Tootfinder

Me: I’ll just add seamless Markdown support into HTML using JavaScript template strings, how hard could it be?
Markdown: Let me just change the order of the source and link text in links. And footnotes? You hadn’t thought about how footnotes alter source order had you, chum?

Got all of the editable fields wired up and working along with the saves block finished. Things are coming along...
#pathfinder2e #characterSheet #javascript

I scored 6/28 onand all I got was this lousy text to share on social media.
new Date("wtf")
https://jsdate.wtf
> How well do you know JavaScript's Date class?

The many, many, many #JavaScript runtimes of the last decade
https://buttondown.com/whatever_jamie/archive/the-many-many-many-…

@… @… @… hmm… I wouldn’t trade a build step for a JavaScript server runtime dependency, long…

it’s annoying that web devs are no longer able to analyse their web server access logs
instead they install javascript spyware, hand over all their user data to surveillance direct marketing firms, slap a cookie consent banner on it, and pretend this is ok

Today is my manager’s last day, as his final move, he suggested I try to argue *for* the use of JavaScript for once.
What a fucking troll.

truly wtf: https://jsdate.wtf/
i managed 10/28 - but some points by accident.
how can anyone take js seriously with things like this?

new Date("wtf")
How well do you know JavaScript's Date class?

1935: birth
1955: fresh out of college, first job writing IBM 701 assembler
1965: independent COBOL contractor
1975: buys an Altair after attending a Homebrew meeting, gets into BASIC
1985: unboxes IBM PC, inserts Turbo Pascal diskette
1995: learns HTML and JavaScript, publishes first home page
2005: retired, first steps in Python and Ruby, starts blog
2015: publishes mobile apps written in Objective-C and Java, starts podcast
2025: at age 90, vibe cod…

I'm sorry DuckDuckGo but it looks like you are force feeding your users with Microsoft JavaScript.
You see M$ doesn't give a **** about you.
THEY DON'T TRUST YOU...and that's why they are giving you THEIR JAVASCRIPT.
When serving an ad you could make the ad be natural as part of your web page...
that way I won't have to "accept ads"...I mean if I ALREADY accept your webpage.
EMBED YOUR ADS
Is this a tech problem? I think this …

DOGE is still slashing government contracts, with around $2.2 billion in cyber contracts cut through August 2025.
Check out today's Metacurity for more on which contracts have been cut and other top infosec developments you should know, including
--18 popular JavaScript code packages were compromised by malware,
--WhatsApp former security chief accuses Meta of security and privacy flaws,
--Treasury sanctions Myanmar and Cambodia scam businesses and people,
--IC…

DOGE has slashed government cyber contracts by $2.2 billion so far
18 popular JavaScript code packages compromised by malware, WhatsApp ex-security chief accuses Meta of security and privacy flaws, Treasury sanctions Myanmar & Cambodia scam workers and firms, ICE is spending $4m on facial to hunt for cop assaulters, Hacked Boris Johnson files leaked, much more

#gleam on JavaScript is a bad fit, will give #PureScript a go, Haskell but with the huge npm ecosystem. How purescript’s ffi handles will be a deciding factor.
#functionalprogramming

You no longer need #JavaScript
https://www.osnews.com/story/143246/you-no-longer-need-javascript/

JavaScript broke the web (and called it progress) #JavaScript

JavaScript broke the web (and called it progress)
We replaced simple websites with complex apps nobody asked for. Now it takes a complex build pipeline just to change a headline.

Day 16
Just published a deep dive into building a secure login page with Next.js, NestJS, JWT, and PostgreSQL.
- Email verification
- Role-based access control
- Subscription enforcement
- Token decoding in frontend
- SQL-level inserts for system roles
Includes full code snippets and explanation of the entire flow.
Perfect if you're working on full-stack apps with JavaScript, TypeScript, and SQL.

