All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Lessons Learned From Being Blocked From Contributing to Lodash

By

crtns

7mo ago· 7 min readenOpinion
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Front-window bakery material. Catches the eye, delivers the goods.

Score100TypeopinionSentimentnegative

Summary

The author shares their experience of being blocked from contributing security improvements to the lodash JavaScript library on GitHub. This was their first open source contribution attempt in a while, which they describe as a waste of time. However, they learned valuable lessons about the process of contributing to open source projects and share insights about supply chain security in the JavaScript ecosystem.

Key quotes

· 4 pulled
My Github account was blocked from contributing security improvements to the lodash project.
This was my first open source work in a while, and unfortunately, it appears it was a waste of time.
I did learn a few lessons about contributing to open source projects that others might benefit from.
I've been going down a rabbit hole to figure out how to improve supply chain security in the JavaScript ecosystem.
Snippet from the RSS feed
My Github account was blocked from contributing security improvements to the project. This was my first open source work in a while, and unfortunately, it a...

You might also wanna read

Kefir C compiler development moves to private mode indefinitely

The developer of the Kefir C compiler announces the cessation of public development, transitioning the project to private mode indefinitely.

kefir.protopopov.lv·2h ago

Zig Devlog: Build System Rework Separates Maker and Configurer Processes

This devlog entry from the Zig programming language project announces a major rework of the build system, separating the maker process from

ziglang.org·1d ago

magiblot/tvision: A modern cross-platform port of Turbo Vision 2.0 with Unicode support

A modern, cross-platform port of Turbo Vision 2.0, the classical framework for text-based user interfaces (TUI). Originally started as a per

github.com·1mo ago

Why a Software Maintainer is Rejecting External Pull Requests

The article is a personal reflection from a software maintainer explaining why they are rejecting pull requests (PRs) from external contribu

dpc.pw·1mo ago

GitHub Repository: Chip8 Emulator Project for Virtual Machine Emulation

The article appears to be a GitHub repository page for a Chip8 emulator project called 'navid-m/chip8emu'. The content shows GitHub's interf

github.com·1mo ago

10-year-old unit test with future cookie expiry date breaks Servo browser CI system

A developer shares a story about a unit test written 10 years ago for the Servo browser engine that included a cookie expiry date of April 1

mastodon.social·1mo ago