Wes
@notwes.bsky.social
ATX - he/him - 🥂Humans are more important than code - I work at an entertainment company and volunteer my time making art on github
https://github.com/wesleytodd
https://github.com/wesleytodd
Reposted by Wes
Can I pick your brain, folks?
Reply with 3 topics you consider advanced in automated testing 👇
Reply with 3 topics you consider advanced in automated testing 👇
February 3, 2026 at 1:26 PM
Can I pick your brain, folks?
Reply with 3 topics you consider advanced in automated testing 👇
Reply with 3 topics you consider advanced in automated testing 👇
I aspire to such an exit.
it was on glitch at the time which didn’t have a high enough version of node to support native fetch, so i assigned an npm package to a global fetch variable and then quit my job and now i make candles. tale as old as time
January 31, 2026 at 1:10 AM
I aspire to such an exit.
Reposted by Wes
In case you missed it: we published an overhaul of the old Mocha website. It's on @astro.build Starlight and has most of the same contents as before, just separated into granular pages. 🤎
Next up will be auditing those pages to be more comprehensive and correct.
Voila!
Next up will be auditing those pages to be more comprehensive and correct.
Voila!
January 30, 2026 at 10:02 PM
In case you missed it: we published an overhaul of the old Mocha website. It's on @astro.build Starlight and has most of the same contents as before, just separated into granular pages. 🤎
Next up will be auditing those pages to be more comprehensive and correct.
Voila!
Next up will be auditing those pages to be more comprehensive and correct.
Voila!
Reposted by Wes
🔴 LIVE https://stream.place/pfrazee.com And we are live with office hours!
@pfrazee.com is 🔴LIVE on stream.place!
And we are live with office hours!
stream.place
January 30, 2026 at 11:30 PM
🔴 LIVE https://stream.place/pfrazee.com And we are live with office hours!
I see myself!
Happy Friday from our fresh collaboration page. 😎
Want to get involved in our collaboration spaces and projects? Check out the page to see what groups to join and what meetings are happening.
If you care about JavaScript, you belong here. ✌️
openjsf.org/collaboration
Want to get involved in our collaboration spaces and projects? Check out the page to see what groups to join and what meetings are happening.
If you care about JavaScript, you belong here. ✌️
openjsf.org/collaboration
January 30, 2026 at 7:01 PM
I see myself!
Reposted by Wes
The @vlt.sh benchmark suite has been updated to include the yarn v6 canaries (still a WIP & improving all the time): benchmarks.vlt.sh
January 30, 2026 at 6:45 PM
The @vlt.sh benchmark suite has been updated to include the yarn v6 canaries (still a WIP & improving all the time): benchmarks.vlt.sh
Reposted by Wes
Trust is interesting because it’s not quantifiable but it certainly is palpable. Teams with trust move lightning speeds faster than those without.
January 29, 2026 at 2:13 PM
Trust is interesting because it’s not quantifiable but it certainly is palpable. Teams with trust move lightning speeds faster than those without.
Reposted by Wes
This is exactly the kind of thing people worry about with browser extensions. It looks like an Amazon ad blocker, but quietly hijacks affiliate links in the background. Most people aren’t reading extension source code (and if you are, congrats 🙃), which is why this works.
Socket’s Threat Research team analyzed a Chrome extension marketed as an Amazon ad blocker that secretly hijacks affiliate links and replaces existing tags with its own.
Full Research → socket.dev/blog/malicio...
Full Research → socket.dev/blog/malicio...
Malicious Chrome Extension Performs Hidden Affiliate Hijacki...
A Chrome extension claiming to hide Amazon ads was found secretly hijacking affiliate links, replacing creators’ tags with its own without user consen...
socket.dev
January 27, 2026 at 5:41 PM
This is exactly the kind of thing people worry about with browser extensions. It looks like an Amazon ad blocker, but quietly hijacks affiliate links in the background. Most people aren’t reading extension source code (and if you are, congrats 🙃), which is why this works.
Reposted by Wes
🙋♂️ so ... for reasons:
I would love to know people's frustrations with:
- the current npmjs.com
- admin user flows on npm web ui (and cli, locally)
🙏
I would love to know people's frustrations with:
- the current npmjs.com
- admin user flows on npm web ui (and cli, locally)
🙏
January 23, 2026 at 8:43 AM
🙋♂️ so ... for reasons:
I would love to know people's frustrations with:
- the current npmjs.com
- admin user flows on npm web ui (and cli, locally)
🙏
I would love to know people's frustrations with:
- the current npmjs.com
- admin user flows on npm web ui (and cli, locally)
🙏
This was a great watch. I don't know what I expected when clicking, but it surprised me with heartfelt moments, humor, and really great focus on the humans that are a part of this thing we call open source.
This video has an outstandingly sensitive portrayal of the Ukrainian invasion, alongside deep storytelling about the social dynamics of Open Source. So proud of @chadwhitacre.com for making this.
