e18e
@e18e.dev
https://e18e.dev (Ecosystem Performance) is a community initiative to bring together people who are passionate about improving performance in the JS ecosystem. Get involved at https://chat.e18e.dev 💅
Pinned
💅 e18e community starter pack
go.bsky.app/JoSyk5A
go.bsky.app/JoSyk5A
Reposted by e18e
Storybook 10 is here!
✂️ ESM-only (the only breaking change!)
🧩 Module automocking for easier testing
🏭 Typesafe CSF factories Preview for React
💫 UI editing and sharing optimizations
🏷️ Tag filtering exclusion for sidebar management
🔀 Svelte async component support
✂️ ESM-only (the only breaking change!)
🧩 Module automocking for easier testing
🏭 Typesafe CSF factories Preview for React
💫 UI editing and sharing optimizations
🏷️ Tag filtering exclusion for sidebar management
🔀 Svelte async component support
Storybook 10
ESM-only, 29% lighter, module automocking, and more
storybook.js.org
November 4, 2025 at 7:02 PM
Storybook 10 is here!
✂️ ESM-only (the only breaking change!)
🧩 Module automocking for easier testing
🏭 Typesafe CSF factories Preview for React
💫 UI editing and sharing optimizations
🏷️ Tag filtering exclusion for sidebar management
🔀 Svelte async component support
✂️ ESM-only (the only breaking change!)
🧩 Module automocking for easier testing
🏭 Typesafe CSF factories Preview for React
💫 UI editing and sharing optimizations
🏷️ Tag filtering exclusion for sidebar management
🔀 Svelte async component support
Reposted by e18e
here's what the @e18e.dev community has been upto for the last couple of months!
huge thanks to everyone involved 🎉 much more to come very soon, and we have a roadmap of some super useful tools in the works
huge thanks to everyone involved 🎉 much more to come very soon, and we have a roadmap of some super useful tools in the works
Community Showcase (Q3 2025)
An update on what the community have been up to in Q3 of 2025
e18e.dev
October 31, 2025 at 4:45 PM
here's what the @e18e.dev community has been upto for the last couple of months!
huge thanks to everyone involved 🎉 much more to come very soon, and we have a roadmap of some super useful tools in the works
huge thanks to everyone involved 🎉 much more to come very soon, and we have a roadmap of some super useful tools in the works
Reposted by e18e
If you have a codebase that uses an older version of Node.js, we have started to put together articles and tools to help you migrate your code.
nodejs.org/en/learn/get...
nodejs.org/en/blog/migr...
nodejs.org/en/learn/get...
nodejs.org/en/blog/migr...
Node.js — Userland Migrations
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
nodejs.org
October 29, 2025 at 8:56 PM
If you have a codebase that uses an older version of Node.js, we have started to put together articles and tools to help you migrate your code.
nodejs.org/en/learn/get...
nodejs.org/en/blog/migr...
nodejs.org/en/learn/get...
nodejs.org/en/blog/migr...
Reposted by e18e
🧹 Time to clean up!
unjs/ofetch ($fetch) v2 (alpha)
- 🌐 ESM-only + Native Web APIs
- 📦 Zero deps (3 → 0)
- 📉 Install: 900 KB → 28 KB
- ⚡️Bundle: 17.4 KB (6.5 KB gz) → 6.3 KB (2.4 KB gz)
More optimizations to come 🤞
unjs/ofetch ($fetch) v2 (alpha)
- 🌐 ESM-only + Native Web APIs
- 📦 Zero deps (3 → 0)
- 📉 Install: 900 KB → 28 KB
- ⚡️Bundle: 17.4 KB (6.5 KB gz) → 6.3 KB (2.4 KB gz)
More optimizations to come 🤞
October 28, 2025 at 11:43 AM
🧹 Time to clean up!
unjs/ofetch ($fetch) v2 (alpha)
- 🌐 ESM-only + Native Web APIs
- 📦 Zero deps (3 → 0)
- 📉 Install: 900 KB → 28 KB
- ⚡️Bundle: 17.4 KB (6.5 KB gz) → 6.3 KB (2.4 KB gz)
More optimizations to come 🤞
unjs/ofetch ($fetch) v2 (alpha)
- 🌐 ESM-only + Native Web APIs
- 📦 Zero deps (3 → 0)
- 📉 Install: 900 KB → 28 KB
- ⚡️Bundle: 17.4 KB (6.5 KB gz) → 6.3 KB (2.4 KB gz)
More optimizations to come 🤞
Reposted by e18e
🪝 Hookable powers Nuxt & Nitro hooks — every build, request, and render calls it.
