event-stream
event-stream | proposal-built-in-modules | |
---|---|---|
5 | 4 | |
2,157 | 891 | |
- | 0.3% | |
0.0 | 0.0 | |
over 5 years ago | 11 months ago | |
JavaScript | HTML | |
MIT License | BSD 2-clause "Simplified" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
event-stream
-
I gave commit rights to someone I didn't know
Another possible outcome of "I gave commit rights to someone I didn't know": https://github.com/dominictarr/event-stream/issues/116
- Looking for open source Python lite wallet or Payment Processor with unified API for BTC, LTC, ETH, XMR, maybe others
-
What NPM Should Do Today to Stop a New Colors Attack Tomorrow
Whole npm ecosystem is so fragile.
Remember event-stream[1]? Did we learned something from that? Yes, we might. So was it improved? Never. People are still installing 'new' colors package and wondering why its texts are broken.
What if he uploaded malicious code rather than just just gibberish?
[1]: https://github.com/dominictarr/event-stream/issues/116
- NPM Audit: Broken by Design
-
Researcher hacks over 35 tech firms by creating public NPM packages
foo-bar version 1.0 depends on bada-boom 1.0 which depends on bada-bing 1.0. Now you update to foo-bar 1.1 because of some critical update, which in itself now depends on bada-boom 2.0 and bada-bing 2.0. But unbeknownst to you and the author of foo-bar, the bada-boom and bada-bing project was taken over by another maintainer who made an update, but also added some trojan horse code to specifically attack certain users, which was obfuscated and remained undetected. Which has happened before - not just browser extensions are affected by malicious attackers taking over useful projects.
proposal-built-in-modules
-
Turboprop: JS Arrays as Property Accessors!?!
There is proposal for stdlib, but it will take some time until (if ever) it will reach stage 4.
-
Don't make me think, or why I switched to Rails from JavaScript SPAs
The working group most in charge of JS is ECMA's TC-39 (TC => Technical Committee) [0]. They've been taking a very deliberate, slow path to expanding the "standard" library because they take a very serious view of backwards compatibility on the web. Some proposals were shifted because of conflicts with ancient versions of things like MooTools still out in the wild, for instance. (This was the so-called "Smooshgate" incident [1].)
This may speed up a bit if the Built-In Modules proposal [2] passes, which would add a deliberate `import` URL for standard modules which would give a cleaner expansion point for new standard libraries over adding more global variables or further expanding the base prototypes (Object.prototype, Array.prototype, etc) in ways that increasingly likely have backwards compatibility issues.
TC-39 works all of their proposals in the open on Github [3] and it can be a fascinating process to watch if you are interested in the language's future direction.
[0] https://tc39.es/
[1] https://developers.google.com/web/updates/2018/03/smooshgate
[2] https://github.com/tc39/proposal-built-in-modules
[3] https://github.com/tc39/proposals
-
What NPM Should Do Today to Stop a New Colors Attack Tomorrow
There is a TC39 proposal for a "Javascript Standard Library." It's at stage 1, which is better than stage 0.
https://github.com/tc39/proposal-built-in-modules
-
[AskJS] What is the thing you hate the most about JS?
The standard library is a tough one. There is a proposal for built-in modules but it is very early days and miles away from what is needed. Clojure ships with functions that make the likes of Lodash and Ramda redundant. I think for a dynamic language an extensive library of functions for manipulating collections is essential. It is a real thing that once dynamic language codebases grow too big, they become a challenge to maintain. Therefore having functions that do a lot of common tasks for you mitigates that issue. Paired with immutability, lots of code just becomes data passing through pipelines, giving less surface area for bugs and making everything more concise and declarative.
What are some alternatives?
enquirer - Stylish, intuitive and user-friendly prompts, for Node.js. Used by eslint, webpack, yarn, pm2, pnpm, RedwoodJS, FactorJS, salesforce, Cypress, Google Lighthouse, Generate, tencent cloudbase, lint-staged, gluegun, hygen, hardhat, AWS Amplify, GitHub Actions Toolkit, @airbnb/nimbus, and many others! Please follow Enquirer's author: https://github.com/jonschlinkert
openapi-typescript-codegen - NodeJS library that generates Typescript or Javascript clients based on the OpenAPI specification
cli - the package manager for JavaScript
proposal-pattern-matching - Pattern matching syntax for ECMAScript
pkg-vuln-collab-space - Project for work on improved Package Vulnerability Management & Reporting
Nest - A progressive Node.js framework for building efficient, scalable, and enterprise-grade server-side applications with TypeScript/JavaScript 🚀
django-money - Money fields for Django forms and models.
proposal-observable - Observables for ECMAScript
LADX-Disassembly - Disassembly of Legend of Zelda: Links Awakening DX
redwood - The App Framework for Startups
colors.js - get colors in your node.js console
proposal-record-tuple - ECMAScript proposal for the Record and Tuple value types. | Stage 2: it will change!