David Sherret's Avatar

David Sherret

@dsherret.bsky.social

Software developer at Deno. Also working on ts-morph, dprint, and more (https://github.com/dsherret)

1,395 Followers  |  75 Following  |  114 Posts  |  Joined: 03.06.2023
Posts Following

Posts by David Sherret (@dsherret.bsky.social)

I've wanted this for so long - and @kettmeir.dev has finally implemented it!

View changes in the public API of packages between versions:
- what methods were added, changed (type signature), or removed

In the future we could even indicate if you are about to publish a breaking change

27.02.2026 16:30 β€” πŸ‘ 23    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Oxc Plugin Documentation on the Oxc code formatting plugin for dprint.

dprint init
dprint config add oxc
dprint config add biome

...along with various other formatters.

25.02.2026 22:26 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

dprint's incremental formatter is incredibly fast and happens without needing an opt-in.

You can use both oxc and biome via dprint for faster performance.

25.02.2026 22:25 β€” πŸ‘ 5    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

The 2/0 is a little strange, but overall it's better.

13.02.2026 23:28 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

It's good npmx.dev shows git and https dependencies. I still think it's crazy npmjs.org doesn't.

13.02.2026 17:38 β€” πŸ‘ 26    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Video thumbnail

I didn't want a terminal based solution, so I vibe coded a desktop app to give the status of all my AI sessions regardless of where they're running and I can click to quickly jump to them.

12.02.2026 00:39 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Great to hear! It will be better for the ecosystem in the long term.

05.02.2026 16:59 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Additionally, pnpm 11 will block dependencies from exotic sources (like Git) in subdependencies.

05.02.2026 13:40 β€” πŸ‘ 20    πŸ” 3    πŸ’¬ 2    πŸ“Œ 0

Re config: I'm not sure what it should look like since there's so many variations on what a git dep could be. I'm thinking opt-in for all git deps or opt-in for a specific url git dep because there's so many variations on what the url could be I think.

04.02.2026 19:27 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

It would also be hard for security tools to scan because the git/https deps can change.

04.02.2026 19:27 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Tools making this harder will also encourage npm packages to keep their dependencies on npm because it will cause friction for their users.

04.02.2026 16:50 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

It's good there's the option, but most people won't and don't do this.

In my opinion, it's something that should be opt-in instead of opt-out in all the tools. For example, you can be hit by this while working on a project that doesn't have linting and you update a dependency.

04.02.2026 16:50 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0
Post image

Several popular npm packages transitively have this problem, including a recent popular one. It's only a matter of time before someone takes advantage of this.

04.02.2026 16:17 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

Both of these are also possible using https dependencies in an npm package. Worst part is in some cases the package wouldn't easily be able to be taken down.

npm, pnpm, and bun all happily install this kind of stuffβ€”`deno install` errors.

04.02.2026 16:17 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

How to recreate leftpad:

1. Publish an npm package with a git dependency.
2. Get usage and wait many months.
3. Delete the repo.

04.02.2026 16:17 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

How to bypass minimum dependency/release age:

1. Publish an npm package with an unpinned git dependency.
2. Get usage and wait many months.
3. Push a malicious commit to the git dependency's repo.

04.02.2026 16:17 β€” πŸ‘ 9    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Post image

The deno and dprint vscode extensions now prompt when a custom executable path is set in the workspace configuration.

I believe this should help reduce the chance of malicious config launching an executable in a trusted workspace.

22.01.2026 20:03 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

We have a custom test runner in Rust and I added a JSON reporter github.com/denoland/den... for the CI that creates some artifacts on each CI job github.com/denoland/den... (scroll down to artifacts) then those get consumed by the website here github.com/denoland/den...

22.01.2026 14:57 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Vibe coded a website to give a summary of our frequently failing and flaky tests on the CI.

21.01.2026 21:47 β€” πŸ‘ 9    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

This was a highly requested feature that I put off implementing because I wasn't sure about the design (the dprint CLI has no idea how to format code, it relies on the plugins for that). I waited a few years and nowadays it seemed pretty straightforward how it should work.

05.01.2026 19:44 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Release 0.51.0 Β· dprint/dprint dprint is a pluggable, configurable code formatting platform written in Rust. It aims to unify all your code formatters in one tool. Features Global Configuration File dprint now supports a global ...

dprint 0.51 (code formatter) is out.

