►
From YouTube: 2022-02-16 Node.js Technical Steering Committee meeting
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hello,
everybody-
I
am
mateo
kolina
and
today
I'm
sharing
the
node.js
technical
steering
committee
meeting
of
the
16th
of
february
2022.
A
So
hey
welcome
everybody,
and
hopefully
you
know
we
have
a
small
attendance
and
we
don't
have
quorum
today,
but
we're
still
going
again
with
the
meeting.
We
have
a
few
things
to
announce
and
to
to
to
talk
about.
So
let's
kick
off
with,
let's
kick
off
with
the
announcements,
so
it's
the
first
thing
I
would
like
to-
and
I
have
a
few
myself.
A
A
A
The
next
one
is
that
the
opengs
word
call
for
proposals
extended
to
the
26th
of
february,
so
25th,
sorry
25th
of
february
26th,
25th
of
february.
So
if
you
have
a
talk
that
you
want
to
submit
to
the
opengs
word
to
talk
about
node.js,
it's
great
and
you
know
do
it
it's
open.
If
you
don't
know,
opengs
word
is
the
conference
of
all
the
projects
in
the
openjs
foundation.
So
it's
it's
actually
very.
It's
a
very
good
place,
it's
very,
very
good
conference
on
time.
A
A
Congratulations,
so
it's
fantastic,
a
couple
more
things.
Let's
start
with
with
our
with
our
agenda,
there
is
looking
at
node.js
node.
There
is
an
issue
number
41782
about
crypto,
so
cryptogetran
values
is
node
specific
and
it
was
added
to
the
tsc
to
the
tsc
agenda
by
antoine.
I've
already
don't
think
he's
on
the
corner,
he's
on
the
call
yeah
antoine
what
this
status
and
what
is
ask.
A
Paying
attention
what's
the
issue
is
the
eight
41782
require
clarify,
require
crypto
get
random
values
is
not
specific.
C
Okay
yeah,
so
the
web
crypto
implementation
in
node
currently
has
a
a
bug.
Let's
say
a
bug:
it's
not
spec,
compliant
on
a
specific
thing
like
if
you
you
can
so
I
think
I've
I've
pasted
an
example
in
the
issue.
C
If
you
use
object
destructuring
to
to
get
get
random
values,
okay,
it
will
work
on
node.js,
but
it
will
fail
on
on
browsers-
and
I
was
beaten
by
this
when
I
I
was
working
on
a
crypto
thing,
so
I
was
testing
my
stuff
in
rgs
then
try
to
port
it
to
the
browser
and
was
getting
some
weird
errors.
C
So
the
the
fix
is
the
this
value
has
to
be
an
instance
of
crypto.
I'm
sorry,
it's
it's
a
little
harder
to
yeah
to
explain.
Yeah.
A
It's
sorry,
why
was
it
was
added
to
the
tsc?
Is
there
some
conflict.
A
A
C
Is
the
pushback,
so
I
think
mitchell
tacos
blocks
the
blocks,
the
blocks,
the
fix,
because
we've
added
a
shortcut
to
to
the
crypto
module,
not
direct
one
that
will
break
if
we,
if
we
fix
it,
and
so
that's
that's
where
we
are
now.
C
So
so
yeah,
so
there
are,
there
are
two
things.
So
there
is
web
crypto
that
get
random
values
that
and
and
there
there
is
also
crypto-
that
get
random
values.
D
I
I
don't
think,
there's
much
point
in
having
the
web
crypto
functions
on
the
node
crypto
module
at
all.
If
there
are
a
ton
of
issues-
and
I
I
didn't-
approve
those
ideas
in
the
first
place,
because
I
wasn't
sure
if
there
would
be
any
issues-
and
at
this
point
maybe
we
should
just
revert
those
and
since
webcrypt
was
experimental
node,
I
believe
still.
Hopefully,
we
can
probably
do
some
18.
A
A
So
hi,
michael
sorry,
hi.
E
A
And
you
have,
this
is
on
the
agenda
because
you
are
essentially
blocking
it.
As
I
understand.