🔥 v6.x (rc): 20–35× faster and 79% smaller (−2.26 KB) (with HookableCore)
Thanks @negezor for the perf magic ✨
🔥 v6.x (rc): 20–35× faster and 79% smaller (−2.26 KB) (with HookableCore)
Thanks @negezor for the perf magic ✨
October 26, 2025 at 9:04 PM
🪝 Hookable powers Nuxt & Nitro hooks — every build, request, and render calls it.
🔥 v6.x (rc): 20–35× faster and 79% smaller (−2.26 KB) (with HookableCore)
Thanks @negezor for the perf magic ✨
🔥 v6.x (rc): 20–35× faster and 79% smaller (−2.26 KB) (with HookableCore)
Thanks @negezor for the perf magic ✨
Reposted by e18e
awesome to see @vitest.dev 4 running latest chai!
chai 6 more than halved package size compared to 5 🎉
chai 6 more than halved package size compared to 5 🎉
October 26, 2025 at 9:30 AM
awesome to see @vitest.dev 4 running latest chai!
chai 6 more than halved package size compared to 5 🎉
chai 6 more than halved package size compared to 5 🎉
Reposted by e18e
new version of the @e18e.dev GitHub action!
now gives you a nicer table of duplicate dependencies so you can see what is pulling them in
now gives you a nicer table of duplicate dependencies so you can see what is pulling them in
Release v1.4.0 · e18e/action-dependency-diff
What's Changed
feat: support working-directory input by @Humpheh in #63
feat: handle packages with unknown size gracefully by @Humpheh in #64
chore(deps-dev): bump esbuild from 0.25.10 to 0.25.11 ...
github.com
October 25, 2025 at 4:37 PM
new version of the @e18e.dev GitHub action!
now gives you a nicer table of duplicate dependencies so you can see what is pulling them in
now gives you a nicer table of duplicate dependencies so you can see what is pulling them in
Reposted by e18e
when you want to `open` something (like the MacOS `open`), you don't need a 9 dependency package, you can use tiny-open instead!
and if you do want the browser launching stuff, you can use tiny-browser-open:
github.com/fabiospampin...
and if you do want the browser launching stuff, you can use tiny-browser-open:
github.com/fabiospampin...
GitHub - fabiospampinato/tiny-open: A tiny utility for opening a file or a URL with its default application.
A tiny utility for opening a file or a URL with its default application. - fabiospampinato/tiny-open
github.com
October 23, 2025 at 3:39 PM
when you want to `open` something (like the MacOS `open`), you don't need a 9 dependency package, you can use tiny-open instead!
and if you do want the browser launching stuff, you can use tiny-browser-open:
github.com/fabiospampin...
and if you do want the browser launching stuff, you can use tiny-browser-open:
github.com/fabiospampin...
Reposted by e18e
Revision 684: Ecosystem Performance (@e18e.dev) workingdraft.de/684/ mit @thealexlichter.com und Ulrich-Matthias „Ulima“ Schäfer.
