North Korea is targeting npm maintainers. Not for crypto. For write access to packages downloaded trillions of times a year. Lodash. Fastify. axios. mocha. Node.js core. Even @feross.bsky.social and several @socket.dev engineers! socket.dev/blog/attacke...

"Axios npm Packages Compromised in Supply Chain Attack" 👉 thecybersecguru.com/news/axios-n... Maybe you should have less dependencies in your project and lean more on established web standards. Maybe, IDK.

This kind of attack is getting more and more common. Early in my career I used to update dependencies blindly — not anymore. For a few years now I’ve been locking packages to specific versions, reading changelogs carefully, and setting a `cooldown` in Dependabot (link in thread).

🚨 Active supply chain attack on [email protected]. The latest version pulls in [email protected] -- a brand-new package that didn't exist before today. We're still investigating. If you use axios, pin your version and audit your lockfile. socket.dev/blog/axios-n...

CSS is DOOMed! I've build DOOM in CSS and every wall, floor, barrel, and imp is a div, positioned in 3D space using CSS transforms. cssdoom.wtf Try it out! But... not every browser can handle it. This is taking the browser to its limit. Chrome has some issues. Safari too. Bugs will be filed.

Remember to periodically verify that you've opted out of GitHub's Copilot data collection bullshit. I thought I had done that, but nope... 👉 github.com/settings/cop...

Can't pivot to AI until after the pivot to video, so… 🤷 www.youtube.com/watch?v=RfNz... #css #webdev

📢 Code.Movie 0.0.40 Includes improvements for dealing with MANY obscure CSS features, heuristics improvements and support for .env syntax Blog post: code.movie/blog/improve... On NPM: www.npmjs.com/package/@cod...

TypeScript 6.0 is now available! This release brings better type-checking for methods, new standard library features, new module features for Node.js, and more! But most important, this release brings us one step closer to the upcoming native-speed 7.0! devblogs.microsoft.com/typescript/a...

You might have noticed me sharing a lot of posts from ex-Deno folks. I'd unhesitatingly go to bat for, work with, or hire each and every one of my now-former colleagues in a heartbeat. To a person, these are brilliant, kind, thoughtful humans who are each exceptionally excellent at what they do.

I miss monkeyuser.com 😅

It's about time! Configure and monitor your cron tasks with Deno Deploy. docs.deno.com/deploy/cron/

Version 2.7 der Runtime für JavaScript und TypeScript stabilisiert die Temporal API, führt npm-Overrides ein und verbessert die Node.js-Kompatibilität deutlich. #JavaScript

Deno v2.7 is here! 🕛 Temporal API stabilized 🪟 Windows ARM native support ⚙️ npm overrides support 📦 deno compile --self-extracting 🩹 Node compat fixes ...and more! deno.com/blog/v2.7

If you heard: "Don't bother learning to code, AI will do it all." They're wrong. Here's why. adventures.nodeland.dev/archive/yes-...

Kann ich in Angular auf #Rxjs verzichten? Das will ich heute abend im Livestream testen. Ich hab das schon mal versucht, vor 3 Jahren, damals war das nicht möglich. Jetzt mit #angular21 sieht das ganze schon vielversprechender aus. Start ist: 20:00 webdave.tv

We couldn't have built our own docs generation without @deno.land tools, here to collaborate with all registries @jsr.io 🤝 @npmx.dev

Mit Deno Deploy können Developer JavaScript- und TypeScript-Anwendungen ins Web deployen. Für erhöhte Sicherheit steht die neue Deno Sandbox bereit. #JavaScript

🤓💩 Save the date: I'm going to do some more verbal webdev shitposting at WeAreDevelopers LIVE next Wednesday! 👉 www.wearedevelopers.com/en/live

Anyway, here's Code.Movie version 0.0.39 with just a few minor bug fixes and stability improvements—things like the inconsistency shown in the attached animation. 👉 Full list of changes: code.movie/blog/many-sm...

Introducing Deno Sandbox ⭐ Instant Linux microVMs ⭐ TypeScript and Python (!) SDKs + REST API ⭐ Secure against prompt injection attacks deno.com/blog/introdu...

Save the Date: Vom 29. Juni bis 2. Juli 2026 halte ich wieder die Vanilla-Webdev-Stellung auf der DWX in Mannheim! Das finale Programm steht noch nicht, aber ich werde zumindest etwas über Scheduling-Techniken mit JS Generators erzählen, wenn nicht noch mehr. 👉 www.developer-world.de/dwx

Thread 👇 bsky.app/profile/qntm...

