►
From YouTube: Node.js Tooling Group Meeting
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
There
was
a
thing:
I
thought
somebody
had
instructions
on
how
to
fix
it.
He
was
broken
on
zoom'
side.
Oh.
B
B
C
B
Yeah
I,
don't
have
any
announcements
myself,
but
I
think
this
is
the
most
people
we've
ever
had
at
this
meeting,
which
is
awesome
but
anyhow.
So
if
there
are
no
more
announcements,
then
I'll
move
on
to
the
list,
and
the
first
thing
I
want
to
do
is
the
addameer
thing
and
I
want
to
find
the
link
to
it.
B
B
D
E
B
All
right
so
I,
don't
even
remember
where
I
saw
this,
maybe
it
was
it
on
Twitter
or
something
and
I
was
like
hey.
That
sounds
strangely,
like
something
we've
been
kicking
around
for
a
while
with
this,
this
FS
hooks
and
it
sounds
like
audit
hooks
is
I'll.
Let
you
talk
about
it,
but
it
sounds
as
similar
in
some
ways
so
and
the
security
working
group
is
doing
that
and
so
I
think
this
is
like
Vlad's
thing.
So
maybe
I
wonder
if
you
could
talk
about
it
a
little
bit.
No.
D
Thanks
a
lot
for
the
pin,
it
was
not
aware
of
this
initiative
and
the
Turing
working
group
side.
So
basically
around
September
last
year,
Microsoft
pinged
us
and
they
told
us
about
some
kind
of
auditing
hoops
in
node.js,
similar
to
feature
they
rolled
in
Python
last
year.
So
I
digged
a
bit
into
it
and
it
actually
makes
sense.
D
It's
basically
a
feature
that
enables
people
to
register
hoops
and
to
listen
to
them
for
certain
events.
So
the
first
thing
I
was
thinking
was
providing
such
hopes
for
syscalls,
so,
namely
file
access,
network
access
or
basically
the
wall.
No
jsapi,
also
I,
have
to
admit.
I'm
working
for
a
security
company
and
hooking
into
the
eval
method
is
actually
impossible.
D
On
userland
and
I
plan
on
providing
a
hook
for
such
a
JavaScript
Committee
of
the
evil
of
the
function,
constructor,
so
I
started
to
dig
into
that
and
to
walk
on
a
POC
and
then,
at
this
point
Christopher
you,
you
ping
me
and
said
hey.
We
are
doing
the
same
thing
in
tutoring
working
group,
so
I
checked
the
issue
under
current
report
and
they
had
a
very
interesting
call
with
Brian
two
days
ago
about
that
topic,
and
we
reached
to
a
conclusion.
That's
right.
D
The
idea
would
be
to
stop
adding
thousands
of
people
stepping
on
each
other's
toes
and
patching
the
same
functions,
because
anyone
who
has
done
no
js'
instrumentation
knows
that
their
worst
and
best
enemies
are
other
people
doing
nodejs.
Instrumentation
I
had
to
release
my
own
agent
this
week,
because
an
APN
vendor
especially
the
same
thing
as
I,
do
but
in
a
non
compatible
way.
So
it
broke
my
customers
prediction
because
we
must
first
was
yes,
it
was
you.
D
Know
Bastille
I
mean
it
happens
all
the
time
and
that
the
thing
maybe
we
should
start
to
have
guidelines
and
a
unified
interface
for
everyone
to
welcome
that
and
Stephane
seemed
really
interested.
That
given
is
an
APM
expert
on
nodejs
too,
so
that
that's
it
for
the
intro
I
talked
a
lot.
Maybe
I
should
leave.
Other
people
speak
a
bit.
B
That
was
a
really
good
run
down
of
that's
all
about,
but
I
mean
it
does
sound
like
so
this
effort
would
so
what
I
want
to
understand
is
I
mean
the
way
you're
describing
it.
It
seems
pretty
broad.
