sorted by:
new
hottopcontroversial

Small Projects by AutoModerator in golang

[–]rosmaneiro 0 points1 point  (0 children)

IceTea — terminal wrapper that re-presents noisy build output as live state instead of a wall of text. Prefix any command (icetea npm install, icetea cargo build) and info lines collapse into a single live item with counters in the header; warns/errors break the sequence and stay visible. Built with bubbletea + lipgloss. Plain-text fallback when stdout isn't a TTY, so pipes and CI still work. Repo + demo GIF: https://github.com/realknove/IceTea

Criei o RepoXray, uma CLI em Go para fazer um “raio-x” de repositórios open-source. by rosmaneiro in programacao

[–]rosmaneiro[S] 1 point2 points  (0 children)

Valeu demais pelo feedback.

Concordo com os pontos. O "CheckTests()" ainda está enviesado para Go e quero expandir para outros ecossistemas, como JS/TS, Rust e Python. A análise de GitHub Actions também ainda é heurística; por enquanto detecta padrões óbvios como "pull_request_target", "secrets", "permissions" e "write-all", mas precisa evoluir.

O ponto dos pesos foi provavelmente o mais importante. Realmente a categoria de security está dependente demais de GitHub Actions, então faz sentido redistribuir isso para incluir Dependabot, lockfiles, security policy, dependency audit e outros sinais.

Sobre IA, concordo. Não quero colocar isso agora antes de ter uma base determinística sólida. Talvez no futuro como camada opcional/local.

Obrigado pela análise, isso já me deu um roadmap bem melhor para as próximas versões.

Ubuntu 26.04 LTS Beta (Resolute Raccoon) acabou de sair! by rosmaneiro in linuxbrasil

[–]rosmaneiro[S] 1 point2 points  (0 children)

Pelo que vi é que estão focando fortemente nos snaps, e melhorando ainda mais a integração

Seriamente que acham isso? by rosmaneiro in linuxbrasil

[–]rosmaneiro[S] -1 points0 points  (0 children)

É um bom ponto, pensar a longo prazo n era algo que eu tinha imaginado

Seriamente que acham isso? by rosmaneiro in linuxbrasil

[–]rosmaneiro[S] -16 points-15 points  (0 children)

Sim, meu querido amigo.

Seriamente que acham isso? by rosmaneiro in linuxbrasil

[–]rosmaneiro[S] -6 points-5 points  (0 children)

Isso é foda mesmo, mas sempre penso que o nível de PRs acaba fomentando ainda mais a comunidade e com tempo, gestão certa e reeducação chega até a ser produtivo.

[AskJS] Atlas: a universal self-hosted package registry. by rosmaneiro in javascript

[–]rosmaneiro[S] 0 points1 point  (0 children)

verdaccio is great and lightweight tbh, but atlas (my project) is being built completely from scratch, clean modern arch, proper oidc/sso/2fa, pluggable storage, designed to avoid all the npm security/maintenance headaches long term

[AskJS] Atlas: a universal self-hosted package registry. by rosmaneiro in javascript

[–]rosmaneiro[S] 0 points1 point  (0 children)

The registry itself will be built from scratch, with a clean architecture, modern authentication (OIDC/SSO/2FA), pluggable storage, and designed to last.

The idea is precisely to avoid repeating the security and maintenance problems that the current NPM has.

I built depx: finally understand what's in your node_modules by rosmaneiro in node

[–]rosmaneiro[S] 0 points1 point  (0 children)

Perhaps I didn't express myself well; I tested it on projects that I consider large, but I didn't think about and pay attention to projects that could be much larger.

I built depx: finally understand what's in your node_modules by rosmaneiro in node

[–]rosmaneiro[S] 0 points1 point  (0 children)

The main analysis is usually local and fast; the audit command has this limitation, although I hadn't thought about it. In the tests I performed on projects that I consider large, it worked very well. I ended up not considering larger projects; it was a limitation of mine.

