Skip to content

Instantly share code, notes, and snippets.

View jtojnar's full-sized avatar

Jan Tojnar jtojnar

193 followers · 40 following
  • ogion.cz
  • Czech Republic
View GitHub Profile
@joepie91
joepie91 / .md
Last active May 28, 2024 02:02
Please don't include minified builds in your npm packages!

Please don't include minified builds in your npm packages!

There's quite a few libraries on npm that not only include the regular build in their package, but also a minified build. While this may seem like a helpful addition to make the package more complete, it actually poses a real problem: it becomes very difficult to audit these libraries.

The problem

You've probably seen incidents like the event-stream incident, where a library was compromised in some way by an attacker. This sort of thing, also known as a "supply-chain attack", is starting to become more and more common - and it's something that developers need to protect themselves against.

One effective way to do so, is by auditing dependencies. Having at least a cursory look through every dependency in your dependency tree, to ensure that there's nothing sketchy in there. While it isn't going to be 100% perfect, it will detect most of these attacks - and no

@graninas
graninas / On_hiring_haskellers.md
Last active March 25, 2023 16:49
On hiring Haskellers

On hiring Haskellers

Recently I noticed the number of the same two questions being asked again and again on different Haskell resources. The questions were “How to get a Haskell job” and “Why is it so hard to find Haskellers?” Although these two are coming from the opposite sides of the hiring process, the answer is really just one. There is a single reason, a single core problem that causes difficulties of hiring and being hired in the Haskell community, and we should clearly articulate this problem if we want to increase the Haskell adoption.

We all know that there are many people wishing to get a Haskell job. And a visible increase of Haskell jobs looks like there should be a high demand for Haskellers. The Haskell community has also grown like crazy past years. But still, why is it so difficult to hire and to be hired? Why can’t companies just hire any single person who demonstrates a deep knowledge of Haskell in blog posts, in chats, on forums, and in talks? And why do Haskell companies avoid hirin

@PhilippIRL
PhilippIRL / enable-spotify-devtools.py
Last active January 4, 2025 01:06
# Created by @PhilippIRL
# This script patches Spotify's offline.bnk file (this file caches the remote config) to trick Spotify into thinking that your account is enabled for dev tools.
# Spotify will automatically revert this local change after some time when it next fetches the remote config.
# Of course you will have to completely close Spotify before running this script.
import os, sys, platform
systemPlatform = platform.system()
if systemPlatform == 'Windows':
@IsaacGemal
IsaacGemal / git-hours.sh
Created April 17, 2025 03:36
Git time histogram
git log --date=format:%H --pretty=format:%ad | \
awk '
{ h = int($0); cnt[h]++; total++ } # collect counts & grand total
END {
# find max bucket to rescale bars
for (i = 0; i < 24; i++) if (cnt[i] > max) max = cnt[i]
barWidth = 50 # chars for the widest bar
for (i = 0; i < 24; i++) {
ampm = (i < 12) ? "AM" : "PM"