Julian GonggrijpFeb 19

Underscore v1.13.8 is out, with a security fix in _.isEqual and _.flatten. Please upgrade to underscore@latest or underscore@stable.

https://github.com/jashkenas/underscore/issues/3011

#javascript #security #UnderscoreJS

Security leak in _.flatten and _.isEqual, please update · Issue #3011 · jashkenas/underscore

I just published version 1.13.8, which fixes a security issue in _.flatten and _.isEqual. Under very specific circumstances, it could allow for a Denial of Service (DoS) attack in server applicatio...

GitHub
Show threadJulian GonggrijpSep 28

@randomwizard Or use #UnderscoreJS, where most functions work the same regardless of whether you iterate over an array or an object.

(Map and Set nog supported yet, but planned for version 2.)

Julian GonggrijpJul 24, 2024

Just released #UnderscoreJS version 1.13.7. Thanks to @elkcityhazard for contributing #darkmode to the home page.

https://underscorejs.org/#1.13.7

#JavaScript #OpenSource

Underscore.js

Show threadJulian GonggrijpNov 2, 2023

@electricdragon I think it stems from 2 obsessions: wanting every library to be dependency-free (which is insane) and wanting to treeshake everything to the bone (which is defensible but requires shredding files because tools cannot reason about side effects). I confess I modularized #UnderscoreJS for the latter reason, though I took care to keep it readable.

Another reason why business logic is obscure, is that nobody understands MVC anymore. The component frameworks are to blame for that.

Julian GonggrijpOct 11, 2023
@linear I don't know whether you work in JavaScript or Python, but out of principle: please know that you would be welcome to contribute to any of the projects I maintain. That's #UnderscoreJS, Underscore-contrib, #BackboneJS, #Wontache and pip-review (currently trying to transfer the latter to a new maintainer).
Julian GonggrijpMay 12, 2023
I set out to answer an old question on Stack Overflow, but ended up writing a long tutorial on #BackboneJS, @jquery, #UnderscoreJS and #sprintf, including some advanced techniques. Comments, questions and suggestions welcome.
#JavaScript
https://stackoverflow.com/a/76237929/1166087
format string in javascript

Is it possible to achieve this in javascript? Here is the format: 1 ITEM1 9.00 0% 9.00 1 ITEM-GET01 8.00 12% 5.00 I would like to create a receipt like layout. I'm using backbone.js so...

Stack Overflow
Show threadJulian GonggrijpApr 11, 2023
@katerberg How do you feel about #UnderscoreJS?
Show threadJulian GonggrijpMar 13, 2023

@noim @ph1 They are a bit niche.

- Generating just one value: async/await is easier, as mentioned.
- Generating a series: more likely to use events or streams or to just store everything in an array eagerly.

Generators do allow lazy patterns, where e.g. you transform and filter a series partially with takeWhile. Lodash attempted to do such a thing before generators existed with "shortcut fusion", which was bloaty and nonscalable. #UnderscoreJS 2.0 will support generators as a collection type.