jonchurch
@jonchurch.bsky.social
maintaining express, lodash / ex-msft
Our goal is to provide guidance and tooling for perf based decisions to the maintainers under our umbrella.
Aligning our philosophy for how/what we monitor and how to interpret the results lets us be consistent across our 50+ packages. Ive been learning a lot so far, and big ty to @rafaelgss.dev
Aligning our philosophy for how/what we monitor and how to interpret the results lets us be consistent across our 50+ packages. Ive been learning a lot so far, and big ty to @rafaelgss.dev
Lots of GREAT progress and discussion on our @expressjs.bsky.social Performance Working Group. Thanks everyone who is participating as I think this is the second most (security comes first) impactful thing we could be working on.
For anyone interested in helping out: github.com/expressjs/pe...
For anyone interested in helping out: github.com/expressjs/pe...
GitHub - expressjs/perf-wg: Performance Working Group
Performance Working Group. Contribute to expressjs/perf-wg development by creating an account on GitHub.
github.com
September 17, 2025 at 9:05 PM
Our goal is to provide guidance and tooling for perf based decisions to the maintainers under our umbrella.
Aligning our philosophy for how/what we monitor and how to interpret the results lets us be consistent across our 50+ packages. Ive been learning a lot so far, and big ty to @rafaelgss.dev
Aligning our philosophy for how/what we monitor and how to interpret the results lets us be consistent across our 50+ packages. Ive been learning a lot so far, and big ty to @rafaelgss.dev
There are 39 ads on a given article from for my town’s local paper
beyond cooked
www.gainesville.com/story/news/l...
beyond cooked
www.gainesville.com/story/news/l...
Shepherd: 'The people's representative'
Gainesville City Commission meetings in recent years have had three constant features: Lively debate among elected officials, passionate public comments about the city’s utility, and a few words from…
www.gainesville.com
May 17, 2025 at 3:32 AM
There are 39 ads on a given article from for my town’s local paper
beyond cooked
www.gainesville.com/story/news/l...
beyond cooked
www.gainesville.com/story/news/l...
The Pitt: every week Brad Pitt unveils a new pit full of bullshit and throws people into it. Everyone loves the pit
May 2, 2025 at 12:57 AM
The Pitt: every week Brad Pitt unveils a new pit full of bullshit and throws people into it. Everyone loves the pit
I just learned that setting
process.noDeprecation = true
Silences dep notifications from node, its what —no-deprecation flag ends up setting
I know its hacky, but how hacky?
process.noDeprecation = true
Silences dep notifications from node, its what —no-deprecation flag ends up setting
I know its hacky, but how hacky?
April 18, 2025 at 3:05 AM
I just learned that setting
process.noDeprecation = true
Silences dep notifications from node, its what —no-deprecation flag ends up setting
I know its hacky, but how hacky?
process.noDeprecation = true
Silences dep notifications from node, its what —no-deprecation flag ends up setting
I know its hacky, but how hacky?
Reposted by jonchurch
🚀 Exciting Announcement today!
Express v5 is officially "latest" and we have started the maintenance period for v4. Read more about the release and our LTS plans in our blog post: expressjs.com/2025/03/31/v...
Express v5 is officially "latest" and we have started the maintenance period for v4. Read more about the release and our LTS plans in our blog post: expressjs.com/2025/03/31/v...
[email protected]: Now the Default on npm with LTS Timeline
Express 5.1.0 is now the default on npm, and we're introducing an official LTS schedule for the v4 and v5 release lines.
expressjs.com
March 31, 2025 at 2:10 PM
🚀 Exciting Announcement today!
Express v5 is officially "latest" and we have started the maintenance period for v4. Read more about the release and our LTS plans in our blog post: expressjs.com/2025/03/31/v...
Express v5 is officially "latest" and we have started the maintenance period for v4. Read more about the release and our LTS plans in our blog post: expressjs.com/2025/03/31/v...
Reposted by jonchurch
Not sure this is the one, but pretty sure it is. @bjohansebas.bsky.social has been doing such great work it is awesome to see this kind of recognition! Well deserved.
March 5, 2025 at 6:45 PM
Not sure this is the one, but pretty sure it is. @bjohansebas.bsky.social has been doing such great work it is awesome to see this kind of recognition! Well deserved.
