sukka
@skk.moe
zh-CN & en-US / Gen Z / http://git.io/sukkaw / http://skk.moe / https://blog.skk.moe / Vibe Code Cleanup Specialist / Senior FE dev / Contributing to OSS and creating PRs for fun / All opinions are my own, literally all of them.
Pinned
I have spent the past months developing a plugin for @nextjs.org and App Router. It is an absolute nightmare.
The image contains all the bullet points. But if you are interested, here is the link to the article containing the full story behind the struggle: github.com/SukkaW/style...
The image contains all the bullet points. But if you are interested, here is the link to the article containing the full story behind the struggle: github.com/SukkaW/style...
Why is Safari the modern IE? This is discovered by @rschristian.dev , and here I am quoting again:
> for us to continue to develop WebKit we now need to use Firefox or another non-WebKit browser to land pull requests.
bugs.webkit.org/show_bug.cgi...
BTW, `requestIdleCallback` is still missing.
> for us to continue to develop WebKit we now need to use Firefox or another non-WebKit browser to land pull requests.
bugs.webkit.org/show_bug.cgi...
BTW, `requestIdleCallback` is still missing.
164193 – Implement requestIdleCallback
bugs.webkit.org
October 28, 2025 at 8:16 PM
Why is Safari the modern IE? This is discovered by @rschristian.dev , and here I am quoting again:
> for us to continue to develop WebKit we now need to use Firefox or another non-WebKit browser to land pull requests.
bugs.webkit.org/show_bug.cgi...
BTW, `requestIdleCallback` is still missing.
> for us to continue to develop WebKit we now need to use Firefox or another non-WebKit browser to land pull requests.
bugs.webkit.org/show_bug.cgi...
BTW, `requestIdleCallback` is still missing.
I have spent the past months developing a plugin for @nextjs.org and App Router. It is an absolute nightmare.
The image contains all the bullet points. But if you are interested, here is the link to the article containing the full story behind the struggle: github.com/SukkaW/style...
The image contains all the bullet points. But if you are interested, here is the link to the article containing the full story behind the struggle: github.com/SukkaW/style...
October 12, 2025 at 5:51 PM
I have spent the past months developing a plugin for @nextjs.org and App Router. It is an absolute nightmare.
The image contains all the bullet points. But if you are interested, here is the link to the article containing the full story behind the struggle: github.com/SukkaW/style...
The image contains all the bullet points. But if you are interested, here is the link to the article containing the full story behind the struggle: github.com/SukkaW/style...
That's only 3 weeks. Look at my dead simple PR toward @nextjs.org , took them 3 months to merge: github.com/vercel/next....
October 10, 2025 at 5:58 PM
That's only 3 weeks. Look at my dead simple PR toward @nextjs.org , took them 3 months to merge: github.com/vercel/next....
#TodayMyPullRequest
Make @fastify.dev's etag 70% to 110% faster on medium (2 KiB) to large (2 MiB) inputs:
github.com/fastify/fast...
Make @fastify.dev's etag 70% to 110% faster on medium (2 KiB) to large (2 MiB) inputs:
github.com/fastify/fast...
perf(fnv1a): adopt a way faster fnv1a impl (up to 110% faster on large input) by SukkaW · Pull Request #152 · fastify/fastify-etag
Checklist
run npm run test && npm run benchmark --if-present
tests and/or benchmarks are included
documentation is changed or added
commit message and code follows the Developer's ...
github.com
October 8, 2025 at 7:05 PM
#TodayMyPullRequest
Make @fastify.dev's etag 70% to 110% faster on medium (2 KiB) to large (2 MiB) inputs:
github.com/fastify/fast...
Make @fastify.dev's etag 70% to 110% faster on medium (2 KiB) to large (2 MiB) inputs:
github.com/fastify/fast...
Why is @github.com and @npmjs.bsky.social 's the trusted publisher feature stupid? The simplest thing: how do I set up the trusted publisher if I am creating a brand new package?
