EventSource
Gatsby
Our great sponsors
EventSource | Gatsby | |
---|---|---|
16 | 357 | |
2,077 | 55,016 | |
- | 0.1% | |
0.0 | 9.3 | |
about 2 months ago | 4 days ago | |
JavaScript | JavaScript | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
EventSource
- Can my linux system infect with malware?
-
Rise in npm protestware: another open source dev calls Russia out
The library in question is much more than one line, and it's a polyfill, which is something that provides the capabilities of the standard library to older browsers.
-
Node.js packages don't deserve your trust
It makes me deeply sad to see these sort of interactions in open source [1].
> Hmm, I think it's a worthwhile fix. Where did you see malware here?
> I think the author of this repo is free to decide what code he publishes. Say thanks to that it's for free
An incredible amount of people have dedicated sweat and tears and foreheads (from banging against the desk in frustration) to open source across the entire stack, from the contributers to OSs such as Linux to those working their arses off to create better frameworks, languages and runtimes, that we can all benefit from and use with a reasonable expectation of security, respect and privacy.
As a university student, I feel privileged to have been able to grow up in a world where so much work and knowledge is provided for free with no strings attached, regardless of demographic/location, I would not be where I am without it. A century ago this would not have been possible. To all of you who have tirelessly and selflessly worked on OSS for others, without expecting anything in return or imposing politics, ideologies, infringing on privacy, causing damage, collecting vast quantities of marketable personal information or monopolisation, I give you my heartfelt thanks for your efforts, you know who you are. You have created something that will have forever helped to improve our soceity and empower those that want to learn and create their own designs.
From my own personal experience, I want to give a shout-out to the smaller projects of Rust, Svelte and Elixir. I think it's incredible that the work and ideas of (often) a single person (Rich Harris, José Valim) can grow into larger extremely welcoming and helpful communities with many more motivated contributors that are proud of being parts of those projets and put in an extrodinary effort to try and do things _better_ than before. I'm sure there are plently of other worthy names I'm too young/ignorant to know.
Love it or hate it, Node.js has been very empowering for a large number of people to learn and publish their own full-stack applications, the JavaScript ecosystem has improved enormously since its beginnings, but has a tendancy to change slowly due to its size, unless a disruptive technology comes along such as TypeScript. Websites are a great way to introduce people to the joy of programming with its visual feedback, you can make a small penguin move across the screen, then move on to play tic tac toe. Even as a younger developer, I admit that the days of FTP, no-build-step pages with a sprinkle of JQuery were easier to understand and actually _safer_ for newcomers than introducing someone to a SPA stack (which can easily have thousands of transient dependencies) nowadays.
[1]: https://github.com/Yaffle/EventSource/issues/202
- [email protected] modified to alert() users in Russian timezones when bundled in application
-
NPM package event-source-polyfill compromised by political activists
> Cool story.
Actually, "blacklists", "redlists" and many other "lists of undesirables" weren't cool at all. But every generation or so they unfortunately seem appealing again.
> the list that they're discussing has actually existed for 30 years
Where is this list? Who maintains it?
OC certainly didn't know about it: "We should probably start an open source sanction list of individuals who abuse trust to ship malware"
> When you commit a crime
"crime"? Please link me to the law you think they broke.
Here's the license: https://github.com/Yaffle/EventSource/blob/master/LICENSE.md
> THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED
So, how is this a "crime"?
> that knowledge never disappears in any country
Not true in any country except maybe North Korea or some other authoritarian state. In any society with checks and balances, verdicts can be appealed, judgements reversed, records expunged and rights restored. This "undo" feature is pretty critical to any legitimate system of justice, as is "innocent until proven guilty". I didn't see any details about the rights of the accused in anyone's blacklisting proposals.
> None of these address what happened in any way.
Yes, it does. MIT licensed software is provided "AS IS, WITHOUT WARRANTY". If you don't like it you can fork it. If you're afraid of a bad commit, vendor it, which is a best practice anyway, for this exact use case.
> Relatively easy for the rest of us to see.
Our entire legal branch of government exists because these lines are never easy. Judges judge things all the time, and not uniformly. If everything was easy to see, we wouldn't need judges or juries. The interpretation of language or of an act on a case by case basis is where things get tricky.
> The rest of us will act without you
At this point I have way more questions:
* Would you blacklist this contributor if they documented the Russian timezone popup as a feature in the package as the issue creator suggested (https://github.com/Yaffle/EventSource/issues/202#issuecommen...)?
* What "test" would you apply to code to determine if the developer should be blacklisted or not? Would this blacklist only pertain to malware? Wikipedia (https://en.wikipedia.org/wiki/Malware) defines a few different malware categories: "Many types of malware exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, wiper, and scareware." If the code doesn't fall into one of those categories (as is this case), under what circumstances might you still blacklist the developer?
