Skip to content

Instantly share code, notes, and snippets.

View RyanZim's full-sized avatar

Ryan Zimmerman RyanZim

249 followers · 5 following
View GitHub Profile
@joepie91
joepie91 / .md
Last active May 28, 2024 02:02
Please don't include minified builds in your npm packages!

Please don't include minified builds in your npm packages!

There's quite a few libraries on npm that not only include the regular build in their package, but also a minified build. While this may seem like a helpful addition to make the package more complete, it actually poses a real problem: it becomes very difficult to audit these libraries.

The problem

You've probably seen incidents like the event-stream incident, where a library was compromised in some way by an attacker. This sort of thing, also known as a "supply-chain attack", is starting to become more and more common - and it's something that developers need to protect themselves against.

One effective way to do so, is by auditing dependencies. Having at least a cursory look through every dependency in your dependency tree, to ensure that there's nothing sketchy in there. While it isn't going to be 100% perfect, it will detect most of these attacks - and no

@Rich-Harris
Rich-Harris / please-include-a-repro.md
Last active May 20, 2024 09:50
Please include a repro

Please include a repro

You probably arrived here because of a curt message in response to an issue you filed on a repo that I contribute to. Sorry about that (particularly if you filed the issue long ago and have been waiting patiently for a response). Let me explain:

I work on a lot of different open source projects. I really do like building software that makes other people's lives easier, but it's crazy time-consuming. One of the most time-consuming parts is responding to issues. A lot of OSS maintainers will bend over backwards to try and understand your specific problem and diagnose it, to the point of setting up new test projects, fussing around with different Node versions, reading the documentation for build tools that we don't use, debugging problems in third party dependencies that appear to be involved in the problem... and so on. I've personally spent hundreds of hours of my free time doing these sorts of things to try and help people out, because I want to be a responsible maintainer and I

@thlorenz
thlorenz / collaborating.md
Last active September 20, 2022 18:20
A quick guideline to contributing to my open source projects

Collaborator Guidelines

Now where you are a collaborator you have certain powers that you should use carefully, so I'm listing some guidelines here.

Contributing

Proposing a Change

Even though as a contributor you could push directly to master, please don't do that. Instead each bug fix or feature

@sorenlouv
sorenlouv / cpu-intensive.js
Last active December 19, 2023 06:00
A CPU intensive operation. Use to test imitate blocking code, test WebWorkers etc.
function mySlowFunction(baseNumber) {
console.time('mySlowFunction');
let result = 0;
for (var i = Math.pow(baseNumber, 7); i >= 0; i--) {
result += Math.atan(i) * Math.tan(i);
};
console.timeEnd('mySlowFunction');
}
mySlowFunction(8); // higher number => more iterations => slower