Empirical Security Analysis of Software-based Fault Isolation through Controlled Fault Injection
Nils Bars, Lukas Bernhard, Moritz Schloegel, Thorsten Holz
https://arxiv.org/abs/2509.07757

Empirical Security Analysis of Software-based Fault Isolation through Controlled Fault Injection
We use browsers daily to access all sorts of information. Because browsers routinely process scripts, media, and executable code from unknown sources, they form a critical security boundary between users and adversaries. A common attack vector is JavaScript, which exposes a large attack surface due to the sheer complexity of modern JavaScript engines. To mitigate these threats, modern engines increasingly adopt software-based fault isolation (SFI). A prominent example is Google's V8 heap sandbo…

How well do you understand JavaScript's new Date() constructor?
I got 14/28 and am proud of my 50%. (I'm much better at GNU date strings.) JS is weird here.
https://infosec.exchange/@mttaggart/114836398373838158

Regular reminder that SVG can include javascript. (Not SVG Tiny, though.)
https://arstechnica.com/security/2025/08/adult-sites-use-malicious-svg-files-to-rack-up-likes-on-facebook/

Adult sites are stashing exploit code inside racy .svg files
Running JavaScript from inside an image? What could possibly go wrong?

from my link log —
Why are 2025/05/28 and 2025-05-28 different days in JavaScript?
https://brandondong.github.io/blog/javascript_dates/
saved 2025-05-29

A utility for posting across multiple social networks at once.
https://github.com/humanwhocodes/crosspost

Oh, if you are using NPM for your Javascript maybe don't push to production and revert things a bit? What a mess...
#javascript

Any good resources out there on building secure (but easy for someone who’s messing with javascript/typescript for the 1st time) login systems with nodejs and postgresql?
I think I’ve seen someone on fedi mention that bcrypt wasn’t really safe a while ago?
#nodejs

I do think the results of the above (even with a small sample) suggest that there is a big expectations mismatch in how security issues are communicated in the JavaScript ecosystem

And yet another day I'm glad I don't write code using JavaScript...

J'ai découvert l'outil de build Javascript avec cache remote nommé "nx"
#TIL

Yeah. I always find electron/chromium sus. https://infosec.exchange/@trailofbits/115147020192205039

Trail of Bits (@trailofbits@infosec.exchange)
Attached: 1 image We built local backdoors for Signal, 1Password & Slack through V8 heap snapshot tampering (CVE-2025-55305). Method: Replace v8_context_snapshot.bin files with versions that override JavaScript builtins. When apps call Array.isArray(), malicious code executes. Works because integrity checks ignore these "non-executable" files that actually contain executable JavaScript. Impact: Nearly every Chromium-based app is vulnerable. https://blog.trailofbits.com/2025/09/03/subverting-…

A look at various responses to AI firms' scraping, like open source Anubis that uses cryptographic JavaScript challenges, Cloudflare's "link mazes", and more (Emanuel Maiberg/404 Media)
https://www.404media.co/the-open-source-so

The Open-Source Software Saving the Internet From AI Bot Scrapers
Anubis, which block AI scrapers from scraping websites to death, has been downloaded almost 200,000 times.

A look at various responses to AI firms' scraping, like open source Anubis that uses cryptographic JavaScript challenges, Cloudflare's "link mazes", and more (Emanuel Maiberg/404 Media)
https://www.404media.co/the-open-source-so

The Open-Source Software Saving the Internet From AI Bot Scrapers
Anubis, which block AI scrapers from scraping websites to death, has been downloaded almost 200,000 times.

I haven’t added an example of how you implement migrations with Kitten’s¹ built-in JSDB database² yet but here’s one that I just used when renaming a field (property) in a table (JavaScript object) from “account” to “data” that illustrates the general granular approach you should take within persisted instances of JavaScript classes.
This is, of course, an advanced use case of the built-in JavaScript database that all Kitten apps have.
Kitten is simple for simple use cases. So ch…

Anubis verifies that any visitor to a site is a human using a browser as opposed to a bot.
🍿One of the ways it does this is by making the browser do a type of cryptographic math with JavaScript or other subtle checks that browsers do by default but bots have to be explicitly programmed to do.
This check is invisible to the user, and most browsers since 2022 are able to complete this test.
In theory, bot scrapers could pretend to be users with browsers as well, but the ad…

The Open-Source Software Saving the Internet From AI Bot Scrapers
Anubis, which block AI scrapers from scraping websites to death, has been downloaded almost 200,000 times.

