Lightnews — Scholar-powered news

Nicholas C. Zakas

@humanwhocodes.com

5.3K followers 46 following 1K posts

Human who codes. Creator of @eslint.org. Author. Speaker. Advisor. Coach. GitHub Star. Mastodon: https://fosstodon.org/@nzakas Blog: https://humanwhocodes.com Coaching: https://humanwhocodes.com/coaching

fosstodon.org

Posts Media Videos Starter Packs

Nicholas C. Zakas @humanwhocodes.com · 21h

I am quickly approaching the need to declare GitHub notification bankruptcy. Can't get under 100 on a daily basis. 😓

Nicholas C. Zakas @humanwhocodes.com · 21h

My current biggest time sink is Supabase's lack of true down migrations. `migration down` deletes all data, which essentially is like doing `db reset`.

1 4

Nicholas C. Zakas @humanwhocodes.com · 1d

I'm not sure why, but after I restarted and installed the latest Windows update, everything worked again.

Nicholas C. Zakas @humanwhocodes.com · 1d

I'm not sure why, but after I restarted and installed the latest Windows update, everything worked again.

Nicholas C. Zakas @humanwhocodes.com · 1d

Latest VS Code update breaks my world. Copilot chat doesn't work in WSL. zsh terminal doesn't seem to be working in WSL either, it just hangs on every command.

Nicholas C. Zakas @humanwhocodes.com · 1d

Twitter just renewed my annual Premium Pro plan without any advance notice for nearly $400. It's over 3x more expensive than last year and no way I would've knowingly paid that. 😠

Nicholas C. Zakas @humanwhocodes.com · 1d

Crosspost 1.0.1 has been released!

🐞 Downgraded dotenv to fix console.log breaking MCP output

Details:
https://github.com/human...

Nicholas C. Zakas @humanwhocodes.com · 2d

Interesting. Looks like Crosspost identified the URL but didn’t make it a link. 🤔

1 1

Nicholas C. Zakas @humanwhocodes.com · 2d

Mentoss 0.12.0 has been released!

✨ called() method now throws error if no routes match

Details:
https://github.com/human...

Nicholas C. Zakas @humanwhocodes.com · 2d

Crosspost v1.0.0 released!

Only breaking change is dropping support for Node.js 18.x. This release also adds support for the Nostr protocol.

https://github.com/human...

3 5

Nicholas C. Zakas @humanwhocodes.com · 3d

Claude's tendency to decide that a whole file is wrong so it should be deleted and recreated from scratch is the most troubling behavior I've experienced with AI. Replace "file" with "civilization" and you understand why some are terrified of where AI is heading.

Nicholas C. Zakas @humanwhocodes.com · 5d

Don't have your invite yet? Sign up now:
bredbox.app

Bredbox - Keep your links fresh

bredbox.app

Nicholas C. Zakas @humanwhocodes.com · 5d

I absolutely love that Cloudflare refuses to deploy a worker if the required secrets are not in production. Such a productivity boost.

Nicholas C. Zakas @humanwhocodes.com · 5d

Pretty excited to launch collections on Bredbox! Getting very close to feature parity with Pocket for managing bookmarks. Next batch of invites going out soon.

2 2

Nicholas C. Zakas @humanwhocodes.com · 6d

GitHub really needs to provide some way for us to update multiple npm packages at once. For those of us with over a decade of packages to wade through, manually checking each one's publishing settings is time-consuming and prone to missing something.

Nicholas C. Zakas @humanwhocodes.com · 7d

In hindsight, getting a laptop with non-expandable RAM was a mistake.

Nicholas C. Zakas @humanwhocodes.com · 8d

Bad publicity is a powerful motivator. I don’t think we should let them off the hook so easily.

1 3

Nicholas C. Zakas @humanwhocodes.com · 8d

With ingestion-point validation, it wouldn't matter if someone's credentials get stolen. The registry itself would identify the package as malicious and prevent publishing. This also reduces the attractiveness of working to steal credentials.

2 5

Nicholas C. Zakas @humanwhocodes.com · 8d

Fiddling with the nobs on npm tokens is low-hanging fruit that doesn't address the larger issue of credential stealing. Once your npm or GitHub account is compromised, it's end of story. Malicious packages get published.

1 5

Nicholas C. Zakas @humanwhocodes.com · 9d

GitHub's response to npm supply chain attacks is too one-sided. By reinforcing maintainer responsibility, they're missing ingestion-point detection. For example, the registry could require packages that add a postinstall script for the first time to have a semver major bump.

3 1 24

Nicholas C. Zakas @humanwhocodes.com · 9d

It would be great if the big tech companies could chip in. In the past year, only Meta has donated to support ESLint. In an era where these companies are bringing in record profits, a few thousand dollars can go a long way towards ESLint's sustainability.

Nicholas C. Zakas @humanwhocodes.com · 9d

ESLint depends on sponsorships to pay maintainers. We're operating at a deficit with roughly a junior engineer's salary supporting a dozen maintainers plus awarding outside contributions. Please talk to your company about sponsoring ESLint:
https://eslint.org/donate

1 13 40

Reposted by Nicholas C. Zakas

ESLint @eslint.org · 10d

ESLint v10.0.0 is coming! Check out our latest blog post for what to expect.

https://eslint.org/blog/...

2 7 33

Reposted by Nicholas C. Zakas

Matteo Collina @nodeland.dev · 10d

🤝 The Open Source Pledge = $2,000/year per developer to OSS maintainers.

For enterprises using open source, supporting these projects isn't optional—it's essential for mitigating risks and ensuring sustainability.

Join us → opensourcepledge.com

Open Source Pledge

Open Source software powers the world, but who supports the maintainers? We do.

opensourcepledge.com

1 4

Reposted by Nicholas C. Zakas

ESLint @eslint.org · 14d

Due to an unprecedented amout of AI traffic coming from China to our website, we are temporarily blocking all requests coming from China until we can deploy a more targeted solution. We apologize for the inconvenience and appreciate your understanding.

2 1 3