Our great sponsors
colors.js | core-js | |
---|---|---|
52 | 141 | |
5,153 | 23,853 | |
- | - | |
0.0 | 9.8 | |
11 months ago | 2 days ago | |
JavaScript | JavaScript | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
colors.js
-
Mitigate the hidden security risks of open source software libraries
However, it's unlikely that the majority of users actually visit GitHub at https://github.com/Marak/colors.js to review the code, even at a high level. Most developers tend to rely on the assurance that open source software is generally safe to use.
- when u finally found that ONE repo which fits your needs and is not outdated but you have issues to raise
-
Marak: The reports of my death have been greatly exaggerated
> A new feature was added to the colors.js project for generating cool ASCII Art American Flags. Unfortunately, this feature was not bug-free and some test code slipped into the release causing issues downstream. Nobody is perfect. Everyone makes mistakes from time to time.
https://github.com/Marak/colors.js/commits/master shows 4 commits and 2 releases. Does not seem like a simple mistake
> As per our internal open-source development process, I opened an Issue in colors to track the bug as soon as it was confirmed. It happened to be a weekend [...] I tagged some other open-source developers I've worked with in the past to see if they had time to assist and closed the browser tab.
- Recognize that there are many reasons that people create open source work...its a form of their self expression like Michelangelo or Salvador Dali, and nobody should complain if a metaphoric Jackson Pollock, decides to make their work resemble paint splatter instead of an architectural masterpiece.
- this thread will forever be living proof that the entire node ecosystem is a fucking dumpster fire.
- CVE-2021-23567
-
JavaScript News and Updates of January 2022
Early this month, the malicious attack on free-to-use libraries, namely color.js and faker.js, created a real uproar in the development community. These tools are used in thousands of projects and their downloading rate from npm is estimated in millions per week. To everyone’s surprise, it turned out to be an inside job. Marak Squires, the creator of these libraries, intentionally committed malicious code to his projects and published updated codebases on GitHub and npm. It is said that this sabotage was caused by unsuccessful attempts of Mr. Squires to monetize his projects. Fortunately, malicious packages were quickly removed and the attacker’s account was suspended. The story sparked a new wave of discussion in the development community on possible steps to make the development and maintenance of open-source projects more sustainable.
-
colors.js VS ansis - a user suggested alternative
2 projects | 24 Jan 2022
-
Marak, the guy behind the recent breaking of faker.js, colors.js, etc., claims that it was a "programming mistake" and wants Github to unban him.
See: https://github.com/Marak/colors.js/issues/285
-
Colors.js in dart.
Ever used colors.js? How about the same in dart?
core-js
-
Emacs' helm is maintained by one maintaner for 11 years long
This is surprisingly common. The other example off the top of my head, a single maintainer of a very popular project who had to temporarily abandon it due to lack of funds, is Denis Pushkarev (zloirock) and core.js (https://github.com/zloirock/core-js/blob/master/docs/2023-02...).
The majority of OSS projects have most of their contributions by one person (the project leader), and the vast majority of OSS contributors don't do it for their job. It seems nearly every single popular OSS project is like this (one unpaid, maybe sponsored, volunteer doing most of the work); it's not even worth listing projects and names, because you can just pick a couple projects you know and I bet at least one will be an example. Fortunately, most of these people seem to be well-off (probably in part due to the quality of programming jobs), but every once in a while there's someone who's not so fortunate. It should be more common to sponsor maintainers, especially if they are asking for donations provided they can prove that they really need the money (the world we live in, some people who have plenty fake issues to solicit donations, then others who genuinely need and deserve the money are scolded and left unfunded because of them).
-
Users are massively giving their 1-star reviews to AdBlocker
Funny you say that, I was just thinking earlier today back to the core-js drama.
In short: the creator of a NPM package that is used by approximately everyone, everywhere, was facing a legal battle. He had been developing this package full time for years and did not have the cash on hand to hire a lawyer. He added a console log that ran on installing his package that said something like "If you're using core-js please consider donating". Queue an absolute shitstorm of people screaming at him in the github issues and him going to prison for around 10 months. Luckily he seems to be back on the grind nowadays, with a decently robust cross-platform slush fund to boot (~200k USD across Pateron, Open Collective, Bitcoin).
