Feb 5: Come and join our next React Amsterdam meetup ๐ at Albert Heijn's AH Technology office in Zandaam
Talks:
- Releasing 20 Micro-Frontends in 1 Week With Module Federation by Gonzalo Beviglia
- The Design System Journey by Gabriel Cardoso
guild.host/events/react...
Post
bsky.app/profile/node...
Security releases available Updates are now available for the 25.x, 24.x, 22.x, 20.x Node.js release lines to address: - 3 high severity issues. - 4 medium severity issues. - 1 low severity issue. This security release includes the following dependency updates to address public vulnerabilities: - c-ares (1.34.6) on 20.x, 22.x, 24.x, 25.x - undici (6.23.0, 7.18.0) on 20.x, 22.x, 24.x, 25.x
๐Node.js v22.22.0, v24.13.0, v25.3.0 fix 3 high, 4 med, 1 low severity security vulnerabilities (+ dependencies)
Upgrade now:
Windows:
choco upgrade nodejs # or nodejs-lts
macOS:
brew upgrade node # or node@24
Ubuntu:
sudo apt-get --only-upgrade install nodejs
pnpm 10.21 continues to add security features ๐ก๏ธ
trustPolicy: 'no-downgrade' fails install if trust level of a package decreases with a new version
openPetition Recognition of Work on Open-Source as Volunteering in Germany Henning Lammert Petition is addressed to German Bundestag, Petition Committee 3,256 Signatures 3,134 from 30,000 for quorum in Germany
Petition in Germany recognizing open source as volunteering for the common good ๐คฉ
Seems like a good step towards recognition and a healthier open source ecosystem
www.openpetition.de/petition/onl...
ahh I've actually thought about this a lot - if government and laws and taxes (and also everything else like business rules) could be open source and anyone could make proposals ๐
I guess not happening anytime soon though
instead, we have 1000s of required ways to do things
ha, missed that part!
was just so surprised at finally fixing the GDPR end-user UX, would be soo amazing
Wow, no more cookie banners in EU? ๐คฏ๐ Yes please!
> some โnon-riskโ cookies wonโt trigger pop-ups at all
> central browser controls that apply to websites broadly [for other cookies]
www.theverge.com/news/823750/...
Ohh, interesting opportunity to be the Head of the Sovereign Tech Fund in Berlin ๐
Security: Do not install OpenAI Atlas, Perplexity Comet, etc
At least until the security implications are more fully understood
Multiple security research firms have found vulnerabilities in AI browser architecture, not restricted to only one specific browser
brave.com/blog/unseeab...
![alias npx-safe='function _npx_safe() {
local node_opts="--permission --allow-fs-read=$(npm prefix -g) --allow-fs-read=$(npm config get cache)"
local package=""
local package_args=()
while [[ $# -gt 0 ]]; do
if [[ "$1" == --* ]]; then
# Anything starting with `--` goes into node_opts
node_opts+=" $1"
else
# The first non-`--` argument is the package; the rest are package args
if [[ -z "$package" ]]; then
package="$1"
else
package_args+=("$1")
fi
fi
shift
done
echo "============================="
echo " npx-safe Log "
echo "============================="
echo "Node.js options:"
echo " $node_opts"
echo
echo "Package:"
echo " $package"
echo
if [[ ${#package_args[@]} -gt 0 ]]; then
echo "Arguments:"
for arg in "${package_args[@]}"; do
echo " $arg"
done
echo
fi
echo "============================="
npx --node-options="$node_opts" "$package" "${package_args[@]}"
}; _npx_safe'](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:b3xwbnwkl5qzjjhkwoimvb6x/bafkreif5l4ryqge3ybrwgdrxdv4666pky5cgicxkohru7f3hw3ow7b6rae@jpeg)
alias npx-safe='function _npx_safe() { local node_opts="--permission --allow-fs-read=$(npm prefix -g) --allow-fs-read=$(npm config get cache)" local package="" local package_args=() while [[ $# -gt 0 ]]; do if [[ "$1" == --* ]]; then # Anything starting with `--` goes into node_opts node_opts+=" $1" else # The first non-`--` argument is the package; the rest are package args if [[ -z "$package" ]]; then package="$1" else package_args+=("$1") fi fi shift done echo "=============================" echo " npx-safe Log " echo "=============================" echo "Node.js options:" echo " $node_opts" echo echo "Package:" echo " $package" echo if [[ ${#package_args[@]} -gt 0 ]]; then echo "Arguments:" for arg in "${package_args[@]}"; do echo " $arg" done echo fi echo "=============================" npx --node-options="$node_opts" "$package" "${package_args[@]}" }; _npx_safe'
npx-safe by @rafaelgss.dev :
Use the Node.js permissions model to make running npx on untrusted packages safer ๐ฅ
github.com/RafaelGSS/do...
