Jovi 🐨
@jovidecroock.com
🇧🇪 | he/him | Software Engineer @Shopify | Preact core team | passionate about DX & web perf | opinions are my own
2026 is rapidly turning in the year where I make random apps and contribute to random OSS projects where I need to. Today was an oxlint kinda day, really missed the context value stability rule in the react eslint rules.
January 16, 2026 at 10:43 AM
2026 is rapidly turning in the year where I make random apps and contribute to random OSS projects where I need to. Today was an oxlint kinda day, really missed the context value stability rule in the react eslint rules.
Even though AI hasn't been very useful in my open-source maintenance, the amount of throwaway software it has written for me has been pretty nice. Instead of paying for an expense tracker, I quickly asked one from an LLM and it has been a good tool for my partner and me.
January 15, 2026 at 11:05 AM
Even though AI hasn't been very useful in my open-source maintenance, the amount of throwaway software it has written for me has been pretty nice. Instead of paying for an expense tracker, I quickly asked one from an LLM and it has been a good tool for my partner and me.
Signals tests are now on the modern tech! Consolidating our test suite and the performance staying ~the same, great work @43081j.com
just an infra change, but super happy my vitest migration landed in preact signals 🎉
the repo will be easier to maintain, and tests should be more reliable. also uses vitest browser tests
the repo will be easier to maintain, and tests should be more reliable. also uses vitest browser tests
Vitest migration by JoviDeCroock · Pull Request #709 · preactjs/signals
Adds vitest and associated scripts which will not succeed yet, as we have no projects.
github.com
January 15, 2026 at 9:39 AM
Signals tests are now on the modern tech! Consolidating our test suite and the performance staying ~the same, great work @43081j.com
Released a new markdown rendering library for Preact called preact-md. It currently uses the general unified remark/rehype by default and sanitises inputs.
January 10, 2026 at 10:46 AM
Released a new markdown rendering library for Preact called preact-md. It currently uses the general unified remark/rehype by default and sanitises inputs.
Reposted by Jovi 🐨
2025 Formisch year in review 🎆
🆕 Releases: Initial launch for @solidjs.com, @qwik.dev, @preactjs.com and @vuejs.org in July, followed by @svelte.dev in September and @react.dev in December
🆕 Releases: Initial launch for @solidjs.com, @qwik.dev, @preactjs.com and @vuejs.org in July, followed by @svelte.dev in September and @react.dev in December
January 7, 2026 at 3:03 PM
2025 Formisch year in review 🎆
🆕 Releases: Initial launch for @solidjs.com, @qwik.dev, @preactjs.com and @vuejs.org in July, followed by @svelte.dev in September and @react.dev in December
🆕 Releases: Initial launch for @solidjs.com, @qwik.dev, @preactjs.com and @vuejs.org in July, followed by @svelte.dev in September and @react.dev in December
Let's see how long I last in 2026 without any social media apps on my phone
January 4, 2026 at 10:07 AM
Let's see how long I last in 2026 without any social media apps on my phone
Was a pleasure having you contribute to Preact!
I did a whole bunch of contributions to preact and svelte which has been a highlight too. Both have such great teams behind them, and gave me chance to delve into stacks I don't usually use 🙏
December 31, 2025 at 10:16 AM
Was a pleasure having you contribute to Preact!
Well, apparently the last day of the year makes a difference. The expense/income tracker I made this year is now used by my partner and me 😀
The "bin" grew with some projects
- An open-source assistant indexing all issues and doing triage on new ones
- An email interceptor that summarises newsletter content
- A platform to track web-vitals scores over time (simulated and real)
- A platform generating social media content for you
- An open-source assistant indexing all issues and doing triage on new ones
- An email interceptor that summarises newsletter content
- A platform to track web-vitals scores over time (simulated and real)
- A platform generating social media content for you
Well, the last two months of 2025 are there and... I haven't published anything but open-source stuff.... Surely 2026 will be the year... Right? Right?
December 31, 2025 at 8:19 AM
Well, apparently the last day of the year makes a difference. The expense/income tracker I made this year is now used by my partner and me 😀
Not sure what happened to @cloudflare.social but recently all custom-domains started doing random 403 responses...
December 30, 2025 at 2:07 PM
Not sure what happened to @cloudflare.social but recently all custom-domains started doing random 403 responses...
In the age of mass AI job applications I feel that genuine OSS contributions are a good proof of craft. It's going to be harder to distinguish yourself as a candidate so we need more ways to help people stand out
December 29, 2025 at 11:33 AM
In the age of mass AI job applications I feel that genuine OSS contributions are a good proof of craft. It's going to be harder to distinguish yourself as a candidate so we need more ways to help people stand out
The best decision, by far, I've made in 2025 is to start working out again after not doing that for the last 10 years.
