Tootfinder

🥳 New Kitten Release!
🚨 Breaking change: You can now add arbitrary JavaScript in script blocks in Kitten Markdown Pages front-matter (and the imports property is gone).
You can also use JavaScript string interpolation and all special Kitten tags (e.g., conditional tags, etc.) in Kitten Markdown Pages.
📦 https://kitten.small-web.org

17 New(ish) Vanilla JavaScript Features You Might Have Missed
JavaScript: the language many love to hate. Yeah, we've all seen the memes about its quirks and limitations. Maybe that's why we slap a whole typing system on top of it. And add one, two, or... ten thousand npm packages into our apps.
🧑‍💻

17 New(ish) Vanilla JavaScript Features You Might Have Missed
JavaScript: the language many love to hate. Yeah, we've all seen the memes about its quirks and limitations. Maybe that's why we slap a whole typing system on top of it. And add one, two, or... ten thousand npm...

The Hidden DNA of LLM-Generated JavaScript: Structural Patterns Enable High-Accuracy Authorship Attribution
Norbert Tihanyi, Bilel Cherif, Richard A. Dubniczky, Mohamed Amine Ferrag, Tam\'as Bisztray
https://arxiv.org/abs/2510.10493

The Hidden DNA of LLM-Generated JavaScript: Structural Patterns Enable High-Accuracy Authorship Attribution
In this paper, we present the first large-scale study exploring whether JavaScript code generated by Large Language Models (LLMs) can reveal which model produced it, enabling reliable authorship attribution and model fingerprinting. With the rapid rise of AI-generated code, attribution is playing a critical role in detecting vulnerabilities, flagging malicious content, and ensuring accountability. While AI-vs-human detection usually treats AI as a single category we show that individual LLMs le…

OBsmith: Testing JavaScript Obfuscator using LLM-powered sketching
Shan Jiang, Chenguang Zhu, Sarfraz Khurshid
https://arxiv.org/abs/2510.10066 https://arx…

OBsmith: Testing JavaScript Obfuscator using LLM-powered sketching
JavaScript obfuscators are widely deployed to protect intellectual property and resist reverse engineering, yet their correctness has been largely overlooked compared to performance and resilience. Existing evaluations typically measure resistance to deobfuscation, leaving the critical question of whether obfuscators preserve program semantics unanswered. Incorrect transformations can silently alter functionality, compromise reliability, and erode security-undermining the very purpose of obfusc…

Spotted this book on a trip to #PowellsBooks this afternoon, and as a self-proclaimed #JavaScript hater I’m genuinely curious to read it.
Will I suddenly turn into a fan? Perhaps not. But even a hater has a thing or two to learn.

I want to intercept Boolean coercion for objects in JavaScript: https://www.zachleat.com/web/boolean-coercion/

Worked on some more #Gentoo global #jobserver goodies today.
Firstly, Portage jobserver support patch: #PyTest jobs will also be counted towards total job count.
Again, it's not a perfect solution, but it works reasonably. The plugin still starts -n jobs as specified by the arguments, but it acquired job tokens prior to executing every test, therefore delaying actual testing until tokens are available. It doesn't seem to cause noticeable overhead either.

I wish there was a #JavaScript / #TypeScript package manager that behaved more like #RustLang's cargo. Specifically, in a workspace of many inter-dependent packages, I only want to f…

🥳 JavaScript Database (JSDB) version 6.1.4 released:
• Adds TypeScript type definitions
Been meaning to do this for a while and finally got round to it :)
https://codeberg.org/small-tech/jsdb#javascript-database-jsdb

jsdb
A zero-dependency, transparent, in-memory, streaming write-on-update JavaScript database for the Small Web that persists to a JavaScript transaction log.

»Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack:
Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated effort.«
How do you check if the JavaScript libraries and their libraries on which they are based are now safe?!??
🧑‍💻

Over 46,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack
A mysterious npm worm published 46K fake packages in a two-year spam campaign, exposing major security gaps.