Jovi 🐨
@jovidecroock.com
🇧🇪 | he/him | Software Engineer @Shopify | Preact core team | passionate about DX & web perf | opinions are my own
Reposted by Jovi 🐨
🙋♂️ so ... for reasons:
I would love to know people's frustrations with:
- the current npmjs.com
- admin user flows on npm web ui (and cli, locally)
🙏
I would love to know people's frustrations with:
- the current npmjs.com
- admin user flows on npm web ui (and cli, locally)
🙏
January 23, 2026 at 8:43 AM
🙋♂️ so ... for reasons:
I would love to know people's frustrations with:
- the current npmjs.com
- admin user flows on npm web ui (and cli, locally)
🙏
I would love to know people's frustrations with:
- the current npmjs.com
- admin user flows on npm web ui (and cli, locally)
🙏
Starting a new business in Belgium is excrutiating…. Notary, banks,… if that’s not enough then when you finally started and are down several thousand, you get 5 letters a day of companies selling office supplies…
January 22, 2026 at 12:20 PM
Starting a new business in Belgium is excrutiating…. Notary, banks,… if that’s not enough then when you finally started and are down several thousand, you get 5 letters a day of companies selling office supplies…
We've released a first version of the preact-devtools-ui, you can see an example implementation at stackblitz.com/edit/vitejs-...
Go play with it and if you have any feedback feel free to throw it at us!
Go play with it and if you have any feedback feel free to throw it at us!
Vitejs - Vite (duplicated) - StackBlitz
Next generation frontend tooling. It's fast!
stackblitz.com
January 20, 2026 at 6:44 PM
We've released a first version of the preact-devtools-ui, you can see an example implementation at stackblitz.com/edit/vitejs-...
Go play with it and if you have any feedback feel free to throw it at us!
Go play with it and if you have any feedback feel free to throw it at us!
Pretty proud of all of the devtools-ui and debug work coming to preact-signals soon!
January 20, 2026 at 9:31 AM
Pretty proud of all of the devtools-ui and debug work coming to preact-signals soon!
Vitest telling me to stop working on the Preact devtools by randomly failing with "not finding test suites" on random files 😅
Anyone seen that before? github.com/preactjs/sig...
Anyone seen that before? github.com/preactjs/sig...
Fix import paths before release · preactjs/signals@570c5db
Manage state with style in every framework. Contribute to preactjs/signals development by creating an account on GitHub.
github.com
January 19, 2026 at 7:06 PM
Vitest telling me to stop working on the Preact devtools by randomly failing with "not finding test suites" on random files 😅
Anyone seen that before? github.com/preactjs/sig...
Anyone seen that before? github.com/preactjs/sig...
The debugging experience in signals should be great, I've been working a lot on it and I would like to share some first versions of the debugging improvements I've been working on.
Feedback and contributions are always appreciated!
jovidecroock.com/blog/signals...
Feedback and contributions are always appreciated!
jovidecroock.com/blog/signals...
Debugging signals
Understanding how to debug signals-based state changes and visualize the dependency graph.
jovidecroock.com
January 18, 2026 at 10:25 AM
The debugging experience in signals should be great, I've been working a lot on it and I would like to share some first versions of the debugging improvements I've been working on.
Feedback and contributions are always appreciated!
jovidecroock.com/blog/signals...
Feedback and contributions are always appreciated!
jovidecroock.com/blog/signals...
Trying something new, we were working on a signals devtools extension but why limit ourselves to a browser extension? github.com/preactjs/sig... - we're splitting it up and allowing you to render it anywhere with the proper adapter
Create separate packages for devtooling by JoviDeCroock · Pull Request #815 · preactjs/signals
This creates an independent set of packages including an adapter and ui so that we have all the moving parts for our chrome-extension as well as running it standalone in a browser/iframe/...
Closes...
github.com
January 16, 2026 at 7:07 PM
Trying something new, we were working on a signals devtools extension but why limit ourselves to a browser extension? github.com/preactjs/sig... - we're splitting it up and allowing you to render it anywhere with the proper adapter
2026 is rapidly turning in the year where I make random apps and contribute to random OSS projects where I need to. Today was an oxlint kinda day, really missed the context value stability rule in the react eslint rules.
January 16, 2026 at 10:43 AM
2026 is rapidly turning in the year where I make random apps and contribute to random OSS projects where I need to. Today was an oxlint kinda day, really missed the context value stability rule in the react eslint rules.
Even though AI hasn't been very useful in my open-source maintenance, the amount of throwaway software it has written for me has been pretty nice. Instead of paying for an expense tracker, I quickly asked one from an LLM and it has been a good tool for my partner and me.