* If a maintainer stops maintaining their current library and says all future maintenance will be done on a new library, and that new library contains this Russian timezone popup code, would they be blacklisted?
* Would it matter if the "bad code" was intentional or not? Or a joke or not? Or temporary or not? How would you determine the author's intent? Would they have a chance (or be obligated) to respond? Or would you only look at the impact of the code? If you look at the impact, how under what conditions would a "bug" get you blacklisted?
* Would you blacklist a developer for making a breaking change to a package? What if the breaking change was politically motivated?
* Who runs and maintains the list? Does this list have an appeals process? What are the rights of the accused?
* How will you disambiguate the list so as not to misconstrue "innocent" developers as blacklisted developers? Will you include their birth name? Social profiles? Emails? Addresses? How will you deal with name changes (someone gets married, or changes their name?), or new online handles?
* What age and definition of a minor will you use? And will minors be given different treatment or excused from the blacklist?
I could go on, but if you're serious about this idea, you'll probably want to communicate it in more detail because a "forever list of bad developers" sounds a lot like a "forever list of communists" or a "forever list of undesirables". If you're not going to make the same mistakes McCarthy (and others before him) did, then these details will be really important.
-
A beginner friendly intro to server sent events with node.js
Obviously, websockets are superior and offer much more when compared to SSE. However according to me, sometimes the simplest solutions are just as good to get the job done. Besides, use of EventSource for SSE is abandoned and for that we can use polyfills such as https://github.com/Yaffle/EventSource
Use of EventSource is abandoned for SSE. It can be mocked by using fetch api. Have a look at this polyfill: https://github.com/Yaffle/EventSource
Gatsby
-
Building static websites
The first time I started building static websites is when I discovered Gatsby. I built several projects using Gatsby and hosted it on Netlify free tier. It felt like a really robust architecture and I loved that it was free.
-
Gatsby tutorial: Build a static site with a headless CMS
A Gatsby site uses Gatsby, which leverages React and GraphQL to create fast and optimized web experiences. Gatsby is often used for building static websites, progressive web apps (PWAs), and even full-blown dynamic web applications.
-
Building a High-Performance Website with Next.js and WordPress
While Next.js is a powerful framework for building server-rendered React applications, it's not the only option for developers looking to create high-performance websites. One notable alternative is Gatsby, a static site generator that leverages React and GraphQL.
-
The Current State of React Server Components: A Guide for the Perplexed
The other piece of important information to acknowledge here is that when we say RSCs need a framework, “framework” effectively just means “Next.js.” There are some smaller frameworks (like Waku) that support RSCs. There are also some larger and more established frameworks (like Redwood) that have plans to support RSCs or (like Gatsby) only support RSCs in beta. We will likely see this change once we get React 19 and RSCs are part of the Stable version. However, for now, Next.js is currently the only framework recommended in the official React docs that supports server components.
-
A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev
GatsbyjsCMS - Gatsby is the fast and flexible framework that makes building websites with any CMS, API, or database fun again. Build and deploy headless websites that drive more traffic, convert better, and earn more revenue!
- The gatsby build command will not complete or terminate
-
ReactJS Good Practices
GatsbyJS
-
Abstract Syntax Trees and Practical Applications in JavaScript
Babel plugins are everywhere. From being used to remove unwanted exports from files in Gatsby to being used to disallow users from doing re-exports in Nextjs.
-
How To Choose the Best Static Site Generator and Deploy it to Kinsta for Free
In terms of GitHub stars, SSGs like Next.js, Hugo, Gatsby, Docusaurus, Nuxt.js, and Jekyll top the list. Some popular SSGs even host conferences and workshops, providing resources and networking opportunities for those looking to explore more advanced topics in depth.
-
Finding the Best React CMS: A Comprehensive Guide
Flexibility : Developers have complete control over the frontend so they can use their preferred tools and frameworks like React, Next.js, Gatsby, or Remix.
What are some alternatives?
better-sse - ⬆ Dead simple, dependency-less, spec-compliant server-side events implementation for Node, written in TypeScript.
Svelte - Cybernetically enhanced web apps
WHATWG HTML Standard - HTML Standard
astro - The web framework for content-driven websites. ⭐️ Star to support our work!
torsocks - Library to torify application - NOTE: upstream has been moved to https://gitweb.torproject.org/torsocks.git
SvelteKit - web development, streamlined
proposal-iterator-helpers - Methods for working with iterators in ECMAScript
Express - Fast, unopinionated, minimalist web framework for node.
LavaMoat - tools for sandboxing your dependency graph
eleventy 🕚⚡️ - A simpler site generator. Transforms a directory of templates (of varying types) into HTML.
rua - Build tool for Arch Linux providing control, review and jailed build options
Vue.js - This is the repo for Vue 2. For Vue 3, go to https://github.com/vuejs/core