It can be a rough world out there for the folks building for the "focus, productivity and anti-distraction" platform.
https://github.com/zloirock/core-js
-
SpeakBits - A reddit alternative without the corporate baggage
I think everyone here knows that, at some point, the site would start costing a lot of money and would need to be funded in some way. I would love for the Wikipedia donation model to work for a site like this but everything I find points to that not being the case. Reddit gold not covering server costs and open source devs not tied to a corporation struggling to continue working on their projects being two prime examples. If anyone has anything that can convince me to give it a try, please let me know and I will switch this to a non-profit.
-
Why there may never be a libjpeg-turbo 3.1
Open source developers are not being paid. They published under licenses that allow zero cost and businesses won't pay.
If you want to write open source code for living, you have to find a business model that works. In this case, it is even under permissive license.
* code freeze - code is under open source license only a certain time after commit/release. Maybe add "support", aka you get security fixes in timely manner.
* open core - put some features behind commericial door.
* go ImageSharp way of split license. That one is fun, because MS deprecated/killed (throws exceptions on attempt to use) official image/font library and that was was intended replacement. Rather blatant offloading of costs.
This has been rehashed several time (core-js recently https://github.com/zloirock/core-js/blob/master/docs/2023-02...).
The gist of it is: Companies are not going to pay if they don't have to. That is the reality and it's not going to change.
-
[Torte de Lini] After 375 changes, all 166 Standard Hero Guides are updated to patch 7.33d
This is one of the few examples. https://github.com/zloirock/core-js/blob/master/docs/2023-02-14-so-whats-next.md
-
I am an enthusiast of Linux. But... here is where it sucks
Open source: It sounds pretty nice. Open to everyone... But it sucks in general. People really don't care to contribute to open-source. (e.g. here). It is a really good resource for development but for people who don't know anything about development, it is not important. There needs to be some financial income / support for good open-source.
-
Why you use Nodejs and depends 95% on third party libraries which only last of a year or two and don't use something like asp.net which is maintained by Microsoft?
there is https://github.com/zloirock/core-js but is more or less a 1 guy team and he is grossly under paid and well just read this https://github.com/zloirock/core-js/blob/master/docs/2023-02-14-so-whats-next.md im shocked he still works on it
-
Why Phoenix?
Choice is good to a point but at some point it becomes crippling. It still haunts me on Rails. Is it yarn, is it brunch, is it npm, is it webpacker, is it esbuild, is it import maps... plus personally the pad-left debacle left a bad taste in my mouth and this little nugget about core-js was heartbreaking. For me it's hard to pick JS for anything other than what I absolutely must.
-
Journalists having bad ideas about software development
There's a real story behind that (but the software is core-js, not nginx)
-
Discussion Thread
npm WARN deprecated [email protected]: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3. \> [email protected] postinstall /home/daniel/src/test/node_modules/core-js > node -e "try{require('./postinstall')}catch(e){}" Thank you for using core-js ( https://github.com/zloirock/core-js ) for polyfilling JavaScript standard library! The project needs your help! Please consider supporting of core-js on Open Collective or Patreon: > https://opencollective.com/core-js > https://www.patreon.com/zloirock Also, the author of core-js ( https://github.com/zloirock ) is looking for a good job -)
What are some alternatives?
chalk - 🖍 Terminal string styling done right
create-react-app - Set up a modern web app by running one command.
GHSA-5rqg-jm4f-cqx7
proxy-polyfill - Proxy object polyfill
aws-cdk - The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
Angular - Deliver web apps with confidence 🚀
SES-shim - Endo is a distributed secure JavaScript sandbox, based on SES
node-sass - :rainbow: Node.js bindings to libsass
wasi-libc - WASI libc implementation for WebAssembly
es6-promise - A polyfill for ES6-style Promises
proposal-built-in-modules
fromentries - Object.fromEntries() ponyfill (in 6 lines)