There should thus be an option to give npm a list of vulnerability IDs (CVEs etc.) that it does not need to defend because the admin has decided it does not apply to their edge case.

Here is one of the most confusing cases: def foo(x, **kwargs) p [x, kwargs] end def bar(x=1, **kwargs) p [x, kwargs] end foo({}) #=> [{}, {}] bar({}) #=> [1, {}] bar({}, **{}) #=> expected: [{}, {}], actual: [1, {}]

I am not sure if this is an improvement. To me it does not seem very pretty. Of course I am biased since I also prefer () in method definitions if they have arguments; although I think it is fine that ruby does not mind omitting the (). For my brain, I like the () for visual separation.

In other words, once you've used Maybe you cannot hit nil with a missing method. This is remarkable because even &. doesn't save you from omitting || "No state" at the end of the computation. Basically, that's what they call "Type Safety".

Another solution is using the Safe Navigation Operator &. introduced in Ruby 2.3 which is a bit better because this is a language feature rather than an opinionated runtime environment pollution

You should default to the most permissive option imo and there really is no reason to check anything until you really need to If it were left to me I'd just use optional chaining, as it also eliminates the need for no-ops

Attribution is no longer required as of Font Awesome 3.0 but is much appreciated:

Directives like ng-if="info.report.revenue" sort of work in Angular if info.report is undefined, in that the ng-if becomes false. But the Svelte equivalent {#if info.report.revenue} throws an error. For now we're using lodash get in places where we need to and looking forward to Svelte support for optional chaining.

That file is mandatory, but it can contain nothing, if you want the default theme.

Just coming here to voice my agreement that these warnings are annoying and exist in other libraries as well. For me this happened with svelma. I didn't write the library code, so I don't have complete control over it even though I agree there is an argument to be had around whether I should be notified anyway. In either case, these warnings should be easily disabled since libraries don't always get updated over night.

// `lodash/padStart` accepts an optional `chars` param. _.padStart('a', 3, '-') // ➜ '--a' // `lodash/fp/padStart` does not. fp.padStart(3)('a'); // ➜ ' a'

Allow creating custom components with the same abilities as native dom. By all means keep the same level of encapsulation, don't push class on components, but allow a component to mark the class property or another as a CSS Class property, in which case you could pass it through the same transformation that native elements go through

handle?.destroy?.()

And normally, accepting a class prop is documented in the component's props, so passing a class prop to a component that doesn't utilize it, and see no effect is not surprising at all, in the sense that passing any undocumented prop normally mean that it will have no effect.

The nice thing with this implementation is that it doesn't have any overhead or modified behavior for code that doesn't use the feature. If you don't like, no harm done, you can just ignore it.

Enable the sub-chart The way we’ve chosen to implement compartmentalized sub-charts includes the ability to disable the components that you may not want in a given deployment. For this reason, the first setting you should decide on is enabled.

A middle ground would be to recommend the user create a new password without necessarily enforcing this action. The obvious risk is that the user clicks through the warning and proceeds with using a compromised password, but at least you've given them the opportunity to improve their security profile.

This gives your users the option to increase the level of security to their account and help prevent unauthorized access.

Watch our REAL ID Video on YouTube!

Optional Dependencies

TypeScript 3.7 implements one of the most highly-demanded ECMAScript features yet: optional chaining