're intentionally small,...

daloyjs.dev
2
67
DaloyJS
@daloyjs
Jun 10
Ten years of shipping fullstack apps, one Filipino dev in Norway, and the framework I kept wishing existed at 2am. The honest origin story of DaloyJS. daloyjs.dev/blog/the-flow-i-…

The flow I wished I had: why we built DaloyJS · DaloyJS

Ten years of shipping fullstack apps, one Filipino dev in Norway, and the framework I kept wishing existed at 2am.

daloyjs.dev
2
10
x.com/i/article/206433943490…
1
102
Why DaloyJS Is the Framework to Bet On in 2027 open.substack.com/pub/daloyj…
7
Trust nobody. Not even your node_modules. 😠 linkedin.com/pulse/trust-nob…

Trust Nobody, Not Even Your node_modules: Why DaloyJS is the Future of Secure Backends

The web ecosystem has changed drastically since I started. Ten years ago, we worried about SQL injections and basic cross-site scripting.

linkedin.com
1
9
Writing APIs That Don't Make You Sad open.substack.com/pub/daloyj…
10
Your npm install Is an Attack Surface open.substack.com/pub/daloyj…
17
Why DaloyJS Is the Best Framework for Your Modern Web App open.substack.com/pub/daloyj…
15
If you are a @reactnative developer or an @expo developer, this one is for you. dev.to/daloyjs/daloyjs-is-th…

DaloyJS Is the Backend Your React Native and Expo App Deserves

If you've built a React Native or Expo app before, you know the pain: the mobile side looks good, the...

dev.to
48
Calling all @NativeScript devs. If you've shipped a NativeScript app before, you know the backend story can get messy fast. dev.to/daloyjs/why-daloyjs-i…

Why DaloyJS Is the Right Backend (or BFF) for Your NativeScript App

If you've shipped a NativeScript app before, you know the backend story can get messy fast. You need...

dev.to
1
60
We are solving a problem. Don't just deploy a RESTful service without protection. Use a framework with built-in security features and supply-chain-aware defaults. daloyjs.dev/blog/secure-by-d…

Secure by Default: The Defaults DaloyJS Ships So You Don't Have To Remember Them · DaloyJS

A tour of the always-on defenses in the DaloyJS request path, bounded body reads, prototype-pollution-safe JSON, CRLF sanitization, path-traversal rejection, request timeouts, problem json with prod...

daloyjs.dev
2
29
RFC 9457 application/problem json out of the box. HttpError, ValidationError, UnauthorizedError, TooManyRequestsError, all with automatic 5xx redaction in production. daloyjs.dev/docs/errors

Errors & problem json · DaloyJS

Throw typed errors in DaloyJS and have them serialized as RFC 9457 problem json responses by default. Customize, extend, and document errors in OpenAPI.

daloyjs.dev
2
71
DaloyJS
@daloyjs
May 30
DaloyJS plugins compose like Fastify's: encapsulated by default, with onPluginInstalled() and onShutdown() lifecycle events. Platform teams, this one's for you. daloyjs.dev/docs/plugins

Plugins & encapsulation · DaloyJS

Compose DaloyJS apps with encapsulated plugins, scoped middleware, decorators, and route prefixes, for large-scale, maintainable TypeScript services.

daloyjs.dev
2
25
DaloyJS
@daloyjs
May 29
DaloyJS is unique in combining the performance of a thin framework (Hono's core) with the security-by-default posture of an enterprise framework (Spring Security-level defaults) and zero runtime dependencies.
1
23
DaloyJS
@daloyjs
May 29
It's Friday again! Wooh!! daloyjs.dev/?img=1

The runtime-portable TypeScript framework with supply-chain-aware defaults · DaloyJS

DaloyJS is a secure-by-default TypeScript/JavaScript web framework with portable runtime guardrails and package provenance you can verify on any CI host. It combines FastAPI-grade docs, Hono-style...

daloyjs.dev
16
DaloyJS
@daloyjs
May 29
What are Boot Guards? Think of it like…the engine check that won't let your car start if the parking brake is on, the doors aren't shut, or a seatbelt isn't buckled. daloyjs.dev/?img=0

The runtime-portable TypeScript framework with supply-chain-aware defaults · DaloyJS

DaloyJS is a secure-by-default TypeScript/JavaScript web framework with portable runtime guardrails and package provenance you can verify on any CI host. It combines FastAPI-grade docs, Hono-style...

daloyjs.dev
15
DaloyJS
@daloyjs
May 29
### Plugins & Encapsulation DaloyJS plugins compose like Fastify's encapsulated by default, with `onPluginInstalled()` and `onShutdown()` lifecycle events. Platform teams, this one's for you. daloyjs.dev/docs/plugins

Plugins & encapsulation · DaloyJS

Compose DaloyJS apps with encapsulated plugins, scoped middleware, decorators, and route prefixes, for large-scale, maintainable TypeScript services.

daloyjs.dev
12
Load more