Wojciech Maj
@wojtekmaj.pl
Dad, husband, TypeScript developer.
February 5, 2026 at 9:56 PM
One year of asking the corporate for @sentry.io and I got Splunk 😭 At least I can get sassy in PR title.
February 4, 2026 at 10:08 AM
One year of asking the corporate for @sentry.io and I got Splunk 😭 At least I can get sassy in PR title.
Reposted by Wojciech Maj
It’s happening. Yarn 6 Preview is here 💫
Yes, we rewrote it in Rust 🦀⚡️
I'm incredibly excited for the future of our beloved package manager. See the benchmarks and plans in our latest post:
Yes, we rewrote it in Rust 🦀⚡️
I'm incredibly excited for the future of our beloved package manager. See the benchmarks and plans in our latest post:
Yarn 6 Preview
Yarn is a modern JavaScript package manager focused on speed, security, and reliability.
yarn6.netlify.app
January 28, 2026 at 3:09 PM
It’s happening. Yarn 6 Preview is here 💫
Yes, we rewrote it in Rust 🦀⚡️
I'm incredibly excited for the future of our beloved package manager. See the benchmarks and plans in our latest post:
Yes, we rewrote it in Rust 🦀⚡️
I'm incredibly excited for the future of our beloved package manager. See the benchmarks and plans in our latest post:
Reposted by Wojciech Maj
Tailwind is cognitive DDOS
January 23, 2026 at 5:33 PM
Tailwind is cognitive DDOS
I'm honestly flabbergasted, how you could possibly mess up search so bad?
January 7, 2026 at 2:58 PM
I'm honestly flabbergasted, how you could possibly mess up search so bad?
Can't wait for Node.js ecosystem to reach 100% ESM adoption in 2083 🤩
December 5, 2025 at 9:53 AM
Can't wait for Node.js ecosystem to reach 100% ESM adoption in 2083 🤩
So, if I'm reading the article correctly... If you make sure you don't have Bun installed, and you add:
0.0.0.0 bun.sh
0.0.0.0 www.bun.sh
to your /etc/hosts, then you should be safe!
0.0.0.0 bun.sh
0.0.0.0 www.bun.sh
to your /etc/hosts, then you should be safe!
🚨 A new wave of the Shai-Hulud supply chain attack has hit npm, impacting packages across widely used projects from AsyncAPI, ENS, Postman, PostHog, and Zapier. Attackers added a malicious preinstall script following account compromise. The investigation is ongoing:
socket.dev/blog/shai-hu...
socket.dev/blog/shai-hu...
Shai Hulud Strikes Again (v2) - Socket
Another wave of Shai-Hulud campaign hits npm.
socket.dev
November 25, 2025 at 3:34 PM
So, if I'm reading the article correctly... If you make sure you don't have Bun installed, and you add:
0.0.0.0 bun.sh
0.0.0.0 www.bun.sh
to your /etc/hosts, then you should be safe!
0.0.0.0 bun.sh
0.0.0.0 www.bun.sh
to your /etc/hosts, then you should be safe!
TIL that
`${date.getUTCFullYear()}-${`${date.getUTCMonth() + 1}`.padStart(2, "0")}-${`${date.getUTCDate()}`.padStart(2, "0")}`
is 40*-150** times faster than
date.toISOString().slice(0, 10)
* - Chrome
** - Safari
`${date.getUTCFullYear()}-${`${date.getUTCMonth() + 1}`.padStart(2, "0")}-${`${date.getUTCDate()}`.padStart(2, "0")}`
is 40*-150** times faster than
date.toISOString().slice(0, 10)
* - Chrome
** - Safari
November 25, 2025 at 8:43 AM
TIL that
`${date.getUTCFullYear()}-${`${date.getUTCMonth() + 1}`.padStart(2, "0")}-${`${date.getUTCDate()}`.padStart(2, "0")}`
is 40*-150** times faster than
date.toISOString().slice(0, 10)
* - Chrome
** - Safari
`${date.getUTCFullYear()}-${`${date.getUTCMonth() + 1}`.padStart(2, "0")}-${`${date.getUTCDate()}`.padStart(2, "0")}`
is 40*-150** times faster than
date.toISOString().slice(0, 10)
* - Chrome
** - Safari
Nothing brings more joy to an OSS maintainer than 87 notifications titled "Bump glob from 10.3.10 to 10.5.0". 😇
November 19, 2025 at 10:02 AM
Nothing brings more joy to an OSS maintainer than 87 notifications titled "Bump glob from 10.3.10 to 10.5.0". 😇
❌ If you unit-test a React 19 app, there’s a good chance a chunk of your CI time is being wasted on… 😴 setTimeout.
