Sign in with Twitter


Working at GoDaddy on JS stuff; TC39; Node Collaborator. Thoughts are my own. He/him.

404 Following   2,034 Followers   17,886 Tweets

Joined Twitter 7/7/08

@buildsghost @sebinsua @timkevinoxley @JackMcCloy @fed135 @Fishrock123 @davidlymanning Ouches @davidlymanning are some cursed but reasonable ESLint rule ideas?Anyone know if readonly string views are being looked at for WASM without doing a copy operation? I don't see anyth…
@davatron5000 So many things are not usable when they finish rendering these days too @matteocollina problems would abound from overuse though since things like DOM like to put everything on prototypes @matteocollina probably wouldn't ever need to do this kind of language extension for . property access, can always… @matteocollina `object[own k]` :-/ not pleasant but seems... ok-ish? @matteocollina This would be better than home spun solutions since basically every dynamic property access that can… @matteocollina Also, if the list of keys passed to lodash are known they would be able to actually be checked for p… @matteocollina One thing I really want to see is for dependents to be filtered properly, things like --disable-prot… @matteocollina If you do dynamic unbounded property access you probably want a null prototype on the object with th… @matteocollina Auditing JS is HARD when dynamic property access is involved. @matteocollina The attack is abusing the libraries doing dynamic property access that people are doing in conjuncti… @matteocollina I'm confused, the problem is *any* way to create objects with various taintable keys (__proto__, con… @matteocollina But thats not a bug with JSON.parse? @matteocollina It doesn't currently pollute crawl/modify prototypes, what is the problem currently with it?
Rebased a PR to make Node policy files less of a startup hit and it is much better than when I first made the PR th… today's stream, I made a tiny engine called TwitchMonkey -> This will help us talk abo…
Retweeted by Bradley Fariasis it possible to make a Typescript plugin that alters the global scope? Not a definition file. I have a .json file… @getify There are weekly calls for interested parties as well on the TC39 calendar @_robotlolita Also math: You know how to get to these of there 2 unrelated places A and B already. Me: I don't know…
@wycats I'd agree, and think ahead of time/static tooling will only become more necessary outside of bundling to ha… @aredridel @jackie_cs_ You don't even get the "open" event when it does drop down :-/ which can lead to fun things… can avoid the HTTP waterfall of ESM in via a variety of ways, *lots* of preloads is a good start. With newer of… weren't useful enough. @evanplaice @thom_is_coding We found ya.Terrible ideas July: water socks; literally socks filled with water. A bladder of discomfort around your feat leavi… ideas July: nacho cheese ice cream.
@bitandbang google chat @robotlolita gross, who did that @robotlolita really not trusting `null` are we?Best test for a null/undefinedish value? Wrong answers only. @RReverser I'm surprised at how little frozen stuff is supported in a lot of tools @RReverser XD still can add new fields to the class @davidlymanning @RReverser I actively don't want final ;p the class is still extensible, you just can't change what… @RReverser that has a variety of side-effects though I'd have to account for (fn.prototype is writable / callable f… a typescript definition file, can you mark a class' prototype as ReadOnly somehow??? To handle: class F {}; Obj…
@rickbutton I saw it in a crawl as my source map parser blew up since I used JSON.parse @rickbutton Yes, but the same inverted logic could be stated about *any* JSON payload, not just source maps which is... weird. @matteocollina @v8js Guaranteed eval semantics --, usefulness++ @rickbutton Fun enough that it also poisons the safe JSON.parse @rickbutton It's a roundabout way to poison people using eval not make source maps safer @rickbutton Like... Who would even recommend doing this / why? @rickbutton XSS is an issue... so... make invalid JSON so that your previously valid JSON cannot be consumed normal… @rickbutton Well prevention of XSS is sane, doing it as a poisoning of the valid JSON so it cannot be consumed is e… @buildsghost If you pass JSON into eval() yes, don't load random resources off remote systems either (stares at var…> Thus when delivering source maps over HTTP, servers may prepend a line starting with the string “)]}'” to the sou…