In the meantime, @pypi.org allows you to set up the trusted publisher before/while creating a new package.
In the meantime, @pypi.org allows you to set up the trusted publisher before/while creating a new package.
September 27, 2025 at 8:00 PM
Why is @github.com and @npmjs.bsky.social 's the trusted publisher feature stupid? The simplest thing: how do I set up the trusted publisher if I am creating a brand new package?
In the meantime, @pypi.org allows you to set up the trusted publisher before/while creating a new package.
In the meantime, @pypi.org allows you to set up the trusted publisher before/while creating a new package.
Reposted by sukka
Announcing eslint-react.xyz v2.0.0: Now ESM-Only
eslint-react.xyz/docs/release...
eslint-react.xyz/docs/release...
Announcing v2.0.0 | ESLint React
A major release embracing modern JavaScript standards with powerful new rules and DX improvements
eslint-react.xyz
September 27, 2025 at 7:02 PM
Announcing eslint-react.xyz v2.0.0: Now ESM-Only
eslint-react.xyz/docs/release...
eslint-react.xyz/docs/release...
Once again, my proposed github.com/pnpm/pnpm/is... would protect the community against such attacks. Yet @pnpm.io refuses to implement this.
August 28, 2025 at 6:29 PM
Once again, my proposed github.com/pnpm/pnpm/is... would protect the community against such attacks. Yet @pnpm.io refuses to implement this.
Multi-threaded linting creates extra challenges (and overheads) for many popular ESLint plugins: typescript-eslint, eslint-plugin-import(-x), etc.
See github.com/un-ts/eslint... as an example.
See github.com/un-ts/eslint... as an example.
August 16, 2025 at 3:29 PM
Multi-threaded linting creates extra challenges (and overheads) for many popular ESLint plugins: typescript-eslint, eslint-plugin-import(-x), etc.
See github.com/un-ts/eslint... as an example.
See github.com/un-ts/eslint... as an example.
#TIL It finally happens! @MacHomebrew's Parallel downloading feature has already landed and can be enabled right now with the environment variable "HOMEBREW_DOWNLOAD_CONCURRENCY={int}". This will be enabled by default in the future.
See GitHub Issue github.com/Homebrew/bre... for more.
See GitHub Issue github.com/Homebrew/bre... for more.
Tracking Issue: Concurrent Downloads · Issue #18278 · Homebrew/brew
Concurrent Downloads Implement MVP of concurrent downloads for brew fetch. Implemented in #17756. Improve output logic. For simplicity, the output currently only uses at most terminal height - 1 li...
github.com
August 16, 2025 at 1:14 PM
#TIL It finally happens! @MacHomebrew's Parallel downloading feature has already landed and can be enabled right now with the environment variable "HOMEBREW_DOWNLOAD_CONCURRENCY={int}". This will be enabled by default in the future.
See GitHub Issue github.com/Homebrew/bre... for more.
See GitHub Issue github.com/Homebrew/bre... for more.
Reposted by sukka
在 Fediverse 分身运行约三年半后,我台在 Bluesky 上的分身开始测试运行。各位 Bluesky 社交平台的用户将可以在平台上直接订阅本台更新。
我们的帐号是: @thecascading.bsky.social
欢迎反馈遇到的问题及对频道的建议。
#today
我们的帐号是: @thecascading.bsky.social
欢迎反馈遇到的问题及对频道的建议。
#today
August 8, 2025 at 3:20 PM
在 Fediverse 分身运行约三年半后,我台在 Bluesky 上的分身开始测试运行。各位 Bluesky 社交平台的用户将可以在平台上直接订阅本台更新。
我们的帐号是: @thecascading.bsky.social
欢迎反馈遇到的问题及对频道的建议。
#today
我们的帐号是: @thecascading.bsky.social
欢迎反馈遇到的问题及对频道的建议。
#today
March 15, 2025 at 3:49 PM
The notorious copypastor Tencent Cloud grabs all articles from my blog and posts them on their website without my permission, yet they want me to promote their tools in my blog.