Diese Revision wird gesponsert von @europdf.eu ✨ , eurem SaaS zur Erzeugung hochwertiger, barrierefreier PDFs mit Hilfe modernem HTML/CSS/JS – und mit Sitz in der EU 🇪🇺
Diese Revision wird gesponsert von @europdf.eu ✨ , eurem SaaS zur Erzeugung hochwertiger, barrierefreier PDFs mit Hilfe modernem HTML/CSS/JS – und mit Sitz in der EU 🇪🇺
Revision 684: Ecosystem Performance (e18e) | Working Draft
Diese Revision plaudern wir mit Alexander Lichter (LinkedIn / Mastodon) und Ulrich-Matthias „Ulima“ Schäfer (LinkedIn) über Ecosystem Performance, kurz „e18e“: Warum es sich lohnt, das JavaScript-Ökos...
workingdraft.de
October 14, 2025 at 6:39 AM
Revision 684: Ecosystem Performance (@e18e.dev) workingdraft.de/684/ mit @thealexlichter.com und Ulrich-Matthias „Ulima“ Schäfer.
Diese Revision wird gesponsert von @europdf.eu ✨ , eurem SaaS zur Erzeugung hochwertiger, barrierefreier PDFs mit Hilfe modernem HTML/CSS/JS – und mit Sitz in der EU 🇪🇺
Diese Revision wird gesponsert von @europdf.eu ✨ , eurem SaaS zur Erzeugung hochwertiger, barrierefreier PDFs mit Hilfe modernem HTML/CSS/JS – und mit Sitz in der EU 🇪🇺
Reposted by e18e
you can sponsor @e18e.dev through GitHub Sponsors or OpenCollective
these funds will primarily be used for two things:
- distributed to projects/individuals in the wider JS community
- development of community projects/tools
thanks so much to those of you who already sponsor us 💙
these funds will primarily be used for two things:
- distributed to projects/individuals in the wider JS community
- development of community projects/tools
thanks so much to those of you who already sponsor us 💙
e18e - Ecosystem Performance - Open Collective
The e18e community has the aim of improving performance of tooling and packages in the JavaScript ecosystem.
opencollective.com
October 13, 2025 at 11:26 AM
you can sponsor @e18e.dev through GitHub Sponsors or OpenCollective
these funds will primarily be used for two things:
- distributed to projects/individuals in the wider JS community
- development of community projects/tools
thanks so much to those of you who already sponsor us 💙
these funds will primarily be used for two things:
- distributed to projects/individuals in the wider JS community
- development of community projects/tools
thanks so much to those of you who already sponsor us 💙
Reposted by e18e
svelte.dev/packages is now live!
It's a convenient and easily discoverable place to find a sampling of high quality packages in the ecosystem. We hope it will give confidence in the Svelte ecosystem to newcomers and help them get started more easily.
It's a convenient and easily discoverable place to find a sampling of high quality packages in the ecosystem. We hope it will give confidence in the Svelte ecosystem to newcomers and help them get started more easily.
Packages • Svelte
Packages for your Svelte and SvelteKit apps
svelte.dev
October 2, 2025 at 5:01 PM
svelte.dev/packages is now live!
It's a convenient and easily discoverable place to find a sampling of high quality packages in the ecosystem. We hope it will give confidence in the Svelte ecosystem to newcomers and help them get started more easily.
It's a convenient and easily discoverable place to find a sampling of high quality packages in the ecosystem. We hope it will give confidence in the Svelte ecosystem to newcomers and help them get started more easily.
Reposted by e18e
we now have some new @e18e.dev docs on best practice of publishing npm packages
this documents the recommended basics for a secure publish workflow and gives some pointers for further security/tools/etc
this is a _very_ opinionated subject, so do ping me if you have feedback!
this documents the recommended basics for a secure publish workflow and gives some pointers for further security/tools/etc
this is a _very_ opinionated subject, so do ping me if you have feedback!
e18e (Ecosystem Performance) - Publishing Packages
Best practices on publishing npm packages securely using GitHub Actions.
e18e.dev
October 2, 2025 at 3:41 PM
we now have some new @e18e.dev docs on best practice of publishing npm packages
this documents the recommended basics for a secure publish workflow and gives some pointers for further security/tools/etc
this is a _very_ opinionated subject, so do ping me if you have feedback!
this documents the recommended basics for a secure publish workflow and gives some pointers for further security/tools/etc
this is a _very_ opinionated subject, so do ping me if you have feedback!
Reposted by e18e
`@bluwy/giget-core` is now back to a small 90kB install size thanks to @ayuhito.com's `modern-tar` package! Perf is also slightly faster.
