1. Tomuus Dec 4, 2025 parent

   The vulnerable code exists inside of the React Flight wire protocol that is used by Next.js but also Vite, Parcel, Waku and any other custom RSC implementation that exists. Your comment was accurate circa 2019 but not since React released server components.
2. Tomuus Dec 4, 2025 parent

   This POC is not realistic and doesn't work against production builds of Next.js. It requires explicit exposure of gadgets by the user (eg. vm.runInContext) so is invalid as noted on https://react2shell.com
3. Tomuus Dec 3, 2025 parent

   The React Server Components wire format (Flight) is relatively novel and very new (it has existed in React stable for just a year). This is not a simple JSON parsing bug.
4. Tomuus Oct 4, 2025 parent

   Record types are now "on protocol", you resolve them via a similar mechanism as in the article. https://atproto.com/specs/lexicon#lexicon-publication-and-re...
5. Tomuus Apr 10, 2025 parent

   And Vercel's "compute units"
6. Tomuus Feb 12, 2024 parent

   ZigBee is a mesh network, this is very important in many situations eg. battery powered or large area
7. Tomuus Sep 9, 2023 parent

   1.0.0 means the API and semantics are stable, not that there are no bugs.
8. Tomuus Sep 2, 2023 parent

   Observables and Generators (iterators) are fundamentally different. Observables are push-based (like a promise) whereas iterators are pull-based (like a function).

   Glossing over this fact leads to a flawed understanding, not a deeper one.

9. Tomuus Oct 27, 2022 parent

   Things mostly just work. Remember Node.js is mostly APIs on top of JS the language. If those tools compile to JS in the browser, they can compile to Deno. Deno is a more stabdards-based runtime than Node, it's closer to how the browser works.
10. Tomuus Oct 6, 2022 parent

    I don't think Firefox was reading any QR codes, but instead was recrawling the link in the "Recents" list on a new tab or bookmarks screen.

    This is in no way a problem. There is precedent for browsers eagerly loading links, it happens all the time in regular webpages. This is most of the reason why anchors should be safe/side-effect free.

11. Tomuus Sep 9, 2022 parent

    Using the Web Platform and using React are not opposites, you can do both. See: Remix as a framework that bakes in these ideas, but using the platform is easily achievable yourself too.

    Making this distinction between HTML <form>s and React shows a clear misunderstanding of the programming model that React provides. It targets the platform in a native way. This is how React DOM, React Native, and libraries like Ink[1] work.

    [1] https://github.com/vadimdemedes/ink

12. Tomuus Jul 16, 2022 parent

    Platforms. Google sucks at building platforms. https://vm.tiktok.com/ZMNmnGgfV/?k=1
13. Tomuus Jul 5, 2022 parent

    I wouldn't agree that Deno showed that, as I said many companies are making a lot of money from non-Node JS runtimes.

    The players I mention have built their own runtime, they're mostly all built on V8 isolates (including Deno Deploy).

    This is why I struggle to see where Bun fits in the edge JS world, as far as I understand it JSC has no Isolate primitive meaning Bun would have to write this from scratch (or salvage the other parts of WebKit that offer isolation). Otherwise Bun will be limited to using Linux containers on the edge, at which point you re-introduce the startup time you gained by switching from node in the first place.

14. Tomuus Jul 5, 2022 parent

    Deno isn't the only company offering a not-Node JS server runtime. Cloudflare, Shopify, Fastify, AWS, and probably more all have skin in this game.
15. Tomuus Feb 19, 2022 parent

    Unsafe does not turn off the borrow checker

    https://steveklabnik.com/writing/you-can-t-turn-off-the-borr...

16. Tomuus Jan 26, 2022 parent

    Me too, as to do so you'd need to solve P == NP - we can split the $1million 50/50 if you like.
17. Tomuus Dec 18, 2021 parent

    One of my favourite things about Remix, and where it beats Next IMO, is that you can deploy it anywhere. Bring your own server.

    Whereas trying to deploy Next.js anywhere other than Vercel is a nightmare.

18. Tomuus Dec 11, 2021 parent

    We'll be saying this in a few years about all other forms of algabreic effects too.
19. Tomuus Sep 18, 2021 parent

    You're asking for opaque types. This is kinda possible in typescript but you can only approximate it unfortunately.

    You may also want to consider a branded type, which can be useful but a little less strict.

20. Tomuus Jul 18, 2021 parent

    I think this article skips over many nuances of the declarative model.

    For a real "ground up" approach of explaining those I'd recommend this article series: https://acko.net/blog/climbing-mt-effect/

21. Tomuus Jun 7, 2021 parent

    It's a common phrase in East Anglia in my experience.

This user hasn’t submitted anything.