It
seems
like
actually
quite
a
bit
of
work
that
cross
like
cuts.
It's
cross-cutting,
it's
everywhere.
So
is
this
something
like
you
are
trying
to
knock
out
yourself
or
or
what
so
I.
D
D
B
D
Actually,
Brian
Brian
is
the
first
one
I've
reached
to
two
days
ago
and
that's
why
I
treated
about
that
to
see
if
other
people
were
onto
that
from
the
security
working
group
perspective,
everyone
is
pretty
relying
on
the
use
case
and
that
and
I
did
not
get
any
knowledge
about
initiative.
I
think
Stephan
knows
about
a
couple.
Other
tracing
related
initiatives
right.
F
That
was
shown
one
of
the
Diagnostics
or
group
summits,
maybe
a
year
or
so
ago,
and
said
that
that
was
kind
of
meant
to
be
just
a
general
channel
for
anything
to
just
push
like
a
events
about
what
it's
doing
so
that
they're
their
target
was
like
not
just
carbonyl,
so
use
your
land
and
hopefully
producing
basically
just
a
general
metadata
channel
that
you
can
get
all
the
trace
information
you
want
out
of
it
with
some
structural
correlations.
So
hopefully
no
patching
would
actually
be
needed
for
basic
APM
stuff.
F
Yeah
I
would
like
to
get
back
to
it
at
some
point,
but
yeah.
It
had
its
similar
challenges
too,
but
it's
it's
in
a
similar
space
as
trace
events,
but
less
focused
on
the
like
low-level
diagnostic
stuff
and
more
general-purpose,
but
still
has
a
lot
of
the
same
challenges
in
that
it's
basically
a
firehose.
B
And
so
is
this
something
you
think
would
consume
or
like
I,
don't
know,
consume
something
else
or
do
you
think?
Maybe
there
would
be
I,
don't
know
the.
If
the
idea
is
to
try
to
come
to
you,
no
one
mind
about
about
how
to
pull
this
off.
Do
you
think
it
might
like
implement
an
interface
that's
defined,
like
maybe
there's
this
like
hooks
interface,
that
if
somebody
needs
to
add
a
hook
to
node
is,
are
these
diagnostic
or
metadata
events?
Could
those
like
implement
that
or
or
consume
some
other
lower-level
thing?
B
F
So
the
intent
was
for
it
to
have
basically
just
generic
interface,
and
it's
just
that
puts
a
stream
of
events
on
its
own.
It's
not
necessarily
structural,
but
it
would.
It
would
have
like
metadata
included
in
it.
That's
you
could
reconstruct
instructor
from
it
potentially
but
yeah.
The
hope
was
just
to
have
like
generic,
like
basically
bags
of
data.
That's
we'd
probably
want
to
have
some
amount
of
like
a
basic
specification
of
like
I.
F
Think
you
should
have
a
type
string
or
something
like
that
to
identify
it,
but
you,
you
would
probably
want
to
have
some
amount
of
data.
That's
just
like
not
not
really
universal
spec,
because
not
everything
is
gonna.
Have
the
same
thing
like
you
might
want
to
track
like
an
HTTP
request.
You
want
to
know
the
host,
but
file
system
is
not
gonna.
Have
a
host
it's
kind
of
path
on
your
disk
somewhere,
so
data's
gonna
vary
a
bit
all.
B
Right
I
mean
it
sounds
like
so
there's
the
there's
kind
of
two
main
use
cases,
maybe
well
maybe
more
than
two.
But
one
of
these
is
we
want
to
the
the
there's
like
I,
don't
know
about
the
terminology,
but
it
said
a
listener.
So
if,
in
event
listeners
we
have
your,
you
know,
event
emitters,
we
have
a
listener,
all
listener.
Does
it
listens
for
an
event
and
it's
a
it's.
A
void
function
right.
B
It
receives.
You
know
it
has
a
context.