January 15, 2026 at 11:05 AM
Even though AI hasn't been very useful in my open-source maintenance, the amount of throwaway software it has written for me has been pretty nice. Instead of paying for an expense tracker, I quickly asked one from an LLM and it has been a good tool for my partner and me.
Signals tests are now on the modern tech! Consolidating our test suite and the performance staying ~the same, great work @43081j.com
just an infra change, but super happy my vitest migration landed in preact signals 🎉
the repo will be easier to maintain, and tests should be more reliable. also uses vitest browser tests
the repo will be easier to maintain, and tests should be more reliable. also uses vitest browser tests
Vitest migration by JoviDeCroock · Pull Request #709 · preactjs/signals
Adds vitest and associated scripts which will not succeed yet, as we have no projects.
github.com
January 15, 2026 at 9:39 AM
Signals tests are now on the modern tech! Consolidating our test suite and the performance staying ~the same, great work @43081j.com
Released a new markdown rendering library for Preact called preact-md. It currently uses the general unified remark/rehype by default and sanitises inputs.
January 10, 2026 at 10:46 AM
Released a new markdown rendering library for Preact called preact-md. It currently uses the general unified remark/rehype by default and sanitises inputs.
Reposted by Jovi 🐨
2025 Formisch year in review 🎆
🆕 Releases: Initial launch for @solidjs.com, @qwik.dev, @preactjs.com and @vuejs.org in July, followed by @svelte.dev in September and @react.dev in December
🆕 Releases: Initial launch for @solidjs.com, @qwik.dev, @preactjs.com and @vuejs.org in July, followed by @svelte.dev in September and @react.dev in December
January 7, 2026 at 3:03 PM
2025 Formisch year in review 🎆
🆕 Releases: Initial launch for @solidjs.com, @qwik.dev, @preactjs.com and @vuejs.org in July, followed by @svelte.dev in September and @react.dev in December
🆕 Releases: Initial launch for @solidjs.com, @qwik.dev, @preactjs.com and @vuejs.org in July, followed by @svelte.dev in September and @react.dev in December
Let's see how long I last in 2026 without any social media apps on my phone
January 4, 2026 at 10:07 AM
Let's see how long I last in 2026 without any social media apps on my phone
Was a pleasure having you contribute to Preact!
I did a whole bunch of contributions to preact and svelte which has been a highlight too. Both have such great teams behind them, and gave me chance to delve into stacks I don't usually use 🙏
December 31, 2025 at 10:16 AM
Was a pleasure having you contribute to Preact!
Well, apparently the last day of the year makes a difference. The expense/income tracker I made this year is now used by my partner and me 😀
The "bin" grew with some projects
- An open-source assistant indexing all issues and doing triage on new ones
- An email interceptor that summarises newsletter content
- A platform to track web-vitals scores over time (simulated and real)
- A platform generating social media content for you
- An open-source assistant indexing all issues and doing triage on new ones
- An email interceptor that summarises newsletter content
- A platform to track web-vitals scores over time (simulated and real)
- A platform generating social media content for you
Well, the last two months of 2025 are there and... I haven't published anything but open-source stuff.... Surely 2026 will be the year... Right? Right?
December 31, 2025 at 8:19 AM
Well, apparently the last day of the year makes a difference. The expense/income tracker I made this year is now used by my partner and me 😀
Not sure what happened to @cloudflare.social but recently all custom-domains started doing random 403 responses...
December 30, 2025 at 2:07 PM
Not sure what happened to @cloudflare.social but recently all custom-domains started doing random 403 responses...
In the age of mass AI job applications I feel that genuine OSS contributions are a good proof of craft. It's going to be harder to distinguish yourself as a candidate so we need more ways to help people stand out
December 29, 2025 at 11:33 AM
In the age of mass AI job applications I feel that genuine OSS contributions are a good proof of craft. It's going to be harder to distinguish yourself as a candidate so we need more ways to help people stand out
The best decision, by far, I've made in 2025 is to start working out again after not doing that for the last 10 years.
The impact it has had on my energy and mood is immeasurable
The impact it has had on my energy and mood is immeasurable
December 29, 2025 at 6:28 AM
The best decision, by far, I've made in 2025 is to start working out again after not doing that for the last 10 years.
The impact it has had on my energy and mood is immeasurable
The impact it has had on my energy and mood is immeasurable
The "bin" grew with some projects
- An open-source assistant indexing all issues and doing triage on new ones
- An email interceptor that summarises newsletter content
- A platform to track web-vitals scores over time (simulated and real)
- A platform generating social media content for you
- An open-source assistant indexing all issues and doing triage on new ones
- An email interceptor that summarises newsletter content
- A platform to track web-vitals scores over time (simulated and real)
- A platform generating social media content for you
Well, the last two months of 2025 are there and... I haven't published anything but open-source stuff.... Surely 2026 will be the year... Right? Right?
