This is a doozy of an issue

June 29, 2023 By Mark Otto Off

A Massive Bug at the Heart of the npm Ecosystem“This is a doozy,” says the author, who used to work on the npm CLI team. We don’t want to spoil his story too much, but in short, package manifests and actual package contents don’t necessarily match up and this can be manipulated by bad actors and even trip up auditing tools.

Darcy Clarke

Useful DevTools Tips and Tricks — Having worked on both Firefox and Edge’s devtools, Patrick knows his stuff (and shares over 100 tips on his DevTools Tips site). Here, he shares his top 15.

Patrick Brosset (Microsoft)

Secure Application PII with a Simple API Call — Secure your app effortlessly. Shield sensitive data with minimal code using the Redact API. Use one API to redact PII, PHI, financial info, and profanity. Prioritize user safety and ensure a seamless experience. Keep it simple; keep it secure.


▶  The Cost of JavaScript in 2023 — Esteemed Googler and Web performance expert Addy Osmani always brings a full, holistic view of problems and solutions to his talks, and this is no exception. He talks about the various ways JS apps are delivered and rendered, the constraints of the hardware involved, and techniques you can use to keep things running smoothly.

Addy Osmani

💡 I know many readers dislike videos, but no word of a lie, this is a mini masterclass in numerous modern JS and webperf topics and worth saving for later.



  • Ember.js 5.0 – A framework that pre-dates React, is used all over the place, but that barely anyone seems to talk about (and they should).

  • styled-components 6.0 – Popular CSS styling approach for React components. There’s a migration guide for upgraders.

  • Remix 1.18.0 – The full stack framework gains big perf improvements and stabilizes its HMR/HDR-ready “new dev server” (explained).

  • esbuild 0.18.10 – It’s had several noteworthy enhancements in the past week so we’re linking to the page covering them all.

📒 Articles & Tutorials

An Introduction to Parser Combinators — Parsing is rarely exciting, but Varun has done a fantastic job of making an engaging tutorial for a dry, yet extremely useful, topic. This is the bare basics, but I hope we can encourage him to finish the series 🙂

Varun Ramesh

An Update on Next.js’s App Router Approach — The ‘app router’ in Next.js 13+ offers a new approach for structuring Next apps and is recommended for all new ones going forward (it became stable in Next.js 13.4 last month). This post provides a welcome update on how the project sees the feature evolving and how the team is continuing to integrate and collaborate with React generally.

Delba de Oliveira and Lee Robinson (Vercel)

Making Tiled Maps with Unity and JavaScript — If you want to create your own Google Maps-esque, Web-rendered tiled maps, Leaflet is a great option, but how do you produce custom map tiles? Using the Unity game engine is certainly one of the more creative ways..

Alan Zucconi

🛠 Code & Tools

Typist: Tiptap-Based Rich Text Editor Component — An unashamedly opinionated yet simple text editor control. You can try the examples in the sidebar. It’s suited for basic rich text situations like writing comments or messages and also has a single-line mode.


Find JavaScript Jobs with Hired — Hired makes job hunting easy-instead of chasing recruiters, companies approach you with salary details up front. Create a free profile now.

🧑‍💻 Got a job listing to share? Here’s how.

😮 Coding in 140 characters

Wow 👏 – what some people can achieve in a mere 140 characters of JS is amazing. There are a lot of fantastic experiments over at Dwitter.