E
The
problem
is
that
there's
no
way
to
just
import
random
uuid
from
crypto
if
we
remove
it
from
the
main
exports,
if
it's
only
in
require
crypto
that
that
web
crypto,
you.
D
D
A
D
C
So
the
the
history
maybe
would
help
with
a
little
more.
C
A
Just
pass
it
on
the
issue,
I
I
don't
even
know
how
to
what
to
put
in
the
notes,
because
I
did
not
understand
yeah.
C
Maybe
I
can,
I
can
try
now
so
james
justin
added
a
get
random
value
shortcut
in
the
not
crypto
module,
so
it
was
already
in
red
crypto
for
for
a
while
and
yeah
did
it
recently
and
it
landed
in
v17
and
tobias
had
some
concern
that
it
might
get
web
compatibility
issues
and
that's
exactly
what
happened,
but
I
noticed
it
after
it
landed.
C
So
that's
why
now
I'm
I'm
wondering
if
we
should
remove
it
because
there's
there
are
web
compatibility
issues
and
we
cannot
fix
them
because
of
this.
Yes,
is
this
clearer
now
why
we
can't
so
the
the
issue
in
question
is
that
web
brother
want
to
enforce
that
this
value
in
the
get
random
value
is
an
instance
of
crypto,
the
class
crypto.
C
A
C
And
if
you,
if
you
do
like
import
brackets,
get
random
values
from
crypto,
you
get
only
the
reference
to
the
the
the
the
function.
So
this
will
be,
I
don't
know
the
global
object
or
in
the
fight.
A
A
Yeah,
well
I
it
seems
sorry,
that's
why
I
was
wondering
what
was
the
conflict?
Okay,
I
approved
it:
okay,
epidemics,
so,
okay,
it
seems
there
are
no
no
conflict
on
the
pr
just
waiting
for
more
afterwards.
A
Well,
let's
have.
A
And
something
that
will
benefit
here
antoine,
maybe
at
the
test-
I
don't
know
if
it's
possible
to
test
this
change.
A
C
A
There
is
a
small
check,
a
small
change
on
on
the
one
became.
That's
like
this
is
a
small
change
on
it.
Okay
yeah,
I
don't
know
if
it's
worth
emo.
I
think
it's
okay
like
to
be
honest,
but
I.
A
C
A
F
A
Cool
next
one
up
is
the
removal
of
the
default
brand
removal
moving.
So
the
name
the
default
brand
for
master
to
main.
Are
there
been
any
programs
whatsoever
on
this.
F
E
F
But
that's
all
theoretical
and
I
don't
know,
there's
a
a
a
sort
of
a
way
to
prevent
that
or
I'm
not
familiar
enough
with
you
know.
So
so
if
we
flip
the
switch
and
master
becomes
main
what's
to
stop,
you
know:
we've
got
a
large
collaborator
base.
F
What's
to
stop
someone
accidentally
pushing
to
master,
and
then
we
end
up
with
a
master
branch
which
is
not
main
and
then
that
will
break
anyone.
That's
referring
to
master,
whereas
if
we
flip
the
switch
and
rename
and
somehow
prevent
anyone
pushing
to
master,
then
github
should
redirect
this
sort
of
references.
B
E
E
A
I
anyway,
my
I
pinged
tourney
that
seems
to
be
active
in
this
type
of
automation,
space
to
see
if
it's
something
that
he
can
drive.
I
think
we
need
a
champion
for
for
this
activity.
Essentially,
so
it
seems
to
have
stalled
a
bit.
So
if
we
want
to,
if
it's
a
priority,
and
we
want
to
make
progress,
somebody
should
start
taking
a
look.
A
Okay,
is
there
anything
else
on
this
topic
that.
B
A
Next
up
is
future
vote
future
of
primordials,
so
antoine
you're
I've
been
championing
spreading
this
okay,
yes,.
C
So
so
the
the
vote
has
closed
and
the
results
have
been
pasted
on
the
per
request.
C
So
yeah,
I
don't
know
if
well
I
guess
the
next
step
would
be
to
get
working
on
it
and
maybe
propose
another
vote.
