26.02.2026 11:51
👍 1
🔁 0
💬 0
📌 0
Follow-up question: if I have new packages to publish, do I have to publish them all manually one by one before setting up trusted publishing?
We use Vike and it works well for us!
The open alternative to GitHub already exists, and is hosted elsewhere!
codeberg.org/forgejo/forg...
We’re deeply saddened to mark the passing of Mikeal Rogers after a courageous fight with cancer.
Mikeal wasn’t just a leader in the open source world. He was a connector, a builder of community, and someone who showed up for others in meaningful ways.
Thank you, Mikeal 💚 hubs.la/Q03s_C7G0
EU citizens, please take 30 seconds to sign the European Citizens' Initiative to ban conversion therapy (torture against LGBTQ+ people).
Only 1 day left to meet the criteria of 1 million signatures.
eci.ec.europa.eu/043/public
Two weeks have passed already, so it's time for a new Node.js release!
Today we added support for TLSA DNS records and the new `process.threadCpuUsage` method.
nodejs.org/en/blog/rele...
I'll be there too!
Major in theory. In practice I would probably not have thought about it.
Just released Node.js v23.8.0.
It includes an initial implementation of URLPattern, an new flag to load system certificates, zstd, and more!
nodejs.org/en/blog/rele...
This is what should be on every front page right now. What's happening in the US right now is an illegal power grab by a private citizen. IT'S A COUP.
It's a digital coup. It's Musk who's leading it. The consequences are terrifying. And it's coming for us next.
1/
open.substack.com/pub/broligar...
Maybe we should start specifying that we want minimal code, not minimal effort.
Is SHA-256 faster because CPUs have specialized instructions for it?
This GitHub "feature" has been known for years and has already been abused to trick people into downloading malware. I'm not aware of any official communication about it but I may have missed it.
Wait, it's actually in the stack trace. The problem is in the abandoned `esm` module: github.com/standard-thi...
This internal method was changed. It now expects two parameters.
This probably means that one of the modules is abusing Node.js internals. Try to run the tests with the `NODE_DEBUG=module` env var to find which one.
I'm talking about runtime checks. I don't know what you mean by "type checks".
I agree. My point is that correct types should force you to write the checks, or at least help you think about it.
My opinion here is that if the query string parser you use has type definitions and may convert any query param to an array, the types should reflect that. Otherwise it's a typings bug that may introduce the security vulnerability.
I tried to find a hint in the conversation but I don't find how you can (unexpectedly) get something other than a string from a query parameter. You need to have a specific parser/transformer in the middle. It's not like untrusted JSON body.
node --expose-internals -e "require('internal/test/binding').internalBinding('process_methods').causeSegfault()"
bsky.app/starter-pack...
I only had one sponsor (codecov), and lost it today.
In case they want to use the `nodejs.org` handle and can't do it, feel free to direct them to me. Happy to help for the DNS challenge.
Hello World. Meet some of my awesome friends. go.bsky.app/DmKWw1e