"There is a security vulnerability in npm by default that enables writing a worm that can propagate to anyone doing an npm install to a package that would contain an infected dependency (even if the dependency is deep)."

"In this post we will focus on our ever evolving use of Content Security Policy (CSP), as it is our single most effective mitigation. We can’t wait to follow up on this blog to additionally review some of the “non-traditional” approaches we have taken to further mitigate content injection."

Learning flexbox, tower-defense style !

A game for learning CSS flexbox

"WordPress a annoncé au début du mois d’avril 2016 que dans un futur proche, les sites utilisant sa plateforme auront tous le HTTPS installé de base."

"Sculpin is a static site generator written in PHP. It converts Markdown files, Twig templates and standard HTML into a static HTML site that can be easily deployed."

Today, we’re very excited to announce the launch of the Instaparser API. Instaparser is a new API that gives developers access to the same parsing tools we use for the Instapaper service.

"This isn't Bash or Ubuntu running in a VM. This is a real native Bash Linux binary running on Windows itself."

"Je n’ai pas une vision mécanique de mes CSS, j’en ai une vision humaine : quelquʼun dʼautre (une personne) va les lire, chercher à les comprendre, les utiliser, les modifier peut-être. Je communique avec cette personne, je documente, je commente, jʼinduis des erreurs pour obliger à lire, comprendre et respecter certaines bonnes pratiques."

JavaScript projects are managed like they are serial killer crazy walls because the language lacks some standards. It's time to cast aside new language features and really get to work on an underlying standard library.

"Chrome for iOS is not Chrome. Firefox for iOS is not Firefox. Opera for iOS is not Opera. They are all using WebKit. They’re effectively the same as Mobile Safari, just with different skins."

"Uber needs its systems to scale quickly alongside the growth in demand for its service. "Uber is now doing over two million RPCs per second at peak across the Node.js eet," Ranney said."

"The average software developer is a male, aged 29.6 years and pretty much obsessed with JavaScript."

A detailed explanation of the usage of srcset and sizes over media queries.

"This blog describes how we use computer vision algorithms to address the challenges of focal point, text placement and image clustering at a large scale."

"Si vous nous suivez sur twitter vous l'aviez vue venir : voici donc une nouvelle version de l'extension Opquast desktop. 

[...]

Les nouveautés :

• Nous sommes maintenant compatibles avec le nouveau système d'extension de Mozilla
• Nous proposons plusieurs mises à jours de check-lists (Opquast qualité Web 3, Website 3...)
• Plusieurs tests ont été corrigés"

Une très, très (j'ai dit "très" ?) bonne synthèse de ce qui se passe dans le monde JavaScript en ce moment, à mon humble avis. Moralité : prenez du recul et appréciez la richesse et le potentiel.