silverwind·أول أمس·discussYes, tsconfig is a mess to scope. It needs a re-design to allow glob-based matching for all options and in typescript instead of jsonc.
silverwind·قبل 3 أيام·discussSeems they not running these agents with the same permissions of the user prompting them, what a disaster.
silverwind·قبل 9 أيام·discussI think tsdown is much better suited for CLI and library builds. Vite has many web-isms that don't matter for these.
silverwind·الشهر الماضي·discussYeah, a missed opportunity. But I'm sure such a compiler will eventually arise.
silverwind·قبل شهرين·discussTrue, sometimes a Claude answer is so on the spot, it'd a waste to not post it alongside your short summary.
silverwind·قبل شهرين·discussPR spam is a major problems for repo that run bounties. Maybe GitHub should temporarily block accounts from raising PRs if like 95%+ of them are getting rejected.
silverwind·قبل شهرين·discussKnowing them, I expect a release probably next week, have fun in production with it.
silverwind·قبل شهرين·discussIt'll always be a cat-and-mouse game. If npm adds protections, it'll only yield false-positives and workarounds will be trivial.
silverwind·قبل شهرين·discussAlmost all these recent compromises seem to involve either cache poisoning or prompt injection via untrusted variables.
silverwind·قبل شهرين·discussI think it's just a case of brain drain, followed by reckless AI adoption which both drove the quality down.
silverwind·قبل شهرين·discussAll those forks turned out to be inferior projects with substantially less contributions than the originals.
silverwind·قبل شهرين·discussIt's definitely helpful to know whether a PR was AI-assisted or not and the git attribution line is a simple and effective way of communicating that.I also recommend specifying model name and version so the maintainer knows upfront the level of slop they are dealing with.
silverwind·قبل شهرين·discussProblem with Go is the type system is rudimentary, so you can't "restrict" AIs as well as you could in Typescript.
silverwind·قبل شهرين·discusshttps://www.typescriptlang.org/tsconfig/#erasableSyntaxOnly covers them all, I strongly recommend running with that option enabled to be future-proof.
silverwind·قبل شهرين·discussMaybe now people can stop blaming npm and realize none of these unreviewed package ecosystem are safe.