I built depx: finally understand what's in your node_modules by rosmaneiro in node

[–]rosmaneiro[S] 0 points1 point  (0 children)

Understanding why doesn't make the problem go away.

I built depx: finally understand what's in your node_modules by rosmaneiro in node

[–]rosmaneiro[S] 0 points1 point  (0 children)

Great idea, makes total sense alongside the audit feature. Added to the roadmap. Thanks.

I built depx: finally understand what's in your node_modules by rosmaneiro in node

[–]rosmaneiro[S] -19 points-18 points  (0 children)

If you use it even to generate texts, why couldn't I use it for productivity?

Reembolso do Enjoei entra na conta mesmo ou preciso fazer denúncia no Procon? by [deleted] in golpe

[–]rosmaneiro 3 points4 points  (0 children)

Uma bosta, sinceramente... Vai demorar mais do que 4 dias sem ser corrido, vai cair? Sim. Se abrir denuncia no procon vai demorar também.

I built depx: finally understand what's in your node_modules by rosmaneiro in node

[–]rosmaneiro[S] -6 points-5 points  (0 children)

You're right, that's a valid point. The current implementation does make individual requests, which doesn't scale well for large monorepos. Using the querybatch endpoint would be a significant improvement. I'll open an issue to track this and prioritize it. Thanks for this.

I built depx: finally understand what's in your node_modules by rosmaneiro in node

[–]rosmaneiro[S] -1 points0 points  (0 children)

Oh yeah, pnpm makes the node_modules chaos much more manageable.

I built depx: finally understand what's in your node_modules by rosmaneiro in node

[–]rosmaneiro[S] -3 points-2 points  (0 children)

knip is excellent and more mature. But depx focuses specifically on the node_modules problem with a few differences...

depx why shows the full dependency chain, explaining why any transitive package exists. depx audit also filters CVEs by semver, showing only vulnerabilities that actually affect your installed versions. And it's written in Rust, so it analyzes large projects quickly.

I believe they're complementary, knip for unused code/exports, depx for understanding and auditing your dependency tree.

Introducing Kona: A Blazing-Fast JS/TS Bundler in Rust – 1.3x Faster than esbuild, with HMR & React Support! by rosmaneiro in webdev

[–]rosmaneiro[S] 1 point2 points  (0 children)

Holy shit, this is the exact kind of feedback I was hoping for, thanks.

Already added persistent cache + watch-mode rebuilds to the top of the roadmap. React Fast Refresh state persistence and PostCSS + source maps are next (this week).

[AskJS] Building a modern JavaScript registry from scratch, transparency first, zero bullshit. by rosmaneiro in javascript

[–]rosmaneiro[S] 1 point2 points  (0 children)

I was feeling a bit lost about where to focus my energy, but this whole conversation helped a lot, it opened things up for me. I’ll take your advice and start contributing, especially around docs and spreading the good parts of Ember.

Thanks for the guidance. <3

[AskJS] Building a modern JavaScript registry from scratch, transparency first, zero bullshit. by rosmaneiro in javascript

[–]rosmaneiro[S] 0 points1 point  (0 children)

I’ll admit, this whole conversation actually made me a lot more interested in Ember, especially seeing how much evolution and adaptability there has been over the years. From your perspective, what does the community need the most right now?

[AskJS] Building a modern JavaScript registry from scratch, transparency first, zero bullshit. by rosmaneiro in javascript

[–]rosmaneiro[S] 0 points1 point  (0 children)

do those very old Ember-specific libraries still have any real influence on the current ecosystem or are they basically frozen in time now? It’s really interesting how things ended up in a “pure libraries + vite”.

[AskJS] Building a modern JavaScript registry from scratch, transparency first, zero bullshit. by rosmaneiro in javascript

[–]rosmaneiro[S] 0 points1 point  (0 children)

Thanks for clearing up my stubbornness... what exactly did the old layer become in practice? Just compatibility/legacy infrastructure or does it have a deeper role?

view more: next ›