Jordan Harband
@jordan.har.band
https://github.com/ljharb
software engineer/nerd/teacher/will try anything once; surgeon with git rebase. @TC39 ex @Coinbase/@Airbnb/@Twitter/@MobBase. Fav punctuation ⸮, scent petrichor
software engineer/nerd/teacher/will try anything once; surgeon with git rebase. @TC39 ex @Coinbase/@Airbnb/@Twitter/@MobBase. Fav punctuation ⸮, scent petrichor
just an amazing joke and reference right there 👏
November 11, 2025 at 1:58 AM
just an amazing joke and reference right there 👏
Reposted by Jordan Harband
My first advice to junior contributors is to STOP using vibe coding for PRs. OSS is always about people more than about code. We don't need more code generated by LLM, we need more people who care.
November 10, 2025 at 11:47 AM
My first advice to junior contributors is to STOP using vibe coding for PRs. OSS is always about people more than about code. We don't need more code generated by LLM, we need more people who care.
so they can sneak up on people better??
November 9, 2025 at 10:09 AM
so they can sneak up on people better??
totally agree! most test frameworks/runners don’t tho :-( and jsdom doesn’t count
November 9, 2025 at 9:58 AM
totally agree! most test frameworks/runners don’t tho :-( and jsdom doesn’t count
attackers have payloads ready to go. No tokens are short-lived enough to actually matter afaict.
October 18, 2025 at 7:54 PM
attackers have payloads ready to go. No tokens are short-lived enough to actually matter afaict.
there is no indication I’ve seen that the life of any of the tokens listed was relevant in any of the incidents.
October 18, 2025 at 7:43 PM
there is no indication I’ve seen that the life of any of the tokens listed was relevant in any of the incidents.
this is all in an npm context, and an artifact for npm is the tarball produced by npm pack.
October 17, 2025 at 7:58 PM
this is all in an npm context, and an artifact for npm is the tarball produced by npm pack.
have it make an artifact, and download and publish that locally
October 17, 2025 at 7:50 PM
have it make an artifact, and download and publish that locally
normal 2FA with local publish is the closest tho :-)
October 17, 2025 at 4:44 PM
normal 2FA with local publish is the closest tho :-)
wow, i would have thought it was closer to 90%
October 14, 2025 at 2:26 PM
wow, i would have thought it was closer to 90%
that is a fair way to reframe it :-)
October 14, 2025 at 2:09 PM
that is a fair way to reframe it :-)
setting aside your take, I’d assume braille would be the blind analogy to eye reading?
October 14, 2025 at 2:06 PM
setting aside your take, I’d assume braille would be the blind analogy to eye reading?