How Deno Protects Against npm Exploits

News of the week of September 29, 2025: Is Deno the answer to npm's security issues? From the community: replacing .env files with 1Password, stepping outside of TypeScript's padded room, and temporal dead zones. Plus, Kamran fell into a rabbit hole and defeated the Red Queen: SSR with .NET.

Chapters

• (00:00) - Welcome to the Show
• (07:39) - News: TSGo Got a Lil Bit Faster (Still)
• (08:56) - News: How Deno Protects Against npm Exploits
• (13:28) - News: DBOSS Adds Better JS and TS Support for Durable Workflows
• (15:44) - News: Astro Got a New Sponsor
• (16:49) - Community Highlight: Liran Tal on Mitigating Supply Chain Security for Node.js Local Dev
• (21:11) - Community Highlight: Why is the TypeScript Codebase Littered with var Statements?
• (23:36) - Community Highlight: When Type Safety Can Be Tricky
• (27:40) - Community Highlight: Theo.gg on Life After TypeScript
• (29:10) - Community Highlight: Kamran Got React SSR Working Under .NET!
• (40:12) - Cool Link: En*bleep*ification by Cory Doctorow
• (40:32) - The Minnesota Long Goodbye

News

• TSGO News: PR #1732: Improves source file parse time by ~10%
• How Deno protects against npm exploits
• DBOS 2.0 adds JS support with a decoratorless API. (docs)
• What’s new in Astro - September 2025

From the Community

• Liran Tal: Mitigate Supply Chain Security with DevContainers and 1Password for Node.js Local Development
• Vincent Rolf: The Temporal Dead Zone, or why the TypeScript codebase is littered with var statements
• Paul Schmeing: TypeScript and the Illusion of Type-Safety
• Theo: Life after TypeScript
• Kamran: dotnet-ssr, an (experimental!) .NET SSR host

Cool Stuff

• Erik's LD58 Game Jam: Play the Gem Jam Game
• Video: Kamran on rendering React Router using a .NET SSR host
• Book: Ensh*ttification with Cory Doctorow (plus, Interview with Adam Conover)
• Kamran's Course: Staying on Task with the Pomodoro Technique
• Kamran's Course: Prioritizing Work with Rocks, Pebbles, and Sand
• Library: microsoft/node-api-dotnet, advanced interoperability between .NET and JavaScript in the same process.
• Library: agracio/edge-js, run .NET and Node.js code in-process on Windows, MacOS, and Linux

Sponsored by Excalibur.js
Excalibur.js is the friendly TypeScript game engine for making 2D web games. Use your TypeScript or JavaScript skills to make games! Excalibur comes out-of-the-box with everything you need to make web games, like physics, sprites, animations, sound effects, input, and particles. Design your assets with tools like Aseprite and Tiled, then load them natively using first-party plugins.

Music
Seahorse Dreams by Kubbi (Spotify)