Wait, what? Yes!
React 19 introduced a minimum delay for showing a Suspense fallback, and hardcoded (!) it to 300ms.
Just 3 tests can waste almost 1 second on absolutely nothing!
Wait, what? Yes!
React 19 introduced a minimum delay for showing a Suspense fallback, and hardcoded (!) it to 300ms.
Just 3 tests can waste almost 1 second on absolutely nothing!
November 17, 2025 at 2:15 PM
❌ If you unit-test a React 19 app, there’s a good chance a chunk of your CI time is being wasted on… 😴 setTimeout.
Wait, what? Yes!
React 19 introduced a minimum delay for showing a Suspense fallback, and hardcoded (!) it to 300ms.
Just 3 tests can waste almost 1 second on absolutely nothing!
Wait, what? Yes!
React 19 introduced a minimum delay for showing a Suspense fallback, and hardcoded (!) it to 300ms.
Just 3 tests can waste almost 1 second on absolutely nothing!
I’ve never considered myself a huge pnpm fan, so maybe this means even more coming from me: this is an EXCELLENT pnpm update. 🚀
Update it if you use it, start using it if you don't.
Update it if you use it, start using it if you don't.
November 11, 2025 at 10:49 AM
I’ve never considered myself a huge pnpm fan, so maybe this means even more coming from me: this is an EXCELLENT pnpm update. 🚀
Update it if you use it, start using it if you don't.
Update it if you use it, start using it if you don't.
Ah yes one of these days
October 30, 2025 at 6:58 AM
Ah yes one of these days
I'm exploring React Compiler to understand it better and minimize its impact on bundle size. 🕵️♀️ How about 100 bytes saved by simply declaring a variable? That can surely add up!
![// 725 bytes after compilation
import { useState } from 'react';
export default function ColorProvider({ children }) {
const [color, setColor] = useState('red');
function changeColor() {
setColor('blue');
}
return (
<Button value={{ changeColor }}>
{children}
</Button>
);
}](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:jthwx55n5kgyekhpaqajzuhw/bafkreiexvqkidgvmjyfexldsglyn7siiblbjqjvwayawskpaxkl56k3t4i@jpeg)
![// 625 bytes after compilation
import { useState } from 'react';
export default function ColorProvider({ children }) {
const [color, setColor] = useState('red');
function changeColor() {
setColor('blue');
}
const value = { changeColor };
return (
<Button value={value}>
{children}
</Button>
);
}](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:jthwx55n5kgyekhpaqajzuhw/bafkreibpdfz54alr3n7xlitwnqkvu3k6qtairiobh3iufcdipccq5fl3pu@jpeg)
October 28, 2025 at 8:44 PM
I'm exploring React Compiler to understand it better and minimize its impact on bundle size. 🕵️♀️ How about 100 bytes saved by simply declaring a variable? That can surely add up!
👉 This VSCode/Cursor extension by blazejkustra changed EVERYTHING for me!
It adds an emoji (✨/🚫) indicating whether the component can be optimized with React Compiler or not. Updates real time as you type! 🤯
github.com/blazejkustra...
It adds an emoji (✨/🚫) indicating whether the component can be optimized with React Compiler or not. Updates real time as you type! 🤯
github.com/blazejkustra...
GitHub - blazejkustra/react-compiler-marker: Highlights React components optimized by the React Compiler in VSCode/Cursor ✨
Highlights React components optimized by the React Compiler in VSCode/Cursor ✨ - blazejkustra/react-compiler-marker
github.com
October 28, 2025 at 8:18 PM
👉 This VSCode/Cursor extension by blazejkustra changed EVERYTHING for me!