Node.js 25 is here! We have upgraded V8 to 14.1, bringing major JSON.stringify
performance improvements and JIT pipeline optimizations.
This release introduces the permission
model --allow-net, Web Storage is enabled by default, and more!
nodejs.org/en/blog/rele...
Ahh version control conflicts are a great use case for AI - conflicts can be super hairy, so any tools or context that can help with this is ๐ฅ๐ฅ
Email coming from npmjs.org, looking like an account maintenance notification, prompting the user to log in.
The link to login looks identical to the NPM login, but hosted on npnjs.com
A phishing attack is going on against maintainers on @npmjs.bsky.social, be aware!
- email is spoofed from npmjs.org (which doesnโt use DMARC but redirects to npmjs.com)
- login link points to npnjs(dot)com (clear giveaway)
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball #1 Error: Dependabot doesn't support the 'updating transitive dependencies' feature for pnpm package_manager Dependabot attempted to update your dependencies but encountered an unsupported feature: 'updating transitive dependencies' for pnpm package_manager. Currently, this feature is not supported by Dependabot.
Why?
Dependabot security alert appears and update generated -> fails because the update is for a pnpm transitive dependency with the error:
Dependabot doesn't support the 'updating transitive dependencies' feature for pnpm package_manager
pnpm transitive dependency updates support #13177 Dependabot doesn't support transitive dependency updates for pnpm, a very popular package manager (31M downloads / week as of writing).
My request for Dependabot: Full support for @pnpm.io
(updates to transitive deps fail currently)
Voice support in the issue ๐
github.com/dependabot/d...
Safari 26 is here!!! Anchor Positioning, Scroll-driven animations, High Dynamic Range images, the new HTML <model> element, the all-new Digital Credentials API, SVG icon support, WebGPU, WebKit in SwiftUI, every site can be a web app on iOS and iPadOS, and much more.
webkit.org/blog/17333/w...
would it be part of the e18e initiative goals to reduce reliance on these micro packages by PRing to large consumer packages driving the 73m/week?
I guess the tradeoff is that the new version of the code should be simple, short and bulletproof, possibly because of new language / runtime features
React Advanced meetup coming Toronto ๐จ๐ฆ
Any speakers interested: apply to the CFP at the link below ๐
Codemods for Node.js ๐
Looking great, thanks to all contributors!
Text for search:
Netlify edge functions are down with the error in the logs:
Error handling request: TypeError: functions is not a function
In the browser, the error is: Internal Server Error
My site https://fincaguarumo.com (hosted by Netlify via fincaguarumo.netlify.app, a next.js app) suddenly returns a 500 error. In the logs, I can see only this: Error handling request: TypeError: functions is not a function at file:///root/src/bootstrap/server.ts:53:45 at mapped (ext:deno_http/00_serve.ts:407:24) at mapped (ext:deno_http/00_serve.ts:513:16) at ext:deno_http/00_serve.ts:729:29 at eventLoopTick (ext:core/01_core.js:178:7) at async netlify:bootstrap-stage1:4:1 I have not changed anything recently, I do not have any custom functions. I have no idea how to debug this error as it seems to stem from Netlify itself and not something on my end. Just to be sure, I triggered a manual deploy without cache, updated the @netlify/plugin-nextjs to 5.12.0, but to no avail. The app uses next.js 15. Is there anything else that can be done on my end?
@netlify.com multiple users reporting Netlify edge functions being down, in case you didn't know yet
Maybe you can update the status page with the outage?
answers.netlify.com/t/the-site-s...
Nice suggestion for the UX/UI!
Cc @gabritto.bsky.social
VS Code 1.103 (Jul 2025) finally has expandable hovers in JavaScript and TypeScript ๐
for when the hover info is showing the type name instead of the object / array / etc
code.visualstudio.com/updates/v1_1...
Is more funding possible for open source maintainers in Europe? ๐ช๐บ A new study commissioned by GitHub explores why creating an EU Sovereign Tech Fund could provide sustainable resources for critical OS projects.
Learn how you can help make it a reality.๐
github.blog/open-source/...
I made an emoji picker for Mac!
Fun,but also rather frustrating experience ๐
Swift was my third choice after 2 attempts with rust GUIs
github.com/mikkelam/Emo...
@bengubler.com Welcome to Bluesky! ๐
Thanks for your work on the new `experimental.typedRoutes` Next.js Turbopack feature!
bsky.app/profile/did:...
