Darcy Clarke, former GitHub Staff Engineering Manager and founder of vlt, joins us to discuss a major bug in the npm ecosystem that he recently disclosed. We cover the bug’s timeline, nuances, and impact, all while setting some important context on npm packages, clients, and registries. Tune in to learn how to protect your codebase and gain a deeper understanding of this crucial part of the JavaScript ecosystem.

Feross and his team at Socket recently shipped a wrapper library for the ubiquitous npm package manager’s command-line interface that brings enhanced security when you need it most: before executing any code

Bradly Farias lead this effort, so Jerod & Chris invited him on the show to learn all about it.

It’s our 4th annual New Year’s party! Jerod & the gang review our (failed) resolutions from last year, discuss what’s trending in the web world, make a few predictions of our own & even set some new (probably failed) resolutions for this year.

This week we’re talking fresh, faster, and new web frameworks by way of JS Party. Yes, today’s show is a web framework sampler because a new batch of web frameworks have emerged. There’s always something new happening in the front-end world and JS Party does an amazing job of keeping us up to date. So…what’s fresh, faster, and new?

The first segment of the show focuses on Deno’s Fresh new web framework. Luca Casonato joins Jerod & Feross to talk about Fresh – a next generation web framework, built for speed, reliability, and simplicity.

In segment two, AngularJS creator Miško Hevery joins Jerod and KBall to talk about Qwik. He says Qwik is a fundamental rethinking of how a web application should work. And he’s attempting to convince Jerod & KBall that the implications of that are BIG.

In the last segment, Amal talks with Fred Schott about Astro 1.0. They go deep on how Astro is built to pull content from anywhere and serve it fast with their next-gen island architecture.

Plus there’s an 8 minute bonus for our ++ subscribers (changelog.com/++). Fred Schott explains Astro Islands and how Astro extracts your UI into smaller, isolated components on the page, and the unused JavaScript gets replaced with lightweight HTML — leading to faster loads and time-to-interactive.

Deno team member Luca Casonato joins Jerod & Feross to tell us about Fresh – a next generation web framework, built for speed, reliability, and simplicity.

Nick rewrote our JS Danger game board app from Dojo to React for his talk at React Global Online Summit about componentizing application state with React and XState.

On this episode Jerod, KBall, and Feross chat with Nick about the entire process and what he learned along the way. Oh, we also play an epic round of Pro Tip Time!

JS Party is a weekly celebration of JavaScript and the web so fun is at the heart of every episode.

We play games like Frontend Feud… (clip from episode #192)

Discuss and analyze the news… (clip from episode #213)

Explain technical concepts to each other like we’re 5… (clip from episode #195)

Debate hot topics like should websites work without JS? (clip from episode #87)

Interiew amazing devs like Rich Harris and Una Kravets… (clip from episode #167)

This is JS Party! Listen and subscribe today.

We’d love to have you with us. 💚

Feross has been working on something big. He joins Chris and Nick, along with guests Bret Comnes and Mik Lysenko to discuss Socket, what it is, and its focus on the security of the JavaScript supply chain.

This week we’re joined by the “mad scientist” himself, Feross Aboukhadijeh…and we’re talking about the launch of Socket — the next big thing in the fight to secure and protect the open source supply chain.

While working on the frontlines of open source, Feross and team have witnessed firsthand how supply chain attacks have swept across the software community and have damaged the trust in open source. Socket turns the problem of securing open source software on its head, and asks…“What if we assume all open source may be malicious?” So, they built a system that proactively detects indicators of compromised open source packages and brings awareness to teams in real-time. We cover the whys, the hows, and what’s next for this ambitious and very much needed project.

Tobie Langel, Open source strategist and Principal at UnlockOpen, joins Chris, Feross, and Amal to discuss recent widespread incidents affecting the JavaScript community (and breaking CI builds) around the globe. Two widely used npm libraries were self-sabotaged by their single maintainer, yet again, highlighting the many gaps in our OSS supply chain security, sustainability and overall practices. We explore all these topics and solution on what our ecosystem needs to be more resilient to these types of attacks in the future.

JS Party listeners and panelists celebrate our favorite moments from the past 100 episodes! You’ll hear from over 20 of your favorite voices across 14 episodes. We also share some behind-the-scenes and read/hear from listeners! Here’s to the last 200 episodes, and the next 200 as well. 🥂

Feross is back with a brand new web app for us to pick apart! Wormhole is the fastest way to send files on the internet and we want to know why he built it, how it works, and what crazy hacks he invented along the way.

Yulia Startsev from Mozilla’s SpiderMonkey team joins Jerod & Feross to talk compilers, going back to get your Master’s, making decisions as a group, process of shepherding a feature through TC39, how Firefox actually works, and LavaMoats. Yes, LavaMoats.

Ever wanted a language like JavaScript, but without the warts, with a great type system, and with a lean build toolchain that doesn’t waste your time?

Patrick Ecker from the ReScript Association sits down with Jerod and Feross to tell us all about this “JavaScript-like language you have been waiting for”.

KBall, Amal, and Feross are joined by special guest Jenn Creighton to talk about all things Apollo. How does Apollo fit into the GraphQL ecosystem, what’s the next big thing, and when would you choose to use it?

Jerod & Feross learn all about htmx (a pragmatic approach to web frontends) and _hyperscript (an experimental scripting language inspired by HyperTalk) with special guest Carson from Big Sky Software. Thanks to Rajasegar Chandran for requesting this episode!

Our debate format returns! Divya & Feross take the “Nope” side while Amal & Nick represent the “Yep”s. Whose side will you take?

Tailwind CSS creator Adam Wathan joins Jerod, Nick, & Feross for an in-depth discussion of his trending utility-first CSS framework. We cover why everyone complains about CSS, how Tailwind began and how it gained popularity, how developers use with Tailwind and integrate it into their workflows, and how Adam has managed to build a business around the project. Thanks, Bette Midler!

Jerod assembles a team of WebRTC experts (Suz, Feross, Mikeal) for a deep, deep dive on this practically-ubiquitous yet still-complicated web API.

We review its history, share really cool applications using the tech, provide an excellent primer on what you need to know about it, and details some production gotchas. ALSO we celebrate how Feross single-handedly “upgraded the internet”! 🙌

Did you know Feross taught Web Security at Stanford last Fall? On this episode, Divya and Nick enroll in his security school to learn about XSS, CSP, ambient authority, and a whole lot more.