It
receives.
Whatever
data
arguments
come
with
the
event
and
you
can
do
whatever
you
can
do
with
those
in
there,
but
it
it
doesn't
like
act
like
again
excuse
it's.
Our
middleware
like
in
middleware
like
in
Express,
where
it
takes
a
thing
and
it
mutates
that
thing,
and
then
it
returns
a
new
thing
or
what
have
you
and
so
there's
the
the
instrumentation
end,
where
it's
just
more
of
a
like
a
listener,
and
we
just
want
to
take
this.
B
A
Actually
think,
though,
you
can
implement
what
you're
talking
about,
because
Express
the
middleware
does
not
return
the
request
in
response
right,
you
just
mutate
it
you
do
the
same
thing
with
your
event,
context
right.
So
the
event
context
has
just
passed
to
the
next
event
handler.
So,
if
the,
if
you
have
a
event
handler
registered
before
the
the
final
one,
you
can
just
modify
the
input
right.
A
So
if
we
were
thinking
about
FS
hooks
and
it
was
like
read
file
and
you
gave
it
a
path
was
on
the
context,
if
you
just
like
swapped
out
the
path,
the
next
event
would
just
receive
the
you
know
new
newly
modified
context,
which
I
think
implements.
So
we
could,
in
theory
in
that
way
implemented
I
think
on
top
of
it,
as
is
just
a
mutating
thing.
A
A
F
In
my
framework,
it's
a
little
more
controlled
cuz
like
you
can.
You
can
say
like
follow
this
interface,
and
it
should
mostly
work
but
like
across
the
entirety
of
nodes.
Having
like
one
unified
channel
for
everything,
you
feel
like
you'd
need
to
be
a
bit
careful
of.
What's
what
you
let
the
users
do,
I
mean.
D
That
could
be
something
that
is
decided
upon
registration
you,
you
could
register,
you
could
have
to
registration
path
for
your
listener
or
right
now
in
my
your
prototype,
its
listeners,
but
you
could
have
a
path
where
it's
read-only
and
you
get
a
string
and
you
can
we
take
the
string
as
much
as
you
want.
Nobody
will
care
about
that
and
still
in
the
fs
example
or
you
could
register
in
a
path
where
only
one
listener
is
allowed
and
pastor
URL
object.
D
B
A
I
also
think
with
FS
hooks.
One
thing
that
will
be
asked
very
quickly
is:
how
do
I
do
an
asynchronous
operation
inside
my
hook
right
so
other
contexts
like
the
the
you
know,
firehose
of
metadata
on
the
you
know,
tracing
stuff,
maybe
not
right,
like
just
shove,
it
off
and
buffer
it,
and
then,
in
the
background
you
process
it
asynchronously,
but
in
FS
hooks
sorry,
I'm
outside
there's
cars
in
FS.
A
Hooks
like
a
very
common
thing,
would
be
look
at
the
file
system,
see
if
a
file
path
that
you
want
to
actually
modify
these
to
read
to
read
from
exists
before
doing
it
right
or
something.
Some
operation
like
that,
if
you
have
that
you're
gonna
need
asynchronous
hooks
right
and
and
I
think
that's
like
a
pretty
different
use
case
than
a
performance
critical
like
tracing
event
or
APM
implementation.
I.
D
Guess
it
depends
I,
guess
what
we
are
getting
to
that
you
need
to
know
what
your
hook
will
do
when
you
register
it,
so
you
can
register
based
on
its
need,
for
instance,
I
totally
agree.
Some
hooks
will
need
to
be
a
synchronous
and
in
my
own
use
case,
I
don't
need
them
to
be
a
synchronous,
but
some
will
need
to,
but
they
will
only
make
sense
on
a
synchronous
calls
you.
You
should
not
call
it
a
synchronous
hook
and
synchronous
calls.
So
we
I
guess
when
we
are
getting.
That
is.
