The maintainer of one of our dependencies, debug, was the target of a phishing attack resulting in the release of [email protected] with malware. Supply chain security is all of our responsibilities. Be careful out there, and for today don't update your deps. socket.dev/blog/npm-aut...

I scored 14/28 on jsdate.wtf and all I got was this lousy text to share on social media.

Do you know someone working at Microsoft that could help us get the @vitest.dev vs code extension verified back?

And for Vite integration: we are now passing all relevant tests in github.com/rolldown/vite, the temporary fork of Vite that runs on Rolldown instead of esbuild / Rollup. Expect a proper release early 2025!

@juri.dev I remember the nx docs recommend setting `fetch-depth: 0` to make nx-affected work; For us, on a relatively big monorepo, this took 1m40s on CI because it fetches all history😅. We now found out that setting `filter: tree:0` gets that down to 28s while nx affected still works 🤯

In a nice turn of events, a week after I learned about this API I found a use for it at work. Thank you @ambarvm.bsky.social for this piece of info. 🙏 (and did I lose `p-mutex`? Nope - I used it to fake this API when running Vitest tests 😁)

I have used the web locks api for this. developer.mozilla.org/en-US/docs/W... Request lock 🔒 Check if the token is expired with an api call. Refresh if expired. Release lock 🔓

Yep kentcdodds.com/blog/dont-sy...