I have to give credit to the @… community. Any issue I enter into GitHub gets an almost immediate response that helps me solve my problems. #javascript #website

The Pathfinder 2E character sheet continues. The current "components" are all now linked to actual character sheet data. The skill functions all do what they're supposed to including some interesting edge cases. The ability scores can be edited, and the sheet auto-updates which took longer than it should have. I'm still not a fan of JavaScript/Vue though.
#programming

This morning, for the first time ever, I asked an #LLM to translate a snippet of code for me, from #Javascript to #ClojureScript. It got it wrong, but it got enough of it right that it saved me some time…

🎞️ Anime.js v4 is a lightweight JavaScript animation library with a simple, yet powerful API
#javascript #web

Anime.js | JavaScript Animation Engine
A fast and versatile JavaScript animation library

Exploring React Library Related Questions on Stack Overflow: Answered vs. Unanswered
Vanesya Aura Ardity, Yusuf Sulistyo Nugroho, Syful Islam
https://arxiv.org/abs/2507.04390

Exploring React Library Related Questions on Stack Overflow: Answered vs. Unanswered
React is a popular JavaScript framework in modern web application development. Due to its high performance and efficiency, many developers use this framework. Although React library offers many advantages, it is not without its challenges. When using React library, developers often face problems where they often seek solutions through question-and-answer forums, such as Stack Overflow (SO). However, despite its high popularity, many React-related questions on SO remain unanswered. Thus, this st…

I'd like to publish conference proceedings as epub rather than pdf, as they're more accessible, can include videos etc. They're basically standardised bundles of HTML as far as I can tell, that can be downloaded onto ereaders etc.
However, web browsers can't natively read them, and I somehow can't find a nice and simple, fast and useable javascript thingie for making them readable online. Does it exist?
Every time I look into this sort of thing I don't und…

@… “needed to implement our own find-in-page” is a compound code smell that tattles on the previous stink of “we should be rendering this on the server side, but here’s some fancy javascript instead”.

Für ein paar gepflegte WTF-Momente.
#javascript

Fuck marketing. And the post is conveniently silent about the problem of a hundred tracking pixels on most commercial sites, but this is quite good:
https://www.jonoalderson.com/conjecture/javascript-broke-the-web-and-called-it-progress/

#JavaScript: “What's your birth date?”
Me: “Maybe 1?”
JavaScript: “Okay, so it's 1 May 2001”
https://jsdate.wtf/

Mitsuharu Yamamoto’s Emacs Mac port provides the ‘mac-osa-script’ function, which allows you to use JavaScript to control Mac apps using JavaScript (JXA), in addition to AppleScript.
Some years ago, I made a small package to insert links from Mac apps into Emacs, inspired by grab-mac-link, but simpler, in part due to using JXA.
Today I finally took some time to add documentation. If you use the Emacs Mac port, maybe it’s of interest.

Mitsuharu Yamamoto’s Emacs Mac port provides the ‘mac-osa-script’ function, which allows you to use JavaScript to control Mac apps using JavaScript (JXA), in addition to AppleScript.
Some years ago, I made a small package to insert links from Mac apps into Emacs, inspired by grab-mac-link, but simpler, in part due to using JXA.
Today I finally took some time to add documentation. If you use the Emacs Mac port, maybe it’s of interest.

Mitsuharu Yamamoto’s Emacs Mac port provides the ‘mac-osa-script’ function, which allows you to use JavaScript to control Mac apps using JavaScript (JXA), in addition to AppleScript.
Some years ago, I made a small package to insert links from Mac apps into Emacs, inspired by grab-mac-link, but simpler, in part due to using JXA.
Today I finally took some time to add documentation. If you use the Emacs Mac port, maybe it’s of interest.

"But good DX doesn’t guarantee good UX. In fact, it’s often the opposite. Because the more comfortable we make things for developers, the more abstraction we add. And every abstraction creates distance between the thing being built and the people it’s for."
https://www.jon…

JavaScript broke the web (and called it progress)
We replaced simple websites with complex apps nobody asked for. Now it takes a complex build pipeline just to change a headline.

@…
That "immediate run" really just implies an interpreted language. Python is a great example and probably a closer match than my JavaScript example.