D
We
need
a
grandma,
or
at
least
a
concern
or
authorization
mode
system
when
registering
a
hook,
true
to
say
in
advance.
A
this
hook
will
require,
will
act
like
that.
So
please
do
this
and
we
could
say
that
failings
that
requiring
the
right
things,
which
just
means
that
your
hook
on
make
sense
like
you
did
forget
to
register
you
hook
as
a
synchronous.
Nobody
will
wait
for
the
asynchronous
function
to
be
over
or
the
prom
as
expose
promised
to
be
resolved,
and
that's
on.
You
would
then
make
sense.
Wes.
D
Let
me
know
if
there
is
anything
else
we
can
do
to
make
that
happen,
or
if
someone
wants
to
review
or
ping
me
your
pack
program
on
that
side,
note
I'm
trying
to
live
streams
occurred
on
that,
because
I'm
trying
to
show
to
people
that
it's
not
that
hard
to
contribute
to
the
cross
so
feel
free,
also
to
come
in
the
mocha
means
he
comments
on
the
twitch
stream.
They
got
a
link
for
that
twitch
stream,
yeah
I
will,
let
me
find
it
back.
Where
can
I
put
it
it?
We
can
put.
D
H
D
Three
I
was
some
yeah
I'm,
usually
cutting
on
Monday
evenings,
and
they
will
try
to
prototype
that
next
Monday.
Then
what's
your
time
zone
so
I
mean
I,
mean
friends.
So
I
try
to
do
that.
Around
8:00
p.m.
on
Mondays,
which
is
9-hour
time
difference
with
Pacific
time
so
11:00
a.m.
Pacific
time
I,
would
say
and
I
don't
know
anything
about.
Regarding
your
East
Coast
story:
seven,
oh
six
or
ten
different.
It's
basically
end
of
the
morning
or
mid-afternoon
fuzzy,
Americas
and
Canadians
and
yeah.
D
B
D
J
C
B
B
K
Only
loosely
related,
but
just
want
to
mention
that
in
it
looks
like
14.0
the
yes
module,
experimental
modules,
loader
warning
is
going
to
be
calling
from
runtime
anyways
documentation,
it'll
still
be
labeled
as
experimental,
but
using
es
modules
won't
produce
a
warning
anymore.
I,
don't
know
what
that
means
for
this
proposal.
If
it
possibly
makes
it
more
difficult.
B
A
A
B
Things
like
module
level
mocking
you
know
if,
if
you
want
to
get
watch
mode,
would
need
to
like
do
something
like
load.
The
like,
you
know,
spawn
a
process
or
something
like
that.
So
and
you
know
these,
you
can
work
around
it,
but
what
you
you
can't
do
is
I
mean
it's
called
hot
Montero.
Maybe
it's!
It
really
needs
to
be
more
specific,
because
what
we
need
is
the
ability
to
delete
a
module
from
the
cache.
B
Just
like
you
would
go,
delete,
require
dot,
cache
and
then
some
some
module
ID,
because
we
can
do
these
other
things
to
work
around
them,
but
you're
gonna
leak
memory.
Unless
we
can,
we
can
remove
things
from
the
cache
and,
if
that's
breaking
anything,
it's
it's
breaking
the
spec,
but
in
I
don't
know
I,
don't
know
if
that
would
be
I
mean
I'm,
not
on
the
modules
team.
A
That
a
breaking
trip
well
my
point:
there
was
more
that
it's
still
not
stable.
So
if
that
needs
to
go
in
that's
fine,
it
will
just
get
a
lot
more
attention,
just
like
it
did
when
they
said
it's
not
flagged
anymore
right.
That
should,
in
theory,
give
another
boost
in
people.
Ask
well
maybe
that's
a
bad
thing.
I
don't
know,
but
people
asking
for
it
which
brings
more
attention
to
it,
which
in
theory
could
mean
somebody
comes
in
and
actually
like,
is
willing
to
spend
the
time
to
fix
it.