This release adds initial support for formatting with a global config file.

github.com/dprint/dprin...

05.01.2026 19:44 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
chore: add pty reporter for tests by dsherret Β· Pull Request #31644 Β· denoland/deno Adds a PTY reporter for local development that gives a summary of the longest running pending tests and also recent failures. feat: move long running test alert completely into reporterΒ file_test_...

PR is here github.com/denoland/den...

The code is using github.com/denoland/fil... (even for the rust-based tests, which was a little tricky to do in stable Rust)

17.12.2025 02:40 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Video thumbnail

In the Deno repo, we have a custom Rust test runner for our tests in order to support file/directory-based tests and improve stability on the CI. I just refactored the code to have a pty reporter that surfaces some useful information. It seems better than having failures whizz by.

17.12.2025 02:40 β€” πŸ‘ 13    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Benchmark 1: dprint fmt --incremental=false (branch = main) Time (mean Β± Οƒ): 42.703 s Β± 0.412 s [User: 0.733 s, System: 0.569 s] Range (min … max): 41.742 s … 43.399 s 10 runs Benchmark 2: dprint fmt --incremental=false (branch = jabaile/gofumpt-plugin) Time (mean Β± Οƒ): 633.1 ms Β± 14.8 ms [User: 4887.2 ms, System: 1083.9 ms] Range (min … max): 617.3 ms … 663.2 ms 10 runs Summary dprint fmt --incremental=false (branch = jabaile/gofumpt-plugin) ran 67.45 Β± 1.70 times faster than dprint fmt --incremental=false (branch = main)

Benchmark 1: dprint fmt --incremental=false (branch = main) Time (mean Β± Οƒ): 42.703 s Β± 0.412 s [User: 0.733 s, System: 0.569 s] Range (min … max): 41.742 s … 43.399 s 10 runs Benchmark 2: dprint fmt --incremental=false (branch = jabaile/gofumpt-plugin) Time (mean Β± Οƒ): 633.1 ms Β± 14.8 ms [User: 4887.2 ms, System: 1083.9 ms] Range (min … max): 617.3 ms … 663.2 ms 10 runs Summary dprint fmt --incremental=false (branch = jabaile/gofumpt-plugin) ran 67.45 Β± 1.70 times faster than dprint fmt --incremental=false (branch = main)

Did something fun; used @tinygo.org to shove @mvdan.cc's wonderful gofumpt into @dsherret.bsky.social's amazing dprint formatter via a Wasm plugin.

We previously used an "exec" plugin to do this with go tool, but it was slow to run, and worse in parallel (and... Windows πŸ˜‘).

Now it's fast!

13.12.2025 07:06 β€” πŸ‘ 38    πŸ” 3    πŸ’¬ 3    πŸ“Œ 0

Previously, we injected a specific `@types/node` package from the npm registry when we detected the use of a Node built-in module, but that didn't work when code only used Node globals like `process` and `module`. It also required an explicit caching/install step in many cases.

05.12.2025 00:40 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

These built-in Node type declarations are used by default when Deno doesn't detect a `@types/node` npm package during type checking.

05.12.2025 00:40 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Using the `module` global in a cts file with type completions.

Using the `module` global in a cts file with type completions.

The next Deno release will include Node type declarations out of the box.

05.12.2025 00:40 β€” πŸ‘ 14    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
From Any to This - Leo Kettmeir | EuroRust 2025
YouTube video by EuroRust From Any to This - Leo Kettmeir | EuroRust 2025

In his talk at #EuroRust25, @kettmeir.dev shared how the @deno.land project improved error handling by migrating from the anyhow crate to using thiserror and concrete error types – watch it on YouTube now! πŸ¦€

πŸ‘‰ youtu.be/f6eofqicw_s

#RustLang #RustConference #EuroRust

06.11.2025 11:23 β€” πŸ‘ 7    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

Thanks! Just a fetch then find and replace. It’s pretty hacked together πŸ˜…

23.10.2025 02:43 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
First-class JSONC manipulation in JavaScript Manipulating JSONC in JavaScript using a CST via jsonc-morph

Wrote a library this weekend for modifying JSONC files david.deno.dev/posts/jsonc-...

12.10.2025 23:30 β€” πŸ‘ 18    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0