Olivia
Online
Raj Siva-Rajah
@binaryfire
Co-creator of @HypervelPHP. DevOps engineer. Game developer. Singer in @thesunpilots.
Joined July 2011
628 Following
128 Followers
1.5K Posts
@KevinVanCott Now that v9 officially supports React Compiler, are there plans to fix RC support in TanStack Virtual too? https://t.co/97PWz1HdYu
@norbert_tech @azjezz Nice. What kind of perf difference are we talking? More than 2x? I’m thinking of switching our monorepo over. phpstan and cs-fixer are great but painfully slow on large repos. Even when using multiple processes.
This x 1000. For web apps AND websites. Tricky animations and weird layouts just hurt readability and UX. https://t.co/VB9i5db884
Unpopular opinion: I don’t care if most web apps look the same. All I care about is whether it does what it says and does it fast.
Make it fast. Make the UX obvious. Put the right things in the right place and little to no animations.
I understand it’s not the same but I wouldn’t call it FUD considering what happened with intercom-php. The malicious code was executed as a plugin, not a script. The plugin confirmation prompt isn’t real security - I don’t think many users are going to manually review every package that wants to install one. And the prompt does nothing for packages that have malicious code in the package itself.
The takeover of GH accounts via social engineering is a real vector that’s being exploited regularly.
But from what I understand a min release age flag isn’t far away? Either way, I think blanket `composer update` is legitimately risky right now. Manually updating each package after verifying it’s safe, or waiting for a min age flag that can’t be bypasses, is a lot safer. IMHO anyway.
PHP is wide open to Shai-Hulud supply chain attacks atm. Eg. a malicious version of `intercom/intercom-php` was published on @packagist on April 30th. I'd advise holding off on running `composer update` until Composer ships their registry-backed minimum release age feature.
@packagist See: https://t.co/IeoTmzmjjM
Everyone should be setting their `minimumReleaseAge` (PNPM) / `min-release-age` (NPM) to at least 1 week nowadays. https://t.co/wwi4HijV7B
SECURITY ADVISORY — TanStack npm packages
A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package.
Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down.
Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys.
If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised:
• Rotate cloud, GitHub, and SSH credentials immediately
• Audit cloud audit logs for the last several hours
• Pin to a prior known-good version and reinstall from a clean lockfile
Detection — the malicious manifest contains:
"optionalDependencies": {
"@tanstack/setup": "github:tanstack/router#79ac49ee..."
}
Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root).
Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level.
Full technical breakdown, complete package and version list, and rolling status updates:
https://t.co/Zy8qG7PA9f
Credit to the security researcher for responsible disclosure.
No server components in Vue was intentional
@CodeWithDennis Technically it’s not wrong I guess 🤣
Copilot just gave me this AI-generated commit message.
@bunjavascript Is it using vips under the hood?
These performance numbers are🔥 Building an ORM with zero overhead (more or less) is an impressive achievement. Nice work @DrizzleORM
https://t.co/DDYuZyYUmy
Drizzle v1.0.0-rc.1 is out 🚀
▪︎ Effect v4 native support
▪︎ JIT row mappers to reduce ORM overhead to ~0
▪︎ Reworked casing API (breaking change)
▪︎ Drizzle for LLM agents (preview)
Drizzle is now as fast as using raw driver and mapping(or not mapping) results by hand 🙃
tired of this misinformation so we made a video on the truth behind the anthropic vs opencode drama
TSRX looks really nice and supports multiple JS frameworks. I hope this becomes a thing. https://t.co/onlYDiYTfN
Happy to announce TSRX. Think it as the spiritual successor to JSX.
We extracted it from Ripple, and made it framework agnostic. It can compile to React, Ripple and Solid, other frameworks to come soon.
It's a TypeScript superset language, with a parser, compiler and a selection of plugins for editors + Prettier + ESlint, etc
It's early alpha but we thought people might be interested in it. 🧵
@benjamincrozat I'm so sorry man
@BohuslavSimek This is a good paper on HipHop: https://t.co/agTQYz3kMg
It was definitely a standalone reimplementation that aimed for compatibility with Zend, not a Zend wrapper.
The Swoole team are working on an AOT (Ahead-of-Time) compiler for PHP, i.e. transpiling PHP to C++ then compiling to NATIVE binaries🤯
These guys are mad scientists in the best sense of the word🔥
https://t.co/77Gc7VbcCK
Back in January, I actually asked the author about the underlying architecture, and I sketched out the flowchart below based on my understanding (no guarantees on its accuracy, though!).
Really looking forward to seeing it mature and get released soon!
@BohuslavSimek Are you sure? I thought HipHop tried to stay Zend compatible but wasn't actually using Zend. PHP-X is a Zend wrapper. Either way, just have to wait and see I guess. I know as much as you do at this stage.
https://t.co/gFQYIDliny
Last Seen Users on Sotwe
Sonam Sk
Seen from Singapore
OROSPU PASİF (İBNE)
Seen from Turkey
Eşini paylaşanlar
Seen from Turkey
Real Figueroa Street
Seen from United Arab Emirates
Rawan
Seen from Turkey
ArtisticJohn(57k)
gunwoo6974
Seen from Australia
Enes Boo
Seen from Turkey
Hombres Gay
Seen from Spain
Barkat Pathan
Seen from Netherlands
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers