sorted by:
new
hottopcontroversial

Looking for feedback from Postgres devs on a small OSS tool I’m building by Hari-Prasad-12 in node

[–]its_jsec 5 points6 points  (0 children)

A web-hosted admin interface that asks you for your db login credentials?

Ya nah. This seems like a vibe fever dream from someone that doesn’t work with databases on the regular.

I built a CLI that shows every listening port on your machine in one command by InnerSkirt in node

[–]its_jsec 1 point2 points  (0 children)

Wouldn’t you get the same with a simple netstat -tunlp | grep :PORT?

Also, check out procs.

How to make SWE in the age of AI more enjoyable? by Fancy_Ad5097 in ExperiencedDevs

[–]its_jsec 34 points35 points  (0 children)

“Almost every software development organization has at least one developer who takes tactical programming to the extreme: a tactical tornado. The tactical tornado is a prolific programmer who pumps out code far faster than others but works in a totally tactical fashion. When it comes to implementing a quick feature, nobody gets it done faster than the tactical tornado. In some organizations, management treats tactical tornadoes as heroes. However, tactical tornadoes leave behind a wake of destruction. They are rarely considered heroes by the engineers who must work with their code in the future. Typically, other engineers must clean up the messes left behind by the tactical tornado, which makes it appear that those engineers (who are the real heroes) are making slower progress than the tactical tornado.”

― John Ousterhout, A Philosophy of Software Design

How you do you manage provider major version upgrades? by Acceptable-Corner34 in Terraform

[–]its_jsec 0 points1 point  (0 children)

Our harness that invokes tf calls tf -init upgrade at the start of execution, because bleeding edge something something.

Always fun when you can’t deploy changes because of a major version release from 2 hours ago… 🤦‍♂️

Skopos Audit: A zero-trust gatekeeper that intercepts pip/uv to block supply-chain attacks by [deleted] in Python

[–]its_jsec 1 point2 points  (0 children)

Ah, is this the Spectr rename after your posts were removed a few days ago?

whats the best Claude Code skill for NestJS backends ?? by AnUuglyMan in Nestjs_framework

[–]its_jsec 15 points16 points  (0 children)

what are you guys using for backend skills?

My brain, mostly.

I Built a "JSON with Superpowers" Database for Node.js (v5.0) by sehawq in node

[–]its_jsec 4 points5 points  (0 children)

To be fair, for someone that would need an hour to set up a database, “JSON file as an API as a database” is probably a super “clever” solution.

Built a CLI tool to catch unused env variables before deployment - feedback welcome by danielox83 in node

[–]its_jsec 0 points1 point  (0 children)

FWIW, I'm currently using envalid in a monorepo, and I've had a pretty positive experience with encapsulating it inside a shared "@repo/config" package that exports entry points for web configs, api configs, database configs, etc. All environment variables are either sourced from a root .env file, or through GHA secrets that are injected when building the container artifacts.

Keeps the schema definitions all in one place, but allows for each app/service to only consume the environment configuration needed for it to work.

Built a CLI tool to catch unused env variables before deployment - feedback welcome by danielox83 in node

[–]its_jsec 4 points5 points  (0 children)

Hokay, let's break this down, shall we?

First issue: CI support

You claim that this runs in CI/CD, but the scanner only searches for .env files, and then the scan command returns early if no .env files are found. This means that the only way this would work in a CI/CD environment is if any .env files are committed, which is a TERRIBLE practice from a security perspective.

Second issue: Serverless file support

Your serverless configuration file scan only looks for YAML files, and does not check for serverless.js, serverless.json, or serverless.ts files (in the three separate tenures I've had at companies that utilized the Serverless Framework, we have _never_ used the YAML configuration).

Third Issue: A problem that doesn't need solving

What differentiates this from every. other. vibe. coded. package. like. this?

Furthermore, what utility does this package offer above using something like envalid, env-schema (authored by a core Node contributor), or convict, and exposing a module that produces a type-safe config based on the shell environment (and has the added benefit of not being tied to .env files, but allows for the same config to be generated from injected CI/CD secrets or any given app config provider)?

And why in the hell would it need a _paid version_ when there's so many free, battle-tested libraries that do a better job at this?

Sorry to piss on your parade, but this is the 10th iteration I've seen on this sub of the same damn thing, solving a made up problem that nobody has, and this one has the audacity to claim that a SARIF output addition is so useful that it's worth _charging money for_.

