A comprehensive guide to the dangers of Regular Expressions in JavaScript
I first heard about regular expression denial of service (ReDoS) vulnerabilities from GitHub's Dependabot. Several of my projects over the years have had dependencies that suffered from ReDoS vulnerabilities, and I would bet that if you've built any JavaScript project with dependencies, you've also come across this. This got me thinking; if there are vulnerable regular expressions in our dependenc
Signal Boosting – Preact
The new release of Preact Signals brings significant performance updates to the foundations of the reactive system. Read on to learn what kinds of tricks we employed to make this happen. We recently announced new versions of the Preact Signals packages: @preact/signals-core 1.2.0 for the shared core functionality @preact/signals 1.1.0 for the Preact bindings @preact/signals-react 1.1.0 for the Rea
Get All That Network Activity Under Control with Priority Hints
Get All That Network Activity Under Control with Priority Hints The browser is very good at prioritizing resources requests on its own. But it's not always great. Priority hints makes it easy to provide explicit instructions as to how and in what network activity occurs. Open up the browser's network tab and you'll see a lot of activity. Assets are being downloaded, information's being submitted,
Patterns for Reactivity with Modern Vanilla JavaScript – Frontend Masters Blog
“Reactivity” is how systems react to changes in data. There are many types of reactivity, but for this article, reactivity is when data changes, you do things. Reactivity Patterns are Core to Web Development We handle a lot with JavaScript in websites and web apps since the browser is an entirely asynchronous environment. We must respond to user inputs, communicate with servers, log, perform, etc.
Introducing the scheduler.yield origin trial | Blog | Chrome for Developers
Building websites that respond quickly to user input has been one of the most challenging aspects of web performance—one that the Chrome Team has been working hard to help web developers meet. Just this year, it was announced that the Interaction to Next Paint (INP) metric would graduate from experimental to pending status. It is now poised to replace First Input Delay (FID) as a Core Web Vital in
Blogged Answers: My Experience Modernizing Packages to ESM
Random musings on React, Redux, and more, by Redux maintainer Mark "acemarke" Erikson This is a post in the Blogged Answers series. Details on the painful experiences and hard-earned lessons I've learned migrating the Redux packages to ESM Table of Contents 🔗︎ Introduction Redux Packages Background Packages and Configurations Issue History Early Attempts Migrating to Vitest Initial Alpha Testing
Deprecating the unload event | Web Platform | Chrome for Developers
All sites deprecation timeline. Note that we also offer a menu of opt-out options in case this deprecation timeline doesn't provide sufficient time to migrate away from unload. Our goal is to use this soft deprecation to inform the timeline for the last phase (hard deprecation of unload) in which these opt-outs will be removed or reduced. Timeline of the unload deprecation. Background unload was d
Web Scraping via Javascript Runtime Heap Snapshots - Adrian Cooney's Blog
In recent years, the web has gotten very hostile to the lowly web scraper. It's a result of the natural progression of web technologies away from statically rendered pages to dynamic apps built with frameworks like React and CSS-in-JS. Developers no longer need to label their data with class-names or ids - it's only a courtesy to screen readers now. There's also been a concerted effort by large co
What does the image decoding attribute actually do?
Err... thanks for the technical explanation. But what does this actually mean in real life? Which setting should you use? Does it even matter? And if it does, why don't those clever browser engineers just set it to the best setting? Well recently I ranted on Twitter about this (as I am often want to do!) in a long thread that really should have been a blog post. So here is that blog post. Some mis
JavaScript Macros in Bun | Bun Blog
Two weeks ago, we launched our new JavaScript bundler in Bun v0.6.0. Today we're releasing a new feature that highlights the tight integration between Bun's bundler and runtime: Bun Macros. Macros are a mechanism for running JavaScript functions at bundle-time. The value returned from these functions are directly inlined into your bundle. As a toy example, consider this simple function that return
AbortSignal.any(), AbortSignal.timeout(), そして addEventListener() の Signal | blog.jxck.io
Intro 最近 AbortSignal.any() が提案され、急速に実装が進んでいる。 すでに定義されている AbortSignal.timeout() や addEventListener() への Signal なども含め、非同期処理の中断を実装する際の API はかなり整備されてきた。 これら API のモチベーションと設計を中心にまとめる。 Abort 後のリソース解放 AbortSignal によって、非同期処理のキャンセルが可能になった。例として、Server 上での Fetch のタイムアウトの例を考えよう。 app.get("/entries", async (req, res) => { const perRequestController = new AbortController() const perRequestSignal = perRequestContr
The Bun Bundler | Bun Blog
Bun.build({ entrypoints: ['./src/index.tsx'], outdir: './build', minify: true, // additional config }); Reducing complexity in JavaScriptJavaScript started as autofill for form fields, and today it powers the instruments that launch rockets to space. Unsurprisingly, the JavaScript ecosystem has exploded in complexity. How do you run TypeScript files? How do you build/bundle your code for productio
Introducing Deopt Explorer - TypeScript
Over the past few months, during the lead-up to the TypeScript 5.0 beta, our team spent a good portion of our time looking for ways to improve the performance of our compiler so that your projects build faster. One of the ways we improved was by looking into an oft overlooked aspect of many JavaScript VMs: inline caching. A Brief Primer on Inline Caching Inline caching is an optimization often use
Running JavaScript in Rust with Deno | AustinPoor.com
The Deno dinosaur sitting in a field in Pangea -- with a small Rust colored crab in the foreground (Generated by DALL-E) When I saw that Deno has open source Rust crates for running JavaScript code in a Rust application I wanted to give it a try for myself, so I created a basic, proof-of-concept project called js-in-rs to get a feel for using Deno's crates in a Rust program -- specifically the den
JS private class fields considered harmful • Lea Verou
Today I mourn. What am I mourning? Encapsulation. At least in my projects. As a library author, I’ve decided to avoid private class fields from now on and gradually refactor them out of my existing libraries. Why did I make such a drastic decision? It all started a few days ago, when I was building a Vue 3 app that used Color.js Color objects. For context, Vue 3 uses proxies to implement its react
The origin private file system | Articles | web.dev
Motivation When you think of files on your computer, you probably think about a file hierarchy: files organized in folders that you can explore with your operating system's file explorer. For example, on Windows, for a user called Tom, their To Do list might live in C:\Users\Tom\Documents\ToDo.txt. In this example, ToDo.txt is the filename, and Users, Tom, and Documents are folder names. `C:` on W
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Build your rich-text editor - Plate
GitHub - vanjs-org/van: 🍦 VanJS: World's smallest reactive UI framework. Incredibly Powerful, Insanely Small - Everyone can build a useful UI app in an hour.
UnsuckJS
Introducing Legend-State 1.0: Build faster apps faster