Reposted by Bradley Farias
🚨 Open source supply chain attacks are exploding.
Starting today, that ends.
We’re releasing Socket Firewall — FREE, zero-config, CLI that blocks malware before it lands on your laptop or CI.
Just run:
npm i -g sfw
sfw npm install lodash
Works for: npm, yarn, pnpm, pip, uv, and cargo.
Starting today, that ends.
We’re releasing Socket Firewall — FREE, zero-config, CLI that blocks malware before it lands on your laptop or CI.
Just run:
npm i -g sfw
sfw npm install lodash
Works for: npm, yarn, pnpm, pip, uv, and cargo.
September 30, 2025 at 6:06 PM
🚨 Open source supply chain attacks are exploding.
Starting today, that ends.
We’re releasing Socket Firewall — FREE, zero-config, CLI that blocks malware before it lands on your laptop or CI.
Just run:
npm i -g sfw
sfw npm install lodash
Works for: npm, yarn, pnpm, pip, uv, and cargo.
Starting today, that ends.
We’re releasing Socket Firewall — FREE, zero-config, CLI that blocks malware before it lands on your laptop or CI.
Just run:
npm i -g sfw
sfw npm install lodash
Works for: npm, yarn, pnpm, pip, uv, and cargo.
I feel like reading my own company blog gets me more on average interesting tidbits than most blogs these days. Nice to have that feeling.
June 25, 2025 at 1:29 PM
I feel like reading my own company blog gets me more on average interesting tidbits than most blogs these days. Nice to have that feeling.
ORMS are harder to debug and often more verbose than SQL with safe prepared statements.
June 11, 2025 at 4:18 PM
ORMS are harder to debug and often more verbose than SQL with safe prepared statements.
assert(str.length === 1)
Today I noticed that capitalization doesn't alway preserve length:
str.toUpperCase().length === 2
Question:
How to map the char position of str to the char position of str.toUpperCase() in a sanely efficient way
Today I noticed that capitalization doesn't alway preserve length:
str.toUpperCase().length === 2
Question:
How to map the char position of str to the char position of str.toUpperCase() in a sanely efficient way
May 28, 2025 at 1:22 PM
assert(str.length === 1)
Today I noticed that capitalization doesn't alway preserve length:
str.toUpperCase().length === 2
Question:
How to map the char position of str to the char position of str.toUpperCase() in a sanely efficient way
Today I noticed that capitalization doesn't alway preserve length:
str.toUpperCase().length === 2
Question:
How to map the char position of str to the char position of str.toUpperCase() in a sanely efficient way
innerText is brutal to mix with Range
May 27, 2025 at 2:41 PM
innerText is brutal to mix with Range
Reposted by Bradley Farias
I'm looking for senior devs to join our UI Infra team in New York to work on the Bloomberg Terminal 🗽
This is building frontend toolkits using JS/Web in embedded Chromium. It's not app development. Experience with non-Web UI helps.
DM me if you prefer "building React" to "using React" 🔥
This is building frontend toolkits using JS/Web in embedded Chromium. It's not app development. Experience with non-Web UI helps.
DM me if you prefer "building React" to "using React" 🔥
May 22, 2025 at 10:03 PM
I'm looking for senior devs to join our UI Infra team in New York to work on the Bloomberg Terminal 🗽
This is building frontend toolkits using JS/Web in embedded Chromium. It's not app development. Experience with non-Web UI helps.
DM me if you prefer "building React" to "using React" 🔥
This is building frontend toolkits using JS/Web in embedded Chromium. It's not app development. Experience with non-Web UI helps.
