Olivia
Online
David Sherret
@DavidSherret
Software developer. Prev @deno_land. Working on ts-morph, dprint, and more.
Toronto, Canada
Joined January 2009
434 Following
1.3K Followers
1K Posts
@carllerche @rough__sea Yeah, the builds were already published as github action assets for use in the test jobs.
@darcy It turned out to be an issue with the git executable in my case. It was just taking a long time and I wasn't waiting long enough.
Reporting the same security issue to pnpm vs bun:
pnpm acknowledged it quickly, shipped a fix, backported it, and published an advisory.
bun never acknowledged, silently fixed this and another issue I reported, has not published advisories.
One takes security more seriously.
@darcy Yeah, I’ll look into it tomorrow when I’m back at my computer. I tried the latest version I think, but maybe I was accidentally using an old version.
Who to follow
Dominic Gannaway 
@trueadm
I'm a software engineer @attio. Author of @ripple_ts, @lexicaljs and @inferno_js. Former @reactjs core engineer, and core maintainer of @sveltejs at @vercel.
pnpm
@pnpmjs
Fast, disk space efficient package manager
Sponsor us:
GH: https://t.co/cS3OP24kZH
OC: https://t.co/zyVORTsELN
We don't endorse any memecoins!
Steven ⬢
@styfle
🐏 Software Shepherd @vercel
💚 Contributor to @nextjs @reactjs @nodejs @tc39
🤵 Husband & Father
✝️ Jesus lover
@darcy The issue was caused by an optimization to use https://t.co/kQG61HO1fW for github git dependencies (and something similar for gitlab).
@darcy I think I tried out all the pkg managers I could think of at the time. Right now, vlt spins indefinitely resolving deps for me. Advisory is here: https://t.co/Kz1GQuCjg7
For bun, there was a second more critical issue where it was not storing checksums for any https dependency.
@zack_overflow Long term yes, short term probably not after a ton of churn. They did say "for a year" and that seems sensible.
@thdxr they’re not issuing CVEs for shit like this man, it’s negligent
@loosenedspirit @thdxr I don't know how anyone trusts it and it's been this way for a while. Obviously lots of good perf ideas in Bun, but I remember in Deno we looked at adopting a few of them and sometimes it was a correctness or probably a security issue.
@StartupSpells @boshen_c @JoviDeC Not a good comparison.
> And majority of the world hates change.
Changing the underlying registry and nothing else drastically changes the semantics for users—`pnpm install <package-name>` no longer means what it's meant in the past.
@StartupSpells @boshen_c @JoviDeC Plus, saying "I want this package from jsr and not npm" by using `jsr:` is not that hard for users. People aren't that stupid.
@StartupSpells @boshen_c @JoviDeC Existing clients using a new registry by default sounds terrible and will make the security situation worse because different packages will be installed based on what registry is configured. In existing tools, integrating a new registry should not introduce ambiguity.
@dpc_pw @IntCyberDigest So it's pull_request_target along with checking out the PR branch. That caused it to run on the main branch with secrets and the main branch workflow file did a checkout of the PR branch https://t.co/lhQoFkMs7l
@dpc_pw @IntCyberDigest So it's pull_request_target along with checking out the PR branch. That caused it to run on the main branch with secrets and the main branch workflow file did a checkout of the PR branch https://t.co/lhQoFkMs7l
@dpc_pw @IntCyberDigest pull_request_target has access to the github_token (https://t.co/G625wnUiEl). Looks like they’ve been fixing it https://t.co/LcMaT1L0P3
@trq212 I don't agree with some of the points because Markdown supports HTML tags.
@ThePrimeagen @slimjimmy @TheRastrian I had 66, but I sold it before the hack to buy a case of beer.
Also, the cross-platform shell has been extracted to a dedicated JSR package. https://t.co/KQKkoKDqpp
The latest version of dax (https://t.co/FN47KnnbCf) can show a scrolling view of the last N lines when executing a command. This is especially useful when running multiple commands in parallel.
It works well with progress bars, selection, and other features that dax provides.
Last Seen Users on Sotwe
SUPER INDO
Seen from Malaysia
Yia ekips
Seen from Turkey
Ichkoro(ケモ屁好きの熊狸)
Seen from United States
kiraz 🍒🍒🍒
Seen from France
نياك القحاب.و الطاطات
Seen from Algeria
ㅇㅇ
Seen from Korea
Amatör Porno Video 🔞
Seen from Turkey
🔞Christy • Y FREE OF …!!
Seen from Turkey
aktif
Seen from Turkey
แค่ผู้ชายเอากัน ลับๆ หมู่
Seen from Thailand
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.3M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers