banner
ruyadorno.com
Ruy Adorno
@ruyadorno.com
1.6K followers 820 following 460 posts
Node.js TSC • Founder Engineer at @vlt.sh • Previously Google, GitHub, npm Inc. Opinions are my own. 📍 Montreal 🇨🇦
Posts Media Videos Starter Packs
ruyadorno.com
Ruy Adorno @ruyadorno.com · 1d
Do anyone knows if there's a JS conference happening in Mexico City around spring time next year? 🤔
1 1
Reposted by Ruy Adorno
nodeland.dev
Matteo Collina @nodeland.dev · 2d
🚀 BIG NEWS: We just shipped @platformatic/python - run Python ASGI apps INSIDE your Node.js process!

This changes everything for AI/ML + Node.js apps 🧵

youtu.be/8eAAP9IF4xA
Launching @platformatic/python: Bring Python ASGI to Your Node.js Applications
Today we are excited to ship @platformatic/python, a new capability for Watt, the Application Server for Node.js, that lets you run Python ASGI applications alongside your existing Node.js workloads.…
youtu.be
1 9 19
Reposted by Ruy Adorno
rginn206.bsky.social
Robin Bender Ginn @rginn206.bsky.social · 1d
So cool to be in the room at React Conf when the new React Foundation was announced 💙 with its new home at the Linux Foundation. At @openjsf.org we’re celebrating this big win for JavaScript communities.
openjsf.org
OpenJS Foundation @openjsf.org · 1d
New Era for React = Stronger JavaScript Ecosystem 💙

React doesn’t live in isolation - It works alongside Node.js, Electron, webpack, and more. A dedicated foundation under the Linux Foundation means more collaboration, security, and sustainability across the ecosystem.

hubs.la/Q03MylxX0
Celebrating the Launch of the React Foundation | OpenJS Foundation
A New Era for React, and a Stronger JavaScript Ecosystem
hubs.la
5 17
ruyadorno.com
Ruy Adorno @ruyadorno.com · 2d
🥳🥳🥳
2
Reposted by Ruy Adorno
igalia.com
Igalia @igalia.com · 7d
Igalia's @joyeecheung.bsky.social will be speaking about "Shipping Node.js packages in 2025,” focused on migrating dual/faux/CJS packages to ESM-only at Nordic.js on Friday, 3rd October at 10:30 CEST

nordicjs.com/2025/speaker...

Come say hi!
The same details as the skeet but on a card with Joyee's avatar
1 4 9
ruyadorno.com
Ruy Adorno @ruyadorno.com · 8d
wait, what? isn't that all we are supposed to be doing here? no wonder I have no friends!
3
Reposted by Ruy Adorno
benv.ca
Ben Vinegar @benv.ca · 8d
I've come to accept AI will write the majority of code.

So earlier this year I started exploring other ways AI could help developers.

That turned into this company, Modem. We're building an agent that does PM triage work for you and delivers product context to your IDE.

More here: modem.dev 🙏
Modem - Your dev-team's auto-triage Product Manager
Turn support, chat, and analytics into developer-ready context so engineers can decide, fix, and ship faster.
modem.dev
5 3 23
Reposted by Ruy Adorno
dmno.bsky.social
dmno.dev @dmno.bsky.social · 8d
Just tested and it works with varlock.dev!
1 3 5
ruyadorno.com
Ruy Adorno @ruyadorno.com · 10d
Weekend project fixing up this playhouse on the back alley for the neighborhood kids
playhouse after the first round of fixing up playhouse final result
5
Reposted by Ruy Adorno
43081j.com
James @43081j.com · 13d
we now have an @e18e.dev github action which can diff your dependencies in PRs

things like:
- change in trust level (loss of trusted publisher)
- adding >threshold dependencies
- adding >threshold install size
- bundle size difference (vs main)
- duplicate deps

early days so please give feedback!
GitHub - e18e/action-dependency-diff: A GitHub action to report dependency changes and potential problems
A GitHub action to report dependency changes and potential problems - e18e/action-dependency-diff
github.com
6 17 54
ruyadorno.com
Ruy Adorno @ruyadorno.com · 12d
good stuff! 🙌 I'll keep an eye and we can contribute to a `vlt` integration once we stabilize the API, great work @43081j.com 🎉
1 2
ruyadorno.com
Ruy Adorno @ruyadorno.com · 13d
extremely disappointing
1 2
ruyadorno.com
Ruy Adorno @ruyadorno.com · 14d
😂 🥳
1
ruyadorno.com
Ruy Adorno @ruyadorno.com · 15d
A heads up to anyone attending the upcoming JSConf in October and locals to the Maryland state area. We're hosting the Node.js Collab Summit next October 17 and registration is now open for in-person participation: github.com/openjs-found...
Node.js Collab Summit, October 17 2025, Chesapeake Bay, MD
4 4
Reposted by Ruy Adorno
rwklau.bsky.social
Richard Lau @rwklau.bsky.social · 15d
Just released @nodejs.org 22.20.0.
nodejs.org/en/blog/rele...
Node.js
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
nodejs.org
1 7 29
Reposted by Ruy Adorno
nodeland.dev
Matteo Collina @nodeland.dev · 16d
🚀 BIG NEWS: We just open-sourced the Intelligent Command Center (ICC) for Node.js!

