I also had an alternative design that would allow a framework / library to track when a promise it created (e.g. a network query) becomes the eventual result of a promise it receives (e.g. userland handler that triggers the network query). But that'd require a significant JS engine and spec change.
26.07.2025 00:50 β π 0 π 0 π¬ 1 π 0
The approach we're taking is to forego native promises and thenables altogether, and use another object that represents an eventual result. I need to write up our design somewhere (it leverages some of the concepts for eventual send).
26.07.2025 00:46 β π 0 π 0 π¬ 1 π 0
It's fragile in the face of some user code refactors too. Anything that introduces a tick before these trapping thenable are adopted into a promise prevents the detection.
Having faced similar problems of trying to track the flow of eventual results, I'm confident thenable tricks isn't a solution.
26.07.2025 00:43 β π 0 π 0 π¬ 1 π 0
I really didn't expect to see then getters (ab)used like that in the wild! I'm quite suspicious of how fragile this all actually is. This is effectively another form of Zalgo being released.
26.07.2025 00:27 β π 0 π 0 π¬ 1 π 0
'user" is a bit confusing here. If the hashCode / equal is a protocol implemented by the object, then the author of the object can affect all collections in which the object is added π. If the functions are per collection, then you lose the standard synchronization point π
24.04.2025 16:36 β π 1 π 0 π¬ 1 π 0
An equality predicate is not sufficient for collections. Something like hashCode is also needed.
The problem with those is stability. There is no way to guarantee that user code will be side effect free and produce stable results.
21.04.2025 17:07 β π 0 π 0 π¬ 1 π 0
Hey there, any update on the recordings of the presentations? Would love to reference it.
27.03.2025 00:39 β π 1 π 0 π¬ 0 π 0
SeattleJS presents: The Future of JavaScript with TC39 Β· Luma
π Get ready to learn and connect at SeattleJS! π
This SeattleJS special event is presented in partnership with:
TC39, the technical committee that maintainsβ¦
Next week TC39 will meet in Seattle to discuss new JavaScript language features π
Please join us on Thursday 20th Feb at Docusign for a free @seattlejs.com community event featuring Linus Groh @ptomato.name @nicr.dev @ashley-c.bsky.social @lcas.dev @mhofman.bsky.social
lu.ma/s97y24jd
13.02.2025 01:57 β π 23 π 10 π¬ 1 π 2
Mathieu speaking to a room of people about realms in JavaScript
Don't what a realm is in JavaScript? Ask @mhofman.bsky.social ! He is talking all about them :)
21.02.2025 04:42 β π 5 π 3 π¬ 2 π 0
Really insightful read of @kriskowal.bsky.social's experience of helping bring modules to the JavaScript ecosystem.
06.02.2025 21:23 β π 5 π 0 π¬ 0 π 0
And even though there was no actual vulnerability, we did pay out the researcher as it was a really informative report.
06.12.2024 14:48 β π 1 π 0 π¬ 0 π 0
Got a similar report a few months ago. We were not actually vulnerable (CI is powerless on forks, and it couldn't affect any output), but it was a really good learning experience. Use env variables as much as possible in GH actions, those are sanitized.
06.12.2024 14:47 β π 1 π 0 π¬ 1 π 0
Security Issue in JWT Secret Poisoning (Updated)
We discovered a new high-severity vulnerability (CVE-2022-23529) in the popular JsonWebToken open source project.
Reminds me of an "RCE" last year where a JWT library was "vulnerable" to an object with a `toString` method. How do you think that method got there in the first place...
unit42.paloaltonetworks.com/jsonwebtoken...
06.12.2024 14:22 β π 0 π 0 π¬ 0 π 0
my view is that large mission-critical systems that are targeted by threat actors are in fact multi-tenant systems (whether their authors realize it or not) and immutability is one of the tools for writing defensive code against potential threats running in the same process
30.11.2024 02:44 β π 3 π 2 π¬ 1 π 0
Shoot, once again I'm away!
02.12.2024 16:15 β π 0 π 0 π¬ 0 π 0
Yeah I'd say in general control flow based on API calls is a weakness in TS. Possible to implement yourself but very complex, and the standard library types don't do it.
02.12.2024 16:02 β π 1 π 0 π¬ 0 π 0
Oh interesting. Wondering if this has something to do with integer index properties.
29.11.2024 21:07 β π 0 π 0 π¬ 1 π 0
I was seeing similar scroll resetting weirdly on back navigation on Chrome on Android, but I haven't seen it today.
24.11.2024 13:56 β π 0 π 0 π¬ 0 π 0
I have to admit, Twitter has a really good mobile web experience, even after the sabotages from Elon. The navigation in BlueSky mobile web is not great, and don't get me started on the lack of a manifest to support installing the web app and push notifications.
24.11.2024 12:46 β π 1 π 0 π¬ 0 π 0
A flag which bans TS features with runtime emit (enums, namespaces, experimental decorators, etc) will come in 5.8 to help people executing TS code via Node.js (or who want to avoid using those features for "reasons").
23.11.2024 06:21 β π 126 π 28 π¬ 5 π 3
Yeah it's been a known won't fix issue since 2020: github.com/microsoft/Ty...
23.11.2024 09:47 β π 0 π 0 π¬ 0 π 0
Unfortunately TS is already not a superset of JS. Its syntax is ambiguous enough that some valid JS programs have different semantics when handled by a TS parser. Also not all TS programs can simply have their types stripped off.
23.11.2024 00:24 β π 1 π 0 π¬ 1 π 0
GitHub can recognize and hide some generated files (e.g. from protobuf), not sure what the heuristics are. To enforce they are up to date, we just have a CI job that regenerates them and a check there are no dirty files (also good to handle lock files and similar)
19.11.2024 09:58 β π 1 π 0 π¬ 0 π 0
πΆπΎπ»π³οΈβππΆ
i'm in my cat era β’ managing editor, hardware at pcgamer β’ @beebreadtech on tiktok/yt/insta β’ jacob.ridley@proton.me β’ he/him
TC39 - Signals - Source Maps - TS/JS @Bloomberg. Previously I did web at Adobe and Twitter.
Opinions are my own.
Building something new... Previously at Google. Web maximalist. Web components. Creator of Lit. Oakland.
cofounder of deno and creator of node
https://tinyclouds.org/
https://github.com/ry
https://x.com/rough__sea
TypeScript is JavaScript with types and type-checking.
Compiles down to JavaScript, runs where JavaScript runs.
Making TypeScript for 10 years running
building Bun. formerly: stripe (twice) thielfellowship. high school dropout π
father, principal systems engineer at cloudflare. author of ada url parser. node.js tsc member. github.com/anonrig
wingolog.org / haute-savoie / iterating to a fixed-point
Editor, @noiseprotocol.bsky.social
Privacy is punk
Advisor & builder. Formerly security @dropbox, product @instart & @google, authored Surreptitious Software, TL for Caja. I love good food, fine wine & great JS.
in the glutting of my rage I find my content
https://github.com/boneskull
@vlt.sh Founder & Chief End-User Officer
Prev: GitHub, npm & Themify Co-Founder
I write code for fun, and for profit.
Also working on something (not so) exciting for the Fediverse.
I also post here: https://techhub.social/@manlycoffee
Working on Google Chrome to make the web better, as a way to pass the time until the singularity hits.
Advisor focused on developer tools, and tiny angel investor via @developersvc
Past: @stripe, @code, and a few startups (acq)
Developer of sorts at @firefox.com. No thought goes unpublished. He/him.