Good to know that I have my dispute with Opera and Håkon Lie confirmed 20 years after. But would it really have meant that X-Forms would have widespread support ?
From: @…
https://

Crashing out at how poorly npm (Microsoft) is handling this security incident. Eleventy is not affected any more but *lots* of other tools in the JavaScript ecosystem are!
Hours later and the compromised package versions are still public…
Maybe don’t install anything from npm today, folks.

Breaking Obfuscation: Cluster-Aware Graph with LLM-Aided Recovery for Malicious JavaScript Detection
Zhihong Liang, Xin Wang, Zhenhuang Hu, Liangliang Song, Lin Chen, Jingjing Guo, Yanbin Wang, Ye Tian
https://arxiv.org/abs/2507.22447

Breaking Obfuscation: Cluster-Aware Graph with LLM-Aided Recovery for Malicious JavaScript Detection
With the rapid expansion of web-based applications and cloud services, malicious JavaScript code continues to pose significant threats to user privacy, system integrity, and enterprise security. But, detecting such threats remains challenging due to sophisticated code obfuscation techniques and JavaScript's inherent language characteristics, particularly its nested closure structures and syntactic flexibility. In this work, we propose DeCoda, a hybrid defense framework that combines large langu…

Routinely ignoring Dependabot requests pays off again, probably.
https://cyberplace.social/@GossiTheDog/115169390397282254

@… I was thinking of you when I just tried this AI prompt: “> spawn 5 agents using batchtool to replace the react webui with html/css with no javascript, remove all the react code and references, keep the same functionality and layout. “. I will let you know how it works out. It’s a throwaway app at this point anyway, but it it works I’ll keep it this way.…

`Old man yells at the javascript industrial complex` is one of my commit messages from yesterday.
Another is `fml` - things are going great!

In increasing order of silliness...
https://no-js.club/
https://nocss.club/

In light of the ongoing enshittification of #GitHub and the inevitable expansion to #npm, I'm delighted to see that although founded by the commercial entity behind #Deno,

Formal Verification for JavaScript Regular Expressions: a Proven Semantics and its Applications
Aur\`ele Barri\`ere, Victor Deng, Cl\'ement Pit-Claudel
https://arxiv.org/abs/2507.13091

Formal Verification for JavaScript Regular Expressions: a Proven Semantics and its Applications
We present the first mechanized, succinct, practical, complete, and proven-faithful semantics for a modern regular expression language with backtracking semantics. We ensure its faithfulness by proving it equivalent to a preexisting line-by-line embedding of the official ECMAScript specification of JavaScript regular expressions. We demonstrate its practicality by presenting two real-world applications. First, a new notion of contextual equivalence for modern regular expressions, which we use t…

Current status: taking a screenshot of a Javascript popup, then using AI to convert the image to text. All so I can copy a number out of a web page that some terrible UX designer decided to not present just as simple text on the page.