@devsnek me with multiple files using same variable names @rektide I was curious since we brought up the oddity of aliases not being identifiers in @rektide is there a typo hereHey folks! Trying something new for this episode of Compiler Compiler. I made a zine -> Le…
Retweeted by Bradley FariasStream starting in 5 min! <cue much internal screaming and stage fright!> See you there!
Retweeted by Bradley Farias
@addaleax You can already do this kind of stuff / cloning wasn't safe due to Map/Set/etc.: const dummies = new Wea…'m getting used to listening to 2 meetings at once, help.Dive into some fun new activities (literally!) with the next update for #AnimalCrossingNewHorizons, coming 03/07!
Retweeted by Bradley FariasHey, white people: Have your parents ever sat down with you and specifically talked to you, at length, about race?…
Retweeted by Bradley FariasYear(s)? after @getify got onto Node about how timers couldn't be primitives in Node finall…
@jonathansampson I'm only zooming an element, devicePixelRatio is on the whole frame.CSS zoom and Element.getBoundingClientRect() are not friends, not at all. zoom:1 -> .width === 1280 zoom:2 -> .wid… @rahul1sethi @bhathos @rauschma Symbols are public (Object.getOwnPropertySymbols), which is why they are not useful… COMPILER 🤝 BYTECODE Tune in on June 26th for a new episode in our guided tour series…
Retweeted by Bradley FariasAs Texas sees record spikes in new coronavirus cases, Austin and Travis County's accounting for infections is laggi…
Retweeted by Bradley Farias @mcclure111 @rauschma @rauschma @awbjs You just made me follow up on Private Declarations @awbjs There is a bunch of interesting stuff in this too about how private methods differ from public methods in pl… @dym_sh @rauschma Awkward, @jaffathecake IPv4 or IPv6? (most of the "easy" CLIs still only show IPv4 links in logs)
@MylesBorins A goblin has offered to ghost write your auto-biography. @davidmarkclem @dominictarr @jfhbrook @agoric This is part of why people need to be considerate of worker_threads b… @davidmarkclem @dominictarr @jfhbrook @agoric Some of web standards participants have claims that only async commun… @davidmarkclem @dominictarr @jfhbrook @agoric Async communication forces API issues, see Agoric/Salesforce issues a… @jfhbrook @dominictarr @davidmarkclem @dominictarr @jfhbrook You can't change all builtin prototypes/Object.prototype et al aren't configu… @dominictarr @jfhbrook Kind of, it catches references, but not things like [].constructor
@matteocollina @mikeal @MylesBorins @IamStan So, I think more people need to convince web standards that *something… @matteocollina @mikeal @MylesBorins @IamStan I think they will be hard to get through given Web standards are no lo… @matteocollina @mikeal @MylesBorins @IamStan Tons of things going on about complexity for web to decouple the modul… @matteocollina @mikeal @MylesBorins @IamStan Lack of familiarity isn't really an innovation blocker to me. Repeated… @matteocollina @mikeal @MylesBorins @IamStan I agree that it is very different from CJS just using Object GC seman… @matteocollina @mikeal @MylesBorins @IamStan Spin up a Worker if you want to import and then GC stuff. Or use non-m… @matteocollina @mikeal @MylesBorins @IamStan In theory V8 could add a GC hook to all the script/module stuff that i… @matteocollina @mikeal @MylesBorins @IamStan vm.* won't let it GC, even if the module cannot be directly referenced… @matteocollina @mikeal @MylesBorins @IamStan This is the nature of V8 / the expectation once linked that a Module h… @mikeal @MylesBorins @IamStan Well, that's not entirely true... you can hot reload, you just will leak memory. @mikeal @MylesBorins @IamStan Also yes; on a personal level, I would recommend people keep using tooling and target… @mikeal @MylesBorins @IamStan Interacting with all the faux modules using real ESM has consistently proven to be ha… you conflate "takes an ambivalent stance on racism" with "has not taken action on racism", you're going to be in…
Retweeted by Bradley Farias @mikeal Break all the web! @mikeal If we used co-routines instead of an event loop as our model of concurrency this would be less of an issue. @mikeal It also would require a variety of things like synchronously inspecting Promises that are absolutely not de… @mikeal Basically all those operations run in a way that is non-reentrant so you don't have deadlock/nested event l… @mikeal ESM that isn't transpiled to faux modules/CJS cannot be loaded synchronously, so no way to require() it.