Go to hell, Tencent and Tencent Cloud.
Go to hell, Tencent and Tencent Cloud.
March 13, 2025 at 7:32 AM
The notorious copypastor Tencent Cloud grabs all articles from my blog and posts them on their website without my permission, yet they want me to promote their tools in my blog.
Go to hell, Tencent and Tencent Cloud.
Go to hell, Tencent and Tencent Cloud.
[zh-Hand] blog.skk.moe/post/proxmox...
为 Proxmox VE 定制 Debian Cloud 系统镜像与创建虚拟机模板 | Sukka's Blog
最近在「家里云」里搞了个 Proxmox VE 8.3,打算在上面跑几个 VM 玩玩。而作为一名忠实的 Debian 系用户 我才不会告诉你我日用的 Linux 系统是搭载 GNOME 的 Fedora 的,所有的 VM 自然要用 Debian 了。借着制作自己的定制化 Debian Cloud Image 的机会,顺便写一篇文章出来和大家分享一下,并纠正、辟谣一下网上现有的有关教程的一些错误。
blog.skk.moe
February 22, 2025 at 1:40 PM
[zh-Hand] blog.skk.moe/post/proxmox...
It still shocks me that no one has #RIIR the homebrew yet. The slowest package/dependency manager/tool these days (no parallel casks downloading, no multi-threads downloading, and no parallel attestation verification).
February 13, 2025 at 3:19 PM
It still shocks me that no one has #RIIR the homebrew yet. The slowest package/dependency manager/tool these days (no parallel casks downloading, no multi-threads downloading, and no parallel attestation verification).
So @pnpm.io's onlyBuiltDependencies feature is flawed by default: you don't re-approve to update dependencies.
Let's say you use @rspack.dev and add "rspack/core" to the list, what happens if rspack is compromised and releases a malicious version? It is still "trusted" by pnpm.
Let's say you use @rspack.dev and add "rspack/core" to the list, what happens if rspack is compromised and releases a malicious version? It is still "trusted" by pnpm.
February 8, 2025 at 9:47 AM
So @pnpm.io's onlyBuiltDependencies feature is flawed by default: you don't re-approve to update dependencies.
Let's say you use @rspack.dev and add "rspack/core" to the list, what happens if rspack is compromised and releases a malicious version? It is still "trusted" by pnpm.
Let's say you use @rspack.dev and add "rspack/core" to the list, what happens if rspack is compromised and releases a malicious version? It is still "trusted" by pnpm.
Reposted by sukka
Oracle justified its JavaScript trademark by claiming Node.js — now it wants that ignored
#FreeJavaScript
deno.com/blog/deno-v-...
#FreeJavaScript
deno.com/blog/deno-v-...
Oracle justified its JavaScript trademark with Node.js—now it wants that ignored
Oracle filed a motion to dismiss in response to Deno’s petition to cancel its “JavaScript” trademark. But instead of addressing the real issue—that JavaScript is an open standard with multiple indepen...
deno.com
February 4, 2025 at 10:14 PM
Oracle justified its JavaScript trademark by claiming Node.js — now it wants that ignored
#FreeJavaScript
deno.com/blog/deno-v-...
#FreeJavaScript
deno.com/blog/deno-v-...
It still shocks me that JavaScript runtime nowadays still does not optimize array destructure access.
This means `let [v, setV] = useState('')` is way slower than `let t = useState['']; let b = t[0]; let setV = t[1]`).
So it's React Compiler's turn: github.com/reactwg/reac...
This means `let [v, setV] = useState('')` is way slower than `let t = useState['']; let b = t[0]; let setV = t[1]`).
So it's React Compiler's turn: github.com/reactwg/reac...