Open Source in war-torn Ukraine and around the world—join me on an epic journey ❧ Open Path #4
YouTube video by Chad Whitacre
www.youtube.com
January 20, 2026 at 7:05 PM
This was a great watch. I don't know what I expected when clicking, but it surprised me with heartfelt moments, humor, and really great focus on the humans that are a part of this thing we call open source.
Reposted by Wes
Bottomless thanks to @vlad.website for all the feedback and support and encouragement and help to get this out the door! It's far from perfect, but it's a much stronger video because of him. 🙏
This video has an outstandingly sensitive portrayal of the Ukrainian invasion, alongside deep storytelling about the social dynamics of Open Source. So proud of @chadwhitacre.com for making this.
Open Source in war-torn Ukraine and around the world—join me on an epic journey ❧ Open Path #4
YouTube video by Chad Whitacre
www.youtube.com
January 20, 2026 at 4:29 PM
Bottomless thanks to @vlad.website for all the feedback and support and encouragement and help to get this out the door! It's far from perfect, but it's a much stronger video because of him. 🙏
Inbox: 2 by the second work week of the year shouldn't make me feel this accomplished. Something is wrong with me.
January 15, 2026 at 7:52 PM
Inbox: 2 by the second work week of the year shouldn't make me feel this accomplished. Something is wrong with me.
Reposted by Wes
🎉 The codemods to migrate Express to version 5 are now available on codemod.com!
👉 Run the recipe: npx codemod@latest @expressjs/v5-migration-recipe
👉 More codemods here: codemod.link/express
#expressjs #codemods #javascript #nodejs
👉 Run the recipe: npx codemod@latest @expressjs/v5-migration-recipe
👉 More codemods here: codemod.link/express
#expressjs #codemods #javascript #nodejs
Enterprise code maintenance
Codemod is Mission Control for specialized coding agents, using compiler-aware code graphs to automate and orchestrate code maintenance at enterprise scale.
codemod.com
January 13, 2026 at 6:28 PM
🎉 The codemods to migrate Express to version 5 are now available on codemod.com!
👉 Run the recipe: npx codemod@latest @expressjs/v5-migration-recipe
👉 More codemods here: codemod.link/express
#expressjs #codemods #javascript #nodejs
👉 Run the recipe: npx codemod@latest @expressjs/v5-migration-recipe
👉 More codemods here: codemod.link/express
#expressjs #codemods #javascript #nodejs
Burnt my whole mouth on my tea this morning. So yeah, monday really doing it's thing 🤣
January 12, 2026 at 7:11 PM
Burnt my whole mouth on my tea this morning. So yeah, monday really doing it's thing 🤣
Reposted by Wes
Additionally, releasing on Tuesday rather than Friday helps ensure that security updates are available during regular business hours across all time zones, particularly for our users in the Asia-Pacific region.
nodejs.org/en/blog/vuln...
nodejs.org/en/blog/vuln...
Node.js — Thursday, January 8, 2026 Security Releases
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
nodejs.org
January 8, 2026 at 9:50 PM
Additionally, releasing on Tuesday rather than Friday helps ensure that security updates are available during regular business hours across all time zones, particularly for our users in the Asia-Pacific region.
nodejs.org/en/blog/vuln...
nodejs.org/en/blog/vuln...
Reposted by Wes
🚨Our team has decided to postpone the release to Tuesday, January 13th, 2026. This additional time will allow us to properly test all backports and re-run CITGM to ensure the highest quality for our users.
Node.js — Thursday, January 8, 2026 Security Releases
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
nodejs.org
January 8, 2026 at 9:50 PM
🚨Our team has decided to postpone the release to Tuesday, January 13th, 2026. This additional time will allow us to properly test all backports and re-run CITGM to ensure the highest quality for our users.
Reposted by Wes
We've heard people like Starter Packs, so we just begun putting one together for open source organizations. It could be an OSPO like us, a Foundation that supports projects and the ecosystem or accounts for OSS events.
Take a look and tell us who else should be there.
go.bsky.app/Te7sTt9
Take a look and tell us who else should be there.
go.bsky.app/Te7sTt9
Open Source Organizations
Join the conversation
go.bsky.app
January 8, 2026 at 4:00 PM
We've heard people like Starter Packs, so we just begun putting one together for open source organizations. It could be an OSPO like us, a Foundation that supports projects and the ecosystem or accounts for OSS events.
Take a look and tell us who else should be there.
go.bsky.app/Te7sTt9
Take a look and tell us who else should be there.
go.bsky.app/Te7sTt9
Reposted by Wes
Like the rest of the internet, Sentry runs on Open Source. Like the rest of the @opensourcepledge.com companies, we also believe in paying it back.