The impact it has had on my energy and mood is immeasurable
The impact it has had on my energy and mood is immeasurable
December 29, 2025 at 6:28 AM
The best decision, by far, I've made in 2025 is to start working out again after not doing that for the last 10 years.
The impact it has had on my energy and mood is immeasurable
The impact it has had on my energy and mood is immeasurable
The "bin" grew with some projects
- An open-source assistant indexing all issues and doing triage on new ones
- An email interceptor that summarises newsletter content
- A platform to track web-vitals scores over time (simulated and real)
- A platform generating social media content for you
- An open-source assistant indexing all issues and doing triage on new ones
- An email interceptor that summarises newsletter content
- A platform to track web-vitals scores over time (simulated and real)
- A platform generating social media content for you
Well, the last two months of 2025 are there and... I haven't published anything but open-source stuff.... Surely 2026 will be the year... Right? Right?
Me: 2025 is going to be the year I release some small product
Meanwhile: 2 finished things
Me: Ah they probably suck, let's keep it private
Meanwhile: 2 finished things
Me: Ah they probably suck, let's keep it private
December 28, 2025 at 12:25 PM
The "bin" grew with some projects
- An open-source assistant indexing all issues and doing triage on new ones
- An email interceptor that summarises newsletter content
- A platform to track web-vitals scores over time (simulated and real)
- A platform generating social media content for you
- An open-source assistant indexing all issues and doing triage on new ones
- An email interceptor that summarises newsletter content
- A platform to track web-vitals scores over time (simulated and real)
- A platform generating social media content for you
Reposted by Jovi 🐨
Created a TanStack AI integration for Preact, wondering whether we should change this to be signals rather than hooks though🤔
github.com/TanStack/ai/...
github.com/TanStack/ai/...
Add preact integration by JoviDeCroock · Pull Request #180 · TanStack/ai
🎯 Changes
This adds a preact-integration, this is largely adapted from the react tests and implementation. I was considering adding a signals based one as well but wanted to see whether the appeal ...
github.com
December 26, 2025 at 8:54 AM
Created a TanStack AI integration for Preact, wondering whether we should change this to be signals rather than hooks though🤔
github.com/TanStack/ai/...
github.com/TanStack/ai/...
Reposted by Jovi 🐨
To recap, NPM allows 2FA TOTP token reuse within the token’s validity window.
I reported this and was told it’s a “known low-risk issue” and that they “don’t consider this to present a significant security risk.”
So, let’s look at how this seemingly small issue could be leveraged by a phisher. 1/
I reported this and was told it’s a “known low-risk issue” and that they “don’t consider this to present a significant security risk.”
So, let’s look at how this seemingly small issue could be leveraged by a phisher. 1/
Seems that NPM too allows TOTP reuse within the time-step window. Seen a similar issue in multiple services over the years.
Per RFC 6238, a TOTP (Time-based One-Time Password) should be single-use. Allowing reuse, even within the short-ish time window, is not ideal (shoulder surfing, phishing etc.)
Per RFC 6238, a TOTP (Time-based One-Time Password) should be single-use. Allowing reuse, even within the short-ish time window, is not ideal (shoulder surfing, phishing etc.)
December 12, 2025 at 1:08 PM
To recap, NPM allows 2FA TOTP token reuse within the token’s validity window.
I reported this and was told it’s a “known low-risk issue” and that they “don’t consider this to present a significant security risk.”
So, let’s look at how this seemingly small issue could be leveraged by a phisher. 1/
I reported this and was told it’s a “known low-risk issue” and that they “don’t consider this to present a significant security risk.”
So, let’s look at how this seemingly small issue could be leveraged by a phisher. 1/
It's been a fun few days just coding on random projects and solving problems that I face on a daily basis 😅
December 10, 2025 at 7:13 AM
It's been a fun few days just coding on random projects and solving problems that I face on a daily basis 😅
The browser has everything you need, why not everything needs to be server-rendered and how preloading can alleviate complexity.
jovidecroock.com/blog/platform
jovidecroock.com/blog/platform
The Browser Has Everything You Need
Stop treating SPAs and SSR as opposing paradigms. The browser already loads resources in parallel—you just have to use it.
jovidecroock.com
December 9, 2025 at 7:19 PM
The browser has everything you need, why not everything needs to be server-rendered and how preloading can alleviate complexity.
jovidecroock.com/blog/platform
jovidecroock.com/blog/platform
Reposted by Jovi 🐨
From the thread: "Attacks from bot compromised Next.js assets spiked on 2025-12-05 from the usual 100 IP baseline to close to a 1000."