👀 Interesting #MastoDev

Should we teach vibe coding? Here's why not.
Should AI coding be taught in undergrad CS education?
1/2
I teach undergraduate computer science labs, including for intro and more-advanced core courses. I don't publish (non-negligible) scholarly work in the area, but I've got years of craft expertise in course design, and I do follow the academic literature to some degree. In other words, In not the world's leading expert, but I have spent a lot of time thinking about course design, and consider myself competent at it, with plenty of direct experience in what knowledge & skills I can expect from students as they move through the curriculum.
I'm also strongly against most uses of what's called "AI" these days (specifically, generative deep neutral networks as supplied by our current cadre of techbro). There are a surprising number of completely orthogonal reasons to oppose the use of these systems, and a very limited number of reasonable exceptions (overcoming accessibility barriers is an example). On the grounds of environmental and digital-commons-pollution costs alone, using specifically the largest/newest models is unethical in most cases.
But as any good teacher should, I constantly question these evaluations, because I worry about the impact on my students should I eschew teaching relevant tech for bad reasons (and even for his reasons). I also want to make my reasoning clear to students, who should absolutely question me on this. That inspired me to ask a simple question: ignoring for one moment the ethical objections (which we shouldn't, of course; they're very stark), at what level in the CS major could I expect to teach a course about programming with AI assistance, and expect students to succeed at a more technically demanding final project than a course at the same level where students were banned from using AI? In other words, at what level would I expect students to actually benefit from AI coding "assistance?"
To be clear, I'm assuming that students aren't using AI in other aspects of coursework: the topic of using AI to "help you study" is a separate one (TL;DR it's gross value is not negative, but it's mostly not worth the harm to your metacognitive abilities, which AI-induced changes to the digital commons are making more important than ever).
So what's my answer to this question?
If I'm being incredibly optimistic, senior year. Slightly less optimistic, second year of a masters program. Realistic? Maybe never.
The interesting bit for you-the-reader is: why is this my answer? (Especially given that students would probably self-report significant gains at lower levels.) To start with, [this paper where experienced developers thought that AI assistance sped up their work on real tasks when in fact it slowed it down] (https://arxiv.org/abs/2507.09089) is informative. There are a lot of differences in task between experienced devs solving real bugs and students working on a class project, but it's important to understand that we shouldn't have a baseline expectation that AI coding "assistants" will speed things up in the best of circumstances, and we shouldn't trust self-reports of productivity (or the AI hype machine in general).
Now we might imagine that coding assistants will be better at helping with a student project than at helping with fixing bugs in open-source software, since it's a much easier task. For many programming assignments that have a fixed answer, we know that many AI assistants can just spit out a solution based on prompting them with the problem description (there's another elephant in the room here to do with learning outcomes regardless of project success, but we'll ignore this over too, my focus here is on project complexity reach, not learning outcomes). My question is about more open-ended projects, not assignments with an expected answer. Here's a second study (by one of my colleagues) about novices using AI assistance for programming tasks. It showcases how difficult it is to use AI tools well, and some of these stumbling blocks that novices in particular face.
But what about intermediate students? Might there be some level where the AI is helpful because the task is still relatively simple and the students are good enough to handle it? The problem with this is that as task complexity increases, so does the likelihood of the AI generating (or copying) code that uses more complex constructs which a student doesn't understand. Let's say I have second year students writing interactive websites with JavaScript. Without a lot of care that those students don't know how to deploy, the AI is likely to suggest code that depends on several different frameworks, from React to JQuery, without actually setting up or including those frameworks, and of course three students would be way out of their depth trying to do that. This is a general problem: each programming class carefully limits the specific code frameworks and constructs it expects students to know based on the material it covers. There is no feasible way to limit an AI assistant to a fixed set of constructs or frameworks, using current designs. There are alternate designs where this would be possible (like AI search through adaptation from a controlled library of snippets) but those would be entirely different tools.
So what happens on a sizeable class project where the AI has dropped in buggy code, especially if it uses code constructs the students don't understand? Best case, they understand that they don't understand and re-prompt, or ask for help from an instructor or TA quickly who helps them get rid of the stuff they don't understand and re-prompt or manually add stuff they do. Average case: they waste several hours and/or sweep the bugs partly under the rug, resulting in a project with significant defects. Students in their second and even third years of a CS major still have a lot to learn about debugging, and usually have significant gaps in their knowledge of even their most comfortable programming language. I do think regardless of AI we as teachers need to get better at teaching debugging skills, but the knowledge gaps are inevitable because there's just too much to know. In Python, for example, the LLM is going to spit out yields, async functions, try/finally, maybe even something like a while/else, or with recent training data, the walrus operator. I can't expect even a fraction of 3rd year students who have worked with Python since their first year to know about all these things, and based on how students approach projects where they have studied all the relevant constructs but have forgotten some, I'm not optimistic seeing these things will magically become learning opportunities. Student projects are better off working with a limited subset of full programming languages that the students have actually learned, and using AI coding assistants as currently designed makes this impossible. Beyond that, even when the "assistant" just introduces bugs using syntax the students understand, even through their 4th year many students struggle to understand the operation of moderately complex code they've written themselves, let alone written by someone else. Having access to an AI that will confidently offer incorrect explanations for bugs will make this worse.
To be sure a small minority of students will be able to overcome these problems, but that minority is the group that has a good grasp of the fundamentals and has broadened their knowledge through self-study, which earlier AI-reliant classes would make less likely to happen. In any case, I care about the average student, since we already have plenty of stuff about our institutions that makes life easier for a favored few while being worse for the average student (note that our construction of that favored few as the "good" students is a large part of this problem).
To summarize: because AI assistants introduce excess code complexity and difficult-to-debug bugs, they'll slow down rather than speed up project progress for the average student on moderately complex projects. On a fixed deadline, they'll result in worse projects, or necessitate less ambitious project scoping to ensure adequate completion, and I expect this remains broadly true through 4-6 years of study in most programs (don't take this as an endorsement of AI "assistants" for masters students; we've ignored a lot of other problems along the way).
There's a related problem: solving open-ended project assignments well ultimately depends on deeply understanding the problem, and AI "assistants" allow students to put a lot of code in their file without spending much time thinking about the problem or building an understanding of it. This is awful for learning outcomes, but also bad for project success. Getting students to see the value of thinking deeply about a problem is a thorny pedagogical puzzle at the best of times, and allowing the use of AI "assistants" makes the problem much much worse. This is another area I hope to see (or even drive) pedagogical improvement in, for what it's worth.
1/2

