Olivia
Online
Oleg Drapeza
@ODrapeza
Frontend developer
Joined March 2019
243 Following
72 Followers
655 Posts
Pinned Tweet
SSR applications at scale - https://t.co/fNJojYFgzt
- Static Site Generation
- Rendering at the Edge
- Microservices
- Code optimization
- Component caching
- Request Caching
- Rate Limiting
- Fallback page cache
- Client-side rendering fallback
- Clustering and Workers
We need to bring more attention to the situation we have with npm. Drizzle releases are completely blocked by npm because of "too many published versions" (we have 1397 versions)
There is no way for us to delete old versions, unpublish old versions, or really do anything except contact the support team. Of course, we did that >3 weeks ago, but there has been no action from the npm team at all. Drizzle has >11.5M downloads/week and is used by hundreds of thousands of developers across the globe, yet we're getting no help from npm
It's not like only 10 people are blocked. There are many teams and developers waiting for us to ship important features, improvements, and fixes (Imagine receiving a security report in this situation and having zero ways to release a patch). Npm support keeps sending bot replies saying they need more time to handle the case
I'm begging someone to help us find anyone from the npm team who can help us delete old versions that are not used by anyone anymore, or at least give us a way to ship releases again
ps why is having 1397 releases a problem at all?
https://t.co/0DyFIXJueI
@rickyfm @jantimon @jherr I get it, so Intersection Observer is not necessarily because of smart selective hydration, and everything other from this list is achievable with React 19 API 's
May I ask you about possible loadable replacement, what we can do to combine Suspense+use+Lazy, but preload CSS?
Who to follow
imgproxy 
@imgproxy_net
imgproxy is the new standard for image optimization
AI-powered, fast and secure image processing tool for developers
Код Желтый
@kod_zheltyi
Рассказываем про технологии и инженерные практики. Делимся подкастами, анонсами ИТ-мероприятий и исследованиями.
Marchenko Andrey
@Tom910ru
@rickyfm @jacobrask Big part of the problem - this heavy Footer component loading/parsing/compilation time (and also React tree construction aks createElelement calls as I understand how it works)
@rickyfm @jacobrask Footer is a perfect example, because links list often dynamic and footer can have A/B test and experiments.
Delayed hydration with lazy footer JS import (and loadable for SSR) can give a huge performance win.
Only problem is that CSS can't be delayed.
Also built reactive-framework-test-suite — 180 test cases for reactive signal semantics across 13 libraries. PRs welcome to add more frameworks or test cases.
https://t.co/fPiL6wg2Dr
@matteocollina Thanks for the insightful thread!
I wish only we could find all of this information in official node.js documentation 🙏
Everyone setting --max-old-space-size in Kubernetes is doing it wrong.
Here's why your Node.js app keeps getting OOMKilled despite your "careful" heap tuning 🧵
🚨 How the TanStack npm attack actually happened:
1. Attacker opened a normal-looking pull request (#7378) on the TanStack repo.
2. GitHub automatically ran CI tests on that PR.
3. Code inside the PR stole the workflow's GitHub Actions Cache write token during the test run.
4. The attacker used that token to plant poisoned files in the shared build cache. The PR could be closed afterwards. The poisoned cache stays.
5. The official release workflow later pulled from the cache, baked the malicious files into the build, and signed and published 84 malicious package versions to npm.
SECURITY ADVISORY — TanStack npm packages
A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package.
Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down.
Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys.
If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised:
• Rotate cloud, GitHub, and SSH credentials immediately
• Audit cloud audit logs for the last several hours
• Pin to a prior known-good version and reinstall from a clean lockfile
Detection — the malicious manifest contains:
"optionalDependencies": {
"@tanstack/setup": "github:tanstack/router#79ac49ee..."
}
Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root).
Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level.
Full technical breakdown, complete package and version list, and rolling status updates:
https://t.co/Zy8qG7PA9f
Credit to the security researcher for responsible disclosure.
@platformatic @matteocollina Hi! One question prevent me today from sleep - how with Watt, or in general with worker_threads, share any in-memory caches between, like lru-cache?
Just can't get how to effectively solve concurrency and serialization costs...
@woodywoodsta @matteocollina Yep, especially with the streaming API, example - https://t.co/4UpfumXcrl
@ryanflorence @matteocollina SSR in meta-frameworks is mostly React rendering API and choosen http server request handling, this is baseline in React ecosystem when we're measuring CPU working time.
Anything other - is framework-specific features and some unnecessary work.
To do less - always a good job)
@matteocollina @platformatic Remember this SSR benchmark and how Marko is outclassed everybody 😅
https://t.co/Bgtu6tt2cz
@platformatic Full benchmark data, flamegraphs, and reproducible infrastructure are open source.
You can run these benchmarks yourself on your own AWS account.
Blog post: https://t.co/m9xfWPjJVf
.@nodejs has always been about I/O. Streams, buffers, sockets, files. But there's a gap that has bugged me for years: you can't virtualize the filesystem.
You can't import a module that only exists in memory. You can't bundle assets into a Single Executable without patching half the standard library.
That changes now 👇
@sapphi_red https://t.co/MzzHUIpnzo
we've just released Nuxt 4.4! it brings:
🏭 custom useFetch/useAsyncData factories
🗺️ vue-router v5
💪 typed layout props
🗣️ `useAnnouncer` for screen readers
⚡ 28x faster route generation with `unrouting`
🍫 smarter payload handling for cached routes
📊 build profiling
👉 read more at https://t.co/bKQgtOFbp5
Most Popular Users
Elon Musk
@elonmusk
240.5M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.3M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.5M followers
Taylor Swift
@taylorswift13
81.3M followers
Lady Gaga
@ladygaga
72.9M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.7M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.6M followers