DM me if you prefer "building React" to "using React" 🔥
Got hit with blog.dwac.dev/posts/html-w... ; fun with CSS custom highlights affected due to how Range differs (textContent based) from innerText (what Copy/Paste* does)
HTML Whitespace is Broken - Devel without a Cause
A deep dive into HTML whitespace collapsing: How it works, why it sucks, how it should work, and how to deal with it.
blog.dwac.dev
May 23, 2025 at 10:55 AM
Got hit with blog.dwac.dev/posts/html-w... ; fun with CSS custom highlights affected due to how Range differs (textContent based) from innerText (what Copy/Paste* does)
Things that are impossible to detect / really set custom highlights (either NIH <span> or Custom Highlights spec) on:
* ::before/::after
* <textarea>/<input>
* shadow dom
* <img alt=copyable>
What am I missing?
* ::before/::after
* <textarea>/<input>
* shadow dom
* <img alt=copyable>
What am I missing?
May 21, 2025 at 2:59 PM
Things that are impossible to detect / really set custom highlights (either NIH <span> or Custom Highlights spec) on:
* ::before/::after
* <textarea>/<input>
* shadow dom
* <img alt=copyable>
What am I missing?
* ::before/::after
* <textarea>/<input>
* shadow dom
* <img alt=copyable>
What am I missing?
People came for the JS but now they get the Database Admin.
May 5, 2025 at 10:17 PM
People came for the JS but now they get the Database Admin.
Reposted by Bradley Farias
I feel like folks are sleeping on the fact that Node.js now has sqlite built in.
May 2, 2025 at 7:34 PM
I feel like folks are sleeping on the fact that Node.js now has sqlite built in.
650Million row table needs a complete table data migration; not terrible but doing so will take planning
happily we can improve things due to having to do a complete migration which will make things even better
happily we can improve things due to having to do a complete migration which will make things even better
a man is typing on a keyboard and says i 'm on it
ALT: a man is typing on a keyboard and says i 'm on it
media.tenor.com
May 2, 2025 at 4:34 PM
650Million row table needs a complete table data migration; not terrible but doing so will take planning
happily we can improve things due to having to do a complete migration which will make things even better
happily we can improve things due to having to do a complete migration which will make things even better
The average is really 2 but we all become friends with Tom from Myspace back in the day and skewed the results.
Zuck: The average American has three friends
May 2, 2025 at 1:34 PM
The average is really 2 but we all become friends with Tom from Myspace back in the day and skewed the results.
I love to step back and ask WHO, WHAT, WHERE, WHY, WHEN, HOW, WHICH, ...
If you can build something for a customer try to take care of answering as many of those questions as possible and give the most relevant answers up front. Same for programming libraries.
If you can build something for a customer try to take care of answering as many of those questions as possible and give the most relevant answers up front. Same for programming libraries.
How many query plans & WHEN does it make sense for them? Want to manually do it every time?
WITH o AS ( SELECT * FROM org as o WHERE o.active )
SELECT t .* FROM tasks as t
JOIN o ON o .id = t .org
WHERE t.status = 'ERR'
Always ask WHAT, HOW, and WHY
docs.google.com/presentation...
WITH o AS ( SELECT * FROM org as o WHERE o.active )
SELECT t .* FROM tasks as t
JOIN o ON o .id = t .org
WHERE t.status = 'ERR'
Always ask WHAT, HOW, and WHY
docs.google.com/presentation...
docs.google.com
May 1, 2025 at 3:37 PM
I love to step back and ask WHO, WHAT, WHERE, WHY, WHEN, HOW, WHICH, ...
If you can build something for a customer try to take care of answering as many of those questions as possible and give the most relevant answers up front. Same for programming libraries.
If you can build something for a customer try to take care of answering as many of those questions as possible and give the most relevant answers up front. Same for programming libraries.
How many query plans & WHEN does it make sense for them? Want to manually do it every time?
WITH o AS ( SELECT * FROM org as o WHERE o.active )
SELECT t .* FROM tasks as t
JOIN o ON o .id = t .org
WHERE t.status = 'ERR'
Always ask WHAT, HOW, and WHY
docs.google.com/presentation...
WITH o AS ( SELECT * FROM org as o WHERE o.active )
SELECT t .* FROM tasks as t
JOIN o ON o .id = t .org
WHERE t.status = 'ERR'
Always ask WHAT, HOW, and WHY
docs.google.com/presentation...
docs.google.com
May 1, 2025 at 3:35 PM
How many query plans & WHEN does it make sense for them? Want to manually do it every time?
WITH o AS ( SELECT * FROM org as o WHERE o.active )
SELECT t .* FROM tasks as t
JOIN o ON o .id = t .org
WHERE t.status = 'ERR'
Always ask WHAT, HOW, and WHY
docs.google.com/presentation...
WITH o AS ( SELECT * FROM org as o WHERE o.active )
SELECT t .* FROM tasks as t
JOIN o ON o .id = t .org
WHERE t.status = 'ERR'
Always ask WHAT, HOW, and WHY
docs.google.com/presentation...
Reposted by Bradley Farias
ETOOMUCHDATA => 10x speed improvement in a spike? launch weeks are weird
April 25, 2025 at 7:47 PM
ETOOMUCHDATA => 10x speed improvement in a spike? launch weeks are weird
Reposted by Bradley Farias
Super excited to share what I've been working on lately. Socket can now automagically fix security alerts with an autopilot mode ⚡🪄📦
🔥 Launch Day 5: We’re so excited to launch socket fix — a CLI tool that automatically upgrades vulnerable dependencies, runs your tests, and even auto-merges safe updates in CI. From alert to merged fix. Zero friction.
April 25, 2025 at 2:46 PM
Super excited to share what I've been working on lately. Socket can now automagically fix security alerts with an autopilot mode ⚡🪄📦
Reposted by Bradley Farias
🔥 Launch Day 5: We’re so excited to launch socket fix — a CLI tool that automatically upgrades vulnerable dependencies, runs your tests, and even auto-merges safe updates in CI. From alert to merged fix. Zero friction.
April 25, 2025 at 2:30 PM
🔥 Launch Day 5: We’re so excited to launch socket fix — a CLI tool that automatically upgrades vulnerable dependencies, runs your tests, and even auto-merges safe updates in CI. From alert to merged fix. Zero friction.
Auto merge and test checker is soo vital for reducing friction; asking customers what they use Socket for and security teams are always trying to both reduce friction and speed up fixes.
🔥 Launch Day 5: We’re so excited to launch socket fix — a CLI tool that automatically upgrades vulnerable dependencies, runs your tests, and even auto-merges safe updates in CI. From alert to merged fix. Zero friction.
April 25, 2025 at 2:42 PM
Auto merge and test checker is soo vital for reducing friction; asking customers what they use Socket for and security teams are always trying to both reduce friction and speed up fixes.
Reposted by Bradley Farias
🔥 Launch Week Day 4: Historical Analytics is now in beta! This is a massive upgrade to Socket’s visibility and reporting capabilities.
Socket now retains 30 days of daily scan data, giving you powerful new insight into how your supply chain risks evolve over time.
Socket now retains 30 days of daily scan data, giving you powerful new insight into how your supply chain risks evolve over time.
April 24, 2025 at 3:16 PM
🔥 Launch Week Day 4: Historical Analytics is now in beta! This is a massive upgrade to Socket’s visibility and reporting capabilities.
Socket now retains 30 days of daily scan data, giving you powerful new insight into how your supply chain risks evolve over time.
Socket now retains 30 days of daily scan data, giving you powerful new insight into how your supply chain risks evolve over time.
Reposted by Bradley Farias
I helped build this and came up with a thing called the "rainbow chart" (the main thing you see on that screenshot). It's like a half donut chart with two layers, the inner arc is a breakdown of the outer arc. Also looks like a speedometer.
🔥 Launch Week Day 4: Historical Analytics is now in beta! This is a massive upgrade to Socket’s visibility and reporting capabilities.
