Mikeal and Chris welcome (back) special guest Fred K. Schott, who you may recall from our episode on Pika. This time, we’re talking ESM: what it is, what’s new about it, why it’s the future, writing libraries with it, and much more.
Jerod and Divya welcome npm CTO Ahmad Nassri to discuss modular architecture. What it is, why it matters, and how you can achieve it. Ahmad has been thinking deeply about this topic lately and we have a very fruitful discussion that should have takeaways for developers of all experience levels.
Jerod, Feross, and Nick discuss the latest npm security fiasco, opine on the strengths and weaknesses of spreadsheets, explain CORS like they’re 5 (sorta), and give shout outs to deserving purveyors of fine software.
Adam and Jerod talk with Dominic Tarr, creator of event-stream, the IO library that made recent news as the latest malicious package in the npm registry. event-stream was turned malware, designed to target a very specific development environment and harvest account details and private keys from Bitcoin accounts.
They talk through Dominic’s backstory as a prolific contributor to open source, his stance on this package, his work in open source, the sequence of events around the hack, how we can and should handle maintainer-ship of open source infrastructure over the full life-cycle of the code’s usefulness, and what some best practices are for moving forward from this kind of attack.
Jerod, Nick, and Chris talk with Jeff Lembeck about his tweets, the people behind npm, the need for empathy, and things they’re excited about.