September 30, 2025 at 2:17 PM
`@bluwy/giget-core` is now back to a small 90kB install size thanks to @ayuhito.com's `modern-tar` package! Perf is also slightly faster.
Reposted by e18e
I think I just made Lit SSR 18x faster!
September 26, 2025 at 9:49 PM
I think I just made Lit SSR 18x faster!
Reposted by e18e
we now have an @e18e.dev github action which can diff your dependencies in PRs
things like:
- change in trust level (loss of trusted publisher)
- adding >threshold dependencies
- adding >threshold install size
- bundle size difference (vs main)
- duplicate deps
early days so please give feedback!
things like:
- change in trust level (loss of trusted publisher)
- adding >threshold dependencies
- adding >threshold install size
- bundle size difference (vs main)
- duplicate deps
early days so please give feedback!
GitHub - e18e/action-dependency-diff: A GitHub action to report dependency changes and potential problems
A GitHub action to report dependency changes and potential problems - e18e/action-dependency-diff
github.com
September 26, 2025 at 3:19 PM
we now have an @e18e.dev github action which can diff your dependencies in PRs
things like:
- change in trust level (loss of trusted publisher)
- adding >threshold dependencies
- adding >threshold install size
- bundle size difference (vs main)
- duplicate deps
early days so please give feedback!
things like:
- change in trust level (loss of trusted publisher)
- adding >threshold dependencies
- adding >threshold install size
- bundle size difference (vs main)
- duplicate deps
early days so please give feedback!
Reposted by e18e
Reposted by e18e
Some libraries publish sourcemaps with "sources" pointing back to the original but unpublished src files, making it harder to trace errors as the files aren't there to be inspected.
I wrote a script to identify those!
> npx renoma --filter-rules "renoma/no-missing-sourcemap-sources"
I wrote a script to identify those!
> npx renoma --filter-rules "renoma/no-missing-sourcemap-sources"
August 28, 2025 at 3:21 PM
Some libraries publish sourcemaps with "sources" pointing back to the original but unpublished src files, making it harder to trace errors as the files aren't there to be inspected.
I wrote a script to identify those!
> npx renoma --filter-rules "renoma/no-missing-sourcemap-sources"
I wrote a script to identify those!
> npx renoma --filter-rules "renoma/no-missing-sourcemap-sources"
Reposted by e18e
we're working on a new @e18e.dev CLI to help you setup secure publish workflows
this won't be perfectly secure but its a good start! also recommend not clicking links in emails 👀
this won't be perfectly secure but its a good start! also recommend not clicking links in emails 👀
GitHub - e18e/setup-publish: A tiny CLI to help setting up npm publish workflows.
A tiny CLI to help setting up npm publish workflows. - e18e/setup-publish
github.com
September 23, 2025 at 10:38 AM
we're working on a new @e18e.dev CLI to help you setup secure publish workflows
this won't be perfectly secure but its a good start! also recommend not clicking links in emails 👀
this won't be perfectly secure but its a good start! also recommend not clicking links in emails 👀
Reposted by e18e
svelte-check is now much faster for all Svelte users!!! 33% faster in this real world test case!!!
Thanks @43081j.com for all your efforts to speed up Svelte as part of improving the JS ecosystem via @e18e.dev!
Thanks @43081j.com for all your efforts to speed up Svelte as part of improving the JS ecosystem via @e18e.dev!
the svelte-check profiling lead to this getting merged which reduces a svelte-check run in shadcn-svelte from 12s to 8s!
super happy to have taken part in this :D
super happy to have taken part in this :D
perf: use failed path to invalidate module cache by jasonlyu123 · Pull Request #2853 · sveltejs/language-tools
Alternative to the module cache handling of #2852. Still have to check why the "adding all missing imports" test failed in local.
github.com
September 19, 2025 at 2:13 PM
svelte-check is now much faster for all Svelte users!!! 33% faster in this real world test case!!!
Thanks @43081j.com for all your efforts to speed up Svelte as part of improving the JS ecosystem via @e18e.dev!
Thanks @43081j.com for all your efforts to speed up Svelte as part of improving the JS ecosystem via @e18e.dev!
Reposted by e18e
In tomorrow's episode of This Week in Svelte @benmccann.com will join @paolo.ricciuti.me to talk about the recent NPM supply chain attack and e18e.dev. Watch the stream here: www.youtube.com/live/sTepLQw...
September 11, 2025 at 2:04 PM
In tomorrow's episode of This Week in Svelte @benmccann.com will join @paolo.ricciuti.me to talk about the recent NPM supply chain attack and e18e.dev. Watch the stream here: www.youtube.com/live/sTepLQw...
Reposted by e18e
The next version of Storybook will only have one significant breaking change:
Storybook 10 is ESM-only.
Storybook 10 is ESM-only.
September 9, 2025 at 3:48 PM
The next version of Storybook will only have one significant breaking change:
Storybook 10 is ESM-only.
Storybook 10 is ESM-only.
Reposted by e18e
NPM supports switching from Authenticator App (TOTP) based 2FA to more phishing resistant WebAuthn based 2FA.
Adding a WebAuthn security key and disabling the Authenticator App is a pretty quick process.
For example Apple Touch ID & Windows Hello work! Physical keys work too, but aren't required.
Adding a WebAuthn security key and disabling the Authenticator App is a pretty quick process.
For example Apple Touch ID & Windows Hello work! Physical keys work too, but aren't required.
September 9, 2025 at 12:36 PM
NPM supports switching from Authenticator App (TOTP) based 2FA to more phishing resistant WebAuthn based 2FA.
Adding a WebAuthn security key and disabling the Authenticator App is a pretty quick process.
For example Apple Touch ID & Windows Hello work! Physical keys work too, but aren't required.
Adding a WebAuthn security key and disabling the Authenticator App is a pretty quick process.
For example Apple Touch ID & Windows Hello work! Physical keys work too, but aren't required.
Reposted by e18e
some thoughts about the bloat introduced by edge-case first libraries
The bloat of edge-case first libraries
How building edge-case first led to bloated, overly-granular libraries and what we can do about it
43081j.com
September 9, 2025 at 12:58 PM
some thoughts about the bloat introduced by edge-case first libraries
Reposted by e18e
1. Never manually enter your GitHub or npm password; use a Passkey instead.
2. Enable npm 2FA for both authorization and publishing.
3. Use trusted publishing and remove all npm CI tokens.
4. Only invite maintainers who follow these security practices.
2. Enable npm 2FA for both authorization and publishing.
3. Use trusted publishing and remove all npm CI tokens.
4. Only invite maintainers who follow these security practices.
All the packages affected by this attack had not enabled trusted publishing and provenance.
- The top four packages were all impacted.
- More than half of the top ten packages were affected.
github.com/sxzz/npm-top...
- The top four packages were all impacted.
- More than half of the top ten packages were affected.
github.com/sxzz/npm-top...
September 8, 2025 at 5:01 PM
1. Never manually enter your GitHub or npm password; use a Passkey instead.
2. Enable npm 2FA for both authorization and publishing.
3. Use trusted publishing and remove all npm CI tokens.
4. Only invite maintainers who follow these security practices.
2. Enable npm 2FA for both authorization and publishing.
3. Use trusted publishing and remove all npm CI tokens.
4. Only invite maintainers who follow these security practices.
Reposted by e18e
also fun metrics from today's compromise
73 million downloads a week of 9 lines of code to check if something is an array
ah and its 54KB because a yarn error log was accidentally published in the package 7 years ago
73 million downloads a week of 9 lines of code to check if something is an array
ah and its 54KB because a yarn error log was accidentally published in the package 7 years ago
September 8, 2025 at 7:38 PM
also fun metrics from today's compromise
73 million downloads a week of 9 lines of code to check if something is an array
ah and its 54KB because a yarn error log was accidentally published in the package 7 years ago
73 million downloads a week of 9 lines of code to check if something is an array
ah and its 54KB because a yarn error log was accidentally published in the package 7 years ago