Socket now retains 30 days of daily scan data, giving you powerful new insight into how your supply chain risks evolve over time.
Socket now retains 30 days of daily scan data, giving you powerful new insight into how your supply chain risks evolve over time.
April 24, 2025 at 7:40 PM
I helped build this and came up with a thing called the "rainbow chart" (the main thing you see on that screenshot). It's like a half donut chart with two layers, the inner arc is a breakdown of the outer arc. Also looks like a speedometer.
Reposted by Bradley Farias
I feel like a lot of people don't know about `content-visibility: hidden`
If your framework updates the DOM fast enough, you might be able to just use one line of CSS to save all the rendering work you need for hidden DOM.
As always, measure.
If your framework updates the DOM fast enough, you might be able to just use one line of CSS to save all the rendering work you need for hidden DOM.
As always, measure.
The web also *natively* has a way to hide DOM, save state, and skip expensive work: developer.mozilla.org/en-US/docs/W...
`content-visibility: hidden` hides elements and skips all the layout and rendering work for them. If Lit renders to these elements it just updates DOM state.
`content-visibility: hidden` hides elements and skips all the layout and rendering work for them. If Lit renders to these elements it just updates DOM state.
content-visibility - CSS: Cascading Style Sheets | MDN
The content-visibility CSS property controls whether or not an element renders its contents at all, along with forcing a strong set of containments, allowing user agents to potentially omit large swat...
developer.mozilla.org
April 24, 2025 at 8:44 PM
I feel like a lot of people don't know about `content-visibility: hidden`
If your framework updates the DOM fast enough, you might be able to just use one line of CSS to save all the rendering work you need for hidden DOM.
As always, measure.
If your framework updates the DOM fast enough, you might be able to just use one line of CSS to save all the rendering work you need for hidden DOM.
As always, measure.
At GoDaddy we had a use case to show 10k+ rows in a table; starting to think that was easy mode.
April 24, 2025 at 3:31 PM
At GoDaddy we had a use case to show 10k+ rows in a table; starting to think that was easy mode.
Had a fun and simple little programming problem that probably has a better solution than what I found but might be fun for others:
pts = unordered_points(4)
bb = ordered_bounding_box_pts(pts)
// pair points such that the sum of distance between pairings
// is minimized
bestfit_pairs = pair(pts, bb)
pts = unordered_points(4)
bb = ordered_bounding_box_pts(pts)
// pair points such that the sum of distance between pairings
// is minimized
bestfit_pairs = pair(pts, bb)
April 17, 2025 at 2:37 PM
Had a fun and simple little programming problem that probably has a better solution than what I found but might be fun for others:
pts = unordered_points(4)
bb = ordered_bounding_box_pts(pts)
// pair points such that the sum of distance between pairings
// is minimized
bestfit_pairs = pair(pts, bb)
pts = unordered_points(4)
bb = ordered_bounding_box_pts(pts)
// pair points such that the sum of distance between pairings
// is minimized
bestfit_pairs = pair(pts, bb)
Bad ideas inspired by current events
Reciprocal PR tariff license: for every line of code using this library (even indirectly) you must PR and upstream maintenance fixes of the same number of lines.
Removing lines of code means you have a deficit. You cannot land the PR until lines are added
Reciprocal PR tariff license: for every line of code using this library (even indirectly) you must PR and upstream maintenance fixes of the same number of lines.
Removing lines of code means you have a deficit. You cannot land the PR until lines are added
April 8, 2025 at 11:37 PM
Bad ideas inspired by current events
Reciprocal PR tariff license: for every line of code using this library (even indirectly) you must PR and upstream maintenance fixes of the same number of lines.
Removing lines of code means you have a deficit. You cannot land the PR until lines are added
Reciprocal PR tariff license: for every line of code using this library (even indirectly) you must PR and upstream maintenance fixes of the same number of lines.
Removing lines of code means you have a deficit. You cannot land the PR until lines are added