It adds an emoji (✨/🚫) indicating whether the component can be optimized with React Compiler or not. Updates real time as you type! 🤯
github.com/blazejkustra...
It adds an emoji (✨/🚫) indicating whether the component can be optimized with React Compiler or not. Updates real time as you type! 🤯
github.com/blazejkustra...
👁️ Conspiracy theory: The React team keeps making React heavier with every release to boost demand for RSC, pushing devs toward server infra... All to drive up Vercel sales. 🕵️♂️💸
October 2, 2025 at 7:04 PM
👁️ Conspiracy theory: The React team keeps making React heavier with every release to boost demand for RSC, pushing devs toward server infra... All to drive up Vercel sales. 🕵️♂️💸
React 19.2 is 12% bigger than 19.1.
And 60% bigger than 18.3.
And 136% bigger than 17.0.
I'm so tired of this.
And 60% bigger than 18.3.
And 136% bigger than 17.0.
I'm so tired of this.
October 2, 2025 at 7:47 AM
React 19.2 is 12% bigger than 19.1.
And 60% bigger than 18.3.
And 136% bigger than 17.0.
I'm so tired of this.
And 60% bigger than 18.3.
And 136% bigger than 17.0.
I'm so tired of this.
What's stopping you from coding like this?
September 20, 2025 at 6:46 PM
What's stopping you from coding like this?
That awkward thing you did/said back in 2019 that still makes you cringe every time you remember it? No one else remembers it.
people over 30 quote this with some life advice for the rest of us?
September 20, 2025 at 10:41 AM
That awkward thing you did/said back in 2019 that still makes you cringe every time you remember it? No one else remembers it.
I'm enabling OICD trusted publishing in all my npm packages. What a terrible DX 🫠 Not only I needed to click through the options manually in THIRTY NINE packages, but also got rate-limited and had to wait a full hour before I was able to continue 🤣 It's like they *didn't want* people to enable OICD!
September 19, 2025 at 11:28 AM
I'm enabling OICD trusted publishing in all my npm packages. What a terrible DX 🫠 Not only I needed to click through the options manually in THIRTY NINE packages, but also got rate-limited and had to wait a full hour before I was able to continue 🤣 It's like they *didn't want* people to enable OICD!
Reposted by Wojciech Maj
Yarn 4.10 is fresh off the press! 💫 It includes a new npmMinimalAgeGate setting, catalog support, and OIDC publishing.
Release v4.10.0 · yarnpkg/berry
What's Changed
Bumps TypeScript to 5.9 by @arcanis in #6889
Updates tests for the merge conflict resolution v5 by @arcanis in #6892
Tweaks tests by @arcanis in #6894
docs: fix typo in enableScript...
github.com
September 18, 2025 at 9:26 AM
Yarn 4.10 is fresh off the press! 💫 It includes a new npmMinimalAgeGate setting, catalog support, and OIDC publishing.
Reposted by Wojciech Maj
in light of the current supply chain attacks, I've just published a @github.com action to detect packages that _lose_ their provenance.
📦 supports pnpm-lock.yaml, package-lock.json, yarn.lock (v1)
🎨 inline GitHub annotations
✅ JSON output + configurable
💪 published in TS with zero deps
📦 supports pnpm-lock.yaml, package-lock.json, yarn.lock (v1)
🎨 inline GitHub annotations
✅ JSON output + configurable
💪 published in TS with zero deps
GitHub - danielroe/provenance-action: GitHub Action that detects dependency provenance downgrades from lockfile changes (npm/pnpm/yarn).
GitHub Action that detects dependency provenance downgrades from lockfile changes (npm/pnpm/yarn). - danielroe/provenance-action
github.com
September 16, 2025 at 12:17 PM
in light of the current supply chain attacks, I've just published a @github.com action to detect packages that _lose_ their provenance.
📦 supports pnpm-lock.yaml, package-lock.json, yarn.lock (v1)
🎨 inline GitHub annotations
✅ JSON output + configurable
💪 published in TS with zero deps
📦 supports pnpm-lock.yaml, package-lock.json, yarn.lock (v1)
🎨 inline GitHub annotations
✅ JSON output + configurable
💪 published in TS with zero deps