In 2025, we gave out $750k to the OSS projects we rely on; here’s a sampling of some of them, and why they are so crucial 🧵
In 2025, we gave out $750k to the OSS projects we rely on; here’s a sampling of some of them, and why they are so crucial 🧵
January 6, 2026 at 5:59 PM
Like the rest of the internet, Sentry runs on Open Source. Like the rest of the @opensourcepledge.com companies, we also believe in paying it back.
In 2025, we gave out $750k to the OSS projects we rely on; here’s a sampling of some of them, and why they are so crucial 🧵
In 2025, we gave out $750k to the OSS projects we rely on; here’s a sampling of some of them, and why they are so crucial 🧵
Reposted by Wes
Haha thanks!
You & @chadwhitacre.com & @sentry.io putting so much time & effort & money into @opensourcepledge.com & sponsorships was a big reason why I joined Sentry. It speaks positively and strongly about the company culture and motivations and people!
You & @chadwhitacre.com & @sentry.io putting so much time & effort & money into @opensourcepledge.com & sponsorships was a big reason why I joined Sentry. It speaks positively and strongly about the company culture and motivations and people!
January 5, 2026 at 8:04 PM
Haha thanks!
You & @chadwhitacre.com & @sentry.io putting so much time & effort & money into @opensourcepledge.com & sponsorships was a big reason why I joined Sentry. It speaks positively and strongly about the company culture and motivations and people!
You & @chadwhitacre.com & @sentry.io putting so much time & effort & money into @opensourcepledge.com & sponsorships was a big reason why I joined Sentry. It speaks positively and strongly about the company culture and motivations and people!
Reposted by Wes
It's a new year 🎉 Are you currently hiring for a role that includes using Node.js? Reply with a link to the opening and any relevant context.
If you're not, we'd appreciate a repost for visibility 💚
If you're not, we'd appreciate a repost for visibility 💚
January 6, 2026 at 6:13 PM
It's a new year 🎉 Are you currently hiring for a role that includes using Node.js? Reply with a link to the opening and any relevant context.
If you're not, we'd appreciate a repost for visibility 💚
If you're not, we'd appreciate a repost for visibility 💚
Reposted by Wes
TIL that modern Node not only supports `--env-file` / `--env-file-if-exists` but also a new method to programmatically load .env files.
It's been marked stable since Node v24 (current LTS), and I'm now on the journey of removing all the `dotenv` dependencies. 😅
www.stefanjudis.com/today-i-lear...
It's been marked stable since Node v24 (current LTS), and I'm now on the journey of removing all the `dotenv` dependencies. 😅
www.stefanjudis.com/today-i-lear...
January 6, 2026 at 3:19 PM
TIL that modern Node not only supports `--env-file` / `--env-file-if-exists` but also a new method to programmatically load .env files.
It's been marked stable since Node v24 (current LTS), and I'm now on the journey of removing all the `dotenv` dependencies. 😅
www.stefanjudis.com/today-i-lear...
It's been marked stable since Node v24 (current LTS), and I'm now on the journey of removing all the `dotenv` dependencies. 😅
www.stefanjudis.com/today-i-lear...
Reposted by Wes
And yet it’s one of the most insightful and powerful statements one can make. Realizing and admitting that one simply don’t know the answer.
If only more people were capable of realizing and strong enough to admit it.
Would solve a lot of things in this world.
If only more people were capable of realizing and strong enough to admit it.
Would solve a lot of things in this world.
January 5, 2026 at 6:21 PM
And yet it’s one of the most insightful and powerful statements one can make. Realizing and admitting that one simply don’t know the answer.
If only more people were capable of realizing and strong enough to admit it.
Would solve a lot of things in this world.
If only more people were capable of realizing and strong enough to admit it.
Would solve a lot of things in this world.
Look, I won't judge what folks were doing 11 years ago but if you do anything like this in your packages in the year 2026 please reconsider: socket.dev/npm/package/...
socket.dev
January 5, 2026 at 8:20 PM
Look, I won't judge what folks were doing 11 years ago but if you do anything like this in your packages in the year 2026 please reconsider: socket.dev/npm/package/...
Honestly, this screenshot from slack right here fully captures my essence day. 8 years and I still just don't know.
January 5, 2026 at 5:27 PM
Honestly, this screenshot from slack right here fully captures my essence day. 8 years and I still just don't know.
Reposted by Wes
I made something new: an eslint plugin to validate your npm ecosystem lockfiles! It supports npm, pnpm, yarn, bun, and vlt, and it's already helped find a supply chain security attack vector inside a fortune 500 tech company. www.npmjs.com/package/esli...
www.npmjs.com
December 22, 2025 at 7:16 AM
I made something new: an eslint plugin to validate your npm ecosystem lockfiles! It supports npm, pnpm, yarn, bun, and vlt, and it's already helped find a supply chain security attack vector inside a fortune 500 tech company. www.npmjs.com/package/esli...