1. silverwind 3 days ago

   Pinning actions doesn't really work because most action dependencies are unpinned thanks to npm default behaviour of not pinning them.
2. silverwind 4 days ago

   SVG can for example contain text elements rendered with a font. If the font is not available it will render in a different one. The issue can be avoided by turning text elements into paths, but not all SVGs do that.
3. silverwind 4 days ago

   svgo is a minifier, not a sanitizer.
4. silverwind Dec 16, 2025

   You should run VPN on your gateway instead.
5. silverwind Dec 16, 2025

   Sounds like planned obsolescence if devices stop working after 5 years or less.
6. silverwind Dec 15, 2025

   Not a problem if you have the cert on a shared load balancer, not on the services directly.
7. silverwind Dec 13, 2025

   > This happens with things like os.UserHomeDir or some networking things like DNS lookups.

   The docs do not mention this CGO dependency, are you sure?

   https://pkg.go.dev/os#UserHomeDir

8. silverwind Dec 12, 2025

   They shouldn't be loaded in a React SPA at least, e.g. `react-dom` and `react` packages should be unaffected.
9. silverwind Dec 11, 2025

   I wish they would contribute stuff like this memory snappshotting to CPython.
10. silverwind Dec 11, 2025

    These namespaces do not merge cleanly, for example `content`.
11. silverwind Dec 11, 2025

    Why not make a opt-in "strict mode" for CSS that fixes all these issues?
12. silverwind Dec 8, 2025

    The quality of setup-* actions has definitely gone down and there are a lot of strange decisions being made. I assume the original authors of these actions have long left the company.
13. silverwind Dec 5, 2025

    This is missing a "if variable equals" imho. Right now it seems like pure syntactic sugar for a media query.
14. silverwind Nov 28, 2025

    > No one should be using 3.0.x anymore

    Many users are stuck at 3.0 or even Swagger 2.0 because the libraries they use refuse to support recent versions. Also OpenAPI is still not a strict superset because things like `discriminator` are still missing in JSON schema.

15. silverwind Nov 28, 2025

    Deno has tackled some of these issues with their permission system, but afaik it can only be applied to apps, not to dependencies.

    What we really need is a system to restrict packages in what they can do (for example, many packages don't need network access).

16. silverwind Nov 28, 2025

    This has improved recently. Packages like lodash were once popular but you can do most stuff with the standard library now. I think the only glaring exception is the lack of a deep equality function.
17. silverwind Nov 28, 2025

    > The culture with using version ranges for dependency resolution

    Yep, auto-updating dependencies are the main culprit why malware can spread so fast. I strongly recommend the use `save-exact` in npm and only update your dependencies when you actually need to.

18. silverwind Nov 26, 2025

    Seems like a worse version of `before` because `before` also handles indirect dependencies, whil this module does not seem to.
19. silverwind Nov 25, 2025

    Interestingly, the bug for this feature is already 17 years old (https://bugzilla.mozilla.org/show_bug.cgi?id=435426).

This user hasn’t submitted anything.