If
you
want
to
decide
proper
modules
in
other
areas
of
the
code
base.
E
A
I
would
say
then
it's
to
do
another
vote.
My
plate
is.
A
Yeah,
I
don't
I
don't
know.
Maybe
there
is
some
volunteers
if
there
are
no
okay?
Yes,
there
are
no
other
volunteers.
A
Okay,
I'll
put
I'll
pass
it
into
the
agenda.
Okay
ben
yeah
go
ahead.
A
C
Yeah,
I
think,
if
a
pr
is
opened
that
you
know
improves
the
temper-proofness
of
the
error
path.
You
can
block
it
just
because
you
don't
like
it
for,
for
example,
you
it
will
land.
If
the
code
is
you
know,
it's
a
good
is
good
in
not
sure
how
to
say
it.
It's
a
good
quality.
E
Okay,
so
the
yeah,
so
I
mean
if
the
pr
is
fine
on
its
own,
like
if
the
code
is
fine,
the
only
thing
that
can
block
it
from
landing
is
a
perf
regression.
C
A
Oh,
you
understand:
okay,
only
a
perf
regression,
the
dpf
is
that
pr
that
improves
the
tamper,
approvedness
of
the
error,
path
and
land.
A
Can
be
blocked
blocks
dash
reverted
dash,
whatever
only
if
it
into
decrease
only
if.
A
A
what
actual
word
only
if
it
causes
performance
regression.
A
Yeah,
so
next
next,
so
is
there
anything
else
to
talk
about
primordials.
A
Today,
cool:
let's
talk
a
little
bit
about
the
next.
The
next
topic,
which
is
looking
for
feedback
pointer
compression
in
node.
A
It's
tobias
has
done
a
very
good
research
on
the
topic
he
has
found
out
that
we
now
have
a
four
gigabyte
limit
that
is
per
process
in
order
to
support,
share
memory
access
across
isolates,
so,
which
is,
I
think,
very
important
to
note
so
that
we
need
this.
I
think
for
the
worker
threats
to
work
essentially.
D
Yeah
there
is
a
mention
of
the
v18
road.
They
might
be
able
to
raise
that
limit
in
the
future
and
we
could
make
it
per
isolate.
But
then
you
can't
have
shared
array
buffers,
so
maybe
we
might
just
have
to
wait
and
see
what
happens
in
the
future,
since
4
gigabytes
is
really
not
that
much
for
many
server
applications.
A
No,
it's
not
the
the
key
fundamental
question
is,
if,
like
I
think
it's
you
know,
I
don't
like
the
only
step
next
step
that
I
see
here
is
that
there
are
people
that
are
interested
in.
A
Improving
and
in
supporting
a
build,
a
more
official,
build
or
anyway
contributes
to
the
unofficial,
build
for
with
pointer
compression
enabled,
but
I
don't
see
us
doing
anything
on
this
regard.
Unless
there
is
somebody
else
that
is
a
champion
like
if
we
want
to
have
a
champion.
If
there
is
a
champion
for
this
issue,
so.
E
I
have
a
question
on
this
issue.
I
don't
know
if
someone
here
can
answer
it.
It's
with
the
default
behavior
would
enabling
pointer
compression
be
a
breaking
change.
E
Yeah,
but
that's
not
my
question:
they
want
it
won't
break
if
it's
just
javascript,
it
won't
work.
Okay,
so
the
the
existing
limit
that
we
have
by
default.
A
E
A
A
A
D
A
E
So
tobias
was
saying
yes
obvious,
but
I
think
that's
the
types
arrays
and
array
buffers
are
not
affected
by
this
limit
and
they
are
not
affected
by
a
pointer
compression.
E
A
A
Okay,
we
agree,
we
need
a
champion
a
champion
for
this.
A
Okay,
amazing.
Next
next
item
is.
