惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
Microsoft Security Blog
Microsoft Security Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
V
Visual Studio Blog
宝玉的分享
宝玉的分享
IT之家
IT之家
人人都是产品经理
人人都是产品经理
T
The Blog of Author Tim Ferriss
I
InfoQ
B
Blog RSS Feed
T
Threatpost
博客园_首页
M
MIT News - Artificial intelligence
Spread Privacy
Spread Privacy
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Know Your Adversary
Know Your Adversary
U
Unit 42
Engineering at Meta
Engineering at Meta
C
Cyber Attacks, Cyber Crime and Cyber Security
月光博客
月光博客
Scott Helme
Scott Helme
T
Tor Project blog
有赞技术团队
有赞技术团队
AWS News Blog
AWS News Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Last Week in AI
Last Week in AI
S
Schneier on Security
Vercel News
Vercel News
博客园 - Franky
C
Cybersecurity and Infrastructure Security Agency CISA
L
LINUX DO - 热门话题
NISL@THU
NISL@THU
L
LangChain Blog
爱范儿
爱范儿
Google DeepMind News
Google DeepMind News
The GitHub Blog
The GitHub Blog
雷峰网
雷峰网
Latest news
Latest news
C
CXSECURITY Database RSS Feed - CXSecurity.com
Hugging Face - Blog
Hugging Face - Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
www.infosecurity-magazine.com
www.infosecurity-magazine.com
G
GRAHAM CLULEY
S
Security Affairs
A
About on SuperTechFans
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
大猫的无限游戏
大猫的无限游戏
W
WeLiveSecurity
Cisco Talos Blog
Cisco Talos Blog
罗磊的独立博客

seize the dev

Will Software Engineering Survive? Why is the Gmail app 700 MB? Parsing JSON in Forty Lines of Awk A Tricky Floating-Point Calculation Improving Date Formatting Performance in Node.js Unix is not Linux Installing FreeBSD on Oracle Cloud A Simple Setup for C and C++ How to Break Software
Bits of Open-Source in 2025
Mohamed Akram · 2025-12-25 · via seize the dev

Introduction

As part of my professional and personal work, I sometimes contribute fixes or enhancements to open-source projects. I’ll be going over some of the ones that I found interesting this year.

Node.js

The year started off with a long-standing PR that I had for the Node.js ORM, TypeORM, getting merged, that improved the performance of hydrating entities. This was the last in a series of PRs directed at performance improvements in projects in the Node.js ecosystem that I had worked on as a result of profiling a slow application.

Elsewhere in the Node.js world, I contributed a few fixes to the import-in-the-middle project, which is a library that lets you intercept imports in Node.js, notably used by Sentry to add instrumentation. I was already familiar with the library’s code since last year when I had submitted a fix that touched many of its core parts. This made it slightly less tricky to debug the issues this time around, which can be difficult due to the intricacies of module resolution in a JavaScript runtime.

I also reported an issue in Node.js regarding the spawn and execFile APIs that could lead to unsafe usage. I was happy to see it resolved quickly and released as a deprecation warning in Node.js 24. With all the supply chain attacks seen this year, it was good to contribute something to the security of the ecosystem. As part of investigating this problem, I also learned that it is almost impossible to pass arguments safely to cmd on Windows, and developed batspawn to help with that.

MacPorts

As a maintainer for MacPorts, I sometimes run into projects that do not tag their releases, so we need to rely on git to check if there was an update for them. There wasn’t a good way to do this, so I contributed an enhancement that checks for updates in a repository using the helpful git ls-remote command. This was my first contribution to MacPorts base as I had previously only contributed to ports. For ports, I had a total of 421 commits in 2025 as of writing.

One notable addition to ports was the ANGLE project, developed by Google, which provides a conformant OpenGL ES implementation on almost every platform and is used by Chrome for WebGL. As part of porting it, I set up git mirrors for some of the dependencies hosted on googlesource.com (which doesn’t offer stable tarballs) and understood what a bare repository is.

I also maintain include-what-you-use on MacPorts, which is a neat utility that ensures you include the right headers in a C or C++ project, and submitted several enhancements to the upstream project to improve its behavior on macOS.

macOS

Since most of my personal work is done on macOS, I sometimes run into bugs in the core tools (or userland) that come with it. Most of the tools in macOS come from FreeBSD, so I submit the fixes there in the hopes that they will be picked up in the next release of macOS. Two such issues were in sed, and one of which had originated in OpenBSD code that FreeBSD imported. I decided to submit the fix for that one to OpenBSD first, and reported the other, which interestingly had already been fixed in NetBSD years ago. They were both fixed in OpenBSD, then picked up by FreeBSD, and finally brought to macOS 26. The fixes themselves were simple, but it was interesting to see code move across four different operating systems — NetBSD, OpenBSD, FreeBSD, and macOS.

Another issue encountered on macOS was that the default syntax highlighting for shell scripts in Vim was poor. This was because the default highlighting was for the ancient Bourne shell syntax and not the modern POSIX one. This finally changed after I submitted a fix for it.

Last, but not least, less (the pager) had long had an issue that was a pet peeve of mine: when trying to copy text from a git diff (paged through less), tabs would get converted to spaces. Someone had mentioned the exact cause and fix for this in a StackExchange post years ago, so I submitted the same fix, and now diffs are displayed as expected when using less -rU as the git pager.

Conclusion

This year had more of a focus on macOS fixes while last year I followed up on patches in the Linux world, largely to support an Arabic keyboard that I had submitted the year before, which required co-ordination with several projects under Freedesktop.org, X.Org and GNOME to support a new keysym.