After years of watching teams struggle with Node.js on Kubernetes, we're changing the game.

The problem? K8s was built for Java/.NET, not Node.js's async model.

The cost? 40% overprovisioning. 🧵
1 4 14
ruyadorno.com
Ruy Adorno @ruyadorno.com · 16d
🎉
ruyadorno.com
Ruy Adorno @ruyadorno.com · 20d
Seeing the recent supply-chain attacks made me prioritize this item from our backlog as I wanted a quick way to know if any of my local projects have been affected.

Meet the new vlt client `:host()` Query selector:

blog.vlt.sh/blog/host-co...

#javascript #nodejs #packages
Query Across Projects with the host selector
The host selector is a pseudo-selector that switches your current graph context to load dependencies from different project sources
blog.vlt.sh
5 8
Reposted by Ruy Adorno
bengl.dev
Bryan English @bengl.dev · 21d
Early npm and Node.js design decisions resulted in the biggest software ecosystem in existence, for the most used programming language in the world. We shouldn't pretend this is a net bad thing. But yes, it came with tradeoffs. A more competent current steward could have mitigated these tradeoffs.
gergely.pragmaticengineer.com
Gergely Orosz @gergely.pragmaticengineer.com · 21d
All the good that TypeScript did to the Node ecosystem, npm is undoing it

How can a serious company build on top of this ecosystem that is one npm update away from dependency compromise happening

(I am serious: I'd expect more greenfield startups to not go with Node b/c of it)
2 4 19
Reposted by Ruy Adorno
nicoespeon.com
Necrolas Scarlo 🧟‍♀️ @nicoespeon.com · 22d
Alright, let's make it official…

I am super-proud to tell you that I have finally published the print version of my book: "Legacy Code: First Aid Kit" 🎉 📕 🥲
A proud Nicolas holding a physical copy of his book. The book is 200 pages long. Its cover is mostly red and titled "Legacy Code: First Aid Kit" with some bandage, and a subtitle: "14 techniques to quickly and safely rescue a codebase" The book is open at page 85. The chapter is titled "Decouple Core from Infrastructure". We can see some explanations along code snippets that have syntax coloring and a font size large enough to be comfortable to read. The book is opened at page 35. The current chapter is titled "The Mikado Method & The Parking". On this page we can see there is an image to illustrate the concept being explained. It's readable enough to be comfortable. We can also see a footnote that links to Philippe Bourgau's blog because he was a relevant source for this concept.
4 8 24
Reposted by Ruy Adorno
darcyclarke.me
Darcy Clarke @darcyclarke.me · 23d
ℹ️ Don't know who needs to hear this but npm has had a --before= flag since v6.9.0 (02/2019): github.com/npm/cli/blob/v…

Setting a relative date is easy w/:
$ npm install --before="$(date -v -7d)"
# & only get registry deps that are over a week olddocs.npmjs.com/cli/v11/usin...re
https://github.com/npm/cli/blob/v…
3 10 43
Reposted by Ruy Adorno
sarahgooding.bsky.social
Sarah Gooding @sarahgooding.bsky.social · 23d
Y'all this is non-stop. 😰 Woke up to another npm supply chain attack this morning. This malware is identical to the one that hit 40+ packages yesterday:

cc: @campuscodi.risky.biz
socket.dev
Socket @socket.dev · 23d
🚨 Multiple CrowdStrike packages trojanized in an ongoing npm supply chain attack: This is the same campaign that hit Tinycolor yesterday with identical malware.

Full list of compromised packages + mitigations →
socket.dev/blog/ongoing... #NodeJS #JavaScript
Ongoing Supply Chain Attack Targets CrowdStrike npm Packages...
Socket.dev found compromised various CrowdStrike npm packages, continuing the "Shai-Halud" supply-chain attack that previously hit `tinycolor`.
socket.dev
1 10 19
Reposted by Ruy Adorno
sarahgooding.bsky.social
Sarah Gooding @sarahgooding.bsky.social · 23d
These attacks used to be more rare, but now we're seeing popular packages getting compromised every week. Check your dependencies.

cc: @campuscodi.risky.biz
socket.dev
Socket @socket.dev · 23d
🚨 Malicious update to @ctrl/tinycolor on npm is part of an active supply chain attack hitting 40+ packages across multiple maintainers. Audit & remove affected versions.

Our analysis of the malware: socket.dev/blog/tinycol... #NodeJS #JavaScript
Popular Tinycolor npm Package Compromised in Supply Chain At...
Malicious update to @ctrl/tinycolor on npm is part of a supply-chain attack hitting 40+ packages across maintainers
socket.dev
1 5 10
Reposted by Ruy Adorno
notwes.bsky.social
Wes @notwes.bsky.social · 23d
Honestly serious: JUST DON'T UPDATE PACKAGES RIGHT NOW.

It is unclear to me yet, but this is looking pretty wide spread. Better be safe than sorry, just go touch some grass.
notwes.bsky.social
Wes @notwes.bsky.social · 23d
Do not update to @ctrl/[email protected]. It has malware that is currently live on npm.
4 40 75
Reposted by Ruy Adorno
nodejs.org
Node.js @nodejs.org · 28d
Node.js v24.8.0 (Current) is out 💥

Details: nodejs.org/en/blog/rele...
Node.js
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
nodejs.org
8 44