惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
The Blog of Author Tim Ferriss
S
Securelist
D
Docker
The Register - Security
The Register - Security
GbyAI
GbyAI
Recorded Future
Recorded Future
Engineering at Meta
Engineering at Meta
Stack Overflow Blog
Stack Overflow Blog
云风的 BLOG
云风的 BLOG
P
Proofpoint News Feed
罗磊的独立博客
博客园 - 【当耐特】
F
Full Disclosure
WordPress大学
WordPress大学
腾讯CDC
小众软件
小众软件
大猫的无限游戏
大猫的无限游戏
D
DataBreaches.Net
SecWiki News
SecWiki News
L
Lohrmann on Cybersecurity
I
InfoQ
MyScale Blog
MyScale Blog
量子位
Cyberwarzone
Cyberwarzone
博客园 - 三生石上(FineUI控件)
The Hacker News
The Hacker News
F
Fortinet All Blogs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Jina AI
Jina AI
博客园_首页
H
Help Net Security
K
Kaspersky official blog
酷 壳 – CoolShell
酷 壳 – CoolShell
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Webroot Blog
Webroot Blog
Blog — PlanetScale
Blog — PlanetScale
V
Vulnerabilities – Threatpost
Y
Y Combinator Blog
The Cloudflare Blog
P
Proofpoint News Feed
V
Visual Studio Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tailwind CSS Blog
爱范儿
爱范儿
P
Privacy International News Feed
Security Archives - TechRepublic
Security Archives - TechRepublic
The GitHub Blog
The GitHub Blog
C
Cybersecurity and Infrastructure Security Agency CISA
B
Blog RSS Feed

JavaScript Weekly

Babel 8.0, Vite 8.1, and TypeScript 7.0 RC JavaScript Weekly Issue 790: June 16, 2026 JavaScript Weekly Issue 789: June 9, 2026 JavaScript Weekly Issue 788: June 2, 2026 JavaScript Weekly Issue 787: May 26, 2026 JavaScript Weekly Issue 785: May 12, 2026 JavaScript Weekly Issue 784: May 5, 2026 JavaScript Weekly Issue 783: April 28, 2026 JavaScript Weekly Issue 782: April 21, 2026 JavaScript Weekly Issue 781: April 14, 2026 JavaScript Weekly Issue 780: April 7, 2026 JavaScript Weekly Issue 779: March 31, 2026 JavaScript Weekly Issue 778: March 24, 2026 JavaScript Weekly Issue 777: March 17, 2026
JavaScript Weekly Issue 786: May 19, 2026
2026-05-19 · via JavaScript Weekly

RFC: It’s Time for npm to Make Install Scripts Opt-In — npm is the only major package manager that runs dependency install scripts (e.g. postinstall) by default, and they’ve become too much of a security weakness, says Jamie, who works for GitHub (maintainers of npm). This RFC features further discussion of the idea and the tradeoffs involved.

Jamie Magee

💡 npq is a tool that makes npm installs safer. It stands in front of npm and audits packages before installing them, including the presence of pre/post install scripts.

How Depot Built a CI Orchestrator on AWS Lambda — Long-running CI orchestration without long-lived servers. Depot rebuilt their CI engine using AWS Lambda durable functions — stateful, callback-driven, and crash-recoverable. A deep dive into the run-workflow-job hierarchy powering Depot CI.

Depot

IN BRIEF:

RELEASES:

🤖 Mark Erikson's Agent Setup, Workflow, and Tools — Mark, well known for maintaining Redux and creating Redux Toolkit, goes deep into his daily development workflow, including his use of OpenCode (an open source JavaScript-powered coding agent), how he manages his knowledge base, tasks, and more.

Mark Erikson

📄 Hardening TanStack After the npm Compromise – What TanStack is doing to improve supply chain security after an attacker published malicious versions of TanStack packages last week. The TanStack Team

📺 The TanStack Start Story: Tanner Linsley on Competing with Next.js – A candid 40-minute interview with TanStack’s founder. Nuno Maduro

📄 Cross-Document View Transitions: The Gotchas Nobody Mentions Durgesh Rajubhai Pawar (CSS Tricks)

💡 Schedule-X is another great option in this space and v4.6 just landed.

Alien Signals: 'The Lightest Signal Library' — Boils the best of Vue, Preact and Svelte’s approaches down into the lightest signal library going. A push-pull reactivity core so well-tuned it got merged back into Vue.

Johnson Chu

HyperFormula: The headless spreadsheet engine with 400+ Excel-compatible formulas. Run complex calculations at high speed.


Flaky tests slowing down dev? Meticulous gives engineers confidence to ship faster by autonomously testing every edge case of your web app.


⚙️ Middleware, but for AI agents. Compose Claude Code, Codex & Gemini as one TypeScript harness — 100+ agent recipes. agentfield.ai/github.

📢  Elsewhere in the ecosystem