Optimization `useState` and `useReducer` returned tuple · reactwg react-compiler · Discussion #54
v8 (and many other javascript runtimes) never optimizes the array destructure access as fast as array index access. So code block A is always faster than code block B: // A const tuple = useState('...
github.com
January 21, 2025 at 10:09 AM
It still shocks me that JavaScript runtime nowadays still does not optimize array destructure access.
This means `let [v, setV] = useState('')` is way slower than `let t = useState['']; let b = t[0]; let setV = t[1]`).
So it's React Compiler's turn: github.com/reactwg/reac...
This means `let [v, setV] = useState('')` is way slower than `let t = useState['']; let b = t[0]; let setV = t[1]`).
So it's React Compiler's turn: github.com/reactwg/reac...
I must admit, GitHub Actions's new hosted arm64 runner (currently in public beta) is FAST, about 100% faster than the amd64 ones. Though there are some issues, one of them is EACCES: github.com/actions/part...
[ubuntu-24.04-arm] Tons of EACCES · Issue #29 · actions/partner-runner-images
There is a ton of EACCES when CI is attempting to run a command. The shell appears to be searching in $PATH but failed to access many files. Here is some example logs: actions/checkout@v4 Unexpecte...
github.com
January 17, 2025 at 1:34 PM
I must admit, GitHub Actions's new hosted arm64 runner (currently in public beta) is FAST, about 100% faster than the amd64 ones. Though there are some issues, one of them is EACCES: github.com/actions/part...
This is my #GitHubUnwrapped! Get your own: githubunwrapped.com
December 31, 2024 at 10:49 AM
This is my #GitHubUnwrapped! Get your own: githubunwrapped.com
What we could learn from the recent token theft attack against
@rspack.dev ? Package managers should implement a protection mechanism to prevent an already attested package from upgrading to an unattested version.
@rspack.dev ? Package managers should implement a protection mechanism to prevent an already attested package from upgrading to an unattested version.
[Notice]: Version 1.1.7 of @rspack/core and @rspack/cli has security risks. Please use version 1.1.8 or v1.1.6 instead · Issue #8767 · web-infra-dev/rspack
Notice from Rspack team Rspack have encountered an attack, @rspack/core and @rspack/cli 1.1.7 are vulnerable versions released by the attacker, and contain malicious scripts. Rspack team have taken...
github.com
December 19, 2024 at 4:06 PM
What we could learn from the recent token theft attack against
@rspack.dev ? Package managers should implement a protection mechanism to prevent an already attested package from upgrading to an unattested version.
@rspack.dev ? Package managers should implement a protection mechanism to prevent an already attested package from upgrading to an unattested version.
Reposted by sukka
Just landed a change with some help from @skk.moe to save 112 TB of traffic to the npm registry by switching to the amazing tinyglobby library from @superchupu.dev. I noticed this opportunity using an awesome tool that @fuzzyma.bsky.social developed and shared with the @e18e.dev community!
December 15, 2024 at 5:22 PM
Just landed a change with some help from @skk.moe to save 112 TB of traffic to the npm registry by switching to the amazing tinyglobby library from @superchupu.dev. I noticed this opportunity using an awesome tool that @fuzzyma.bsky.social developed and shared with the @e18e.dev community!
Go 1.23 enables the experimental "Post-quantum cryptography" X25519Kyber768Draft00 in `crypto/tls` by default, resulting in the TLS Client Hello sent surge from the typical 252 bytes to 1476 bytes. For improperly configured firewalls or load balancers, this can lead to client TLS handshakes failing.
November 30, 2024 at 3:56 PM
Go 1.23 enables the experimental "Post-quantum cryptography" X25519Kyber768Draft00 in `crypto/tls` by default, resulting in the TLS Client Hello sent surge from the typical 252 bytes to 1476 bytes. For improperly configured firewalls or load balancers, this can lead to client TLS handshakes failing.