I'm a Senior #Software Engineer with 20 years of professional experience.
I'm based in the USA and looking for #remote work.
I have primarily worked with web technologies such as #JavaScript

from my link log —
Apache ECharts: a JavaScript data visualization / graphing library.
https://echarts.apache.org/
saved 2025-08-05 https://

„Sie haben eine JavaScript Library erfunden mit so vielen dependencies das sie ein Bewusstsein entwickelt hat.”
— @…

🔧 Better-T Stack solves #JavaScript fatigue by providing ready-to-use tech combinations through an interactive CLI. Choose from #Svelte, #SvelteKit,

@… a javascript framework to toggle tailwind classes dynamically

CASCADE: LLM-Powered JavaScript Deobfuscator at Google
Shan Jiang, Pranoy Kovuri, David Tao, Zhixun Tan
https://arxiv.org/abs/2507.17691 https://

CASCADE: LLM-Powered JavaScript Deobfuscator at Google
Software obfuscation, particularly prevalent in JavaScript, hinders code comprehension and analysis, posing significant challenges to software testing, static analysis, and malware detection. This paper introduces CASCADE, a novel hybrid approach that integrates the advanced coding capabilities of Gemini with the deterministic transformation capabilities of a compiler Intermediate Representation (IR), specifically JavaScript IR (JSIR). By employing Gemini to identify critical prelude functions,…

Q: why is javascript an ideal language for BPD girls?
A: it has an event for unhandled rejection of a promise

NextJS is a tool of the fascists… did not see that one coming. #javascript
https://americabydesign.gov/

America by Design
A National Design Studio Initiative

I've written my first little #Scittle app today, and I'm impressed. To be able to write in-browser code in #Clojure is so much nicer than #Javascript. I have some issues to fix and some enhancement…

TFW you build a site with @… and web platform standards (== semantic HTML, modern CSS, a little bit of JavaScript, and a dash of ARIA) and you look at Lighthouse for the first time …
Looks like industry best practices actually work. (Sorry for using my platform to ruin anyone’s day. 🥰) 🍋

Honestly the worst thing about AI and the main reason we should get rid of it is the endless discourse of it is “useful” or not.
I’d like to have Internet arguments about flat vs skeuomorphic design or which JavaScript framework is best or how Jony Ive says “Aluminium” again.

Finally getting around to playing with Typescript. Initial thoughts, I'm not sure how much value it really has over plain Javascript. I want to think it adds value, but I'm not sure that it does for the little i want to do with either. It "feels" better having types assigned, but the rare times I'm writing Javascript I'm thinking in types anyway and not really using libraries, plus always trying to go as minimal as possible. So I kind of doubt I'm catching many …

@…
BASIC was the FAFO language of the 1980's. A beginner could pretty easily create something that worked but it lacked a lot of the advanced features that "real programmers" used.
I think that language is something different for today. Not sure what but probably something like JavaScript.

