proposal-shadowrealm
rua
proposal-shadowrealm | rua | |
---|---|---|
19 | 4 | |
1,376 | 420 | |
1.2% | - | |
6.0 | 6.7 | |
13 days ago | 4 months ago | |
HTML | Rust | |
- | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
proposal-shadowrealm
-
Updates from the 98th TC39 meeting
ShadowRealm: ECMAScript Proposal, specs, and reference implementation for Realms [Stage 3 -> 2].
-
Should you use jest as a testing library?
You can't out of the box. There is an open issue on the Node.js repositoryto let the node:vm module to use the vm's context, but it is still open. It seems that the Node.js core team is interested in fixing this problem by implementing the new ShadowRealm spec, and I think we will make some progress during 2023.
-
Building an Extension System on the Web
ShadowRealms — a successor of the Realms proposals, this API is intended for use cases exactly like plugins or extension systems, providing an option for creating distinct global environments to run the code in. While not entirely secure on its own, this API could provide a strong foundation to build actual extension systems on the Web. That said, 4 years later, the TC39 proposal is currently only at stage 3, not implemented by any browser;
-
Vitest vs Jest benchmarks on a 5 year old real work SPA
With --no-isolate it was 2.8x faster than vitest and 1.7x faster than Jest, but 19 tests failed (see table above). Some people report issues with watch mode when using --no-isolate. So I decided to not pursue it any further. Once the vm module that Vitest relies on supports ESM, or when the amazingly named Shadow Realms are added to JavaScript, we will likely get this performance boost for free without the downsides.
-
Improving Vitest Performance
If ShadowRealms are ever added to EcmaScript (and implemented into V8/Node) they'll allow for a different approach to isolating code that would be faster without the downsides of sharing global.
- Virtualization is not an important enough use case for the web platform to tradeoff ergonomics and possible confusion for web devs, who by and large […] do not understand the separation between the specs. More to the point, they really shouldn't need to.
-
Is there an npm package for perchance?
Eventually I will get around to creating a "proper" package by just grabbing all the JS that is loaded by the code in the iframe, and bundling it up. We really need the ShadowRealm proposal to go through because the perchance engine messes with a lot of JS internals, so it would mess up the rest of your app. Could do it in a WebWorker, but then everything would have to be async.
-
Show HN: Run unsafe user generated JavaScript in the browser
The upcoming JavaScript Shadow Realms proposal looks like it solves a similar problem: https://github.com/tc39/proposal-shadowrealm/blob/main/expla...
- Named Element IDs Can Be Referenced as JavaScript Globals
-
Running user code in the browser (for a leetcode clone)
Browser-based JavaScript doesn't yet have a way to isolate code fully in this manner though there is a new JavaScript feature on the way that would provide this capability. Its called ShadowRealm and would basically give you a new global context to execute code that's completely separate from your main document code.
rua
-
Node.js packages don't deserve your trust
> While I find projects in those other languages to also have too many dependencies, it's no where near what happens in JS apps. I'm thinking of projects I've recently worked on in Rust, PHP, and Java.
My experience with these new languages is such that this feels a bit unfair. It's like insisting that a disaster with 1000 fatalities is "much worse" than one with "only". It's ... true ... I guess, but there's something uncomfortable about making the comparison. Something has gone badly wrong if the comparison even needs to happen in the first place.
What I'm getting at is that e.g. Rust has an enormous problem in this area. It's not uncommon for me to see Node projects with over a thousand transitive dependencies, but on the other hand, I very frequently see Rust projects with over a hundred. And the Node projects tend to be more complicated than the Rust ones; they do more.
Take the last Rust program I tried to use, tealdeer. [1] If you don't know, tldr is a project that provides alternative simplified man pages for commonly used programs that consist entirely of easy to understand examples for the program. [2] What a tldr client needs to do is simply to check a local cache for each lookup, and if necessary update the cache online. It's a trivial problem that can be, and has been! [3], solved in a few hundred lines of shell (if you're being extremely verbose). How many recursive dependencies would you guess tealdeer uses? Depends on how you count, of course, but as of today the answer is ~133 deduplicated dependencies! For a program that's a glorified wrapper around curl!
Or another Rust program I looked at recently, rua [4]. In Arch Linux, the AUR is a repository of user maintained scripts for building and installing software as native Arch packages. Official tools for the building and installing software already exist for Arch, but it is common for users to use a wrapper around these tools that makes fetching and updating the software from the AUR easier. It's a relatively simple task that (once again) can be done with shell scripts. rua is such a wrapper. As of today it uses 137 deduplicated dependencies!
These Rust programs are simple terminal tools to do tasks that are almost trivial in nature. And yet they require hundreds of constantly updating dependencies! The situation may well be better than what you'll find for Node, but it's undeniably disastrous compared to either simpler languages without a built in package manager (like C) or more complicated batteries-included languages where best practices continue to prevail (like Python).
[1] https://github.com/dbrgn/tealdeer
[2] https://tldr.sh/
[3] https://github.com/raylee/tldr-sh-client/blob/main/tldr
[4] https://github.com/vn971/rua
-
Paru vs Yay vs Other (please specify in comments)
I gotta dig into rua too, seems cool!
-
Is there an AUR helper that can automatically apply custom patches?
Rua can do local patches (https://wiki.archlinux.org/title/AUR_helper#Comparison_tables)
-
5 reasons why I love coding on Linux
https://github.com/vn971/rua#install-the-aur-way
What are some alternatives?
wtfjs - 🤪 A list of funny and tricky JavaScript examples
yay - Yet another Yogurt - An AUR Helper written in Go
Pentive - Collaborative Spaced Repetition
paru - Feature packed AUR helper
vm2-process - Execute unsafe javascript code in a sandbox
dotter - A dotfile manager and templater written in rust 🦀
vrite - Open-source developer content platform
alma - Create Arch Linux based bootable USB drives
caja - Caja is a tool for safely embedding third party HTML, CSS and JavaScript in your website.
customizepkg - A tool for Arch Linux package manager pacman to modify PKGBUILD automatically
LavaMoat - tools for sandboxing your dependency graph
arch-audit - A utility like pkg-audit for Arch Linux. Based on Arch Security Team data.