npm is the only major package manager that runs dependency install scripts (e.g. postinstall) by default, and theyβve become too much of a security weakness, says Jamie, who works for GitHub (maintainers of npm). This RFC features further discussion of the idea and the tradeoffs involved.
Jamie Magee
Please open Telegram to view this post
VIEW IN TELEGRAM
β€4
CHALLENGE
const createModule = (() => {
const privateCache = new WeakMap();
return function(name) {
const state = { name, version: 1, active: true };
privateCache.set(state, { accessCount: 0 });
return {
getInfo() {
const meta = privateCache.get(state);
meta.accessCount++;
return `${state.name}@v${state.version}`;
},
getAccessCount() {
return privateCache.get(state).accessCount;
},
upgrade() {
state.version++;
return this;
}
};
};
})();
const mod = createModule("auth");
mod.upgrade().upgrade();
console.log(mod.getInfo());
console.log(mod.getAccessCount());
β€2π2
Mark, well known for maintaining Redux and creating Redux Toolkit, goes deep into his daily development workflow, including his use of OpenCode (an open source JavaScript-powered coding agent), how he manages his knowledge base, tasks, and more.
Mark Erikson
Please open Telegram to view this post
VIEW IN TELEGRAM
β€4