Mmm-Hmm.
B
K
A
A
Might
cause
a
lot
of
problems
for
tests?
You
know
runner
maintain,
because
now
we're
really
come
in
and
be
like
look
I.
It's
not
even
complaining
to
me.
I
thought
this
should
just
work
and
it's
like.
Well,
no,
it's
still
experimental,
like
you
can't
run
that
watcher
and
have
it
replace
you
know
in
place
or
you
can't
use
knock
on
that
or
whatever
the
knock.
That's
http/1
right,
whatever
the
mock
require
or
whatever
those
are
right,
I
mean
mm-hmm.
G
G
A
Mean
unless
somebody
wanted
to
use
that
issue
as
the
like,
where
we
point
everyone
when
they
come
in
and
complain
about
these
things,
because
I
think
an
end
user
is
not
gonna
really
understand
this
subtlety
between
unload
and
hot
module,
replacement,
I
think
they
might
feel
more
comfortable,
saying,
oh,
look,
how
mods
will
replace
into
modules?
That's
what
I
wanted.
Yeah
yeah
who's
working
on.
K
Also,
I
think
we're
actually
talking
about
two
different
issues
here.
One
issue
is
deleting
from
the
cache,
so
unloading,
a
module
and
the
other
issue
that
has
been
mentioned
is
I,
guess
kind
of
like
proxy
choir,
like
mocking
replacing
a
export
from
a
module.
I
think
that's
something.
That's
currently
missing
unless
I'm
missing
something.
K
K
K
B
G
I
think
yes,
something
vladimir
was
working
on
this
similar
to
death.
I
saw
top
from
him
on
know,
jess
interactive
on
just
like
hijacking
the
modulo
during
the
ASM
and
like
returning
something
else
right
so
similar
to
a
proxy
choir
sorts,
but
like
radio
on
the
core,
yeah.
A
But
the
difference
is
these
are
traditionally
being
done
in
process
and
the
loader
hook
has
to
be
registered.
It
startup
right,
so
I
think
there's
a
which
is
fine,
I
mean
I,
think
that's
probably
a
better
way,
but
like
that's
just
not
the
way,
it's
being
done.
So
as
soon
as
you
know,
these
existing
ecosystems
suddenly
are
no
longer
working.
That's
sort
of
the
problem
right.
B
B
B
B
B
B
B
K
B
I
mean
it
sounded
to
me
like
that
stuff
like
that,
was
definitely
like
a
thing
that
he
wanted
to
do
so.
I
mean
if
that
hook
stuff
can,
you
know
manipulate,
and
it
should
because
you're
right
doesn't
FS
hooks
need
to
be
able
to
why
right.
So
do
you
think
it?
If
that's,
if
that's
true,
then
this
the
this
would
fall
into
the
bucket
right.
B
E
B
Okay,
so
maybe
we
can
rename
this
this
particular
issue
42
to
something
like
unified
process.
Exiting
event
is
that
do
you
think
that
would
does
that
make
sense?
I
mean
from
what
I
understand
it's
not
actually
possible
to
do
this,
because
there
are
situations
where,
like
is
a
certain
signal,
would
just
I
don't
know
it
sounded
to
me
like
it
wasn't
entirely
possible,
but
there's
still
quite
a
few
bases.
We
could
cover.
K
C
C
Think
it
would
provide
value.
I
think
this
kind
of
stems
from
when
I
was
working
on
my
C
years
and
years
ago
was
surprising
that
process
context.
It
didn't
catch
nearly
as
many
events
as
you
need
it
to
if
you're
reading,
willing
that
rates
on
exit
so
signal
exit,
kind
of
combined
process
not
exit
end
as
many
signals
as
it
could
potentially
listen
for
so
having
something
that
just
did.
That
would
be
nice.
B
C
G
Right
but
isn't
there
is
someone
comment
on
it
like
saying
that
we
might
risk
ending
in
that?