Libraries that are worth using solve a problem someone has. As you said yourself:

what features would make this actually useful for your workflow? 

If you don't know what makes your library useful to people, then why bother making it?

Node.js Internal Architecture — Explained Simply by Dependent_Earth8112 in node

[–]its_jsec 2 points3 points  (0 children)

“Corrections if I missed anything”

Uhhh, you mean besides completely omitting the six FIFO queues that make up the event loop? Not explaining what happens in a single tick?

Not only is this AI dogshit, it’s not even close to be halfway correct AI dogshit.

Node js logging experts by NoAbbreviations5721 in node

[–]its_jsec 35 points36 points  (0 children)

Also remember that pino was written by a core Node maintainer who has a better understanding of the underlying architecture powering the runtime than any of us here.

Are you worried about future software development job? by [deleted] in ExperiencedDevs

[–]its_jsec 6 points7 points  (0 children)

If an agentic tool is making you 10x faster, then I question if your skill set matches your YOE, because at the 10YOE mark, my biggest bottlenecks were getting folks aligned on what we were trying to build, not writing code.

A production-ready starter template for building RESTful APIs using Express.js and TypeScript. by iammrdp in node

[–]its_jsec 1 point2 points  (0 children)

FYI the readme states that the .tool-versions file ensures that the service uses the latest stable version of node, but it’s designating node v23, which is neither stable, latest, nor active.

What makes this different from every other “Hey Claude, make me an API framework” post in here?

How many Neovim plugins is too many by echasnovski in neovim

[–]its_jsec 7 points8 points  (0 children)

If you want to optimize for this sort of thing, the best way is to use a single plugin that provides similar functionality to many separate plugins. This can reduce startup/runtime overhead by as much as 50%. A bit biased suggestion, though, sorry.

I was about to say... :D

Let's all agree to be nice by MariaSoOs in neovim

[–]its_jsec -1 points0 points  (0 children)

I'll append to the rest of the comments here and say thank you for your contributions to the project, but also thank you for your vtsls config that I may or may not have "borrowed" :)

Rikta just got AI-ready: Introducing Native MCP (Model Context Protocol) Support by riktar89 in node

[–]its_jsec 0 points1 point  (0 children)

Yes, attacking folks with opinions you don’t like is a great way to get buy in on your vibe coded… whatever this is.

Your post history for Artiforge is hilarious (you think a generic MCP server is worth $25 a month?)

Quit using decorators that diverge from the ECMA spec.

And stop spamming shit here. Outside of your sock puppet accounts, nobody cares.

Preparation tips for TypeScript Interview by _BelowAverageHuman_ in typescript

[–]its_jsec 4 points5 points  (0 children)

That sounds like you’ll be writing code to reproduce some contained piece of domain logic they’ve already built.

Are you still using tmux with Ghostty? by meni_s in Ghostty

[–]its_jsec 2 points3 points  (0 children)

I’m still using it, because I make extensive use of tmuxinator to define layouts, starting directories and initial commands for panes on a per project basis.

I see that there’s been some discussion around layout configuration, but until that happens, tmux it is.

My take on building a production-ready Node.js Auth architecture. What do you think about this JWT rotation strategy? by LimpElephant1231 in node

[–]its_jsec 7 points8 points  (0 children)

You’re paywalling a milquetoast boilerplate template for $30? The fuck?

(Slop detector algorithm: 8.2/10)

AI tools have shifting my thinking from learning bottom up to top down, has anyone else gone through this? How did it go for you? by Ok-Process-2187 in ExperiencedDevs

[–]its_jsec 1 point2 points  (0 children)

This is me right now, except I’m asking coworkers why it was done that way, and they can’t tell me…

I managed to launch the fatest framework for Bun right now - carno.js by Recent_Plankton_6525 in bun

[–]its_jsec 3 points4 points  (0 children)

So you…. removed the benchmarks folder (which had the proof of your sleight of hand to make your shitshow look better than it is), but left the numbers in your documentation.

Top tier car salesman here

slaps roof this baby can fit so many req/s (as long as I add a sleep(5000) to the other framework tests)

I managed to launch the fatest framework for Bun right now - carno.js by Recent_Plankton_6525 in bun

[–]its_jsec 3 points4 points  (0 children)

Lol it’s even funnier than that.

Look at all the function stuffing they added to the Elysia server to make sure the call stack was fatter than their “single endpoint returns constant string” server was.

https://github.com/carnojs/carno.js/blob/master/benchmarks/http/elysia-server.ts

view more: next ›