A
Node.Js
admin
is
a
node.js
admin
which
is
the
about
user
for
node.js
corepack,
and
there
is
this
is
something
that
is
important,
that
we
chat
a
little
bit
about
specifically
if
there
are
people
that
are
that
have
an
opinion
to
formal
to
express
their
opinion
on
on
the
issue.
So
one
of
the
reasons
to
give
you
a
little
bit
of
history,
one
of
the
reasons
why
core
pack
was
added.
A
Why
we,
we
added
core
pack
to
node.js
and
not
the
direct
binaries
of
yarn
and
and
pnpm-
was
because
we
would
want
to
avoid
having
to
constantly
maintain
those
versions,
so
the
the
versions
and
keep
constantly
keep
them
up
to
date.
This
is
a
turn
of
for
security
problems
so
because,
if
there
is
an
out-of-date
version
of
one
of
those
modules,
then
that
version
will
be
detected
by
the
security
scanners
and
they
will
report
vulnerabilities
to
node.js.
A
Now,
however,
it
turns
out
that
you
know
we,
we
thought
when
we
landed
corporate,
that
the
the
the
versions
were
downloaded
dynamically.
However,
that's
not
correct.
A
A
This
is
the
I'm
just
summarizing
the
the
issue,
so
I
have
made
so
mile
as
asked
to
create
a
bot
that
keeps
the
corporate
configuration
up
to
date
and
automatically
does
the
syncing
of
core
packed
into
ever
node.js
node
every
single
time
that
there
is
an
update
to
corepak.
A
Discussion,
a
dynamic
fetch
of
the
of
the
bundles,
because
we
can't
keep
track
of
how
many,
how
many
releases
have
been
are
happening
on
on
the
package
manager.
Side.
Okay,
so
is,
however,
there
is
no
position
either
for
for
the
bot
to
have
a
bot
that
does
this.
Is
there
anybody
that
objects
to
these
two
proposals.
C
A
E
Sounds
good
to
me
and
by
the
way
I
I
don't
think
that's
that's
completely
out
of
like
a
different
topic
than
what
mal
proposes,
because
if
we
do
that,
we
don't
need
to
have
a
bot
or
automatic
update.
A
A
Have
no
problem
on
the
bot,
so
I
would
say,
like
the
plus
one
for
having
the
bot.
E
A
I
mean
the
bot
up
about
to
keep
core
pack
updated
in
node.js,
okay,
dynamic
downloads.
A
Off
to
make
the
dynamic
downloads
of
the
package
manager.
E
A
F
F
If
you
want,
if
you
want
the
pushes
to
be
pushed
from
call
pack
into
note,
then
I
think
the
callback
would
need
a
bot,
but
if
it's
node
pulling
pulling
the
dependencies
from
upstream,
then
that
could
be
done
with
the
existing
node
workflows
within
them.
Okay,
so
you.
A
So
we
can
use,
but
we
can
use
the
eslint
one
to
pull
the
new
release.
A
A
Okay,
so
true
outcome
from
this,
I
will
open
an
issue
on
core
pack
to
make
the
dynamic
downloads
of
the
package
manager
versions
and
michael,
you
would
do
the
write
something
about
the
bots
cool.
Okay,
then
we
have
another
issue
about
the.
A
Block
list
it
was
written
to
just
mention,
not
discuss,
so
I'm
mentioning
it.
There
is
an
issue
on
node.js
admin
about
the
block
list,
import
export
check
it
out.
A
Cool,
okay,
folks,
thanks
everybody
for
for
joining,
I
don't
think
we
have
much
time
to
talk
about
the
strategic
initiatives.
A
If
everybody
could
stay
on,
we
probably
have
a
little
bit
of
private
bits
to
talk
about,
so
if
you
can
stay
on,
that
would
be
great,
and
then
I
just
want
to
remember
that
if
you
for
all
of
you
that
have
been
listening
in
there
is
a
node.js,
you
can
add
to
node.js.org
calendar
to
check
out
the
calendar
of
all
node.js
meetings,
and
you
can
actually
add
it
to
your
own
if
you
want
to
so.
If
you
want
to
be
reminded
when
you
can
see
us,
you
know
here
here
we
are
and
yeah.