This has nothing to do with NodeJS or NPM. The code is freely distributed, just like any open source repo or package manager may provide. The onus is on those who use it to audit what it actually does.

It absolutely does have to do with it. If we continued to ship software libraries like we still do on Linux, then you wouldn't be downloading its releases straight from the source repo, but rather have someone package and maintain them.

Except at the granularity of NodeJS packages, it would be nearly impossible to do.

Why are Linux packagers so trustworthy? In most distros, they're a group of volunteers. The group is smaller, but it's not impossible for someone with malicious intent to get the keys to the kingdom and upload packages with embedded malware.

The code is literally right there for you. It doesn't matter what ecosystem or package manager. Someone could distribute the same thing anywhere — it's up to those pulling it in to actually start auditing what they're accepting.

> I use ChatGPT to compress SVGs, in particular QR codes

Why? svgomg.net exists, uses far fewer resources, and is going to give you much better results.

Heads up. The site you linked is just a wrapping of the original with adverts and tracking scripts. It isn't running the latest version either. Much better off using the creator's version.

https://jakearchibald.github.io/svgomg/

Maybe if they compiled away their runtime like svelte and somewhat like angular, then running SSR would be faster.

SSR with CSR is a worst-of-both-worlds approach. It leads to brittle ”isomorphic” behaviors when the same code needs to handle both SSR and CSR, inevitable client-side ”hydration” mismatches and various other issues. The same code needs to fetch eagerly but minimally, but also use and update the server-provided data on the client-side.

Ultimately that so-called ”isomorphism” causes more numerous and difficult problems than it solves.

Especially cuz the vast majority of sites can either just be client rendered SPA's or server rendered multipage apps. There is no need for the complexity for most sites and yet this is the default for pretty much all js frameworks...

Sounds a little like hooks.

A purist approach with short term thinking got everyone deep in a rabbit hole with too many pitfalls.

I gave up updating Nextcloud. It works for what I use it for and I don't feel like I'm missing anything. I'd rather not spend 4+ hours updating and fixing confusing issues without any tangible benefit.

Parsing the XSLT file fails in Firefox :)

Thanks! Reworked for Firefox.

This is a bit underwhelming because it gives a score and says, "Needs improvement", but has no real indication of what it considers problematic about a file. Maybe as a very senior TypeScript developer it could be obvious how to fix some things, but this isn't going to help anyone more junior on the team be able to make things better.

> This is a bit underwhelming because it gives a score and says, "Needs improvement", but has no real indication of what it considers problematic about a file.

I think you didn't bothered to pay attention to the project's description. The quick start section is clear on how the "score" is an arbitrary metric that "serves as a general, overall indication of the quality of a particular TypeScript file." Then it's quite clear in how "The full metrics available for each file". The Playground page showcases a very obvious and very informative and detailed summary of how a component was evaluated.

> Maybe as a very senior TypeScript developer it could be obvious how to fix some things, but this isn't going to help anyone more junior on the team be able to make things better.

Anyone can look at the results of any analysis run. They seem to be extremely detailed and informative.

I definitely did pay attention to the description and the playground. The "full metrics" give more information, but they're still just numbers and don't explain to someone _what_ they should do to make something “better”. Again, they're just numbers, not recommendations. Most people could probably just gamify the whole thing by making every file as small as possible. Single functions with as few lines as possible. That doesn't make code less complex, it just masks it.

The way Cliodynamics, Turchin’s field, is explained feels like a very early and remedial version of psychohistory from the Foundation universe.

Have a look in the Fiction section of the Cliodynamics article.

Moom is an absolute crucial piece of software that I've gladly paid for upgrades to over time to support it.

There's also BetterSnapTool, which I used to use, but I think switched to Moom for specific features at one point in time. It's even cheaper and still receiving updates to continue working.

What features do you like in Moom?

It doesn’t force you with tiles (on 6k xdr tiles are a joke).

Its two-stage popup is a game changer. Ie you show it via caps-a, then press one letter to move window anywhere.

And it allows you to specify any arbitrary size and position and save that to the specific one letter.

It’s a shame I can’t find a single screenshot of this killer feature and I write this from a phone.

I don't but wanted to say that I love the continuity of them used in different spaces. The whole place really looks like a single vision put together and not a bunch of disparate rooms.