lol. All the vercel express examples LIE! This branch of Tvmarks does not serve express routes. Instead it just serves the raw javascript as plaintext.
https://github.com/stefanhayden/tvmarks/tree/vercel-setup

vitalics/rslike: Rust-like but for TypeScript/JavaScript
https://github.com/vitalics/rslike

GeoJSEval: An Automated Evaluation Framework for Large Language Models on JavaScript-Based Geospatial Computation and Visualization Code Generation
Guanyu Chen, Haoyue Jiao, Shuyang Hou, Ziqi Liu, Lutong Xie, Shaowen Wu, Huayi Wu, Xuefeng Guan, Zhipeng Gui
https://arxiv.org/abs/2507.20553

GeoJSEval: An Automated Evaluation Framework for Large Language Models on JavaScript-Based Geospatial Computation and Visualization Code Generation
With the widespread adoption of large language models (LLMs) in code generation tasks, geospatial code generation has emerged as a critical frontier in the integration of artificial intelligence and geoscientific analysis. This trend underscores the urgent need for systematic evaluation methodologies to assess LLMs generation capabilities in geospatial contexts. In particular, geospatial computation and visualization tasks in JavaScript environments rely heavily on orchestrating diverse fronten…

What’s the difference between ordinary functions and arrow functions in JavaScript?
Arrow functions (also known as ‘rocket’ functions) are concise and convenient. However, they have subtle differences compared to function declarations and function expressions. So how do you know which one to use, and when?
🧑‍💻

What’s the difference between ordinary functions and arrow functions in JavaScript?
Arrow functions (also known as ‘rocket’ functions) are concise and convenient. However, they have subtle differences compared to function declarations and function expressions. So how do you know which one to use, and when?

JsDeObsBench: Measuring and Benchmarking LLMs for JavaScript Deobfuscation
Guoqiang Chen, Xin Jin, Zhiqiang Lin
https://arxiv.org/abs/2506.20170 https://…

JsDeObsBench: Measuring and Benchmarking LLMs for JavaScript Deobfuscation
Deobfuscating JavaScript (JS) code poses a significant challenge in web security, particularly as obfuscation techniques are frequently used to conceal malicious activities within scripts. While Large Language Models (LLMs) have recently shown promise in automating the deobfuscation process, transforming detection and mitigation strategies against these obfuscated threats, a systematic benchmark to quantify their effectiveness and limitations has been notably absent. To address this gap, we pre…

Saw this "Followed hashtags" collapsible list on mastodon.social (v4.4.0 nightly), wondering how long the list of hashtags will be.
Turns out it's hard-coded to 4 🤷‍♂️
- Initial PR: https://github.com/mastodon/mastodon/p

Coming soon (likely this afternoon, I’m writing tests and docs and updating examples as we speak)…
This is the sort of thing you’ll be able to do with Markdown pages. Just pop any arbitrary JavaScript you want in the new script block in the front matter and then import and use components as well as plain old JavaScript tagged template variable interpolation (not shown in this example) inside your Markdown.
The screen has all the code (sans the end of the last line of CSS and the…

i have made an upsetting discovery
i might have to implement "cooked terminal" support in javascript

• 🔧 Extensible architecture via #PHP and #JavaScript plugins with lazy loading capabilities for performance
• 🎨 Visual #CMS functionality enabling live website content editing and drag & dr…

Call Me Maybe: Enhancing JavaScript Call Graph Construction using Graph Neural Networks
Masudul Hasan Masud Bhuiyan, Gianluca De Stefano, Giancarlo Pellegrino, Cristian-Alexandru Staicu
https://arxiv.org/abs/2506.18191

Call Me Maybe: Enhancing JavaScript Call Graph Construction using Graph Neural Networks
Static analysis plays a key role in finding bugs, including security issues. A critical step in static analysis is building accurate call graphs that model function calls in a program. However, due to hard-to-analyze language features, existing call graph construction algorithms for JavaScript are neither sound nor complete. Prior work shows that even advanced solutions produce false edges and miss valid ones. In this work, we assist these tools by identifying missed call edges. Our main idea i…

from my link log —
yeri: JavaScript library for graphing timeseries data into an SVG.
https://code.lag.net/robey/yeri/
saved 2025-06-06 https://…

yeri
javascript library for graphing timeseries data into an SVG

Today I created a new Pull Request on GitHub, copied the URL out of the address bar, and pasted into our dev chat.
The URL I pasted is not the URL I intended to copy, but it was instead a URL I’d viewed earlier this morning. I don’t know which part failed here.
Was it the new GitHub-only-cares-about-AI terrible User Interface trying to be clever about address rewrites in their garbage JavaScript-pretending-to-be-a-web-page?
Or maybe it was Orion, a browser I wish I didn’t t…