If you're not 100% sure you're NOT vulnerable, you should patch your Next.js apps ASAP.
And if you're 100% sure... patch anyway.
If you're not 100% sure you're NOT vulnerable, you should patch your Next.js apps ASAP.
And if you're 100% sure... patch anyway.
Like others we are seeing attacks attempting to exploit React CVE-2025-55182 at scale, incl. botnet related activity. How successful have these attacks been? You can get a view here, where we track compromised host with Next.js attacking our sensors:
dashboard.shadowserver.org/statistics/h...
dashboard.shadowserver.org/statistics/h...
December 8, 2025 at 6:12 PM
From the thread: "Attacks from bot compromised Next.js assets spiked on 2025-12-05 from the usual 100 IP baseline to close to a 1000."
If you're not 100% sure you're NOT vulnerable, you should patch your Next.js apps ASAP.
And if you're 100% sure... patch anyway.
If you're not 100% sure you're NOT vulnerable, you should patch your Next.js apps ASAP.
And if you're 100% sure... patch anyway.
Reposted by Jovi 🐨
RSCs were a mistake.
I went back to a client-side only solution using Preact for my latest project because the complexity you buy into is simply not worth the benefit of RSCs.
I went back to a client-side only solution using Preact for my latest project because the complexity you buy into is simply not worth the benefit of RSCs.
December 4, 2025 at 9:34 AM
RSCs were a mistake.
I went back to a client-side only solution using Preact for my latest project because the complexity you buy into is simply not worth the benefit of RSCs.
I went back to a client-side only solution using Preact for my latest project because the complexity you buy into is simply not worth the benefit of RSCs.
Reposted by Jovi 🐨
this is nuts, non-dismissible full page message, social meta title swapped to CVE-2025-55182
this was in a random website i visited, the cve is fucking crazy
December 7, 2025 at 11:23 AM
this is nuts, non-dismissible full page message, social meta title swapped to CVE-2025-55182
Reposted by Jovi 🐨
I actually love this disclaimer
November 21, 2025 at 12:08 PM
I actually love this disclaimer
On a totally different subject, Belgium has increased VAT on gym membership and other sport related stuff. All while we know that exercise increases lifespan and logically extends to that reducing social security costs as people are healthier... Anything to increase taxes I guess...
November 27, 2025 at 4:50 PM
On a totally different subject, Belgium has increased VAT on gym membership and other sport related stuff. All while we know that exercise increases lifespan and logically extends to that reducing social security costs as people are healthier... Anything to increase taxes I guess...
To put this out there, last week I've stepped down as a maintainer of GraphQL-JS.
I've decided for myself that I spend a lot of time on OSS and I want to spend that time on projects where I can feel impactful. I wish my fellow ex-maintainers on the project the best of luck!
I've decided for myself that I spend a lot of time on OSS and I want to spend that time on projects where I can feel impactful. I wish my fellow ex-maintainers on the project the best of luck!
November 27, 2025 at 4:10 PM
To put this out there, last week I've stepped down as a maintainer of GraphQL-JS.
I've decided for myself that I spend a lot of time on OSS and I want to spend that time on projects where I can feel impactful. I wish my fellow ex-maintainers on the project the best of luck!
I've decided for myself that I spend a lot of time on OSS and I want to spend that time on projects where I can feel impactful. I wish my fellow ex-maintainers on the project the best of luck!
Reposted by Jovi 🐨
have been using preact for a side project recently and am thoroughly enjoying it
the signals dev tools are super nice too. would love to see similar exist for other frameworks, even just to visualise the signal networks/flows
the signals dev tools are super nice too. would love to see similar exist for other frameworks, even just to visualise the signal networks/flows
November 23, 2025 at 10:22 AM
have been using preact for a side project recently and am thoroughly enjoying it
the signals dev tools are super nice too. would love to see similar exist for other frameworks, even just to visualise the signal networks/flows
the signals dev tools are super nice too. would love to see similar exist for other frameworks, even just to visualise the signal networks/flows
Reposted by Jovi 🐨
one downside of LLMs in OSS is _huge_ walls of text in issues, where the text does technically make sense but reads like a student trying to meet a character limit 😅
November 21, 2025 at 9:27 AM
one downside of LLMs in OSS is _huge_ walls of text in issues, where the text does technically make sense but reads like a student trying to meet a character limit 😅