🚨 @workingdraft.de XXL 🚨 Aufnahme zur Folge 700 (!!!) läuft

Save the Date: Am 16. März übernehme ich auf den JavaScript- und Angular-Days die Show für RICHTIGES JavaScript. Keine KI, kein Malen-nach-Framework-Zahlen — bei mir dürft ihr euer Gehirn noch benutzen, etwa beim Ritt durch JavaScript-APIs, die keiner kennt. 👉️ javascript-days.de/javascript/d...

Neues Jahr, neues #Workshop-Programm: „Senior #JavaScript: Die unbekannten Ecken meistern“ 👉 www.developer-world.de/dwx-academy/... Thema: neuer Stoff für #JavaScript- und #TypeScript-Entwickler:innen, die schon alles wissen (oder zu wissen GLAUBEN). Proxies, Generators, Symbols und viel mehr!

Deno 2.6 is here: 🛠️ `dx` is the new `npx` ⚡ faster typechecking with tsgo 🔒 improved security with `deno audit --socket` 🦺 safer deps with `deno approve-scripts` 🚘 source phase import support and more! deno.com/blog/v2.6

I am burning out on this... Multiple PRs created by AI-bot accounts are trying to solve the same issue that has not yet even been identified, with verbose plain-text PR descriptions. I don't even know if I should bother to reply... Any ways to stop this? 😇

Our Deploy platform continues to ramp up, and after exploring it for while @philhawksworth.dev has some highlights to share. deno.com/blog/deno-de...

Look who got off his ass and finally improved his side project's website! 👉 code.movie Key achievements: - The "design" now has some contrast - The playground finally lazy-loads language modules - Performance in general rips, thanks to a bit of SSR and some CSS tweaks LMK if something's broken!

Deno 2.5.4 has been released github.com/denoland/den...

New in Deno v2.5.4: Deno tunnel Connect your local and your Deploy environments.

My biggest frustration with Fresh 2 was the removal of the <Head> component, which has now been restored! I have reverted my personal blog as well as updated my post below! Thanks @marvinh.dev!

We received reports of a phishing campaign targeting crates​.io users. Do not click on links asking to authenticate to protect your account. More information: blog.rust-lang.org/2025/09/12/c...

2️⃣🔘5️⃣

Deno 2.5 is out — ⭐ Permission sets in config ⭐ Setup and teardown APIs to Deno.test ⭐ HTML entrypoint support in deno bundle ⭐ Runtime API for deno bundle deno.com/blog/v2.5

No webdev shitposting today: it's workshop time! Today is basically all about #JavaScript modules: scripts vs. modules, strict mode, import/export, import maps, top-level await...

Proud to announce my new Pluralsight course "Angular Deep Dive: Monorepos with Nx" app.pluralsight.com/library/cour... is now live 🥳🥳🥳🥳🥳🥳

🚨 Breaking: npm author Qix compromised. Malicious package versions published in projects that typically see hundreds of millions of downloads each week. Details: socket.dev/blog/npm-aut...

Switzerland ✅

Seht ihr das auch so? 🤔 t3n.de/news/warum-i...

Deno v2.4.4 just dropped, including: 📦 `deno bundle` uses correct conditions for browser code 🚀 faster `structuredClone` API and Node-API addons ⚙️ `node:worker_threads` handles CommonJS better 💡 new progress bar spinner and many more 👉 github.com/denoland/den...

August 7th is almost upon us. Wondering what moves Oracle will pull next. youtu.be/_tGwOv3scKw?...

Deno v2.4.3 has been shipped: ⭐ Improved node:tls peer certificates capabilities ⭐ Workspaces add package.json subpath imports ⭐ Certain Buffer APIs are now 2x faster ⭐ Upgraded LSP to better handle text and bytes imports and much more! github.com/denoland/den...

News from Code.Movie: Improved animation heuristics in version 0.0.31 👉 code.movie/blog/improve... TLDR: The animation heuristics got better, at least for some corner cases. Also this version has been released for over a month, but I have had no time to write about it 🤷

Nach einem Phishing-Angriff auf npm-Maintainer war das Paket is, das auf etwa 2,7 Millionen wöchentliche Downloads kommt, mit einem Malware-Loader infiziert. #Malware

Correct? • Both Node.js and Deno grant permissions to the whole app (network access, file access, etc.). • Wouldn’t it be better to additionally specify permissions for dependencies? That could prevent a rogue utility library from accessing files even though the app itself is allowed to do so.

I just wanted to say, I’m probably more proud of this Ted talk than just about anything I’ve ever done so I’m gonna be absolutely useless for the next couple of weeks as I promote the shit out of this because I want you to watch it because it matters in the moment we are in youtu.be/dVG8W-0p6vg

Deno v2.4.2 has been released, including: - `deno bundle` defaults to "react" for `jsxImportSource` - `deno lint` now handles overlapping fixes - `node:fs` gets better support for `exists` and `link` - `text` and `bytes` imports can now be used in npm packages github.com/denoland/den...