Scott Cooper's Avatar

Scott Cooper

@scooper.bsky.social

San Francisco, typescript, xmplaylist.com Doing frontend stuff at @sentry.io

187 Followers  |  270 Following  |  106 Posts  |  Joined: 26.06.2023  |  1.9216

Latest posts by scooper.bsky.social on Bluesky

I won’t go back. I won’t use generators like effectjs wants either. Next we’ll reinvent zone.js

14.10.2025 19:32 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I feel like the "learn how to use grid" websites were always way harder than actually using grid.

14.10.2025 15:35 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
My Favorite NPM Command An ode to `npm repo`, the best npm command.

Astro is really fun because you can just vibe code a little animation in html and add it to your blog post. sigh.dev/posts/favori...

11.10.2025 22:43 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Would love to somehow say my package will never have a postinstall script

08.10.2025 01:38 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

i want to know who made the "cheetah" model in cursor

08.10.2025 00:29 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I live in constant fear

06.10.2025 16:14 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Strengthening npm security: Important changes to authentication and token management - GitHub Changelog As part of our ongoing commitment to securing the npm ecosystem, we’re implementing the first phase of security improvements outlined in our recent announcement. These changes will roll out over…

Stop sending me this. github.blog/changelog/20...

30.09.2025 04:34 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
fix: mark `FormData` & `URLSearchParams` as non-serializable for bun … Β· unjs/ofetch@4e4d3ee …compatibility (#483)

@pi0.io would love to see a new version of oftech get released. Need that bun fix. πŸ™ˆ github.com/unjs/ofetch/...

28.09.2025 18:20 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Deus Ex Remastered coming to Steam/Switch/Xbox/PS5 on Feb 5th, 2026 www.youtube.com/watch?v=z-Sg...

24.09.2025 23:02 β€” πŸ‘ 290    πŸ” 47    πŸ’¬ 28    πŸ“Œ 54
Preview
TanStack | High Quality Open-Source Software for Web Developers Headless, type-safe, powerful utilities for complex workflows like Data Management, Data Visualization, Charts, Tables, and UI Components.

πŸš€ Announcing TanStack.com Start v1 Release Candidate!

Upgrades ↓

✨ Unified Route Tree: no more server-specific files
πŸ” Type-safe middleware & server context upgrades
πŸ›‘ CSP/nonce support
⚑ Now works with any native Vite Env plugin
πŸŒ€ Zero-JS: any server handler can render!

23.09.2025 20:10 β€” πŸ‘ 196    πŸ” 29    πŸ’¬ 7    πŸ“Œ 6
Preview
Our plan for a more secure npm supply chain GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing.

I managed my tokens so poorly that npm changed their policy. Progress! github.blog/security/sup...

24.09.2025 02:01 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

dm's are open i think

23.09.2025 00:53 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

A lot of the related security blogs recommended switching to pnpm to avoid running unapproved postinstall scripts.

Mostly mention it because that is already what I am doing.

17.09.2025 16:16 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
@ctrl/tinycolor Supply Chain Attack Post-mortem Lessons learned from becoming the unexpected face of a npm supply-chain attack.

I've published my perspective of the @ctrl/tinycolor NPM supply chain attack. This whole thing got me to finally make a blog.

sigh.dev/posts/ctrl-t...

17.09.2025 16:06 β€” πŸ‘ 27    πŸ” 6    πŸ’¬ 3    πŸ“Œ 2

they force pushed a branch directly because they were a repo admin. Not a pr.

17.09.2025 03:48 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

no in this case it was a "shai-hulud" branch pushed to a shared repo where multiple people have admin access.

This shai-hulud branch contains a github action that runs on push.
This shared repo had my npm token as a secret for github action publishing.

17.09.2025 00:16 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

bsky.app/profile/scoo...

16.09.2025 20:25 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

bsky.app/profile/scoo... not 100% certain, but not seeing the bad branches on my own repos

16.09.2025 07:21 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

i believe i figured it out. A project i collaborated on got a "bad" github branch by a collaborator. This project had an npm token of mine.

16.09.2025 06:35 β€” πŸ‘ 6    πŸ” 0    πŸ’¬ 2    πŸ“Œ 3

no not for certain yet, currently it seems like a publish token was public or leaked

Not seeing the weird githu branch names or repos from some of the newer hacks

16.09.2025 05:14 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

I am publishing new versions of affected packages

16.09.2025 03:39 β€” πŸ‘ 7    πŸ” 0    πŸ’¬ 3    πŸ“Œ 0

taking a look

15.09.2025 23:15 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

The other major reason was we switched to the biome formatter but found it didn't support css-in-js and still does not. So we then had pretter, eslint (for various rules biome was missing), and biome at one time.

13.08.2025 18:12 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Today's word is espoused

07.08.2025 21:37 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Announcing TypeScript 5.9 - TypeScript Today we are excited to announce the release of TypeScript 5.9! If you’re not familiar with TypeScript, it’s a language that builds on JavaScript by adding syntax for types. With types, TypeScript mak...

TypeScript 5.9 is now available! πŸ“£

This release brings:

βœ… An updated tsc --init
βœ… Type-checking for the new 'import defer'
βœ… Actual summaries in more DOM APIs
βœ… Expandable quick info hovers (✨preview✨)

and more! Read up more on our blog:

devblogs.microsoft.com/typescript/a...

01.08.2025 17:15 β€” πŸ‘ 145    πŸ” 27    πŸ’¬ 0    πŸ“Œ 6

rspack doing damage to webpack's numbers

31.07.2025 15:13 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

You will review my vibe code until exhaustion

03.06.2025 03:18 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

We wrote a blog sharing some findings from our binary size optimization journey - exploring efficient ways to embed large string HashMaps statically in programs: github.com/orgs/web-inf...

07.07.2025 13:34 β€” πŸ‘ 7    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
The Best Movies of the 21st Century: How Actors, Directors and Other Film Lovers Voted To determine the best movies of the 21st century, we polled hundreds of celebrities. See how your favorite stars and directors voted.

really enjoying the film list stuff @nytimes.com is doing this week.

27.06.2025 05:16 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

they should make a rotisserie chicken you can vape

26.06.2025 00:08 β€” πŸ‘ 391    πŸ” 119    πŸ’¬ 15    πŸ“Œ 5

@scooper is following 20 prominent accounts