I love getting nerdsniped on HTTP spec related stuff, and am glad I quit my job to have space in my life for this
was fun to figure out what probably happened with content-disposition having in incomplete regex for parsing extended filename parameters:
github.com/jshttp/conte...
was fun to figure out what probably happened with content-disposition having in incomplete regex for parsing extended filename parameters:
github.com/jshttp/conte...
Certain languages can't be matched correctly by the Regular Expression EXT_VALUE_REGEXP like en-US or zh_cn · Issue #47 · jshttp/content-disposition
Create and parse HTTP Content-Disposition header. Contribute to jshttp/content-disposition development by creating an account on GitHub.
github.com
March 5, 2025 at 6:48 PM
I love getting nerdsniped on HTTP spec related stuff, and am glad I quit my job to have space in my life for this
was fun to figure out what probably happened with content-disposition having in incomplete regex for parsing extended filename parameters:
github.com/jshttp/conte...
was fun to figure out what probably happened with content-disposition having in incomplete regex for parsing extended filename parameters:
github.com/jshttp/conte...
Whats the purpose here of exfil to oastify vs requestbin? Does oastify enrich the exfil or is it just a convenient and innocuous endpoint?
Socket researchers uncover the many ways threat actors are abusing OAST techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data and perform recon. socket.dev/blog/weaponi... #JavaScript #Ruby #Python #CyberSecurity
Weaponizing OAST: How Malicious Packages Exploit npm, PyPI, ...
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems e...
socket.dev
January 4, 2025 at 9:58 PM
Whats the purpose here of exfil to oastify vs requestbin? Does oastify enrich the exfil or is it just a convenient and innocuous endpoint?
top tier scam message
December 6, 2024 at 4:21 AM
top tier scam message
Approach open source as an infinite, open game.
Prioritize purpose over goals, collaboration over competition, and legacy over ownership
Prioritize purpose over goals, collaboration over competition, and legacy over ownership
December 5, 2024 at 6:44 PM
Approach open source as an infinite, open game.
Prioritize purpose over goals, collaboration over competition, and legacy over ownership
Prioritize purpose over goals, collaboration over competition, and legacy over ownership
Woah I didnt realize you can create your own algorithmic feeds!
But also like hey @bsky.app which one of you is the Alf freak? 👀
docs.bsky.app/docs/starter...
But also like hey @bsky.app which one of you is the Alf freak? 👀
docs.bsky.app/docs/starter...
Custom Feeds | Bluesky
Custom feeds, or feed generators, are services that provide custom algorithms to users through the AT Protocol. This allows users to choose their own timelines, whether it's an algorithmic For You pag...
docs.bsky.app
November 13, 2024 at 4:52 PM
Woah I didnt realize you can create your own algorithmic feeds!
But also like hey @bsky.app which one of you is the Alf freak? 👀
docs.bsky.app/docs/starter...
But also like hey @bsky.app which one of you is the Alf freak? 👀
docs.bsky.app/docs/starter...
So what are github action threats for public repos?
Talking about allowing CI on PRs from forks
Assume that im using “pull_request” trigger and have the default perms for actions
GH defaults you to having to approve runs. In the above scenario, is it really a risk to let all of them run?
Talking about allowing CI on PRs from forks
Assume that im using “pull_request” trigger and have the default perms for actions
GH defaults you to having to approve runs. In the above scenario, is it really a risk to let all of them run?
November 12, 2024 at 10:11 PM
So what are github action threats for public repos?
Talking about allowing CI on PRs from forks
Assume that im using “pull_request” trigger and have the default perms for actions
GH defaults you to having to approve runs. In the above scenario, is it really a risk to let all of them run?
Talking about allowing CI on PRs from forks
Assume that im using “pull_request” trigger and have the default perms for actions
GH defaults you to having to approve runs. In the above scenario, is it really a risk to let all of them run?
Still extremely enjoying the wipeout soundtrack from @coldstorage.bsky.social
open.spotify.com/artist/1TvIL...
open.spotify.com/artist/1TvIL...
CoLD SToRAGE
open.spotify.com
November 10, 2024 at 3:03 PM
Still extremely enjoying the wipeout soundtrack from @coldstorage.bsky.social
open.spotify.com/artist/1TvIL...
open.spotify.com/artist/1TvIL...