Me: 2025 is going to be the year I release some small product
Meanwhile: 2 finished things
Me: Ah they probably suck, let's keep it private
Meanwhile: 2 finished things
Me: Ah they probably suck, let's keep it private
December 28, 2025 at 12:25 PM
The "bin" grew with some projects
- An open-source assistant indexing all issues and doing triage on new ones
- An email interceptor that summarises newsletter content
- A platform to track web-vitals scores over time (simulated and real)
- A platform generating social media content for you
- An open-source assistant indexing all issues and doing triage on new ones
- An email interceptor that summarises newsletter content
- A platform to track web-vitals scores over time (simulated and real)
- A platform generating social media content for you
Reposted by Jovi 🐨
Created a TanStack AI integration for Preact, wondering whether we should change this to be signals rather than hooks though🤔
github.com/TanStack/ai/...
github.com/TanStack/ai/...
Add preact integration by JoviDeCroock · Pull Request #180 · TanStack/ai
🎯 Changes
This adds a preact-integration, this is largely adapted from the react tests and implementation. I was considering adding a signals based one as well but wanted to see whether the appeal ...
github.com
December 26, 2025 at 8:54 AM
Created a TanStack AI integration for Preact, wondering whether we should change this to be signals rather than hooks though🤔
github.com/TanStack/ai/...
github.com/TanStack/ai/...
Reposted by Jovi 🐨
To recap, NPM allows 2FA TOTP token reuse within the token’s validity window.
I reported this and was told it’s a “known low-risk issue” and that they “don’t consider this to present a significant security risk.”
So, let’s look at how this seemingly small issue could be leveraged by a phisher. 1/
I reported this and was told it’s a “known low-risk issue” and that they “don’t consider this to present a significant security risk.”
So, let’s look at how this seemingly small issue could be leveraged by a phisher. 1/
Seems that NPM too allows TOTP reuse within the time-step window. Seen a similar issue in multiple services over the years.
Per RFC 6238, a TOTP (Time-based One-Time Password) should be single-use. Allowing reuse, even within the short-ish time window, is not ideal (shoulder surfing, phishing etc.)
Per RFC 6238, a TOTP (Time-based One-Time Password) should be single-use. Allowing reuse, even within the short-ish time window, is not ideal (shoulder surfing, phishing etc.)
December 12, 2025 at 1:08 PM
To recap, NPM allows 2FA TOTP token reuse within the token’s validity window.
I reported this and was told it’s a “known low-risk issue” and that they “don’t consider this to present a significant security risk.”
So, let’s look at how this seemingly small issue could be leveraged by a phisher. 1/
I reported this and was told it’s a “known low-risk issue” and that they “don’t consider this to present a significant security risk.”
So, let’s look at how this seemingly small issue could be leveraged by a phisher. 1/
It's been a fun few days just coding on random projects and solving problems that I face on a daily basis 😅
December 10, 2025 at 7:13 AM
It's been a fun few days just coding on random projects and solving problems that I face on a daily basis 😅
The browser has everything you need, why not everything needs to be server-rendered and how preloading can alleviate complexity.
jovidecroock.com/blog/platform
jovidecroock.com/blog/platform
The Browser Has Everything You Need
Stop treating SPAs and SSR as opposing paradigms. The browser already loads resources in parallel—you just have to use it.
jovidecroock.com
December 9, 2025 at 7:19 PM
The browser has everything you need, why not everything needs to be server-rendered and how preloading can alleviate complexity.
jovidecroock.com/blog/platform
jovidecroock.com/blog/platform
Reposted by Jovi 🐨
From the thread: "Attacks from bot compromised Next.js assets spiked on 2025-12-05 from the usual 100 IP baseline to close to a 1000."
If you're not 100% sure you're NOT vulnerable, you should patch your Next.js apps ASAP.
And if you're 100% sure... patch anyway.
If you're not 100% sure you're NOT vulnerable, you should patch your Next.js apps ASAP.
And if you're 100% sure... patch anyway.
Like others we are seeing attacks attempting to exploit React CVE-2025-55182 at scale, incl. botnet related activity. How successful have these attacks been? You can get a view here, where we track compromised host with Next.js attacking our sensors:
dashboard.shadowserver.org/statistics/h...
dashboard.shadowserver.org/statistics/h...
December 8, 2025 at 6:12 PM
From the thread: "Attacks from bot compromised Next.js assets spiked on 2025-12-05 from the usual 100 IP baseline to close to a 1000."
If you're not 100% sure you're NOT vulnerable, you should patch your Next.js apps ASAP.
And if you're 100% sure... patch anyway.
If you're not 100% sure you're NOT vulnerable, you should patch your Next.js apps ASAP.
And if you're 100% sure... patch anyway.