Show only production dependencies with npm

In short, npm ls --prod will show the tree of your non-development dependencies.

I try to limit the number of dependencies I use in my open source modules for security and simplicity. I wanted to see the tree of dependencies while working on Helmet to make sure I wasn't pulling in more than I needed, but npm ls gave me all of my dependencies, including development dependencies like my testing framework, which I didn't need to see.

Luckily, npm has a --prod flag for this! Run npm ls --prod to only see your "regular" dependencies, not your devDependencies.

If you want to do the opposite and only see devDependencies, give npm ls --dev a try.

Hope this little tip helps!

On modern censorship

From "It's the (Democracy-Poisoning) Golden Age of Free Speech" in Wired:

The most effective forms of censorship today involve meddling with trust and attention, not muzzling speech itself. As a result, they don't look much like the old forms of censorship at all. They look like viral or coordinated harassment campaigns, which harness the dynamics of viral outrage to impose an unbearable and disproportionate cost on the act of speaking out. They look like epidemics of disinformation, meant to undercut the credibility of valid information sources. They look like bot-fueled campaigns of trolling and distraction, or piecemeal leaks of hacked materials, meant to swamp the attention of traditional media.


By this point, we've already seen enough to recognize that the core business model underlying the Big Tech platforms—harvesting attention with a massive surveillance infrastructure to allow for targeted, mostly automated advertising at very large scale—is far too compatible with authoritarianism, propaganda, misinformation, and polarization. The institutional antibodies that humanity has developed to protect against censorship and propaganda thus far—laws, journalistic codes of ethics, independent watchdogs, mass education—all evolved for a world in which choking a few gatekeepers and threatening a few individuals was an effective means to block speech. They are no longer sufficient.

Import Pinboard bookmarks into Standard Notes

In short: I wrote a tool to import Pinboard bookmarks into Standard Notes.

I care a lot about digital privacy and really appreciate the approach Standard Notes claims to take with my data. I started putting my bookmarks into the service instead of Pinboard. Pinboard is another fantastic service, but wanted to import my bookmarks into Standard Notes to have everything in one place.

So I wrote a tool to do the import! You can use it here.

It's not a terribly complicated piece of software—it transforms some JSON data into some other JSON data—but it was useful to me and I hope it's useful to someone else out there.

The code is open source if you want to give it a look.

On multi-paradigm languages

From John Carmack's Quake keynote:

Languages talk about being multi-paradigm as if it's a good thing, but multi-paradigm means you can always do the bad thing if you feel you really need to. And programmers are extremely bad at doing the time-scale integration of the cost of doing something that they know is negative.

This echoes a feeling I have: bells and whistles can cause problems for larger projects.

"Facebook Wins, Democracy Loses"

From a New York Times article:

We are in the midst of a worldwide, internet-based assault on democracy. Scholars at the Oxford Internet Institute have tracked armies of volunteers and bots as they move propaganda across Facebook and Twitter in efforts to undermine trust in democracy or to elect their preferred candidates in the Philippines, India, France, the Netherlands, Britain and elsewhere. We now know that agents in Russia are exploiting the powerful Facebook advertising system directly.