The Real Cost of Poor #Documentation for Developers
https://andiku.com/blog/the-real-cost-of-poor-documentation-for-developers

Has anyone written a passkey web component with vanilla JavaScript?

from my link log —
Linear-time matching of JavaScript regular expressions.
https://dl.acm.org/doi/10.1145/3656431
saved 2025-07-16 https://

🥳 New Kitten Release
• Improved Markdown parser
Kitten’s JavaScript tagged template strings (`kitten.html`) no longer fail to render as expected when interpolated values are used inside of Markdown where the Markdown render changes source order.
So, for example, the following will now work correctly, whereas, previously, the link source and link text would have been erroneously flipped:
kitten.html`
<markdown>
[${linkText}](${linkSource})
…

app/CHANGELOG.md at main
app - A web development kit that’s small, purrs, and loves you.

It’s kind of wild that every JavaScript dependency now requires some kind of build tool or package management.

from my link log —
Nearley.js: a toolkit for parsers written in JavaScript.
https://nearley.js.org/
saved 2025-06-22 https://dotat.at/:/TV…

JS-TOD: Detecting Order-Dependent Flaky Tests in Jest
Negar Hashemi, Amjed Tahir, Shawn Rasheed, August Shi, Rachel Blagojevic
https://arxiv.org/abs/2509.00466 https://

JS-TOD: Detecting Order-Dependent Flaky Tests in Jest
We present JS-TOD (JavaScript Test Order-dependency Detector), a tool that can extract, reorder, and rerun Jest tests to reveal possible order-dependent test flakiness. Test order dependency is one of the leading causes of test flakiness. Ideally, each test should operate in isolation and yield consistent results no matter the sequence in which tests are run. However, in practice, test outcomes can vary depending on their execution order. JS-TOD employed a systematic approach to randomising tes…

Today I learned that regular expressions have a size limit and you get a “regular expression too large” error if you go over it.
Still trying to find some definitive documentation on what that size limit is in v8/latest Node.js.
#web #dev

One more entry in my epic date parsing adventure. I’ve shipped a breaking change to this library to ensure that all valid date strings supported in Eleventy v4 will be RFC 9557-compatible, ensuring friendliness with the standardized Temporal APIs coming to a JavaScript runtime near you. Our full test suite runs against both!
Read (a little) more:

from my link log —
ohm: a JavaScript library and PEG-based language for building parsers.
https://github.com/harc/ohm
saved 2021-03-27 https://

GitHub - ohmjs/ohm: A library and language for building parsers, interpreters, compilers, etc.
A library and language for building parsers, interpreters, compilers, etc. - ohmjs/ohm

is it too much to ask that a software dependency be:
1. fast
2. permissive open-source licensed
3. lightweight in bundle cost
4. lightweight in installation size
5. well-maintained
6. accurate
7. able to run in all of the marginally different JavaScript runtimes
8. human sourced to avoid ethical and future copyright issues with AI
9. use modern APIs and without vestigial polyfill bloat
10. use best progressive enhancement and accessibility p…

@… Temporal seems to use RFC 9557 which is a much stricter date format https://developer.mozilla.org/en-US/do

from my link log —
Bluefishjs: a diagram drawing framework for JavaScript.
https://bluefishjs.org/
saved 2025-04-25 https://dotat.at/:/FCG…

@… I did look through those APIs and it looks like they parse RFC 9557 which is less forgiving https://developer.mozilla.org/en-US/…

blast from the past
“In order to see this content you need to have both Javascript enabled and Flash installed. Visit BBC Webwise for full instructions”
“Bookmark this page: delicious Digg Reddit Stumbleupon facebook”
https://www.bbc.co.uk/wrongdoor/html/video