Just been through several frontend interviews in the last few months, where it's clear that they still judge a developer's JS skills (especially React) than being semantically correct on HTML elements.

Every question/exercise is centred around how well you know React hooks, effect, memoization, modern css-in-js etc. Given I've been working with Astro recently, in one interview I talked about DOM APIs and I can see the interviewer raise an eyebrow. In later stage, even I that passed the exercises, still didn't get the job.

Remember that a large part of hiring is finding someone who fits in an existing team. A team that uses react won't appreciate someone choosing to use native DOM APIs instead of a react component.

In every React team I've been part of we've wanted to use as little react as possible and use native DOM apis when possible. React would be used purely for state management or interactivity.

I feel like teams that have used react enough learn that the less React you can use the better :) it's a great tool, but most teams use it because it's all they know and they don't know what they don't know about html.

Weird comment, I'm a web dev that has been using react for 10+ years and I prefer using native browser features whenever possible. I'd honestly avoid hiring framework specific devs because the skills required are never about just one single framework.

Also this is just all JS + HTML here, let's not act like it's impossible to learn the most popular frontend tool at the moment.

Eh. I build apps with Preact, but I prefer candidates who know the core web platform. They’ll be more apt to use the right tool for the job and not be baffled by edge cases.

Having a separate css file make small components so much cleaner. I am not against tailwind, but I wouldn't want to use it in front-end interviews.

It's not HTML purism. It's simply recognizing that HTML and CSS have evolved a lot and many things don't need (or are close to not need) JS anymore. This shouldn't be taken as an anti-JS article, everyone benefits from these gradial improvements. Especially our users who can now get a uniform experience.

Windows’ downfall will finally give rise to the Linux desktops, already seeing trends in how popular Omarchy is and well received

Yet another distro maintained by who knows who, applying who knows which patches, that will lose support in some years? Nah.

> https://lessnews.dev

A while ago I felt this "information fatigue" due to the overwhelming updates from the typical news sources (reddit, twitter, even hn).

So I built a _slow_ webdev newsfeed aggregator that doesn't overwhelm you of constant updates, so you focus on reading the actual blog contents and enjoy other things.

I bookmarked to take a closer look later, but I'm a little unclear on the premise, could you explain what you mean by "slow"/how it is filtered/curated?

Sure.

Problem I had with the other newsfeeds is that I get distracted by the constant updates, always refresh the front-page, skipping the actual content and just skimming through headlines and comments.

So I built this one, set it as my homepage, and because it doesn't update often, I will actually read the content of the links. When I'm done, I move on to other things in life.

It's curated by matching keywords (focusing on web development) on HN, mostly automated but with few manual adjustments now and then.

I compiled a list of NPM best practices one can adopt to reduce supply chain attack risks (even if there's no perfect security preventions, _always_): https://github.com/bodadotsh/npm-security-best-practices

Discussion on HN last time: https://news.ycombinator.com/item?id=45326754

For anyone publishing packages for others to use: please don't pin exact dependency versions. Doing so requires all your users to set "overrides" in their own package.json when your dependencies have vulnerabilities.

I have a shorter list of NPM best practices:

1. Don't

Do you know of anything similar for pip?

No.1: Run untrusted code in a sandbox! https://github.com/sandbox-utils/sandbox-venv

Most of the best practices can be translated to python ecosystem. It’s not exact 1:1 mapping but change few key terms and tools, the underlying practices should be the same.

Or copy that repo’s markdown into an llm and ask it to map to the pip ecosystem

Yeah, was mostly interested in the tooling.

shamless plug but here's a list of things you could follow to mitigate risks from npm: https://github.com/bodadotsh/npm-security-best-practices

npm install does install the exact versions from the lockfile. Even though this misconception gets repeated in every single thread about npm here on hn. npm install will not randomly update your direct dependencies, let alone transitive dependencies.

I also built https://lessnews.dev (HN filtered by webdev links)

One decision I had to make was whether the site should update in real time or be curated only. Eventually, I chose the latter because my personal goal is not to read every new link, but to read a few and understand them well.

I’ve also been experimenting with a curated webdev related newsfeed based on HN submissions: lessnews.dev The goal is not to keep users on the site. If some dev visit the site once in a while, and finds a link useful, that’s it.

Second Tuta. Their feature list might be limited when compared to Proton or Fastmail, but their core email service is solid.

Orion on YouTube is unusable at the moment. Click play, ad plays 1 second, disappears but then nothing else plays. Click again, another ad briefly appears and disappears. Have to resort back to Firefox with uBlock Origin just to watch YouTube

Yeah, seeing this one too. Is it an Orion or Safari thing though?