Tom Sherman 1 month ago

For anyone that missed it, the React Server Components critical vulnerability has a name and website now Please refer to this before sharing any supposed POCs [react2shell.com](

) [React2Shell (CVE-2025-55182/CV...](

React2Shell (CVE-2025-55182)

)

Tom Sherman 2 months ago

Next.js cache components are not ready for prime time. They're "GA" but it really feels the same as when they advertised app router as stable in v13 Many bugs and missing features

Tom Sherman 3 months ago

This message (and solution) is probably something that is very obvious to many on this app [The Web is Going to Die]( )

Tom Sherman 3 months ago

marking myself safe from the atproto feed censorship event

Tom Sherman 3 months ago

I got an instance of @npub10vgn...h0np's scrobbler running, super super easy Is there a tool to import existing last.fm scrobbles into my PDS?

Tom Sherman 5 months ago

Atproto PDS devs: Does anyone have recommendations on which endpoints to start developing first? I wanna prove a concept out as quickly as possible I'm thinking: putRecord, getRecord, subscribeRepos

Tom Sherman 5 months ago

Also very happy to see the other libraries by the same author (eg. openid-client) use the same no-nonsense style. Auth code really should have as few layers of indirection as possible RE:

Bluesky Social

Tom Sherman (@tom.sherman.is)

The code inside github.com/panva/oauth4weba… is such a pleasure to read. I have to spelunk and debug through this code a few times and it's alway...

View quoted note →

Tom Sherman 5 months ago

The code inside [github.com/panva/oauth4weba…](

GitHub

GitHub - panva/oauth4webapi: Low-Level OAuth 2 / OpenID Connect Client API for JavaScript Runtimes

Low-Level OAuth 2 / OpenID Connect Client API for JavaScript Runtimes - panva/oauth4webapi

) is such a pleasure to read. I have to spelunk and debug through this code a few times and it's always a pleasure. Absolutely zero layers of indirection, zero fluff. [GitHub - panva/oauth4webapi: L...](

GitHub

GitHub - panva/oauth4webapi: Low-Level OAuth 2 / OpenID Connect Client API for JavaScript Runtimes

Low-Level OAuth 2 / OpenID Connect Client API for JavaScript Runtimes - panva/oauth4webapi

)

Tom Sherman 8 months ago

"trusted verifiers" makes a lot of sense, i'd like to be able to opt out of each verifier though as a user. ie. Bluesky trusts orgs X and Y, as a user I only trust X. Don't show the badge for accounts verified by Y

Tom Sherman 11 months ago

Long press the version number in settings to enter developer mode, you'll get new options on posts and profiles https://morel.us-east.host.bsky.network/xrpc/com.atproto.sync.getBlob?did=did:plc:2xau7wbgdq4phuou2ypwuen7&cid=bafkreia6qxmm2l7apjz5drqsxook3amrrif6oc6dzlbtoacwhs3pkazv5a