Issue #18: Celebrate
🎵 I just wanna celebrate, tonight we makin’ history… 🎵
As usual, in this newsletter I’m trying to build bridges between the past and the future through innovations of the present, blah-blah… Meaning, it is the gist of each issue here — some lessons from the past (like for instance this ESLint’s retrospective over the last year of its v9) to learn from today, and build better future tomorrow (like, for example, Svelte Society does by publishing the Svelte Summit’s videos in open). But this time it’s even more symbolic, as there’s an anniversary of one foundational tool (or idea? religion?!) and people are inclined to get nostalgic at such dates and reflecting on former experiences even more than ever. All in all, let’s get to specifics and… celebrate, of course! 🎉
The Good
As everyone knows here for sure,
JavaScript was invented in a two-week flurry in May 1995 by Brendan Eich…
and taking into account that
Brendan Eich joined Netscape in April 1995
it is probably the case of the most fast and successful onboarding in the history of hiring, but I digressed.
These two weeks happened exactly 30 years ago! About the time I got to know what this fancy but primitive box called computer actually is in my middle school!
We all know how faulty this language can be at times, but we also know what powers it can give you, even being compared to more low-level languages. Whichever scale part you gravitate to, you cannot deny that JavaScript had changed the tech world and had formed the Web as we know it today.
The guys from Deno given me and other JS fans some nostalgic chills about the 30-years history of the language and its ecosystem in their cool-as-destructuring infographics-like article. I’m really grateful to them and I share the excitement, as JS accompanied me personally to huge extent in my tech journey (as it did for Deno, whose journey is only getting started, in case you didn’t know!) with all its (and mine) imperfections and surprises.
Interestingly, I had found that in October 2016,
Next.js began as a small framework for server-rendered universal JavaScript web applications…
which can be considered a metaframework’s idea birthday, probably. So the next year will be the first anniversary of JS metaframeworks and we gonna roll out a great party, but until then…
The Bad
JavaScript had brought a lot of good tools into the web development ecosystem, including npm — the package manager which, as its foundational language, has its good and bad side. One of the weakest parts of that is security, and the new article from arstechnica’s Dan Goodin, citing the original detailed research from the Socket team, highlights how adversaries can use malicious npm packages targeting widely used frameworks and tools like React, Vue, and Vite, and stay unnoticed for years.
A developer couldn’t distinguish the usage of these malicious packages from legitimate ones without examining the source code.
For 30 years, JS remains one of the most vulnerable programming languages around and its popularity doesn’t make the matter easier.
The only other problem in the related web ecosystem that brings comparative to security amount of pain (even being arguably less damaging) is the bloated JS tooling. Even though there are multiple solutions to that these days, people more and more face the problem of misusing technology for solving simple problems. But maybe the language just teaches us the hard way?…
The Noteworthy
For instance, many people consider React Server Components (RSC) the answer to many modern problems engaging web development with React. This week we have a very deep and insightful article about ins and outs or RSC from the Plasmic team.
In short, React Server Components makes it possible for the server and the browser to do what they do best. Server components can focus on fetching data and rendering content, and client components can focus on stateful interactivity, resulting in faster page loads, smaller javascript bundle sizes, and a better user experience.
We already discussed the similarities between the concepts of RSC and Astro’s server islands in the last issue, but as we go further deep here, there’s another new opinion and research on that from Nick Taylor. And it went live timely to the latest release of Astro (v5.8.0).
Another notable release of this week was stabilizing the version 4 of Zod, the tool all the metaframework users know and love, serving one of the foundational parts of the corresponding tooling sets. This site uses Zod too, and let me tell you: it plays very well with frameworks like Astro and its features, especially the content collections.
I think this JS celebration party went pretty well during the last couple of weeks (check out the previous issues for the proof!), I’m pretty sure Brendan Eich is proud of us. But you know what would make him even more happy? You, building new cool stuff with JS and metaframeworks. In the end, that’s why we’re here now. And if this newsletter helps you with that even a little, I’m one happy guy.
đź‘‹