pnpm hits level 10

Issue #358.January 13, 2025.2 Minute read.
Bytes

Today’s issue: How Rust helped me get published by the Harvard Business Review, an unexpected React reveal, and a deep dive on Node.js type stripping that’s (mostly) safe for work.

Welcome to #358.

Eyeballs logo

The Main Thing

A parakeet riding a tech deck skateboard

How it feels using pnpm to download is-odd

pnpm hits level 10

As an adult, it’s important to master the skill of subtly letting other people know that you’re better than them. Here are a few helpful phrases that always work for me:

  • “I loved Nosferatu and definitely didn’t fall asleep during it at all.”
  • “My 3-star Google review of the local Jersey Mike’s is up to 943 views now.”
  • “I always use pnpm, because I really value my employer’s time.”

But that last one is becoming less of a flex these days because it feels like everybody is jumping on the pnpm bandwagon. Their weekly downloads are up almost 7x in the past two years to a whopping 18 million per week – 3.5x more than Yarn.

And they just released pnpm 10 last week, which comes with a few nice upgrades:

  • Dependencies’ lifecycle scripts are no longer executed during installation by default. This change improves security and should hopefully decrease the insane number of supply chain attacks you read about on a daily basis.

  • The pnpm link command now adds overrides to the root package.json. This centralizes dependency management and makes sure that linked dependencies are consistently applied across all projects in a workspace.

  • Various hashing algorithms were updated to SHA256 – which is not the name of a line dance from the ’70s, but is actually the name of a cryptographic hash function. This change should enhance security and consistency for hashing inside node_modules/.pnpm, lockfile keys, and more.

Bottom Line: If you’re still looking for a way to sound smart and fun at dinner parties, I’d recommend starting a long conversation about your top-10 favorite cryptographic hashing algorithms. People always love it when I do that.

        
Sentry logo

Our Friends
(With Benefits)

A judge wearing a VR headset

Sentry catching all the bugs I copy-pasted from ChatGPT

Performance monitoring your team will *actually* use

To your users, slow and buggy code are the same thing. That’s why Sentry helps you find bugs fast, even the non-obvious ones.

It automatically detects all bugs and perf issues – and it tells you the exact root-cause of the problem and shows you where it lies in your application code.

This helps you do satisfying stuff like:

  • Cut chunks of time off bad API calls

  • Eliminate extremely costly, unnecessarily frequent, or slow DB operations

  • Reduce TTFB (see this how-to guide for more)

  • Uncover the source of a traffic spike in minutes

See for yourself – because whether it’s an error or a slowdown, Sentry can help you fix issues fast and keep your app running smoothly.

Spot the Bug logo

Spot the Bug

Sponsored by Rainforest QA

They just launched The State of Software Test Automation in the Age of AI, which surveyed 625 developers to try and figure out if AI is *actually* speeding up testing workflows.

<main>
  <form onsubmit="handleSubmit(event)">
    <fieldset>
      <label for="name">Name:</label>
      <input type="text" name="name" value="Tyler"  />
      <label for="age">Age:</label>
      <input type="number" name="age" value="33" />
      <button>Submit</button>
    </fieldset>

  <hr />

  <form onsubmit="handleSubmit(event)">
    <fieldset>
      <label for="company">Company:</label>
      <input type="text" name="company" value="ui.dev"  />
      <label for="employees">Employees:</label>
      <input type="number" name="employees" value="33" />
      <button>Submit</button>
    </fieldset>
  </form>

  <script>
    function handleSubmit(event) {
      event.preventDefault();
      const formData = new FormData(event.target);
      alert([...formData.entries()]);
    }
  </script>
</main>
Cool Bits logo

Cool Bits

  1. Matt Perry wrote about the big reveal of React’s experimental animations API. Spoiler alert: view transitions were dead the whole time.

  2. MindStudio created a platform for building and deploying serverless AI functions that would be very difficult/impossible to write with code. And they just launched a new feature that lets you auto-generate entire AI workflows from a text prompt – you just tell it what you want the AI worker to do, and it’ll build all the inputs, functions, and integrations for you. [sponsored]

  3. Marco Ippolito wrote everything you need to know about Node.js type stripping, and thankfully, he keeps things PG.

  4. Steph Ango (CEO of Obsidian) just released Flexoki 2.0, which describes itself as “an inky color scheme for prose and code.” Sometimes it’s nice to feel a little inky.

  5. Anthony Fu wrote about why he uses Epoch Semantic Versioning for all his open-source projects. It’s the same reason I always version my projects starting with the Mesozoic Era.

  6. Godspeed is a new todo manager that’s 100% keyboard-driven and super fast (every interaction in <50ms). It comes with full offline support and a bunch of thoughtful hotkeys you can customize. [sponsored]

  7. Dr. Axel wrote about Import Attributes, a stage-4 JavaScript feature proposal that should be added to the Spec later this year.

  8. Neal created Stimulation Clicker, a fun micro-site that will help you experience what it feels like to be an average 12 year old in 2025. My central nervous system is still recovering.

  9. Doug Lowder wrote about his experience rebuilding a 10 year old iOS app with Expo.

  10. Luca Ardito published an academic paper about how micro-frontends and server components could cause a paradigm shift in the architecture of modern enterprise apps. I’m still waiting to hear back from the Harvard Business Review on the article I submitted called, “The Salad Fingers Psy-Op: How to raise millions in VC by rewriting a popular open-source library in Rust.”

Spot the Bug logo

Spot the Bug: Solution

Sponsored by Rainforest QA

The first form is missing a closing </form> tag. As a result, all of the inputs that follow it in the document are included in handle submit event. To fix this we can just add the closing tag and each form will submit independently.

<main>
  <form onsubmit="handleSubmit(event)">
    <fieldset>
      <label for="name">Name:</label>
      <input type="text" name="name" value="Tyler" />
      <label for="age">Age:</label>
      <input type="number" name="age" value="33" />
      <button>Submit</button>
    </fieldset>
  </form>

  <hr />

  <form onsubmit="handleSubmit(event)">
    <fieldset>
      <label for="company">Company:</label>
      <input type="text" name="company" value="ui.dev" />
      <label for="employees">Employees:</label>
      <input type="number" name="employees" value="33" />
      <button>Submit</button>
    </fieldset>
  </form>

  <script>
    function handleSubmit(event) {
      event.preventDefault();
      const formData = new FormData(event.target);
      alert([...formData.entries()]);
    }
  </script>
</main>