On macOS, I’m using these scripts:
"build": "npm run clean && tsc && npm run chmod",
"clean": "shx rm -rf ./dist/*",
"chmod": "chmod u+x ./dist/src/cmd.js",
Alas, the last script won’t work on Windows. What’s a good way to fix this?
If an #npm package has "exports", it can “self-reference” them via its package name. That’s useful for tests (which demo how importing packages would use the code).
// util_test.js
import {helperFunc} from 'my-package/misc/util.js';
#NPM based packages should mandatorily disclose whats the code size and what will be the nodes-modules folders count and total size. coz that combined together could what kind of liability i am getting myself into. #supplychain issues arise from being unaware / ignorant about your liabilities mostly.
Especially the part where you can just publish your TypeScript package without transpilation, and they handle #NodeJS /NPM compatibility is pretty big for IMO.
We continue to identify sophisticated threats originating from the use of #opensource software packages. This time the attacker uses a signed #Microsoft executable to initiate the attack chain through an #npm package.
I spelunked into steganography to create a new feature in https://www.deciduous.app/ that lets you reimport PNGs and SVGs of your decision trees to derive the underlying YAML.
Deciduous now also sports a CLI (so you can #npm install it), and a bunch of lil things @shortridge and I added towards the goal of fast, easy, collaborative #threatmodeling of potential failures.
@baldur Another issue with npm modules in #Deno is that many #npm modules just break under restrictive permissions. They expect to have read access to the whole disk and break if you deny them that. So you pretty much have to grant every permission, but of course that defeats one of the major advantages of using Deno: prevent bad modules from doing bad things.
There may be ways to improve that over time, but it's not a pretty picture.
🙃 @bagder on curl's AI frustrations
🤪 Brian Birtles on weird things engineers believe
💣 Feross on npm's "everything" package chaos
🧐 @robpike on what Go got right/wrong
🏦 Gavin Howard argues code is not tech debt
🎙 hosted by @jerod