I also ran it through blackhole (I know it's a bit of a meme by now) and I was zoning out instantly lol.
11.03.2026 18:26
๐ 1
๐ 0
๐ฌ 0
๐ 0
I also ran it through blackhole (I know it's a bit of a meme by now) and I was zoning out instantly lol.
Just got Grainferno and played around with it for a bit. Granular synthesis is always lots of fun but I'm impressed how easy it is to get some incredible results with this one. Loving it!
Oh god when did we hit 2026
This would be so hilarious if it weren't 2025.
I use both. I always do conventional commits, it's just muscle memory by now.
I use release-please to automate releasing and versioning on small or even one-person projects.
Beyond that, I agree that cc-based changelogs are utter trash (and this is wher changesets shines).
I'm guessing the launcher (BattleNet) is the annoying part here not the game binary itself, right?
Quick Google search indicates it should run on Proton just fine: news.ycombinator.com/item?id=4178...
I love how @venustheory.bsky.social has a bluesky account with 1k followers but doesn't give a shit about it lol
Ah I got those confused then. I neither knew about vlt nor heard about anthropic buying bun. Thanks!
Damn that's harsh lol. But back to my original question, why do we need vlt when we already don't have a lack of competing JS runtimes?
I did but it didn't really get me fired up tbh. What makes deno stand out is not being a faster runtime but moving a lot of the paradigms forward that we've come to accept in the ecosystem. It gets rid of a lot of technical debt.
Completely missed the memo on this one. What does it offer over, say, deno?
What I said could be misread, so I better clarify: While trusted publishing itself does not prohibit manual publishing, since Shai-Hulud npm really nudges you towards enabling it and disabling manual publishing alltogether. They now also limit token lifetime to 3 months, increasing friction.
Yeah, might be. :) If e.g. your CI/CD pipeline includes a human element in the form of "you gotta press this button to create a release", which proper setups will usually have, this shift indeed introduces the requirement for human interaction. But it all depends on how the repo is set up.
Also, love the work you guys do. Always one of my week's highlights. โค๏ธ
If the repository's CI/CD and permissions is set up properly it'll be much harder to publish malicious payload now. Of course that's a big "if" right there but making it harder for authors to yolo a release of a widely adopted package is a good thing in a lot of ways.
Since supply chain attacks like that rely on fetching tokens locally from the dev machines, removing that attack vector is pretty smart IMO. Nowadays there's little reason for package authors to have the ability to manually publish anyways, especially if they maintain popular packages. 3/x
They now push authors to use what they call "trusted publishing" which essentially removes the ability to manually publish a package entirely and moves the authority to publish exclusively to CI/CD pipelines. If you consider what Shai Hulud did, you'll notice this is actually a good idea. 2/x
@patrick.risky.biz Hey Pat, listening to the recent episode of Risky Biz right now and wanted to offer a minor correction regarding npm/shai hulud.
Adam mentioned that npmjs.com was introducing a human factor to the publishing process, but the opposite is actually the case. 1/x
What do you mean by chore? ๐ I linked my github action to npm once and now I never have to worry about rotating tokens again. ๐ฅฐ
This is gonna be gud.
There's OData: www.odata.org
SAP did make heavy use of it at one time and I think Microsoft too, not sure if they still do
Of all UI frameworks I've worked with, @emberjs.com and @solidjs.com (although quite different in paradigm) just get the the most things right (caution: personal opinion). So happy to see both thriving.
Yeah, they're doing great. The recent addition of a debugger was a game changer for me.
At least as long as you don't plan on publishing manually that is.
I have yet to set it up myself, but the way I understand it, tokens in trusted publishing are short lived and not handled by us. The traditional long-lived tokens aren't required: docs.npmjs.com/trusted-publ...
Aren't you supposed to use trusted publishing instead?
I can't wrap my head around having to allow port 443 udp someday lol
It's so weird if you wanna do stuff like "chore(deps): Bump version of @foo/bar" because GitHub tries to convert it to a user tag lol
That's huge. ๐