-
Front End
Securing GitHub Actions
The typical playbook for a supply chain attack is to use some form of social engineering to compromise a maintainer’s account, then use that account to directly publish compromised packages to npm. Maintainers are fighting back by removing direct publishing credentials and moving to trusted publishing pipelines like GitHub Actions. Consumers are protecting themselves by verifying package integrity and enforcing cooldowns before newly published packages can be consumed.
-
Event Sourced
Multi-Tile Snapshots
After some refactoring to decouple event log and snapshot loading, followed by many other distractions, I’m finally ready to implement multi-tile snapshots. This is the next step on my tracer bullet journey.
-
Front End
InfiniSheet
Updating Transitive Dependencies with pnpm
Recently, I’ve been seeing a glut of dependabot security alerts for my Infinisheet project. I used to see a handful a month. At the start of this week, I was staring at twenty of them.
-
Gear
Home Assistant
Heat Geek NanoStore DHW Update
Two months ago our prototype Heat Geek NanoStore was rebuilt. Everything looked rosy. All of my outstanding issues were resolved.
-
Front End
Unit Test Code Reuse with Vitest 4.1
I’m a strong believer in unit tests. I try to get close to 100% code coverage with my tests. Which means I have a lot of unit test code. Normally, you try to minimize duplication, and Don’t Repeat Yourself. That has it’s own special challenges when it comes to unit tests.
-
Front End
InfiniSheet
Event Sourced
Asynchronous Unit Tests with Vitest
Asynchronous code is great. It’s the most efficient way to implement IO heavy workloads. When IO occurs, the current chain of execution is paused, allowing something else to run. There’s no multi-threading overhead. You can sustain far higher rates of effective concurrency while using only a single thread. Control is transferred at well defined points so there’s no need for critical sections and locks.
-
Event Sourced
Decoupling Event Log and Snapshot Loading
Last time, we got a load-on-demand chunked snapshot format working. It didn’t feel great, with too much coupling between in-memory representations for the event log and snapshot. We’re going to sort that out now before moving on to a multi-tile snapshot format.
-
Event Sourced
Partially Loading Chunked Snapshots
We’re ready to start making our event sourced spreadsheet scalable. We have an existing unoptimized tracer bullet implementation that we can evolve, a high level plan for scalable snapshot data structures and a benchmark to track progress.
-
Front End
Securing my NPM Supply Chain
The news is full of npm supply chain attacks. I’ve previously described how package providers can use provenance and trusted publishing to help consumers verify that packages haven’t been tampered with.
-
InfiniSheet
InfiniSheet: Chore Updates
Six months ago I was spending all my time on Infinisheet, my event sourced spreadsheet project. Then I got distracted by Home Assistant, had a heat pump installed and had to debug a prototype hot water system.