rfcs
Babel (Formerly 6to5)
| rfcs | Babel (Formerly 6to5) | |
|---|---|---|
| 7 | 58 | |
| 45 | 42,913 | |
| - | 0.1% | |
| 4.6 | 9.7 | |
| 5 months ago | 7 days ago | |
| TypeScript | ||
| - | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
rfcs
-
Ruby Shield: Shopify donates $1M to stewards of rubygems, bundler
I can give a limited answer based on my own day-to-day work. I work in Ruby Dependency Security, which is the team who are most involved in helping out with rubygems.org and RubyGems work. Our biggest effort lately has been about rolling out MFA requirements for owners of top-most-downloaded gems. What I'd like to do afterwards is focus on gem signing using sigstore, which would make it a "one click" experience for authors. We did some work on it earlier this year[0] but chose to focus on MFA as our first big push. We also aim to devote a substantial fraction of our time to chopping wood and carrying water: looking at honeybadger exception reports, etc.
In terms of the long run there's a whole bunch that can be done to continuously harden every aspect of the Ruby supply chain. One thing we've been involved in founding is the OpenSSF Securing Software Repos working group[1], which has meant that RubyGems maintainers are now talking directly with folks from PyPI, npm, Maven Central, Cargo and others. We all face shared threats (eg, dependency confusion, resurrection attacks etc), so getting together to work collectively and share ideas has been super awesome.
[0] https://github.com/rubygems/rfcs/pull/37
[1] https://github.com/ossf/wg-securing-software-repos
-
Making popular Ruby packages more secure
Thatās correct. If youāre a maintainer of a very popular gem, as of 15th August youāll no longer be able to e.g. `gem push` if you havenāt enabled MFA on your RubyGems account. You will of course still be able to log in and enable it.
More details in the RFC: https://github.com/rubygems/rfcs/blob/master/text/0007-mfa-r...
-
NPM Vulnerability Discussion on Twitter
> < 10% had useful 2FA enabled.
I expect this to change. NPM will roll out mandatory MFA for the most-downloaded packages[0] (RubyGems as well[1]). I expect this will rise to a 100% requirement at some point because Github's decision to require MFA by the end of 2023 will massively raise the waterline of folks who have the capability to MFA and experience with MFA.
[0] https://github.blog/2021-11-15-githubs-commitment-to-npm-eco...
[1] https://github.com/rubygems/rfcs/issues/35
-
Sigstore
The RFC trying to introduce sigstore for RubyGems is an interesting look at this in practice: https://github.com/rubygems/rfcs/pull/37
- RFC for Sigstore Rubygems Signing
- RFC: Proposal for new signing mechanism
- Require MFA for most-used gems [RubyGems RFC]
Babel (Formerly 6to5)
-
What is an Abstract Syntax Tree in Programming?
GitHub | Website
-
Mastering Jest Configuration for React TypeScript Projects with Vite: A Step-by-Step Guide
node 'node_modules/.bin/jest' '/Users/satparkash/code/test-app/src/A pp.test.tsx' -t 'App' FAIL src/App.test.tsx ā Test suite failed to run SyntaxError: /Users/satparkash/code/test-app/src/App.test.tsx: Support for the experimental syntax 'jsx' isn't currently enabled (6:12): 4 | describe('App', () => { 5 | it('should work as expected', () => { > 6 | render(); | ^ 7 | }); 8 | }); 9 | Add @babel/preset-react (https://github.com/babel/babel/tree/main/packages/babel-preset-react) to the 'presets' section of your Babel config to enable transformation. If you want to leave it as-is, add @babel/plugin-syntax-jsx (https://github.com/babel/babel/tree/main/packages/babel-plugin-syntax-jsx) to the 'plugins' section to enable parsing. Test Suites: 1 failed, 1 total Tests: 0 total Snapshots: 0 total Time: 0.278 s Ran all test suites matching /\/Users\/satparkash\/code\/test-app\/src\/App.test.tsx/i with tests matching "App".
- Open source public fund experiment - One and a half years update
-
I Reworked my Rate My GMU Professor (Google Extension)
Webpack (Babel) - https://babel.dev/
-
Babel is used by millions, so why are we running out of money? (2021)
I do appreciate your transparency, though I disagree with the sentiment that Iām arguing from a position of bad faith.
Itās a self-evident fact that the Babel team has not shown a moment of interest in lowering their role in the JavaScript ecosystem to anything short of kingmakers. Have a gander at their GitHub README and what do we see?[1]
- āBabel is a compiler for writing next generation JavaScript.ā Indefinitely.
- Over a dozen sponsor logos. An embarrassment of riches.
- A literal audio recording of a song in praise of the project.
The Babel team has a well documented history of their priorities[2], emphasizing the need for a modular approach that has no exit strategy[3]. At best, we have a case of accidental entrenchment and long term dependence on the Babel brewing as early as 2017![4]
Compare this infinite circus to the humble but popular Normalize.css, which has the express purpose to stop existing.[5]
If the Babel team wants to raise some money, they can start by putting a plan together that would codify an exit strategy. Itās certainly more noble than their current plan of barnacling on to every NPM packageā¦
- [1] https://github.com/babel/babel
- [2] https://github.com/babel/notes
- [3] https://github.com/babel/notes/blob/master/2016/2016-07/july...
- [4] https://github.com/babel/notes/blob/master/2017/2017-04/apri...
- [5] https://nicolasgallagher.com/about-normalize-css/
-
Reveddit does not work
The problem was I had used some new code, Javascript's replaceAll(), that is unsupported by older browsers. And, the setup I have to automatically fix such issues (called babel) is out of date. So, while this problem appears to be resolved there, I hadn't updated that in awhile.
-
The Complete Guide for Setting Up React App from Scratch (feat. TypeScript)
babel-loader(v9.1.0): allows transpiling JavaScript files using Babel and webpack.
-
Upgrade your Lerna Workspace - Make it Fast and Modern!
created 6 years ago to solve the specific problem of managing the Babel repo packages
-
Help with error when trying to include context in application before building and uploading to server.
https://github.com/babel/babel/discussions/13013 maybe this could help
- āIgnore the f'ing haters ā And other lessons learned from creating a popular
What are some alternatives?
sigstore-website - Codebase for sigstore.dev
Traceur compiler - Traceur is a JavaScript.next-to-JavaScript-of-today compiler
harden-runner - Network egress filtering and runtime security for GitHub-hosted and self-hosted runners
Live Server - A simple development http server with live reload capability.
npm
ESLint - Find and fix problems in your JavaScript code.
enquirer - Stylish, intuitive and user-friendly prompts, for Node.js. Used by eslint, webpack, yarn, pm2, pnpm, RedwoodJS, FactorJS, salesforce, Cypress, Google Lighthouse, Generate, tencent cloudbase, lint-staged, gluegun, hygen, hardhat, AWS Amplify, GitHub Actions Toolkit, @airbnb/nimbus, and many others! Please follow Enquirer's author: https://github.com/jonschlinkert
Lebab - Turn your ES5 code into readable ES6. Lebab does the opposite of what Babel does.
rubygems - Library packaging and distribution for Ruby.
dark-mode - Control the macOS dark mode from the command-line
package-analysis - Open Source Package Analysis
ECMAScript 6 compatibility table - ECMAScript compatibility tables