proposal-shadowrealm VS cli

ShadowRealm: ECMAScript Proposal, specs, and reference implementation for Realms [Stage 3 -> 2].

You can't out of the box. There is an open issue on the Node.js repositoryto let the node:vm module to use the vm's context, but it is still open. It seems that the Node.js core team is interested in fixing this problem by implementing the new ShadowRealm spec, and I think we will make some progress during 2023.

ShadowRealms — a successor of the Realms proposals, this API is intended for use cases exactly like plugins or extension systems, providing an option for creating distinct global environments to run the code in. While not entirely secure on its own, this API could provide a strong foundation to build actual extension systems on the Web. That said, 4 years later, the TC39 proposal is currently only at stage 3, not implemented by any browser;

With --no-isolate it was 2.8x faster than vitest and 1.7x faster than Jest, but 19 tests failed (see table above). Some people report issues with watch mode when using --no-isolate. So I decided to not pursue it any further. Once the vm module that Vitest relies on supports ESM, or when the amazingly named Shadow Realms are added to JavaScript, we will likely get this performance boost for free without the downsides.

If ShadowRealms are ever added to EcmaScript (and implemented into V8/Node) they'll allow for a different approach to isolating code that would be faster without the downsides of sharing global.

Eventually I will get around to creating a "proper" package by just grabbing all the JS that is loaded by the code in the iframe, and bundling it up. We really need the ShadowRealm proposal to go through because the perchance engine messes with a lot of JS internals, so it would mess up the rest of your app. Could do it in a WebWorker, but then everything would have to be async.

The upcoming JavaScript Shadow Realms proposal looks like it solves a similar problem: https://github.com/tc39/proposal-shadowrealm/blob/main/expla...

Browser-based JavaScript doesn't yet have a way to isolate code fully in this manner though there is a new JavaScript feature on the way that would provide this capability. Its called ShadowRealm and would basically give you a new global context to execute code that's completely separate from your main document code.

Because sometimes I make idiotic mistakes and I really don't want that embarrassing stuff out there where people can see. I ran head first into an npm bug once when I tried to symlink the README file which resulted in the thing getting published without a README.

https://github.com/npm/cli/issues/6746

Embarrassing. And then they slapped me with a stupid 24 hour count down on top of it. I seriously hate this thing.

This is the same NPM that made a change causing the `integrity` field to go silently missing from `package-lock.json` [0] when installing packages, and then also not complaining at any other time in the future.

[0] https://github.com/npm/cli/issues/4460

Node.js v21 includes npm v10.2.0, which notably introduces a new sbom command that allows you to generate a Software Bill of Materials (SBOM) for the current project. You can read more about the changes in recent NPM releases on GitHub.

npm ERR! This is an error with npm itself. Please report this error at: npm ERR! https://github.com/npm/cli/issues

You'll need an AWS account and AWS credentials configured locally. We'll use pnpm but you could also use npm or yarn. The finished app is available on github.

~/Documents/amplify-hackathon/amplify-react-graphql-demo main !5 ?3  npm install -g @aws-amplify/cli  1 ✘ 4s 22:11:35 changed 26 packages in 25s 7 packages are looking for funding run `npm fund` for details npm notice npm notice New minor version of npm available! 9.4.0 -> 9.6.5 npm notice Changelog: https://github.com/npm/cli/releases/tag/v9.6.5 npm notice Run npm install -g [email protected] to update! npm notice

10 18.95 npm notice Changelog: https://github.com/npm/cli/releases/tag/v9.6.4

npm WARN deprecated [email protected]: See https://github.com/lydell/source-map-resolve#deprecated npm WARN deprecated [email protected]: This SVGO version is no longer supported. Upgrade to v2.x.x. added 1692 packages, and audited 1699 packages in 23s 211 packages are looking for funding run `npm fund` for details 27 vulnerabilities (1 low, 7 moderate, 18 high, 1 critical) To address issues that do not require attention, run: npm audit fix To address all issues (including breaking changes), run: npm audit fix --force Run `npm audit` for details. npm notice npm notice New minor version of npm available! 9.5.1 -> 9.6.2 npm notice Changelog: https://github.com/npm/cli/releases/tag/v9.6.2 npm notice Run npm install -g [email protected] to update! npm notice