You
know
xkcd
situation
where
oh,
we
have
13
standards,
let's
unify
them
and
then
oh,
we
went
up
with
14.
B
B
C
K
And
and
to
me
the
I
guess
my
big
reason
for
wanting
to
see
this
is
to
be
able
to
do
it
without,
admittedly,
ugly
manipulations
of
the
no
js'
environment.
I
might
be
mixing
up
with
another
model
module
but
I'm
pretty
sure.
If
you
look
at
the
code
to
signal
exit,
it
basically
says
this
code
is
evil
get
used
to
it.
K
B
B
B
C
K
C
G
C
B
B
C
C
Pasting
so
I've
been
working
on
this
thing
for
a
while
called
release,
please,
which
is
like
a
kind
of
an
all
automates
your
release
process
based
on
a
based
on
a
release.
Pr,
that's
always
maintained.
Now
you
can
add
a
label
to
it
and
get
a
pre
release.
So
if
out
you've
been
typing
NPM,
you
can
just
put
a
label
that
says,
give
me
a
pre-release
and
get
a
of
a
library.
So
I'll
do
this.
Sometimes,
if
I
want
to
test
a
feature
with
people
but
not
actually
release
the
library,
it
was
cool.
C
Yes,
so
I'm
gonna
be
working
on
that
this
quarter,
like
I,
think
we
have
a
plan
like
I
need
to
start
talking
to
I
need
to
figure
out
how
we
release
it
to
people
like
PII,
related
concerns
and
stuff,
but
like
I,
think
it
might
be.
The
main
thing
I
worked
on
this
quarter.
Sorry,
sorry,
it's
taking
so
long
that.
A
K
K
Don't
know
if
this
is
possible,
but
it
would
be
very
nice
if
users
could
be
added
to
packages
with
you
know,
an
administrator
role
or
a
publisher
role
that
way
they're.
You
know
you
could,
basically
the
only
account
that
could
publish
would
be
the
bots
and
then
other
accounts
on
there
would
just
be
administrative
just
for
just
in
case
yeah.
I
I
think
the
most
likely
Cori
we've
talked
about,
we've
talked
about
like
stage
publish,
is
and
workflows
there
and
and
out
of
that
conversation
came
potentially
the
idea
of
like
scoped
auth
tokens,
which
would
have
specific
rights
how
that
actually
Nets
out
and
what
that
looks
like
we
might
change,
but
I
think
that's,
probably
the
most
likely
way
that
we
would
roll
out
that
kind
of
capability.
Would
that
like
solve
for
what
you're
asking
so
it
wouldn't
be
that
user
you
don't
want
to
you'd
still
have
a
user
account
associated
with
the
auth
token.
K
I
K
A
I
And
you
don't
have
an
RC
for
this.
Specifically,
it
was
kind
of
rolled
up
into
that
and
so
like
we
probably.
The
key
here.
Takeaway
here,
is
to
maybe
take
this
kind
of
discussion
offline
or
like
create
actual
RFC
for
it.
If
it's
something
that
we
want
to
support,
but
it's
I
think
that
there
is
probably
some
capability
that
we
can
create
or
add
to
the
auth
tokens
and
that's
probably
the
fastest
way
forward
versus
creating
a
new
type
of
permission,
user
permission.
I
I
We
should
have
a
subset
I'll
create
a
new
RC
sub.
That
is
a
subset
for
that
specifically,
and
if
it's
are
very
much
a
registry
specific
asked,
so
what
I
could
say
is
like
if
you
want
to
use
the
you
know,
if
you're
asking
for
something
specific
there
I
think
a
good
model,
or
example
would
be
like
github
scoped
auth
tokens
the
way
that
they
know
you
can
define
exactly
what
that
all
tick
and
has
that's
probably
something
similar
to
like
what
we
should
and
probably
will
and
could
implement.