JavaScript

A minimal *Node.js *wrapper around ClamAV that scans any file and returns a typed Verdict Symbol:

• Verdict.Clean
• Verdict.Malicious
• Verdict.ScanError

Zero runtime dependencies. No daemon. No cloud. No native bindings. Works locally via clamscan or remotely via clamd TCP socket (Docker-friendly).

npm install pompelmi

Repo: https://github.com/pompelmi/pompelmi Issues, PRs, and stars all welcome — it's how open source stays alive.

Yesterday the axios package was compromised on npm. An attacker hijacked a maintainer account, published two malicious versions that bundled a remote access trojan through a staged dependency called plain-crypto-js, and the versions were live for two to three hours before npm pulled them. Axios gets 83 million weekly downloads. This keeps happening over and over and over and the post-incident conversation always goes the same way: was the maintainer using MFA, should the registry have caught it faster, should people be running more scanners. None of that gets at why JavaScript keeps having these incidents at a rate no other ecosystem comes close to matching. The npm client’s defaults actively enable the attacks and have done for years.

TLDR; I’ve been experimenting with react-like jsx-syntax with webcomponents to see if I could theoretically replace React in one of my projects. It is not ready for production use, but rather an exploration into CustomElements and modern browser capabilities.

https://github.com/positive-intentions/dim

The goal was to build functional Web Components that handle state management and DOM updates without the overhead of a massive JavaScript framework. By leveraging standard Web APIs and Proxy objects, I’ve managed to create a reactive programming model that feels familiar—using JSX—but stays much closer to the browser platform.

I wanted to see how far i could take web components before the architecture broke down. If you’re interested in frontend software engineering or web standards, you might find the logic behind the updates (which avoid a traditional virtual DOM) interesting.

Full technical tutorial and deep dive: https://positive-intentions.com/docs/research/Tutorials/dim/dim-functional-webcomponents

Disclaimer: This project is not ready for production use. In fact, this project may be getting deprecated soon, but I’m sharing it because the unique details into custom elements and modern JavaScript performance might be interesting or educational for others exploring the web platform.

We often treat runtime choice like an inherited assumption. Node.js is there, so we use it. But this mental model is flawed. The runtime isn’t just a JavaScript executor. It affects more than you’d expect — your tooling, your deployment story, even who wants to join your team.

Today, Nova JavaScript engine has published its first major version 1.0.0! This marks the beginning of a new era for the engine where experimental status is shed and a relative stability and polishing takes over.

IMPORTANT: Lets get a few things out of the way first. My app is not better than Whatsapp in any way. It hasnt been reviewed or audited. This app works by exchanging IP addresses... This app is NOT for anonymous comms. The project is experimental and far from finished. It's presented for testing, feedback and demo purposes only. Use responsibly.

Demo: https://p2p.positive-intentions.com/iframe.html?globals=&id=demo-p2p-messaging--p-2-p-messaging&viewMode=story

By leveraging WebRTC for direct browser-to-browser communication, it eliminates the middleman entirely. Users simply share a unique URL to establish an encrypted, private channel. This approach effectively bypasses corporate data harvesting and provides a lightweight, disposable communication method for those prioritizing digital sovereignty.

Features:

• PWA
• P2P
• End to end encryption
• Signal protocol
• Post-quantum cryptography
• Multimedia
• File transfer
• Video calls
• No registration
• No installation
• No database
• TURN server

This project isnt finished enough to compare to existing tools like Simplex, Signal and WhatsApp... This is intended to introduce a new paradigm in client-side managed secure cryptography. Allowing users to send securely encrypted messages; no cloud, no trace.

Technical breakdown and roadmap: https://positive-intentions.com/docs/technical/p2p-messaging-technical-breakdown

Demo: https://p2p.positive-intentions.com/iframe.html?globals=&id=demo-p2p-messaging--p-2-p-messaging&viewMode=story

Docs: https://positive-intentions.com/docs/technical