Profile avatar
bradleymeck.bsky.social
Working @socket.dev
131 posts 144 followers 100 following
Regular Contributor
Active Commenter
Posts 21 Comments 29

The @vlt.sh team launched "reproduce" today, an #OSS tool that verifies if npm packages match their source code. With recent supply chain attacks exposing provenance limitations, this approach is already showing better adoption rates than traditional methods. âž³ socket.dev/blog/vlt-lau... #JavaScript

submitted 17 hours ago • 1 comment

One nice thing about this is it moves a bunch of cache problems and code signing of mallicious source issues into actual actionable states if going down this route. Happy to see more things move this way.

submitted 1 day ago • 0 comments

🚀 We just launched `$ npx reproduce <pkg>`

submitted 1 day ago • 3 comments

As always for this stuff; comparison is expected to be linear. Might be interesting to provide a grouped matcher though; to get sublinear you probably can still: m=new Map m.set(#[0], 0) m.set(#[1], 1) m.set(#[2], 2) // instead of linear searching entries get some trick speed ups? m.get(#[2])

submitted 3 days ago • 0 comments

(Boosts encouraged!) Hi! 👋 I’m Kat. I’ve been a professional dev for over 15 years. I maintained the NPM CLI for 5 of those. I sat in TC39. I work at Microsoft. I’m self taught w/a film degree and no formal CS edu. Are you new to tech? What do you wish you could ask some1 like me? Literally AMA

submitted 6 days ago • 29 comments

CJS loader is pretty broken for workers but ESM works fine in SEA loader now after some minor poking around; who want to test this thing out / what smallish APP would be a useful case study I can do this weekend?

submitted 6 days ago • 2 comments

Got worker threads working with SEA esm loader; but CJS is kinda borked due to github.com/nodejs/node/... and I don't always get the same events depending on a variety of conditions and sometimes don't even get the same data / returns do different things

submitted 8 days ago • 0 comments

Blink: Intent to Ship: Invoker Commands; the command and commandfor attributes

submitted 9 days ago • 0 comments

Some other semi-hidden @github.com tricks: - Append /releases.atom to a repository to get a feed of all of its new releases: github.com/webpro/knip/... - Append .keys to a user profile to get its public keys: github.com/voxpelli.keys

submitted 9 days ago • 1 comment

RustOwl visualizes ownership movement and lifetimes of variables. When you save Rust source code, it is analyzed, and the ownership and lifetimes of variables are visualized when you hover over a variable or function call. 🔗 github.com/cordx56/rust...

submitted 8 days ago • 0 comments

New adventure in Node SEA holds state internally/can be passed around. Fun because it means I can store data & then pass it around without worrying about things like files being missing. Basically an old style virtual image system you can copy and pass around. Function persistence needs work tho.

submitted 8 days ago • 0 comments

Always use single page mode docs. Small core era made a bunch of stuff stashed in odd places (mostly until)

submitted 11 days ago • 0 comments

2nd nerd snipe brought it probably to within striking distance of being usable w/o bundling ; did have 1 major hack to deal w/ how require() works after sync ESM landed in core but rest is pretty readable. Lots to optimize though github.com/bmeck/sea-lo...

submitted 12 days ago • 1 comment

🚀 Big news for Node.js developers! require(esm) has been backported to Node.js 20, removing a major roadblock for ESM adoption. With Node 18 nearing EOL, library maintainers can finally go ESM-only with confidence. 🎉 socket.dev/blog/require... #NodeJS #JavaScript

submitted 13 days ago • 1 comment

ensure your tools if any audit the actual distributable stuff; building things for iOS vs android means different code being shipped.

submitted 14 days ago • 0 comments

Proper tail calls are back on the menu?

submitted 14 days ago • 0 comments

Using LLM as a code reviewer provides a lot of value: 20% because the LLM can find subtle issues, 80% because it will keep leaving comments until you actually write comments explaining the invariants and assumptions the code has

submitted 15 days ago • 4 comments

Moved some code to Node@23 and got the type stripping workflow + Single Executable Application workflow going ; some minor nits but it seems fairly workable.

submitted 16 days ago • 2 comments

aww `node --run foo a b c` drops argv (a b c)

submitted 20 days ago • 0 comments

📌 The @linuxfoundation.org is warning open source developers: Compliance with global sanctions is not optional. Accepting PRs from sanctioned contributors and/or engaging in technical discussions could have legal repercussions. Learn more » socket.dev/blog/linux-f... #OpenSource

submitted 20 days ago • 1 comment

Are you exporting `NODE_COMPILE_CACHE=.cache/node` for your Node >= 22 development? If not, why? Been doing some testing locally on this and have some general guidelines I'm seeing but no clear automation route for it.

submitted 20 days ago • 0 comments