MatthewCallis

https://news.ycombinator.com/item?id=47263323

From https://web.archive.org/web/20260305155250/https://ru.wikipedia.org/wiki/%D0%A3%D1%87%D0%B0%D1%81%D1%82%D0%BD%D0%B8%D0%BA:Ololoshka562/test.js

A Wikimedia Foundation account was doing some sort of test which involved loading a large number of user scripts. They decided to just start loading random user scripts, instead of creating some just for this test. The user who ran this test is a Staff Security Engineer at WMF, and naturally they decided to do this test under their highly-privileged Wikimedia Foundation staff account, which has permissions to edit the global CSS and JS that runs on every page. One of those random scripts was a 2 year old malicious script from ruwiki. This script injects itself in the global Javascript on every page, and then in the userscripts of any user that runs into it, so it started spreading and doing damage really fast. This triggered tons of alerts, until the decision was made to turn the Wiki read-only.

Wow. This worm is fa

MatthewCallis

#!/bin/bash

# Script to check if any affected packages are installed in package-lock.json files on macOS
# This checks against a list of 288 potentially vulnerable npm packages
# Recursively searches for package-lock.json files from the root directory
# Based on https://gist.github.com/considine/2098a0426b212f27feb6fb3b4d714660 by @considine
# https://news.ycombinator.com/item?id=46032539
# https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains
# https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24

MatthewCallis

/**
 * Strip indentation from a string.
 * @param {string} text The text to strip the indentation from.
 * @param {boolean} [stripAll] When true, strip all indentation, when false, only the initial indentation. Defaults to false.
 * @returns {string} The text with the indentation stripped.
 */
export function stripIndent(text, stripAll = false) {
  if (stripAll) {
    // remove all indentation from each line
    return text.replace(/^[^\S\n]+/gm, '');

MatthewCallis

• [Cloning Array of Objects](https://jsbenchmark.com/#eyJjYXNlcyI6W3siaWQiOiJTemFvbUxmNWhudG45UHY5SkplZnoiLCJjb2RlIjoic3RydWN0dXJlZENsb25lKERBVEEpIiwibmFtZSI6IlN0cnVjdHVyZWQgY2xvbmUifSx7ImlkIjoiZlJ2LUtWZFZ6LVlzejQ0VWF6RFZyIiwiY29kZSI6ImxvZGFzaC5jbG9uZURlZXAoREFUQSkiLCJuYW1lIjoiTG9kYXNoIiwiZGVwZW5kZW5jaWVzIjpbeyJ1cmwiOiJodHRwczovL2Nkbi5qc2RlbGl2ci5uZXQvbnBtL2xvZGFzaC1lc0A0LjE3LjIxLytlc20iLCJuYW1lIjoibG9kYXNoIiwiZXNtIjp0cnVlfV19LHsiaWQiOiJOdEpEMHh5Y0oyNl9LdUpyd1UyUGwiLCJjb2RlIjoiY29uc3QgeyBrbG9uYSB9ID0gREVQXzFcbmtsb25hKERBVEEpIiwiZGVwZW5kZW5jaWVzIjpbeyJ1cmwiOiJodHRwczovL2Nkbi5qc2RlbGl2ci5uZXQvbnBtL2tsb25hQDIuMC42Lytlc20iLCJuYW1lIjoiIiwiZXNtIjp0cnVlfV0sIm5hbWUiOiJrbG9uYSJ9LHsiaWQiOiJUckN2NllTU2NaZzUwbWlWRjBLd1MiLCJjb2RlIjoiY2xvbmVEZWVwKERBVEEpIiwiZGVwZW5kZW5jaWVzIjpbeyJ1cmwiOiJodHRwczovL2Nkbi5qc2RlbGl2ci5uZXQvbnBtL2Nsb25lLWRlZXBANC4wLjEvK2VzbSIsIm5hbWUiOiJjbG9uZURlZXAiLCJlc20iOnRydWV9XSwibmFtZSI6ImNsb25lLWRlZXAifSx7ImlkIjoid19qMjRjWEI5cXNEZFNLbXNlU0F3IiwiY29kZSI6IkpTT04ucGFyc2UoSlNPTi5zdHJpbmdpZnkoREFUQSkpIiwiZG

MatthewCallis

AI & Coding

Let's just ask it.

🧔🏻‍♂️ You: How can software engineers make the best use of generative AI technologies?

🤖 ChatGPT: To make the best use of generative AI technologies, software engineers can:

1. Automate repetitive tasks: Use AI to generate code snippets, documentation, or automate testing and debugging.
2. Enhance creativity: Leverage AI for design, brainstorming new ideas, or solving complex problems.

MatthewCallis

// Testing State Setters
// const [payload, setPayload] = useState({})
it('can update the number of times to loop', () => {
  const mockSetPayload = vi.fn()
  const mockPayload = {
    timeOfLoop: 0,
    amount: 0,
    units: 'hours',
    exitCondition: {
      groups: [],

MatthewCallis

eval "$(/opt/homebrew/bin/brew shellenv)"

MatthewCallis

// https://stackoverflow.com/questions/55187563/determine-which-dependency-array-variable-caused-useeffect-hook-to-fire
// https://github.com/simbathesailor/use-what-changed/tree/master
// https://dev.to/vsramalwan/ways-to-handle-deep-object-comparison-in-useeffect-hook-1elm
import { toJS } from 'mobx'
import { useEffect, useRef } from 'react'

import type { EffectCallback } from 'react'

export interface Update {
  oldValue: any

MatthewCallis

import { renderHook } from '@testing-library/react-hooks/dom'

import useDebounce, * as allDebounce from 'hooks/useDebounce'

describe('debounce', () => {
  it('calls as expected', () =>
    new Promise<void>((done) => {
      const callingArgument = 'debounce it!'
      const debounceCallback = (value: string) => {
        expect(value).toBe(callingArgument)

MatthewCallis

Pull Requests

Having fellow developers check your code (and checking theirs in turn) helps eliminate mistakes, clean the codebase, and share knowledge across the team. Code review is a purely human communication process. And a good way to approach humans (especially the ones you need to work with) is with empathy. This includes the obvious: politeness, kindness, and respect. But you can go a step further and remember that when you're assigning reviewers to look through your code, you're requesting another person's time and energy. Therefore, it's nice to make the process easier for them, and doing so will probably result in a more efficient code review. So, keeping empathy in mind, let's discuss some practical tips that can make your code reviewers happier.

Before & During Coding

Branch Naming Strategy

The branch name is your first opportunity to give your task context. In case your reviewer decides to check the code out locally, they will need to find that branch among many others. Prefix the br